Last Modified on January 23, 2026

Implementation approach and support

• Implementation includes up to 20 hours of dedicated implementation time to be used within the first 120 days after contract signature. Additional hours can be purchased for an additional fee as quoted under Professional Services.
• You should appoint a project lead from your team to be responsible for the success of the project and serve as 1MP’s main point of contact throughout.
• Web-based training for physician office staff (where applicable) is available for an additional fee as quoted under Professional Services.

• A project manager will be assigned to your implementation to guide you through project planning, configuration, training, activation, and post-go live transition.
• Implementation is conducted remotely, via webinar, emails, and phone calls. Onsite training may be requested for an additional fee.

Medical Passport configuration

• We will configure Medical Passport from our library of available preop questions to include the questions you want to ask patients in your preop screening process.
• We will work with you to choose from our library of forms (demographic/insurance, anesthesia preop, nursing assessment, etc.) the ones that you would like to use to display each patient’s information. There is no additional charge for charts created from our existing library.
• If the forms in our library do not fit the workflow at your facility, we can create custom forms for you for an additional charge. Note: Due to space requirements for printing patient data, it is not possible to duplicate existing paper forms exactly.
• All customization of forms and “text reports” will be billable at the Forms Customization rate quoted under Professional Services

Scheduling feed set up

We will work with you to establish an inbound (to 1MP) data interface to transmit information from your patient scheduling system to 1MP. You acknowledge that in order for the Cloud Services to function optimally, this data will need to be sent to us in an electronic format that can be processed by our interface engine. All costs and equipment related to providing this inbound scheduling feed are your obligation.

Last Modified on January 23, 2026

1. Agreement.  As referred to herein, the “Agreement” consists of these Terms and Conditions, the Order Summary that incorporates these Terms and Conditions by reference, and any additional order or proposal executed by the parties that incorporates these Terms and Conditions, together with all exhibits, policies and addenda that are incorporated herein by reference, including the then-current Terms of Service  and Privacy Policy, both of which may be periodically updated as needed.

2. Cloud Services. The Order Summary that incorporates these Terms and Conditions by reference (the “Order Summary”) sets forth all software-based services that we have agreed to provide and you have agreed to purchase. These are collectively referred to in this Agreement as the “Cloud Services.” During the Term (defined below), we will provide the non-exclusive right for your employees, independent contractors and affiliated physicians who have been assigned a user ID and password (“Authorized Users”) to access and use the Cloud Services for your internal business purposes, and for patients scheduled for a procedure at your facility and/or their legal guardians (“Patients”) to access and use the Cloud Services for their personal purposes. See the Order Summary for additional information and terms related to the Cloud Services.

a. 1MP provides services to healthcare providers and other covered entities or business associates as defined by the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations collectively “HIPAA”) and by Patients who access the services in their personal capacity.

The parties acknowledge and agree that when the Cloud Services are:

Provided to or on behalf of a healthcare provider or covered entity, in a manner that involves the use or disclosure of protected health information (“PHI”) as defined by HIPAA, 1MP may act as a business associate of the healthcare provider or covered entity and the parties may enter into a separate Business Associate Agreement (“BAA”) governing 1MP’s use and disclosure of PHI.

Provided directly to a patient, 1MP acts as an independent service provider to the Patient and not as a health care provider, covered entity, or business associate to this Patient. Therefore, 1MP’s handling of information is governed by the Patient’s acceptance of these Terms and Conditions, Privacy Policy and 1MP Terms of Service. Any authorization or consent associated with Patient Medical Information shall be obtained directly from patient. 

3. Implementation and Support Services. We will provide implementation services to you as set forth in the Order Summary. We will provide support services to you and your Authorized Users as described in the Service Level Agreement. Upon expiration or termination of this MSA, Client shall be solely responsible to notify third parties, healthcare clearinghouses, electronic medical record systems, payors, or any other impacted parties that provide data to 1MP in connection with the Cloud Services to discontinue transmission of data to us. 1MP has no obligation to act on Client’s behalf regarding terminating any data transmission. In the event transmission of data to 1MP exceeds ninety (90) days post termination of this MSA, 1MP may take reasonable steps to disable transmission of data to 1MP’s environment.

4. Upgrades/versioning. As a subscriber to the Cloud Services, you will have access to any new functionality added to the Cloud Services to which you subscribe, at no additional charge.

5. Fees and Billing. You agree to pay all fees for the Cloud Services you have selected as set forth in the Order Summary. We will bill you quarterly, typically in advance of the service period, and you will have thirty (30) days from the start of each new quarter or the date of the invoice, whichever is later, to pay all fees for that service period. Amounts that remain unpaid more than thirty (30) days after the due date are subject to interest at the lesser of 1.5% per month or the maximum rate permitted by law.

6. Taxes.  You agree to pay all taxes that we are required by law to collect as a result of your Cloud Service Fees, including any applicable transaction, local, value-added, sales, or service taxes. All of our fees are exclusive of any such taxes, duties, levies or fees.

7. Our Information Security Obligations

a. We will comply with all relevant privacy and security requirements applicable to Business Associates (as defined in HIPAA), including the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and the Health Information Technology for Economic and Clinical Health Act (“HITECH”). In addition, we will comply with the Business Associate Agreement (the “BAA”), which is incorporated by reference as part of this Agreement.

b. In accordance with the HIPAA Security Rule, we will use commercially reasonable administrative, physical and technical safeguards, including encryption, to guard against the unauthorized access, alteration, destruction or loss of demographic, insurance, medical history, diagnostic testing results, and other personal data of Patients that has been entered, updated or modified in the Cloud Services by a Patient or Authorized User (“Patient Medical Information”) and is stored by the Cloud Services or in transit from the Cloud Services.

c. We will store and process all Patient Medical Information using systems located in the United States. 

d. We will use a current industry-standard, real-time intrusion detection system. We will actively monitor the intrusion detection system for signatures that correspond to attempts at breaking the security of the Cloud Services. Along with the deployment of such a system, we will adopt and follow operational procedures to disable the source of any perceived attack and escalation procedures to notify you for follow-up action.

e. We will perform industry-standard backup procedures.   

f. We will use industry-standard virus, worm and virus-like damaging code (collectively “Virus”) prevention measures. If a Virus is found to have been introduced into the Cloud Services or to your data, we will, at no additional charge to you, use commercially reasonable efforts to reduce the effects of the Virus and to mitigate and restore any damage or loss to the Cloud Services or your data, in addition to your other remedies at law or in equity. The anti-Virus solution will be configured to receive regularly scheduled updates to ensure appropriate protection of information assets.

g. We will not allow access to any Protected Health Information, as defined under HIPAA (“PHI”), that is not required for the performance of the Cloud Services. 

8. Your Information Security Obligations. 

a. Patient Medical Information that you or your Authorized Users process and/or download using the Cloud Services is deemed “Processed Medical Information.” You are responsible for protecting the integrity, security and confidentiality of Processed Medical Information in the same manner as you protect all other PHI in your possession. You are responsible for obtaining requisite consent or authorization required by applicable law.

9. Confidentiality. If the parties have entered into a separate agreement that includes restrictions on the use or disclosure of confidential information, such as a separate Non-Disclosure Agreement, and one of the confidentiality provisions conflicts with a confidentiality provision in this Section, then the provision that affords a greater level of protection to the protected Party will control and be enforced to the maximum extent permitted by law.

a. As used in this Agreement, “Confidential Information” means (i) PHI; (ii) this original written Agreement, any paper or electronic copies thereof, and its material terms; (iii) trade secrets, computer code, algorithms, inventions (whether or not patentable), techniques, software design and architecture, private specifications, performance information, non-public documentation, names and expertise of employees, consultants, customers and prospects; and business, financial, and product development plans and forecasts; and (iv) information that is conspicuously marked as “confidential” or “proprietary,” information disclosed verbally that is designated as “confidential” or “proprietary” at the time of disclosure, and information that, by its nature, would reasonably be considered as confidential to any other person, firm or corporation. 

b. Confidential Information, other than PHI, does not include (i) information that is independently developed by the receiving party without the use of the disclosing party’s Confidential Information, as shown by the receiving party’s written business records; (ii) information that is known by a receiving party prior to disclosure by the disclosing party as shown by the receiving party’s written business records; or (iii) information that is or becomes generally available to the receiving party or the public other than through a violation of this Agreement.

c. A party shall not disclose the other party’s Confidential Information except (i) on a need-to-know basis, to its agents, employees and representatives who are bound by confidentiality restrictions at least as stringent as those stated in this Agreement; or (ii) as required by law, governmental regulation or requirement, court order, or subpoena, in which case and subject to applicable law, the receiving party shall provide prompt notice to the disclosing party so that the disclosing party may seek a protective order or other appropriate remedy. A party shall not use Confidential Information of the other party except as required to perform its obligations under this Agreement.

d. Each party shall use the same degree of care to protect the other party’s Confidential Information that it uses to protect its own highly confidential information from unauthorized disclosure, but (i) in no event shall either party use less than a commercially reasonable degree of care and (ii) nothing in this Section shall diminish a party’s other obligations under this Agreement with respect to information security. 

