The next step for IDEX, the future of dermatology. View IDEX partnership

subQdocs User Agreement

This subQdocs User Agreement (this “Agreement“) effective upon the date You first access or use the Services (“Effective Date“), is by and between subQdocs Co., a Delaware corporation and its respective parents, subsidiaries, branches, affiliates, agents, employees, successors and assigns (“Company“), and the person or entity accessing or using the Services (“You” or “Customer“). Company and Customer may be referred to herein collectively as the “Parties” or individually as a “Party.”

Company provides the Services solely on the terms and conditions set forth in this Agreement and on the condition that Customer accepts and complies with them. By selecting that You agree and accessing or using the Services, Customer (a) accepts this Agreement and agrees that Customer is legally bound by its terms; and (b) represents and warrants that: (i) You are 18 years of age or older or of legal age to enter into a binding agreement; and (ii) if Customer is a corporation, governmental organization, or other legal entity, You have the right, power, and authority to enter into this agreement on behalf of Customer and bind Customer to its terms. If You do not agree with any of the terms of this Agreement, You may not access or use the Services.

The Agreement contains a Business Associate Agreement (BAA) in Exhibit B, governing the handling of Protected Health Information.

Section 10 of this Agreement contains a binding arbitration provision, which requires that any disputes that should arise from accessing or using the Services shall be resolved exclusively by an arbitrator. Section 10 of this Agreement also contains a waiver to a jury trial or any class action proceedings. Please read Section 10 as it affects your rights under this Agreement.

Company uses AI Technology to provide the Services under this Agreement. By selecting that You agree and accessing or using the Services, You understand and agree that You are responsible for obtaining all of the relevant consents to use the Services for your use cases, including the processing of Customer Data by AI technology. You also acknowledge and agree that due to the inherent nature of AI Technology, Company does not warrant or guarantee (i) the accuracy or appropriateness (including medical accuracy or appropriateness) of any AI Output or other information generated by artificial intelligence engines or systems or (ii) that AI Output or other information will be accurate or appropriate (including medical accuracy or appropriateness) for Customer’s use cases, and Customer fully and irrevocably waives and discharges Company from any responsibility in this regard. Customer is solely responsible for all use of the AI Output and information and for evaluating the accuracy and appropriateness (including medical accuracy or appropriateness) of the AI Output and information for Customer’s use cases, including by utilizing human review as appropriate.

The Parties agree as follows:

  1. Definitions.
    1. AI Input” means information, data, materials, text, prompts, images, instructions, audio, or other content that is (i) input, entered, posted, uploaded, submitted, transferred, transmitted, or otherwise provided or made available that may be processed by or through AI Technology, or (ii) collected, downloaded, or otherwise received by AI Technology.
    2. AI Output” information, data, materials, text, prompts, images, or other content of any type and in any format, medium, or form, whether audio, visual, textual, or other results generated, produced, or resulting from, transmitted, or otherwise provided or made available by or in connection with any processing by or through AI Technology in response to an AI Input. For the avoidance of doubt, AI Output constitutes Customer Data.
    3. AI Technology” means any software-enabled technology utilizing deep learning, machine learning, automated decision-making, or artificial intelligence, including any and all software, data, databases and systems that make use of or employ neural networks, statistical learning algorithms (like linear or logistic regressions, support vector machines, random forests, k-means clustering), transformers, large language models, or reinforcement learning.
    4. Anonymized Statistics” means data and information related to or derived from Company’s monitoring of Customer’s use and Company’s provision of the Services and is used by Company in a deidentified manner, including to compile statistical and performance information related to the provision and operation of the Services and to improve, develop, adapt, modify, train, or enhance the Services or other products or services the Services. Anonymized Data does not include Customer Data.
    5. Authorized User” means Customer’s employees, consultants, contractors, and agents (i) who are authorized by Customer to access and use the Services under the rights granted to Customer pursuant to this Agreement and (ii) for whom access to the Services has been purchased hereunder.