10. Term. Unless otherwise set forth in the applicable Order Summary, the initial term of this Agreement (the “Initial Term”) will begin on the first day of the month that is at least thirty (30) days after the signature date of the Agreement, and will continue for the period set forth in the Order Summary, unless terminated earlier by either party pursuant to this Agreement.  This Agreement shall automatically renew for successive terms as defined in the Order Summary (each a “Renewal Term,” and collectively, the Initial Term and all Renewal Terms are defined as the “Term”) unless written notice of non-renewal is received by either party at least sixty (60) days prior to the end of the then-current Term.

11. Termination

a. By Client. You have the right, upon written notice to us, to terminate this Agreement if 1MP breaches any material term or condition of this Agreement, provided such breach is not cured or substantial efforts to cure are not commenced by 1MP within thirty (30) calendar days following your written notice to 1MP of such breach.

b. By 1MP. We have the right, upon written notice to you, to terminate this Agreement if: (i) you breach any material term or condition of this Agreement, provided such breach is not cured or substantial efforts to cure are not commenced by you within thirty (30) calendar days following 1MP's written notice to you of such breach; (ii) at the end of the Initial Term or any Renewal Term, in accordance with Section 10 (“Term”); or (iii) 1MP determines to cease its business operations related to providing the Cloud Services, provided that 1MP provides ninety (90) calendar days prior written notice to Client.

12. Effect of Termination.  Upon the termination of this Agreement:

a. Your access to the Cloud Services will terminate.

b. Unless otherwise authorized, each party will promptly return or certify in writing the destruction of the other party’s Confidential Information, including any electronic files stored in the Cloud Services, not more than thirty (30) days following the effective date of termination or expiration of this Agreement.  However, 1MP shall not be required to return or destroy Patient Medical Information or data that is archived as part of its standard backup procedures, in current use by a Patient or in furtherance of 1MP business operations.

c. 1MP will extend the same security and protections as it was required to provide during the Term of this Agreement to any retained Confidential Information for so long as it retains such Confidential Information.

d. Each party will continue to comply with its confidentiality obligations under this Agreement and as required by applicable law.

e.  If you purchase the Archive Module and later choose not to renew Archive, we will, upon your request, make your previously uploaded documents available for transfer to you.  Such documents will be provided as unencrypted PDF files on a secure FTP folder. These documents will be available for 14 days from the time the FTP access is granted.  Upon your request, a separate file will also be provided that identifies the patient, procedure date and document type based on the PDF file name. The Archive files stored in the Cloud Services will be deleted after 60 days, consistent with Subsection 12(b) above.

13. Suspension. We may immediately suspend or block all or part of the Cloud Services by sending you a written notice of suspension if we have the right to terminate this Agreement, in lieu of termination or prior to termination. Notwithstanding the foregoing, we will endeavor in good faith to provide you with advance notice of any suspension in accordance with the notice provisions below, and we will provide you with notice of the suspension or termination as soon as it becomes practicable for us to do so. 

14. Our Representations and Warranties. We represent and warrant the following:

a. The Cloud Services will substantially conform to the documentation provided or made available to you by us.

b. We will devote commercially reasonable efforts to perform the Cloud Services promptly, diligently and commensurate with relevant professional standards.

c.   Your use of the Cloud Services as permitted under this Agreement does not and will not infringe any third party’s rights.

15. Your Representations and Warranties. You represent and warrant that your performance of this Agreement does not conflict with any obligations or duties, express or implied, that you may have to third parties.

16. Your General Restrictions and Responsibilities.

a. You are responsible for the accuracy and completeness of Processed Medical Information and for verifying such Processed Medical Information with Patients. You shall neither rely on, nor make medical decisions on, Processed Medical Information until you have verified the accuracy and completeness of the Processed Medical Information and obtained all necessary and appropriate supplemental information. You are solely responsible for verifying the accuracy of and interpreting the Processed Medical Information, for making any medical decisions based on the Processed Medical Information, and for making or suggesting any course of medical treatment on the basis of the Processed Medical Information.

b. Your use of the Cloud Services will comply with all applicable laws, rules and regulations.
c. Your Authorized Users will be limited to your employees, independent contractors and affiliated physicians.

d. You are responsible for all equipment, software and connections to the Internet required to gain access to the Cloud Services. 

e.  Except as otherwise expressly provided in this Agreement, you will not, and will not permit any Authorized User to: (i) provide, disclose, divulge or make available to or permit use of the Cloud Services by any third party (other than Authorized Users and Patients); (ii) copy or reproduce all or any part of the Cloud Services (except as expressly provided for herein); (iii) interfere, or attempt to interfere, with the Cloud Services in any way; (iv) distribute, market, resell, lease, transfer, license or sublicense the Cloud Services; (v) modify, change, alter, translate, create derivative works from, reverse engineer, disassemble or decompile the software that operates the Cloud Services, or discover or attempt to discover the source code of any portion of such software in any way for any reason; (vi) engage in spamming, spoofing or any other fraudulent, illegal or unauthorized use of the Cloud Services; (vii) introduce into or transmit through the Cloud Services any Virus; (viii) create any frames at any other web sites pertaining to or using any of the information provided by the Cloud Services; or (ix) engage in or allow any action involving the Cloud Services that is inconsistent with the terms and conditions of this Agreement.

17. Disclaimers

a. EXCEPT AS PROVIDED IN THE SECTIONS ENTITLED “OUR REPRESENTATIONS AND WARRANTIES” AND “OUR INFORMATION SECURITY OBLIGATIONS,” ALL GOODS AND SERVICES ARE PROVIDED “AS-IS,” AND 1MP AND ITS AFFILIATES, SUBCONTRACTORS AND THIRD-PARTY LICENSORS, IF ANY, MAKE NO OTHER REPRESENTATIONS OR WARRANTIES, WHETHER EXPRESS, IMPLIED OR STATUTORY REGARDING OR RELATING TO SERVICES PROVIDED TO CLIENT UNDER THIS AGREEMENT. 1MP IS NOT A HEALTH SERVICES PROVIDER AND MAKES NO REPRESENTATION OR WARRANTY, EXPRESS OR IMPLIED, TO CLIENT, AUTHORIZED USERS OR PATIENTS OR OTHER USERS OF THE SERVICES REGARDING THE COMPLETENESS OR ACCURACY OF THE PROCESSED MEDICAL INFORMATION OR PATIENT MEDICAL INFORMATION AS ENTERED BY PATIENTS OR AUTHORIZED USERS, NOR ANY INTERPRETATION, MEDICAL DECISION OR COURSE OF MEDICAL TREATMENT RELATED THERETO. 

. EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT OR REQUIRED BY LAW, WE AND OUR SERVICE SUPPLIERS AND LICENSORS DISCLAIM ALL WARRANTIES, EXPRESS AND IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, TITLE, AND ANY WARRANTIES ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. YOU ARE SOLELY RESPONSIBLE FOR THE SUITABILITY OF ALL GOODS AND SERVICES CHOSEN AND FOR DETERMINING WHETHER THEY MEET YOUR CAPACITY, PERFORMANCE AND SCALABILITY NEEDS.

c. WE AND OUR SERVICE SUPPLIERS AND LICENSORS DO NOT WARRANT THAT THE CLOUD SERVICES WILL BE UNINTERRUPTED, ERROR-FREE, COMPLETELY SECURE, OR THAT ALL DEFECTS WILL BE CORRECTED. YOU ACKNOWLEDGE THAT WE DO NOT CONTROL OR MONITOR THE TRANSFER OF DATA OVER THE INTERNET, AND THAT INTERNET ACCESSIBILITY CARRIES WITH IT THE RISK THAT YOUR PRIVACY, DATA, CONFIDENTIAL INFORMATION OR PROPERTY MAY BE LOST OR COMPROMISED.

d.  1MP DOES NOT WARRANT TO CLIENT THE AVAILABILITY OF THE SERVICES AT ALL TIMES AND SPECIFICALLY EXCLUDES AVAILABILITY DURING SCHEDULED DOWNTIME FOR MAINTENANCE PURPOSES, UNSCHEDULED MAINTENANCE AND SYSTEM OUTAGES, AND/OR AVAILABILITY OF THE SERVICES FOR REASONS BEYOND 1MP’S CONTROL.

e. NO SUPPORT, ADVICE OR INFORMATION RELATING TO THE CLOUD SERVICES THAT YOU OBTAIN FROM ONE MEDICAL PASSPORT OR FROM ANY THIRD PARTY, OR THAT YOU OBTAIN THROUGH THE CLOUD SERVICES, WILL CREATE ANY WARRANTY THAT IS NOT EXPRESSLY WRITTEN IN THIS AGREEMENT.

18. Limitation of Damages

a. NEITHER WE NOR ANY OF OUR EMPLOYEES, AGENTS, REPRESENTATIVES, SERVICE SUPPLIERS, OR LICENSORS WILL BE LIABLE FOR ANY PUNITIVE, INDIRECT, CONSEQUENTIAL OR SPECIAL DAMAGES, OR FOR ANY LOST PROFITS, LOST DATA, LOST BUSINESS, LOST REVENUES, DAMAGE TO GOODWILL, LOST OPPORTUNITIES OR LOSS OF ANTICIPATED SAVINGS, EVEN IF ADVISED OF THE POSSIBILITY OF SAME, AND REGARDLESS OF WHETHER THE CLAIMS ARE BASED IN CONTRACT, TORT, STRICT LIABILITY, INFRINGEMENT, OR ANY OTHER LEGAL OR EQUITABLE THEORY.

b. EXCLUDING ITS INDEMNIFICATION OBLIGATIONS UNDER THIS AGREEMENT, EACH PARTY’S AGGREGATE LIABILITY AND THE AGGREGATE LIABILITY OF ITS EMPLOYEES, AGENTS AND REPRESENTATIVES TO THE OTHER PARTY UNDER ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, TORT, STRICT LIABILITY OR OTHERWISE, WILL NOT EXCEED THE TOTAL AMOUNT PAID OR PAYABLE TO US FOR THE CLOUD SERVICES DURING THE TWELVE-MONTH PERIOD IMMEDIATELY PRECEDING THE MONTH IN WHICH THE FIRST EVENT GIVING RISE TO THE CLAIM(S) OCCURRED.

19. Intellectual Property

a. All materials, including without limitation, the Cloud Services, web pages, web-based applications, Internet domain names, data, or information developed or provided by 1MP under this Agreement or other agreements between 1MP and Client, and any ideas, know-how, methodologies or processes conceived, developed or used to provide the Cloud Services or other deliverables or services under this Agreement between 1MP and Client, including, without limitation, all copyrights, trademarks, patents, trade secrets and any other proprietary rights related to such materials, shall be and remain the sole and exclusive property of 1MP. You may only use that software in connection with the Cloud Services as permitted under this Agreement. 

b. Each Patient owns and retains all right, title and interest in and to his or her Patient Medical Information created using the Cloud Services. Client has the right to download in electronic form and retain a copy of the Processed Medical Information. Client owns and retains all right, title and interest in the medical records it creates from the Processed Medical Information.

c. We will have a royalty-free, worldwide, transferable, sub-licensable, irrevocable, perpetual license to use and incorporate into the Cloud Services any suggestions, enhancement requests, recommendations or other feedback provided by you or your Authorized Users, relating to the Cloud Services.

20. Indemnification

a. We agree to indemnify, defend and hold you and your employees, agents, shareholders, officers, directors, successors and assigns harmless from and against any and all claims, damages, liabilities, costs, settlements, penalties and expenses (including attorneys’ fees, expert’s fees and settlement costs) arising out of or relating to any suit, action, proceeding, arbitration, subpoena, claim or demand brought or asserted by a third party pursuant to any theory of liability arising out of or relating to: (i) any material breach by 1MP of this Agreement; (ii) the alleged or actual infringement or misappropriation of any intellectual property right or other proprietary right by 1MP; or (iii) 1MP’s failure to use reasonable security precautions. You will provide 1MP with written notice of the existence of any basis for indemnification. If an intellectual property infringement claim is made, 1MP will, at its sole option and expense: (X) procure for Client the right to continue to use the allegedly infringing intellectual property through the Cloud Services or (Y) modify, amend or replace the allegedly infringing intellectual property so that the Cloud Services are non-infringing. If 1MP determines that neither of these options is commercially reasonable, then 1MP may terminate this Agreement and no further payment obligations shall be due from the Client therefor. THIS SECTION SETS FORTH 1MP'S ENTIRE OBLIGATION AND LIABILITY AND CLIENT'S SOLE AND EXCLUSIVE REMEDY WITH REGARD TO CLAIMS OF INFRINGEMENT.

b. You agree that 1MP does not have any responsibility for the conduct of your business or medical practice, including the medical treatment or care of your Patients. You agree that any reliance upon the Cloud Services shall not diminish your responsibility for exercising proper medical treatment and patient care. You agree to indemnify, defend and hold 1MP and its employees, agents, shareholders, officers, directors, successors and assigns harmless from and against any and all claims, damages, liabilities, costs, settlements, penalties and expenses (including attorneys’ fees, expert’s fees and settlement costs) arising out of or relating to any suit, action, proceeding, arbitration, subpoena, claim or demand brought or asserted by a third party pursuant to any theory of liability arising out of or relating to: (i) any injury resulting from the use of Patient Medical Information or Processed Medical Information; (ii) any claim that the Patient Medical Information and/or Processed Medical Information is inaccurate or incomplete; (iii) any non-compliance with Section 17 (“YOUR GENERAL RESTRICTIONS AND RESPONSIBILITIES”); (iv) claims that content or information provided by an Authorized User or a Patient infringes the privacy or intellectual property rights of a third party; (v) any breach by you of this Agreement; or (vi) your failure to use reasonable security precautions. We will provide you with written notice of the existence of any basis for indemnification. 1MP will have the right to approve any settlement but may not unreasonably withhold approval.

21. Relationship of the Parties. 1MP and Client are each independent parties. This Agreement and any transaction under it does not create any agency, joint venture, or partnership between us and you. 

22. Amendment. We may amend the Terms of Service or Privacy Policy by posting the modified version online, or emailing you a copy of the amendment document. Other than as set forth in the previous sentence, no other amendment to this Agreement will be effective unless it is in writing and signed by both parties. No waiver of any provision of this Agreement will be effective unless in writing and signed by the waiving party, and no delay or failure to exercise or enforce any right or remedy hereunder will constitute a waiver of that right or remedy. Express waiver of any right or remedy in a particular instance will not constitute a waiver of that right or remedy in any other instance, or a waiver of any other right or remedy.

23. Notices. Any written notice required or permitted to be delivered pursuant to this Agreement will be in writing and will be deemed delivered: (a) upon delivery if delivered in person; (b) three (3) business days after deposit in the United States mail, registered or certified mail, return receipt requested, postage prepaid; (c) upon transmission if sent via e-mail with a confirmation copy sent via overnight mail; and (d) one (1) business day after deposit with a national overnight courier, in each case to the respective addresses listed on the signature page of this Agreement.

24. Public Announcements. Client grants 1MP the right to use Client's name, logo, trademarks and/or trade names in 1MP brochures, presentations and financial reports indicating that Client is a client of 1MP. 1MP grants Client the right to use 1MP’s name, logo, trademarks and/or trade names in Client brochures, presentations and financial reports indicating that 1MP is a vendor of Client. All other public statements or releases shall require the mutual consent of the parties.