    6. CCPA” means the California Consumer Privacy Act, as amended by the California Privacy Rights Act, and as it may be further amended, along with any associated regulations.
    7. Customer Data” means, other than Anonymized Statistics, information, data, and other content, in any form or medium, that is submitted, posted, or otherwise transmitted by or on behalf of Customer or an Authorized User through the Services. Customer Data includes PHI as the term is defined in Exhibit B.
    8. Documentation” means Company’s user manuals, handbooks, and guides relating to the Services provided by Company to Customer either electronically or in hard copy form/end user documentation relating to the Services available at https://subqdocs.ai/. Documentation excludes Licensed Content.
    9. Company IP” means the Services, the Documentation, and any and all intellectual property provided to Customer or any Authorized User in connection with the foregoing. For the avoidance of doubt, Company IP includes Anonymized Statistics and any information, data, or other content derived from Company’s monitoring of Customer’s access to or use of the Services, but does not include Customer Data. Company IP excludes Licensed Content.
    10. Services” means the software-as-a-service offering described in Exhibit A of the Provider Agreement. The Services include leveraging AI Input with AI Technology to create AI Output. The Services may include, without limitation, electronic medical records management, patient scheduling, billing and revenue cycle management, electronic prescribing, labs and pathology integration, insurance verification and payer interactions, patient engagement features, and such other features as Company may make available from time to time. Customer acknowledges that the Services are under active development and that features will be released in stages; not all features may be available at the Effective Date. The Services incorporate AI Technology throughout the platform, including without limitation AI-assisted clinical documentation, diagnostic and procedure coding suggestions, billing optimization, patient scheduling, and such other AI-enhanced capabilities as Company may deploy. Customer acknowledges that AI-generated outputs across all Service features are subject to the disclaimers and limitations set forth in this Agreement.
    11. Territory” refers to the United States of America.
    12. Additional Platform Charges” means fees, charges, and costs for: (a) third-party software, services, or integrations used in connection with the Services (including but not limited to laboratory interfaces, e-prescribing networks, payer connectivity, and fax services); and (b) usage-based services and features that are billed based on consumption volume, transaction count, message volume, or similar metrics. Additional Platform Charges are separate from and in addition to the Fees for the Services.
    13. Provider Agreement” means any separately executed agreement between Company and Customer establishing pricing, payment terms, development grant obligations, rate lock rights, or other commercial terms specific to Customer’s subscription to the Services, including any Provider Agreement entered into in connection with a provider network affiliation.
    14. Service Commencement Date” means the date on which the Services have achieved the level of functionality sufficient for general commercial availability, as confirmed by Company in writing or as otherwise defined in an applicable Provider Agreement.
    15. Third-Party Integrations” means integrations between the Services and third-party systems and services, including without limitation electronic prescribing networks laboratory information systems, payer portals, claims clearinghouses, pharmacy benefit managers, and fax services.
  2. Access and Use.
    1. Provision of Access. Subject to terms and conditions of this Agreement, Company hereby grants Customer a non-exclusive, non-transferable (except in compliance with Section 11(h)) right to access and use the Services during the Term, solely for use by Authorized Users in accordance with the terms and conditions herein. Such use is limited to Customer’s internal use. Company shall provide to Customer the necessary links or connections to allow Customer to access the Services. Company may modify the Services at any time, including adding or removing functionality or imposing conditions on use of the Services. Customer acknowledges that not all features of the Services may be available at the Effective Date and that access to certain features may require acceptance of additional terms, configurations, or compliance obligations.
    2. Documentation License. Subject to the terms and conditions contained in this Agreement, Company hereby grants to Customer a non-exclusive, non-sublicensable, non-transferable (except in compliance with Section 11(h)) license to use the Documentation during the Term solely for Customer’s internal business purposes in connection with its use of the Services.