25. Assignment; Resale; Binding Effect. Neither party may assign this Agreement without the other party’s prior written consent; provided, however, that a party shall have the right to assign this Agreement to an affiliate or a third party in connection with a merger, sale of a controlling equity interest or sale of substantially all its assets or other transfer or disposition of its business operations. This Agreement will be binding upon and inure to the benefit of all of our and your successors and assigns.

26. Subcontracting. We may subcontract any portion of the Cloud Services to a third-party contractor, provided that we will remain fully responsible to you for the Cloud Services pursuant to this Agreement. We may collect and report information regarding your use of the Cloud Services to our subcontractors as required to provide you with the Cloud Services.

27. Governing Law; Venue; Jurisdiction; Waiver of Jury Trial. The laws of the State of Delaware, without reference to its choice of law principles, govern this Agreement and any claims arising out of or relating to this Agreement or our relationship. All disputes and controversies arising out of or relating to this Agreement or our relationship must be resolved in the state or federal courts in the county and state in which your headquarters are located, if within the United States, or otherwise in the state or federal courts in the State of Connecticut, and each of us irrevocably consents to the exclusive venue and personal jurisdiction of those courts for the resolution of such disputes and waives all objections thereto. TO THE FULLEST EXTENT PERMITTED BY LAW, EACH PARTY IRREVOCABLY WAIVES ITS RIGHT TO A TRIAL BY JURY IN ANY ACTION OR PROCEEDING ARISING OUT OF OR RELATING TO THIS AGREEMENT OR THE PARTIES’ RELATIONSHIP.

28. Force Majeure. Except with regard to your payment obligations, neither party shall have any liability to the other party or to third parties for any failure or delay in performing any obligation under this Agreement due to circumstances beyond its reasonable control including, without limitation, interruptions of the Cloud Services due to Internet-related and/or communications service degradation, problems or interruptions, acts of God or nature, actions of the government, fires, floods, strikes, civil disturbances or terrorism.

29. Miscellaneous. The headings in this Agreement are solely for convenience of reference and will not affect its interpretation. This Agreement does not create any third-party beneficiary rights. If any term, provision, covenant, or condition of this Agreement is held invalid or unenforceable in a valid legal proceeding, that term or provision may be modified only to the extent necessary for enforcement, that term or provision will be enforced to the maximum extent permitted by law, and the rest of this Agreement will remain in full force and effect and will in no way be affected or invalidated. This Agreement may be executed in counterparts, each of which so executed will be deemed to be an original, and such counterparts together will constitute one and the same agreement.

30. Entire Agreement. This Agreement constitutes the final and entire agreement between the parties regarding its subject matter, and it supersedes all other oral or written agreements or policies relating thereto. If there is a conflict between or among any of the parts of this Agreement, they will govern in the following order: an addendum or amendment signed by both parties, the Agreement, the Terms of Service, and the Privacy Policy. Additional or different terms in any written communication from you, including any purchase order or request for Cloud Services, are void. 

31. Survival. All terms of this Agreement that should by their nature survive termination will survive, including, Sections 5-9, 12, 16-20, 23, 25, 27, 29-31.

Last Modified on January 23, 2026

We will use commercially reasonable efforts to achieve the standards outlined in this Service Level Agreement (“SLA”). 

Last Modified on January 23, 2026

This Business Associate Addendum Agreement (“Agreement”) is an addendum to the Services Agreement and made and entered into effective as of the effective date of the Services Agreement (the “Effective Date”) and is by and between you (“Covered Entity”) and One Medical Passport, Inc., a Delaware corporation (“Business Associate”). 

YOU REPRESENT AND WARRANT THAT: (I) YOU HAVE FULL LEGAL AUTHORITY TO ENTER INTO THIS AGREEMENT, (II) YOU HAVE READ AND UNDERSTAND THIS AGREEMENT, AND (III) YOU AGREE TO THE TERMS OF THIS AGREEMENT. IF YOU DO NOT HAVE LEGAL AUTHORITY TO ENTER INTO OR DO NOT AGREE TO THESE TERMS, DO NOT ACCEPT THE TERMS OF THIS AGREEMENT. 

RECITALS 

WHEREAS, Subtitle F of the Health Insurance Portability and Accountability Act of 1996, Public Law No. 104-191, as amended by the American Recovery and Reinvestment Act of 2009, Public Law No. 111-005, Part I, Title XIII, Subpart D, Sections 13401-13409, (the “HITECH Act”), (collectively, “HIPAA”) provides that Covered Entity comply with standards to protect the security, confidentiality and integrity of health information; and 

WHEREAS, the Department of Health and Human Services has issued regulations under HIPAA (the “HIPAA Regulations”), including the Standards for Privacy of Individually Identifiable Health Information, 45 CFR Parts 160 and 164, sub-parts A and E, as amended by the HITECH Act (the “Privacy Rule”) and the Standards for Security of Electronic Protected Health Information, 45 CFR Parts 160, 162 and 164, as amended by the HITECH Act (the “Security Rule”) (collectively, the “Privacy and Security Rules”); and 

WHEREAS, Sections 164.502(e) and 164.504(e) of the Privacy and Security Rules set forth standards and requirements for Covered Entity to enter into written agreements with certain business associates that will have access to Covered Entity's Protected Health Information (as defined below); and 

WHEREAS, Business Associate will provide services to Covered Entity pursuant to an agreement by and between the parties (“Services Agreement”). 

NOW THEREFORE, in consideration of the mutual promises below, the parties agree as follows: 

1. DEFINITIONS

a. “Breach” shall have the meaning given to such term in 45 CFR Section 164.402. 
b. “Designated Record Set” shall have the meaning given to such term under the Privacy Rule at 45 CFR Section 164.501. 

“Electronic Protected Health Information” or “Electronic PHI” shall mean Protected Health Information which is transmitted by or maintained in Electronic Media (as defined in the Privacy and Security Rules), and for purposes of this Agreement, shall be limited to the information Business Associate received from or created, maintained, transmitted or received on behalf of Covered Entity. 

d. “Individual” shall have the meaning given to such term under the Privacy and Security Rules at 45 CFR Section 164.103. 

e. “Protected Health Information” or “PHI” shall have the meaning given to such term under the Privacy and Security Rules at 45 CFR Section 164.103, limited to the information maintained, created or received by Business Associate from or on behalf of Covered Entity.  “Protected Health Information” includes, without limitation, “Electronic Protected Health Information”. 

f. “Required by Law” shall have the meaning given to such term under the Privacy and Security Rules at 45 CFR Section 164.103. 

g. “Secretary” shall mean the Secretary of the Department of Health and Human Services or his or her designee. 

h. “Security Incident” shall have the meaning given to such term under the Security Rule at 45 CFR Section 164.304.

2. PERMITTED USES AND DISCLOSURES OF PHI

Business Associate agrees not to use or further disclose PHI received or created by Business Associate (or its agents and subcontractors) other than as permitted or required by this Agreement or as otherwise Required By Law.  In connection with the foregoing and except as otherwise limited in this Agreement, Business Associate may: 

a. use or disclose PHI received or created by Business Associate to perform functions, activities or services for, or on behalf of, Covered Entity, provided that such use or disclosure would not violate the Privacy and Security Rules if done by Covered Entity; 

b. use PHI received or created by Business Associate for the proper management and administration of Business Associate, in furtherance of its business operations, or to carry out the legal responsibilities of Business Associate; and 

c. disclose PHI received or created by Business Associate for the proper management and administration of Business Associate or to carry out the legal responsibilities of Business Associate, provided (i) the disclosure is Required by Law, or (ii) Business Associate obtains reasonable assurances from the person to whom the information is disclosed that it will be held confidentially and will be used or further disclosed only as Required by Law or for the purpose for which it was disclosed to the person, and that the person agrees to notify Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached. 

3. RESPONSIBILITIES OF BUSINESS ASSOCIATE

a. Appropriate Safeguards.  Business Associate shall use appropriate safeguards to prevent use or disclosure of PHI other than as provided for by this Agreement.  Business Associate shall implement administrative, physical and technical safeguards that reasonably and appropriately protect the confidentiality, integrity and availability of Electronic PHI, as required by the Security Rule.

b. Reporting of Improper Use or Disclosure.  Business Associate shall report to Covered Entity, as soon as reasonably practicable, any use or disclosure of PHI not provided for by this Agreement of which it becomes aware, including breaches of Unsecured Protected Health Information (as defined in the Privacy and Security Rules).  Knowledge of any improper use or disclosure by an agent or subcontractor of Business Associate shall not be imputed to Business Associate unless and until such agent or subcontractor shall have reported such improper use or disclosure to the Business Associate representative responsible for the Covered Entity engagement.  With respect to Electronic PHI, Business Associate shall, as soon as reasonably practicable, report to Covered Entity any Security Incident.  The parties acknowledge and agree that this Section 3.b. constitutes notice by Business Associate to Covered Entity of the ongoing existence and occurrence of attempted but Unsuccessful Security Incidents (as defined herein) for which no additional notice to Covered Entity shall be required.  “Unsuccessful Security Incidents” shall include, but not be limited to, pings and other broadcast attacks on Business Associate’s firewall, port scans, unsuccessful log-on attempts, denials of service and any combination of the above, so long as no such incident results in unauthorized access, use or disclosure of PHI.

c. Business Associate’s Agents.  Business Associate shall ensure that any agent, including a subcontractor, to whom it provides any PHI received from Covered Entity agrees to the same restrictions and conditions that apply through this Agreement to Business Associate with respect to such PHI. 

d. Documentation of Disclosures.  Business Associate agrees to document disclosures of PHI and information related to such disclosures as would be required for Covered Entity to respond to a request by an Individual for an accounting of disclosures of PHI in accordance with 45 CFR Section 164.528. 

e. Accounting of Disclosures.  Business Associate agrees to provide to Covered Entity, in the reasonable time and manner designated by Covered Entity, information collected in accordance with Section 4(f) of this Agreement, to permit Covered Entity to respond to a request by an Individual for an accounting of disclosures of PHI in accordance with 45 CFR Section 164.528. 

f. Governmental Access to Records.  Business Associate shall make its internal practices, books and records, including policies and procedures and PHI, relating to the use and disclosure of PHI received from, or created or received by Business Associate on behalf of, Covered Entity available to the Secretary for purposes of the Secretary determining Covered Entity’s compliance with the Privacy and Security Rules. 

g. De-identified data usage. Business Associate may use or disclose de-identified health information, if the de-identification is in compliance with 45 CFR 164.502(d), and the de-identified health information meets the standard and implementation specifications for de-identification under 45 CFR 164.514(a) and (b).

h. Business Associate may provide data aggregation services relating to the health care operations of the Covered Entity as permitted by 45 CFR 164.504(e)(2)(i)(B).

In addition to any other obligations set forth in this Agreement, Covered Entity shall: 

a. identify which of the records it furnishes to Business Associate it considers to be PHI for purposes of this Agreement; 

b. provide to Business Associate only the minimum PHI necessary to accomplish the services  under the Services Agreement; 

c. implement administrative, physical and technical safeguards that reasonably and appropriately protect the confidentiality, integrity and availability of Electronic PHI, as required by the Security Rule; 

d. notify Business Associate of any changes in, or revocation of, permission by an Individual to use or disclose PHI, to the extent that such changes may affect Business Associate’s use or disclosure of PHI; 

e. notify Business Associate of any restrictions to the use or disclosure of PHI that Covered Entity has agreed to in accordance with 45 CFR Section 164.522, to the extent that such restrictions may affect Business Associate’s use or disclosure of PHI;

f. obtain any consent or authorization that may be required by applicable or federal or state laws and regulations prior to furnishing PHI to Business Associate;

g. inform Business Associate of any consent or authorization, including any changes in or withdrawal of any such consent or authorization, provided to the Covered Entity by an Individual pursuant to 45 C.F.R. § 164.506 or § 164.508, as may be amended; and

h. allow Business Associate to make any use or disclose Covered Entity’s PHI required under 45 C.F.R. § 164.512, as may be amended.

TERM AND TERMINATION

a. Term. This Agreement will commence on the Effective Date and will terminate upon expiration or termination of all contracts, agreements or arrangements governing the services provided by Business Associate to which this Agreement applies, unless terminated earlier by written notice by either Party. 

b. Termination for Cause. Upon Covered Entity’s knowledge of a material breach by Business Associate of this Agreement, Covered Entity shall either (i) provide an opportunity for Business Associate to cure the breach or end the violation within the time specified by Covered Entity, or (ii) immediately terminate this Agreement if cure is not possible. 

c. Effect of Termination.
i. Except as provided in paragraph (ii) of this Section 5(c), upon termination of this Agreement for any reason, Business Associate shall return or destroy all PHI received from Covered Entity, or created or received by Business Associate on behalf of Covered Entity, and shall retain no copies of the PHI. 
ii. In the event that Business Associate determines that returning or destroying the PHI is infeasible, Business Associate shall provide to Covered Entity notification of the conditions that make return or destruction infeasible.  If Business Associate determines that return or destruction of PHI is infeasible, Business Associate shall extend the protections of this Agreement to such PHI and limit further uses and disclosures of such PHI to those purposes that make the return or destruction infeasible, for so long as Business Associate maintains such PHI. 

REGULATORY REFERENCES

A reference in this Agreement to a section in the Privacy and Security Rules means the section as in effect or as amended, and for which compliance is required. 

The parties agree to take such action as is necessary to amend this Agreement from time to time as is necessary for Covered Entity to comply with the requirements of the Privacy and Security Rules and HIPAA. 

The parties agree that each individual party shall maintain its own independent HIPAA and HITECH Act compliance obligations.  The parties will be providing their services as separate legal entities and independent contractors.  The parties expressly agree that no agency relationship is created by this Agreement with regard to the individual parties’ HIPAA obligations.  Each party certifies that (1) Covered Entity shall not have the right or authority to control Business Associate’s conduct in the performance of services or in the performance of HIPAA obligations; (2) Covered Entity shall not have the authority to direct the daily performance of services by Business Associate; and (3) Covered Entity shall not have the right to give interim instruction to Business Associate regarding the performance of services. 

The respective rights and obligations of Business Associate under Section 5(c) of this Agreement shall survive the termination of this Agreement. 

Nothing express or implied in this Agreement is intended to confer, nor shall anything herein confer, upon any person other than Covered Entity, Business Associate and their respective successors or assigns, any rights, remedies, obligations or liabilities whatsoever. 

Any ambiguity in this Agreement shall be resolved to permit Covered Entity to comply with the Privacy and Security Rules. This Agreement shall be governed by and subject to the terms and conditions of the Services Agreement. In the event of any conflict or inconsistency between this Agreement and the Services Agreement, the Services Agreement shall govern. 

Your privacy and the security of your information are our highest priorities at One Medical Passport Inc. dba One Mnet Health (“We,” “Our,” or “Us”). Because We collect and process medical information, We believe it is important for you to clearly understand how that information is used and protected. We recognize that your medical information is deeply personal, and We are committed to handling it with the highest standards of confidentiality and care. 

This Privacy Policy explains what information We collect, how We use and safeguard it, and the choices you have to access, correct, or update your information. Questions regarding this statement should be directed to One Mnet Health's privacy team at privacy@onemnethealth.com. 

This policy applies to information We collect: 

• On One Mnet Health’s Website or web application (“Website”) 
• Through One Mnet mobile and desktop applications you download  

It does not apply to information collected by: 

• Us offline or through any other means, including on any other Website operated by One Mnet Health or any third party (including Our affiliates and subsidiaries); or 
• Any third party (including Our affiliates and subsidiaries), including through any application or content (including advertising) that may link to or be accessible from or through the Website. 

Please review this Privacy Policy carefully to understand how We collect, use, and protect your information. By using Our Website, you agree to the practices described in this policy. If you do not agree, please discontinue use of the Website. By accessing or using this Website, you agree to this privacy policy. This policy may change from time to time. Your continued use of this Website after We make changes is deemed to be acceptance of those changes, so please check the policy periodically for updates. 

Our services, on Our Website, mobile applications, and any other platforms on which We operate, are not intended for children under eighteen (18) years of age. No one under age eighteen (18) may provide any information to Us. We do not knowingly collect personal information from children under eighteen (18). If you are under eighteen (18), do not use or provide any information on this Website or mobile application, or provide any information about yourself to us, including your name, address, telephone number, email address, or any screen name or username you may use. If We learn We have collected or received personal information from a child under eighteen (18) without verification of parental consent, We will delete that information promptly. If you believe We might have any information from or about a child under eighteen (18), please contact One Mnet Health's Support team.  
 