    3. Use Restrictions. Customer shall not use the Services for any purposes beyond the scope of the access granted in this Agreement. Customer shall not at any time, directly or indirectly, and shall not permit any Authorized Users to: (i) copy, modify, or create derivative works of the Services or Documentation, in whole or in part; (ii) rent, lease, lend, sell, license, sublicense, assign, distribute, publish, transfer, or otherwise make available the Services or Documentation; (iii) reverse engineer, disassemble, decompile, decode, adapt, or otherwise attempt to derive or gain access to any software component of the Services, in whole or in part; (iv) use in a manner that interferes with, damages, or disrupts the proper working of the Services; (v) remove any proprietary notices from the Services or Documentation; (vi) use Documentation, Company IP, or Licensed Content in any AI Technology, including any large language model (LLM) for pre-training, training, or fine-tuning, or for any other artificial intelligence model development, training, or tuning purposes, except as provided in the Services; or (vii) use the Services or Documentation in any manner or for any purpose that infringes, misappropriates, or otherwise violates any intellectual property right or other right of any person, or that violates any applicable law.
    4. Reservation of Rights. Company reserves all rights not expressly granted to Customer in this Agreement. Except for the limited rights and licenses expressly granted under this Agreement, nothing in this Agreement grants, by implication, waiver, estoppel, or otherwise, to Customer or any third party any intellectual property rights or other right, title, or interest in or to the Company IP.
    5. Suspension. Notwithstanding anything to the contrary in this Agreement, Company may temporarily suspend Customer’s and any Authorized User’s access to any portion or all of the Services if: (i) Company reasonably determines that (A) there is a threat or attack on any of the Company IP; (B) Customer’s or any Authorized User’s use of the Company IP disrupts or poses a security risk to the Company IP or to any other customer or vendor of Company; (C) Customer, or any Authorized User, is using the Company IP for fraudulent or illegal activities; (D) subject to applicable law, Customer has ceased to continue its business in the ordinary course, made an assignment for the benefit of creditors or similar disposition of its assets, or become the subject of any bankruptcy, reorganization, liquidation, dissolution, or similar proceeding; or (E) Company’s provision of the Services to Customer or any Authorized User is prohibited by applicable law; (ii) any vendor of Company has suspended or terminated Company’s access to or use of any third-party services or products required to enable Customer to access the Services; or (iii) in accordance with Section 5(a) (any such suspension described in subclause (i), (ii), or (iii), a “Service Suspension“). Company will have no liability for any damage, liabilities, losses (including any loss of data or profits), or any other consequences that Customer or any Authorized User may incur as a result of a Service Suspension.
    6. Anonymized Statistics. Notwithstanding anything to the contrary in this Agreement, Company may monitor the Services and collect and compile Anonymized Statistics. As between Company and Customer, all right, title, and interest in Anonymized Statistics, and all intellectual property rights therein, belong to and are retained solely by Company. Customer acknowledges that Company may compile Anonymized Statistics based on Customer Data, including AI Input and AI Output, used or generated by the Services. Company may use Anonymized Statistics to improve, develop, adapt, modify, train, or enhance the Services or other products or services; provided that such Anonymized Statistics do not contain PHI as defined in Exhibit B.
    7. Subcontractors. Company may from time to time in its discretion engage third parties to perform the Services, or a portion thereof (each, a “Subcontractor“).
    8. Third-Party Integrations. Certain features of the Services rely on Third-Party Integrations. Customer acknowledges that (a) Third-Party Integrations are subject to the terms, availability, and performance of the applicable third-party provider; (b) Company does not control and is not responsible for the availability, accuracy, or performance of Third-Party Integrations; (c) access to certain Third-Party Integrations may require Customer to accept additional terms imposed by the third-party provider; (d) Company may substitute alternative third-party providers in its discretion; and (e) Third-Party Integrations may be subject to Additional Platform Charges.