Residents of certain states under thirteen (13), sixteen (16), or eighteen (18) years of age may have additional rights regarding the collection and sale of their personal information.  

Information One Mnet Health Gathers and Tracks 
 
We collect several types of information from and about users of Our services, including information: 

• By which you may be personally identified, such as name, postal address, date of birth, sex, email address, or telephone number ("Personal Information"); 

• That is about you but individually does not identify you, such as IP addresses; and 
• About your internet connection, the equipment you use to access Our Website, and usage details. 

We collect this information: 

• Directly from you when you provide it to us. 

• Automatically as you navigate through the site. Information collected automatically may include usage details, IP addresses, and information collected through cookies and other tracking technologies. 
• From third parties, for example, Our business partners. 

The information We collect about you may include:  

• Information that you provide by registering for an account as a patient, filling out or modifying a preoperative questionnaire, and logging into Account Home.  
• Records and copies of your correspondence (including email addresses). 

As you utilize Our services, We may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, including:  

• Details of your visits and interactions with us, including traffic data, location data, logs, and other communication data and the resources that you access and use. 
• Information about your computer and internet connection, including your IP address, operating system, and browser type.  

We may use these technologies to collect information about your online activities over time and across third-party Websites or other online services (behavioral tracking). Click here to opt out of behavioral tracking on Our Website. The information We collect automatically may include Personal Information and We may maintain it or associate it with Personal Information We collect from you on your doctor’s visits, or We receive from third parties. It helps us to improve Our Website and deliver a better and more personalized service, including by enabling us to:  

• Estimate Our audience size and usage patterns.  

• Store information about your preferences, allowing us to customize Our Website according to your individual interests. 

• Speed up your searches. 

• Recognize you when you return to Our Website. 
   

The technologies We use for this automatic data collection may include: 

• Cookies (or browser cookies). A cookie is a small file placed on the hard drive of your computer. One Mnet Health uses a temporary cookie to keep your place while you are logged in but stores no Personal Information on your computer.  This cookie expires after you exit One Mnet Health. You may refuse to accept browser cookies by activating the appropriate setting within your web browser. However, if you select this setting, you may be unable to access certain parts of Our Website or mobile applications. Unless you have adjusted your browser setting so that it will refuse cookies, Our system will issue cookies when you direct your browser to Our Website.  
• Web Beacons. Pages of Our Website and Our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages or [opened an email] and for other related Website statistics (for example, recording the popularity of certain Website content and verifying system and server integrity). 

We do not collect Personal Information automatically, but We may tie data collected automatically to Personal Information about you that We collect from other sources or that you provide to us. 

We use information that We collect about you or that you provide to us, including any Personal Information:  

• To present Our Website and its contents to you. 

• To provide you with information, products, or services that you request from us. 

• To fulfill any other purpose for which you provide it. 

• To provide you with notices about your account. 

• To carry out Our obligations and enforce Our rights arising from any contracts entered into between you and us, including for billing and collection. 

• To notify you about changes to Our Website, mobile applications, or any products or services We offer or provide though it. 

• To allow you to participate in interactive features on Our Website, mobile applications, and platforms. 

• In any other way We may describe when you provide the information. 

• For any other purpose with your consent. 

We may also use your information to contact you about Our own and third parties' goods and services that may be of interest to you. If you do not want us to use your information in this way, please check the relevant option located on the form on which We collect your data or request your consent or authorization.   

Some content or applications on the Website are served by third parties, including advertisers, ad networks and servers, content providers, and application providers. These third parties may use cookies, alone or in conjunction with web beacons or other tracking technologies, to collect information about you when you use Our Website. The information they collect may be associated with your Personal Information or they may collect information, including personal information about your online activities over time and across different Websites and other online services. They may use this information to provide you with interest-based (behavioral) advertising or other targeted content. We do not control these third parties' tracking technologies or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly.   

Disclosure and Access to Your Information 

We may disclose Personal Information that We collect, or you provide as described in this privacy policy:  

• To Our subsidiaries and affiliates.  

• To contractors, service providers, and other third parties We use to support Our business, and who are bound by contractual obligations to keep Personal Information confidential and use it only for the purposes for which We disclose it to them.  

• To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of One Mnet Health’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Information held by One Mnet Health about Our Website users is among the assets transferred.   

• To third parties, in the future, so they can market their products or services to you, but only if you provide consent at that time. Any such third parties will be contractually required to keep your Personal Information confidential and to use it solely for the purposes for which it was disclosed.  

• To fulfill the purpose for which you provide it.  

• For any other purpose disclosed by us when you provide the information.  

• With your consent.  

We may also disclose your Personal Information:  

• To comply with any court order, law or legal process, including to respond to any government or regulatory request.  

• To enforce or apply Our terms of services and other agreements, including for billing and collection purposes.  

• If We believe disclosure is necessary or appropriate to protect the rights, property, or safety of One Mnet Health, Our customers, or others.  

The categories of Personal Information We may disclose include: 

Your State Privacy Rights 
State consumer privacy laws may provide their residents with additional rights regarding our use of their personal information. For example, California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, and Virginia provide their state residents with the following rights: 

• Right to Know/Access the personal information we have collected from or about you 

• Right to Data Portability 

• Right to Delete the personal information we have collected from or about you 

• Right to Correct inaccurate personal information we maintain about you 

• Right to Request Categories of Third Parties with whom your information has been disclosed (list of the specific third parties for MN and OR Residents) 

• Right to Appeal a decision We have made in connection with your privacy rights request 

• Right to Request Removal of Content [California residents under age of eighteen (18) only] 

• Right to Non-Discrimination  

• Right to Opt-out of sharing your information  

• Right to Limit the use and disclosure of sensitive personal information  

• Shine the Light Requests (California residents only) 

The exact scope of these rights may vary by state. For additional information pertaining to California residents, please visit the CA Notice at Collection page at https://www.onemedicalpassport.com/app/ca-notice. To exercise any of these rights, you may contact our Privacy team at privacy@onemnethealth.com. An appeal to a decision regarding a consumer rights request may also be directed to our Support team.   

Security Procedures in Place to Protect Information 

Technical 

One Mnet Health maintains a secure data environment protected by industry-standard firewalls and continuous monitoring. Our firewalls are configured to allow only authorized network connections to and from Our Website, blocking any unauthorized access attempts before they reach sensitive systems or information. 

All systems are monitored 24 hours a day, 7 days a week, to ensure that security protections are functioning as intended. We remain current with recognized cybersecurity best practices and implement ongoing risk mitigation measures to safeguard your data. 

As an added layer of protection, Our databases are not directly accessible from the Internet. All confidential information is transmitted using 256-bit Secure Sockets Layer (SSL) encryption, which ensures that data is encrypted (“scrambled”) during transmission so it cannot be read if intercepted. 

For your protection, sessions that remain inactive for 75 minutes automatically time out and require re-authentication before access is restored. 

Patient 

Access to your information requires a valid username and password. You are responsible for maintaining the confidentiality and security of your login credentials. We recommend choosing a strong, unique password that you can remember without writing down. If you must record it, store it separately from your username and in a secure location. 

While We take extensive measures to safeguard your information, please note that data transmission over the internet is never completely secure. We cannot guarantee the security of Personal Information transmitted to Our Website, and any such transmission is at your own risk. One Mnet Health is not responsible for unauthorized access resulting from the circumvention of privacy settings or security measures applied to Our Website, mobile applications, or related platforms.  

Correcting or Updating Your Information 

You may contact One Mnet Health’s Support Team at ticket@onempcompany.com to request access to, correction of, or deletion of any Personal Information you have provided. Please note that We may decline a request if We believe the change would violate a legal requirement or result in inaccurate information. 

Removing Yourself from One Mnet Health 

If you wish to have your information removed from One Mnet Health’s systems, you may contact Our Support Team at ticket@onempcompany.com and provide your name and username. Once your identity has been verified, We will delete your information from Our database in accordance with applicable laws and retention requirements. 

Contacting One Mnet Health 

If you contact us through Our online form, We will respond using the contact method you provide. We may retain your message for future reference to assist with any follow-up inquiries. Additionally, We may use the information from your request to help us identify opportunities to improve Our Website and services. 