    9. Patient-Facing Features. To the extent the Services include patient-facing features, including without limitation patient portals, appointment booking, check-in kiosks, or patient messaging, Company may require that patients accept a separate Patient Terms of Use prior to accessing such features. Customer shall cooperate with Company in making such terms available to patients. Customer is solely responsible for ensuring that its use of patient-facing features complies with all applicable laws, including without limitation the Telephone Consumer Protection Act (TCPA) and applicable state communications and telehealth consent laws.
  3. Customer Responsibilities.
    1. General. Customer is responsible and liable for all uses of the Services and Documentation resulting from access provided by Customer, directly or indirectly, whether such access or use is permitted by or in violation of this Agreement. Without limiting the generality of the foregoing, Customer is responsible for all acts and omissions of Authorized Users, and any act or omission by an Authorized User that would constitute a breach of this Agreement if taken by Customer will be deemed a breach of this Agreement by Customer. Customer shall use reasonable efforts to make all Authorized Users aware of this Agreement’s provisions as applicable to such Authorized User’s use of the Services and shall cause Authorized Users to comply with such provisions.
    2. Disclosures and Consents. Customer represents, warrants, and covenants that Customer owns or otherwise has and will have all necessary rights, permissions, and consents in and relating to the Customer Data so that, as received by Company and processed in accordance with this Agreement, it does not and will not infringe, misappropriate, or otherwise violate any intellectual property rights, or any privacy or other rights of any third party or violate any applicable law. Without limiting the foregoing, to the extent Customer uses the Services for electronic prescribing, labs and pathology integration, insurance verification, claims submission, revenue cycle management, or other regulated functions, Customer is solely responsible for obtaining all consents, authorizations, and approvals required under applicable federal and state law for such use, including without limitation any consents required for the electronic transmission of prescriptions, exchange of clinical data with third-party laboratories or payers, and submission of insurance claims. Customer is further solely responsible for obtaining all necessary patient consents and authorizations for the use of patient engagement features, including but not limited to appointment reminders, patient portal communications, and text or email messaging, in compliance with the Telephone Consumer Protection Act (TCPA) and applicable state communications and telehealth consent laws. To the extent Customer uses the photo and document management features of the Services, Customer is solely responsible for obtaining patient authorization for clinical photography in compliance with HIPAA and applicable state law.
    3. Compliance with the Law. For the avoidance of doubt, Customer is solely responsible for ensuring that it uses Services in compliance with all laws applicable to Customer’s business, business operations, products and services, including without limitation, any laws applicable to privacy and security, and for evaluating and determining whether its use of the Services and any underlying Systems or technology are permissible and appropriate under such laws. The Services may include regulated functions such as electronic prescribing, insurance claims processing, medical records management, and clinical data exchange. Customer is solely responsible for compliance with all laws applicable to such functions, including without limitation electronic prescribing regulations (including requirements for electronic prescribing of controlled substances, if applicable), state medical records retention laws, the 21st Century Cures Act and applicable information blocking regulations, and any Promoting Interoperability or successor program requirements. Customer is solely responsible for ensuring that its use of the electronic prescribing features complies with all applicable DEA and state pharmacy board requirements.
  4. Privacy and Data Security.
    1. Privacy. Company shall collect, process, and disclose Customer Data only as necessary for the purposes specified in this Agreement and shall comply with all applicable privacy laws and Covered Entity instructions.
      1. Upon Customer’s request, Company shall use commercially reasonable efforts to delete or enable Customer to delete all Customer Data within ninety (90) days of such request, except where it would be technically infeasible to delete the data or retention is required by applicable law.
      2. To the extent US state privacy laws apply, as between the Parties, Customer is a Data Controller or Data Processor and Company is a Data Processor, as the terms are defined in applicable privacy laws.
      3. To the extent that the CCPA applies, Company shall not use Customer Data outside of the direct business relationship with Customer; “sell” or “share” Customer Data, as those terms are defined under the CCPA; retain, use or disclose Customer Data outside of the direct business relationship between Customer and Company; or except as permitted by law, combine Customer Data with other information it receives from, or on behalf of, another person or persons, or collects from its own interaction with an individual.
      4. Company may use Subcontractors per Section 2(g).
      5. Company will process Customer Data classified as PHI, as the term is defined in Exhibit B, in compliance with Exhibit B.
    2. Data Security. Company agrees that its collection, use, storage, and disposal of Customer’s Confidential Information shall at all times comply with appliable law. Company shall implement and maintain security procedures and practices for Confidential Information that ensure a level of security appropriate to the risk and comply with Applicable Law for security and confidentiality, protect against any anticipated or actual threats or hazards to its security or integrity, and prevent unauthorized access, acquisition, destruction, use, modification and/or disclosure, including without limitation, establishing, implementing and maintaining an information security program. Company shall ensure that its security infrastructures are consistent with industry standards for virus protection, firewalls, and intrusion prevention technologies to help prevent its network, systems, servers, and applications from unauthorized access.
    3. Notwithstanding any other provision in this Agreement, Customer Data is subject to the following automated retention schedule:
      1. Audio Recordings: To enhance security and privacy, audio recordings of patient interactions are automatically and permanently deleted following the completion of their transcription. These recordings are not accessible to Customer or Authorized Users at any time.
      2. Transcripts: Transcriptions of patient interactions are retained and accessible to Authorized Users for a period of thirty (30) days from the date of their creation. Following this 30-day period, all transcripts are automatically and permanently deleted.
      3. Finalized Notes: Only the finalized notes that an Authorized User affirmatively saves or integrates into the patient’s medical record are maintained indefinitely by the Services as part of the Customer Data. Customer is solely responsible for determining which notes to retain as part of the official medical record.
      4. Medical Records and EMR Data: To the extent Customer uses the electronic medical records functionality of the Services, all patient medical records, clinical documentation, and associated data entered into or generated through the Services shall be retained for the duration of Customer’s subscription and for a period of ninety (90) days following termination, during which Customer may export such data. Customer is solely responsible for ensuring that its retention of medical records complies with applicable state and federal law, including any minimum retention periods required for medical records in Customer’s jurisdiction(s) of practice.
      5. Billing and Claims Data: Billing records, insurance claims data, payment histories, and revenue cycle management records shall be retained for the duration of Customer’s subscription and for a period of ninety (90) days following termination. Customer is solely responsible for maintaining independent copies of billing and claims records as required by applicable law, payer contracts, or professional standards.
      6. Scheduling and Administrative Data: Patient scheduling records, appointment histories, and administrative data shall be retained for the duration of Customer’s subscription. Following termination, such data shall be available for export during the ninety (90) day post-termination period described above and thereafter shall be permanently deleted.
      7. Prescription and Lab Data: Electronic prescribing records, laboratory orders and results, and pathology data shall be retained for the duration of Customer’s subscription and for the ninety (90) day post-termination export period. Customer acknowledges that certain prescription records may be subject to additional retention requirements under federal and state controlled substances laws and is solely responsible for compliance with such requirements.
      8. Data Export: Upon termination or expiration of this Agreement, Customer shall have ninety (90) days to export all Customer Data from the Services in a standard, machine-readable format. Company shall make commercially reasonable efforts to provide data export tools or assistance upon Customer’s request. Following the expiration of the ninety (90) day export period, Company shall have no obligation to retain Customer Data and may permanently delete all such data, except as required by applicable law or as necessary for Company to comply with its obligations under Exhibit B.