External Links 

Our Website may contain links to external sites, such as third-party SSL certificate verifiers, that are outside of Our control. If you choose to follow these links, please note that those Websites may have their own privacy policies and practices, which differ from those of One Mnet Health. We are not responsible for the content, security, or privacy practices of any third-party Websites. 

Foreign Language Support 

If a language other than English is selected, the page will be translated using Google Translate. The page content is temporarily sent to Google for translation and then returned in the selected language. Google does not store or log this information. If you view the site in English, no data is transmitted to Google. 

Changes to Our Privacy Policy 

We reserve the right to change this Privacy Policy. We will provide notification of the material changes to this Privacy Policy through the Website. 

This policy was last modified on January 7, 2026. 

Last Modified on January 23, 2026

One Medical Passport Inc. dba One Mnet Health (“We”) offers you a secure and proprietary online platform to help you manage your medical information, scheduling information, and quality assurance information ("Service"). THE SERVICE THAT ONE MNET HEALTH PROVIDES TO YOU IS SUBJECT TO THE FOLLOWING TERMS OF USE. PLEASE READ THE FOLLOWING INFORMATION CAREFULLY. IN COMPLIANCE WITH THE CHILDREN’S ONLINE PRIVACY PROTECTION ACT, YOU MUST BE EIGHTEEN (18) YEARS OF AGE OR OLDER TO SUBMIT PERSONAL MEDICAL DATA AND INFORMATION. IN UTILIZING THIS SERVICE, YOU REPRESENT THAT YOU ARE OVER EIGHTEEN (18) YEARS OF AGE. BY CLICKING ON THE "I ACCEPT" BUTTON BELOW, YOU ACKNOWLEDGE THAT YOU UNDERSTAND AND ACCEPT THE FOLLOWING TERMS OF USE. IF YOU DO NOT ACCEPT THESE TERMS OF USE, YOU MAY NOT ACCESS THIS SITE OR UTILIZE ANY OF THE SERVICES PROVIDED ON OR THROUGH THIS SITE. 

GENERAL 

Access and Use of Service by Patient. One Mnet Health shall provide to you the non-exclusive right to access the Service through One Mnet Health's Website (“Website”.) The Website, also referred to as the “Web Portal” or “Web Application,” refers to the site located at www.onemedicalpassport.com and includes, without limitation, all associated domains, subdomains, pages, and any related or successor sites. It also encompasses all features, content, and services made available through or in connection with the Website, including, without limitation, any web portals, user dashboards, or software applications accessed via web browser, mobile device, or other platforms. "Patient(s)" shall mean individuals like yourself and/or the legal guardians thereof, who utilize the Service; and the term "Patient Medical Data" shall mean your medical data and information as entered into the Service pursuant to the terms and conditions provided herein and which, upon authorization, will be shared with other healthcare providers and third parties. All information We collect on this Site is subject to our Privacy Policy. By using this Site, you consent to all actions taken by One Mnet Health with respect to your Patient Medical Data in compliance with the Privacy Policy.  

Information and Instructions to be Provided to the Patients. Information and instructions for inputting your Patient Medical Data into the Service are set forth on the Website and are in addition to those instructions already provided to you. 

Limitations of Service. You are solely responsible for all equipment, software and connections to the Internet required to gain access to the Website. 

Verification of Accuracy and Completeness of Patient Medical Data. The Service provides functionality that permits you to verify the accuracy and completeness of your Patient Medical Data. You shall be responsible for the accuracy and completeness of your inputted Patient Medical Data. One Mnet Health is not responsible for the accuracy and completeness of all Patient Medical Data, and for verifying such Patient Medical Data with you. 

SECURITY AND DATA RIGHTS 

Integrity and Confidentiality of Patient Medical Data. One Mnet Health shall deploy commercially reasonable and available security measures to protect the availability, integrity, and confidentiality of your Patient Medical Data. 

Security. You ensure that you will: (a) be responsible for the security and/or use of your user id and password; (b) not permit any other person or entity to use your user id and password; and (c) access and use the Service in accordance with these Terms of Use, Privacy Policy, and all applicable local, state, and federal laws and regulations. You shall also be responsible for: (d) your obligations under these Terms of Use and the restrictions set forth in these Terms of Use; and (e) your use of the Service. One Mnet Health reserves the right to deny or revoke access to the Service, in whole or in part, if One Mnet Health reasonably believes that you are in breach of these Terms of Use or are otherwise using or accessing the Service inconsistent with the Terms of Use. 

Ownership and Use of Patient Medical Data. You own and retain all right, title and interest in and to all of your Patient Medical Data and One Mnet Health shall obtain no other interest whatsoever in such Patient Medical Data, except as otherwise expressly provided herein and in the Privacy Policy. Provided that One Mnet Health obtains prior authorization in writing or electronic form, and in compliance with applicable law, including the Health Insurance Portability and Accountability Act of 1996 and all regulations pertaining thereto (collectively, "HIPAA"), from you, One Mnet Health may use your Patient Medical Data in connection with the Service, or disclose your Patient Medical Data to healthcare providers and third parties. 

PROPRIETARY RIGHTS 

One Mnet Health Materials. All materials, including without limitation, the Service, any computer software, web pages, web-based applications, Internet domain names, data or information developed or provided by One Mnet Health, and any ideas, know-how, text, displays, images, video, audio, design, methodologies, equipment or processes conceived, developed or used to provide the Service or other deliverables or services including, without limitation, all copyrights, trademarks, patents, trade secrets and any other proprietary rights related to such materials (collectively, "One Mnet Health Materials") shall be and remain the sole and exclusive property of One Mnet Health. 

General Restrictions. Commercial use of this Service is prohibited. Except as otherwise provided in these Terms of Use, you shall not: (a) provide, disclose, divulge or make available to or permit use of the Service by any third party; (b) copy or reproduce all or any part of the Service (except as expressly provided for herein); (c) interfere, or attempt to interfere, with the Service in any way; (d) distribute, market, sell, lease, transfer, license or sublicense the Service; (e) reproduce, modify, change, alter, translate, create derivative works from, reverse engineer, delete, republish, download, store, transmit, disassemble or decompile the Service, or discover or attempt to discover the source code of all or any portion of the Service in any way for any reason; (f) engage in spamming, mailbombing, spoofing or any other fraudulent, illegal or unauthorized use of the Service or One Mnet Health's systems; (g) introduce into or transmit through the Service any virus, worm, trap door, back door, timer, clock, counter or other limiting routine, instruction or design; (h) attempt to provide or create a link to the Service, except as authorized by One Mnet Health; (i) create any frames at any other web sites pertaining to or using any of the information provided by the Service; or (j) engage in or allow any action involving the Service that is inconsistent with these Terms of Use.

FEES 

Fees. Use of the Service is at no charge to patients. The Service is made available through arm’s length transactions with healthcare providers, who cover the associated fees as part of their use of the platform. 

TERM AND TERMINATION 

Term. These Terms of Use will commence as soon as you access and use the service and continue for the duration of your access and use. One Mnet Health shall have the right to terminate your access to all or part of this site at any time, with or without notice. 

WARRANTIES 

Patient's Warranties. You represent and warrant to One Mnet Health that you have the capacity to understand and accept these terms. Furthermore, you represent and warrant that you are not accessing the service under misrepresentation or false identification. If you are inputting Patient Medical Data on behalf of another, you warrant and represent that you have the right to be binding to that other person. 