    4. Interoperability and Data Portability. To the extent applicable, Company shall use commercially reasonable efforts to support the interoperability of the Services with third-party systems in accordance with industry standards, including the exchange of clinical data using standardized formats (such as HL7 FHIR or its successors) where technically feasible and commercially reasonable. Upon Customer’s written request during the Term or during the ninety (90) day post-termination export period described in Section 4(c), Company shall provide Customer Data in a standard, machine-readable format reasonably suitable for migration to another electronic health record system. Company may charge reasonable fees for data export services beyond standard functionality.
  5. Fees and Payment.
    1. Fees. Customer shall pay Company the fees (“Fees“) as set forth in the Agreement without offset or deduction. To the extent that Customer has entered into a separate Provider Agreement with Company, the fee schedule and pricing terms of the Provider Agreement shall control, and any conflicting fee provisions in this Agreement shall be superseded by those of the Provider Agreement. Customer shall make all payments hereunder in US dollars on or before the due date set forth in the Agreement. If Customer fails to make any payment when due, without limiting Company’s other rights and remedies: (i) Company may charge interest on the past due amount at the rate of 1.5% per month calculated daily and compounded monthly or, if lower, the highest rate permitted under applicable law; (ii) Customer shall reimburse Company for all reasonable costs incurred by Company in collecting any late payments or interest, including attorneys’ fees, court costs, and collection agency fees; and (iii) if such failure continues for thirty (30) days or more, Company may suspend Customer’s and its Authorized Users’ access to any portion or all of the Services until such amounts are paid in full. Company may, from time to time, offer a Service or Service feature without charge, or waive Fees for that Service or Service feature. If Company increases Fees, or introduces new Fees, for a Service that Customer is currently using, then Company will notify Customer at least thirty (30) days (or longer period if law requires) before the revised or new Fees apply to Customer. In addition to the Fees for the Services, Customer may incur “Additional Platform Charges,” which means fees, charges, and costs for: (a) third-party software, services, or integrations used in connection with the Services (including but not limited to laboratory interfaces, e-prescribing networks, payer connectivity, and fax services); and (b) usage-based services and features that are billed based on consumption volume, transaction count, message volume, or similar metrics. Additional Platform Charges are separate from and in addition to the Fees for the Services. Prior to Customer incurring any new category of Additional Platform Charges, Company shall provide Customer with reasonable notice describing the nature of such charges and the applicable rate structure.
    2. Taxes. All Fees and other amounts payable by Customer under this Agreement are exclusive of taxes and similar assessments. Customer is responsible for all sales, use, and excise taxes, and any other similar taxes, duties, and charges of any kind imposed by any federal, state, or local governmental or regulatory authority on any amounts payable by Customer hereunder, other than any taxes imposed on Company’s income.
    3. Auditing Rights and Required Records. Company may, at its own expense, on reasonable prior notice, periodically inspect and audit Customer’s records with respect to matters covered by this Agreement, provided that if such inspection and audit reveals that Customer has underpaid Company with respect to any amounts due and payable during the Term, Customer shall promptly pay the amounts necessary to rectify such underpayment, together with interest in accordance with Section 5(a).
    4. Confidential Information. From time to time during the Term, either Party may disclose or make available to the other Party information about its business affairs, products, confidential intellectual property, trade secrets, third-party confidential information, and other sensitive or proprietary information, whether orally or in written, electronic, or other form or media, whether or not marked, designated, or otherwise identified as “confidential” (collectively, “Confidential Information“). Confidential Information does not include information that, at the time of disclosure is: (a) in the public domain; (b) known to the receiving Party at the time of disclosure; (c) rightfully obtained by the receiving Party on a non-confidential basis from a third party; or (d) independently developed by the receiving Party. The receiving Party shall not disclose the disclosing Party’s Confidential Information to any person or entity, except to the receiving Party’s employees who have a need to know the Confidential Information for the receiving Party to exercise its rights or perform its obligations hereunder. Notwithstanding the foregoing, each Party may disclose Confidential Information to the limited extent required (i) in order to comply with the order of a court or other governmental body, or as otherwise necessary to comply with applicable law, provided that the Party making the disclosure pursuant to the order shall first have given written notice to the other Party and made a reasonable effort to obtain a protective order; or (ii) to establish a Party’s rights under this Agreement, including to make required court filings. On the expiration or termination of the Agreement, the receiving Party shall promptly return to the disclosing Party all copies, whether in written, electronic, or other form or media, of the disclosing Party’s Confidential Information, or destroy all such copies and certify in writing to the disclosing Party that such Confidential Information has been destroyed. Each Party’s obligations of non-disclosure with regard to Confidential Information are effective as of the Effective Date and will expire five years from the date first disclosed to the receiving Party; provided, however, with respect to any Confidential Information that constitutes a trade secret (as determined under applicable law), such obligations of non-disclosure will survive the termination or expiration of this Agreement for as long as such Confidential Information remains subject to trade secret protection under applicable law.
  6. Intellectual Property Ownership; Feedback.
    1. Company IP. Customer acknowledges that, as between Customer and Company, Company owns all right, title, and interest, including all intellectual property rights, in and to the Company IP. Company hereby grants Customer a non-exclusive, royalty-free, license to reproduce, distribute, and otherwise use and display the Company IP solely to the extent incorporated into and necessary for Customer to use and otherwise exploit the AI Output solely for Customer’s internal business operations by Authorized Users in accordance with the Agreement and terms and conditions herein.
    2. Customer Data. Company acknowledges that, as between Company and Customer, Customer owns all right, title, and interest, including all intellectual property rights, in and to the Customer Data. Customer hereby grants to Company a non-exclusive, royalty-free, worldwide license to reproduce, distribute, and otherwise use and display the Customer Data and perform all acts with respect to the Customer Data as may be necessary for Company to provide the Services to Customer, and a non-exclusive, perpetual, irrevocable, royalty-free, worldwide license to reproduce, distribute, modify, and otherwise use and display Customer Data incorporated within the Anonymized Statistics.
    3. Feedback. If Customer or any of its employees or contractors sends or transmits any communications or materials to Company by mail, email, telephone, or otherwise, suggesting or recommending changes to the Company IP, including without limitation, new features or functionality relating thereto, or any comments, questions, suggestions, or the like (“Feedback“), Company is free to use such Feedback irrespective of any other obligation or limitation between the Parties governing such Feedback. Customer hereby assigns to Company on Customer’s behalf, and on behalf of its employees, contractors, and/or agents, all right, title, and interest in, and Company is free to use, without any attribution or compensation to any party, any ideas, know-how, concepts, techniques, or other intellectual property rights contained in the Feedback, for any purpose whatsoever, although Company is not required to use any Feedback.
  7. Limited Warranty and Warranty Disclaimer.
    1. EXCEPT FOR THE LIMITED WARRANTY SET FORTH IN SECTION 8(a), THE COMPANY IP AND AI OUTPUT ARE PROVIDED “AS IS” AND COMPANY HEREBY DISCLAIMS ALL WARRANTIES, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE. COMPANY SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT, AND ALL WARRANTIES ARISING FROM COURSE OF DEALING, USAGE, OR TRADE PRACTICE. EXCEPT FOR THE LIMITED WARRANTY SET FORTH IN SECTION 8(a), COMPANY MAKES NO WARRANTY OF ANY KIND THAT THE COMPANY IP, OR ANY PRODUCTS OR RESULTS OF THE USE THEREOF, INCLUDING ANY AI OUTPUTS, WILL MEET CUSTOMER’S OR ANY OTHER PERSON’S REQUIREMENTS, OPERATE WITHOUT INTERRUPTION, ACHIEVE ANY INTENDED RESULT, BE COMPATIBLE OR WORK WITH ANY SOFTWARE, SYSTEM, OR OTHER SERVICES, OR BE SECURE, ACCURATE, COMPLETE, FREE OF HARMFUL CODE, OR ERROR FREE, OR THAT ANY ERRORS OR DEFECTS CAN OR WILL BE CORRECTED. YOU ACKNOWLEDGE THAT, GIVEN THE NATURE OF THE SERVICES AND AI TECHNOLOGY, AI OUTPUT (I) MAY BE INACCURATE, MISLEADING, BIASED, INCOMPLETE, OUTDATED, OR OFFENSIVE, (II) MAY BE THE SAME AS OR SIMILAR TO OUTPUT THE SERVICES GENERATE FOR OTHER CUSTOMERS, (III) MAY NOT QUALIFY FOR INTELLECTUAL PROPERTY PROTECTION, AND (IV) MAY BE SUBJECT TO THIRD PARTY TERMS, INCLUDING, AS APPLICABLE, OPEN SOURCE LICENSES, AND (V) DO NOT NECESSARILY REFLECT, AND MAY BE INCONSISTENT WITH, COMPANY’S AND THIRD-PARTY MEDICAL PROVIDER’S VIEWS.