DISCLAIMER. ONE MNET HEALTH AND ITS AFFILIATES, SUBCONTRACTORS AND THIRD PARTY LICENSORS, IF ANY, MAKE NO REPRESENTATIONS OR WARRANTIES, WHETHER EXPRESS, IMPLIED OR STATUTORY REGARDING OR RELATING TO THE SERVICE PROVIDED TO YOU UNDER THIS AGREEMENT, AND WITHOUT LIMITING THE GENERALITY OF THE FOREGOING, ONE MNET HEALTH SPECIFICALLY DISCLAIMS ANY AND ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NONINFRINGEMENT. THE SERVICE IS PROVIDED "AS IS, AND WITH ALL FAULTS." ONE MNET HEALTH DOES NOT GUARANTEE THAT YOUR ACCESS TO THE SERVICE PROVIDED UNDER THIS AGREEMENT WILL BE UNINTERRUPTED, ERROR FREE OR SECURE. ONE MNET HEALTH IS NOT A HEALTH SERVICES PROVIDER AND MAKES NO REPRESENTATION OR WARRANTY, EXPRESS OR IMPLIED, TO YOU OF THE SERVICE REGARDING THE COMPLETENESS OR ACCURACY OF THE PATIENT MEDICAL DATA YOU ENTER, NOR ANY INTERPRETATION, MEDICAL DECISION OR COURSE OF MEDICAL TREATMENT RELATED THERETO. FURTHER, ONE MNET HEALTH DOES NOT WARRANT TO YOU THE AVAILABILITY OF THE SERVICE AT ALL TIMES AND SPECIFICALLY EXCLUDES AVAILABILITY DURING SCHEDULED DOWNTIME FOR MAINTENANCE PURPOSES, UNSCHEDULED MAINTENANCE AND SYSTEM OUTAGES, AND/OR AVAILABILITY OF THE SERVICE FOR REASONS BEYOND ONE MNET HEALTH'S CONTROL. 

LIMITATION OF LIABILITY 

ONE MNET HEALTH AND ITS AFFILIATES, SUBCONTRACTORS AND THIRD PARTY LICENSORS SHALL NOT BE LIABLE FOR ANY LOSS OF USE, LOSS OF GOODWILL, EMOTIONAL DISTRESS, BUSINESS INTERRUPTION, LOSS OF OR DAMAGE TO YOUR PATIENT MEDICAL DATA, COST OF COVER, DIRECT, INDIRECT, SPECIAL, PUNITIVE, INCIDENTAL OR CONSEQUENTIAL DAMAGES OF ANY KIND IN CONNECTION WITH OR ARISING OUT OF THE FURNISHING, PERFORMANCE OR USE OF THE SERVICE UNDER THESE TERMS OF USE, WHETHER ALLEGED AS A BREACH OF CONTRACT OR TORT, INCLUDING NEGLIGENCE, EVEN IF ONE MNET HEALTH HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. IN ADDITION, ONE MNET HEALTH WILL NOT BE LIABLE FOR ANY DAMAGES CAUSED BY ANY DELAY IN DELIVERY OR FURNISHING ACCESS TO THE SERVICE UNDER THESE TERMS OF USE. SINCE THE SERVICE IS PROVIDED TO YOU AT NO CHARGE, ONE MNET HEALTH SHALL NOT BE LIABLE UNDER THESE TERMS OF USE FOR ANY DAMAGES OF ANY KIND. 

INDEMNIFICATION 

Patient. One Mnet Health does not have any responsibility for your medical treatment or care. You shall indemnify, defend and hold harmless One Mnet Health, its directors, officers, employees, agents, successors and assigns and defend any action brought against same with respect to any claim, demand, cause of action, debt or liability, including reasonable attorneys' fees, arising out of or relating to: (a) any injury resulting from the use of your Patient Medical Data; (b) any claim that your Patient Medical Data is inaccurate or incomplete; (c) any non-compliance with the terms of the Verification of Accuracy and Completeness of Patient Medical Data; (d) claims that content or information provided by you infringes the intellectual property rights of a third party; or (e) any breach of these Terms of Use by you. 

PRIVACY AND CONFIDENTIALTY 

One Mnet Health Privacy Policy. One Mnet Health's Privacy Policy is provided at the One Mnet Health Website. By agreeing to these Terms of Use, you acknowledge that you have had prior access and agree to the terms of the Privacy Policy. You further acknowledge and agree that the terms of the Privacy Policy may be updated by One Mnet Health from time to time, and that such updated Privacy Policy terms shall be incorporated into these Terms of Use. 

Privacy Terms. One Mnet Health acknowledges that in providing the Service and carrying out its obligations under these Terms of Use, One Mnet Health and its subcontractors, employees, affiliates, agents, representatives, partners, or third parties may have access to your medical records and health information. One Mnet Health will take all reasonable precautions necessary to safeguard the confidentiality of your Patient Medical Data, which will in no event be less than a reasonable degree of care. One Mnet Health agrees to use reasonable efforts to comply with any local, state or federal law and regulations governing the privacy and confidentiality of the content of your Patient Medical Data including, without limitation, HIPAA. 

Business Associate Relationship. One Mnet Health provides services to healthcare providers and other covered entities or business associates as defined by HIPAA and by Patients who access the services in their personal capacity. You acknowledge and agree that when the Cloud Services are: Provided to or on behalf of a healthcare provider or covered entity, in a manner that involves the use or disclosure of protected health information (“PHI”) as defined by HIPAA, One Mnet Health may act as a business associate of the healthcare provider or covered entity and the parties may enter into a separate Business Associate Agreement (“BAA”) governing One Mnet Health’s use and disclosure of PHI. 

Provided directly to a patient, One Mnet Health acts as an independent service provider to the Patient and not as a health care provider, covered entity, or business associate to this Patient. Therefore, One Mnet Health’s handling of information is governed by the Patient’s acceptance of these Terms of Service and Privacy Policy. Any authorization or consent associated with Patient Medical Information shall be obtained directly from patient.   

MISCELLANEOUS 

Waiver and Severability. Any waiver or modification of these Terms of Use will not be effective unless executed in writing and signed by you and One Mnet Health. The failure of either party to enforce, or the delay by either party in enforcing, any of its rights under these Terms of Use will not be deemed to be a waiver or modification by such party of any of its rights under this Agreement. If any provision of these Terms of Use is held to be unenforceable, in whole or in part, such holding will not affect the validity of the other provisions of the Terms of Use. 

Governing Law; Jurisdiction. All matters relating to the Website and these Terms of Use, and any dispute or claim arising therefrom or related thereto, shall be governed by, interpreted, and construed in accordance with the laws of the State of Delaware, without regard to conflict of law principles or rules. At One Mnet Health’s sole discretion, it may require you to submit any disputes arising from these Terms of Use or use of the Site, including disputes arising from or concerning their interpretation, violation, invalidity, non-performance, or termination, to final and binding arbitration under the Rules of Arbitration of the American Arbitration Association applying Massachusetts Law. ANY CAUSE OF ACTION OR CLAIM YOU MAY HAVE ARISING OUT OF OR RELATING TO THESE TERMS OF USE OR THE WEBSITE MUST BE COMMENCED WITHIN ONE (1) YEAR AFTER THE CAUSE OF ACTION ACCRUES; OTHERWISE, SUCH CAUSE OF ACTION OR CLAIM IS PERMANENTLY BARRED. 
 
Assignment. One Mnet Health may revise and update these Terms of Use from time to time in our sole discretion. All changes are effective immediately when We post them and apply to all access to and use of the Website thereafter. We may update the content on this Website from time to time, but its content is not necessarily complete or up to date. Any of the material on the Website may be out of date at any given time, and we are under no obligation to update such material.  

Reliance on Information Posted. The information presented on or through the Website is made available solely for general information purposes. We do not warrant the accuracy, completeness, or usefulness of this information. Any reliance you place on such information is strictly at your own risk. We disclaim all liability and responsibility arising from any reliance placed on such materials by you or any other visitor to the Website, or by anyone who may be informed of any of its contents. 

This Website may include content provided by third parties, including materials provided by other users, bloggers, and third-party licensors, syndicators, aggregators, and/or reporting services. All statements and/or opinions expressed in these materials, and all articles and responses to questions and other content, other than the content provided by One Mnet Health, are solely the opinions and the responsibility of the person or entity providing those materials. These materials do not necessarily reflect the opinion of One Mnet Health. We are not responsible, or liable to you or any third party, for the content or accuracy of any materials provided by any third parties. 

Links from the Website. If the Website contains links to other sites and resources provided by third parties, these links are provided for your convenience only. This includes links contained in advertisements, including banner advertisements and sponsored links. We have no control over the contents of those sites or resources and accept no responsibility for them or for any loss or damage that may arise from your use of them. If you decide to access any of the third-party Websites linked to this Website, you do so entirely at your own risk and subject to the terms and conditions of use for such Websites. 

Geographic Restrictions. We provide this Website for use only by persons located in the United States. We make no claims that the Website or any of its content is accessible or appropriate outside of the United States. Access to the Website may not be legal by certain persons or in certain countries. If you access the Website from outside the United States, you do so on your own initiative and are responsible for compliance with local laws.