    2. Customer acknowledges and agrees that, due to the inherent nature of AI Technology, Company does not warrant or guarantee (i) the accuracy or appropriateness of any AI Output or other information generated by artificial intelligence engines or systems or (ii) that AI Output or other information will be accurate or appropriate for Customer’s use cases, and Customer fully and irrevocably waives and discharges Company from any responsibility in this regard. Customer is solely responsible for all use of the AI Output and information and for evaluating the accuracy and appropriateness of the AI Output and information for Customer’s use cases, including by utilizing human review as appropriate. Customer acknowledges that due to the nature of the Services and use of artificial intelligence generally, AI Output and other information may not be unique and other users may receive similar content from the Services. WITHOUT LIMITING THE GENERALITY OF THE FOREGOING, TO THE EXTENT THE SERVICES INCLUDE BILLING, REVENUE CYCLE MANAGEMENT, INSURANCE VERIFICATION, ELECTRONIC PRESCRIBING, SCHEDULING, OR OTHER NON-AI FUNCTIONALITY, COMPANY DOES NOT WARRANT THAT: (A) BILLING CODES, CLAIMS SUBMISSIONS, OR INSURANCE VERIFICATION RESULTS GENERATED OR FACILITATED BY THE SERVICES WILL BE ACCURATE, COMPLETE, OR RESULT IN PAYMENT; (B) ELECTRONIC PRESCRIPTIONS TRANSMITTED THROUGH THE SERVICES WILL BE RECEIVED, PROCESSED, OR FILLED BY ANY PHARMACY OR PAYER; (C) THE SERVICES WILL SATISFY THE REQUIREMENTS OF ANY FEDERAL OR STATE CERTIFICATION PROGRAM, INCLUDING WITHOUT LIMITATION ONC HEALTH IT CERTIFICATION OR PROMOTING INTEROPERABILITY REQUIREMENTS; OR (D) THIRD-PARTY INTEGRATIONS, INCLUDING LABORATORY INTERFACES, PAYER CONNECTIONS, AND E-PRESCRIBING NETWORKS, WILL OPERATE WITHOUT INTERRUPTION OR ERROR. CUSTOMER IS SOLELY RESPONSIBLE FOR VERIFYING THE ACCURACY OF ALL BILLING, CODING, PRESCRIBING, AND CLINICAL OUTPUTS AND FOR ENSURING COMPLIANCE WITH ALL APPLICABLE REGULATORY REQUIREMENTS.
  8. Indemnification.
    1. Clinical Decision Support; No Practice of Medicine. NOTHING IN THE SERVICES CONSTITUTES THE PRACTICE OF MEDICINE, MEDICAL ADVICE, OR A RECOMMENDATION REGARDING THE DIAGNOSIS OR TREATMENT OF ANY PATIENT. ALL AI-GENERATED SUGGESTIONS, INCLUDING BUT NOT LIMITED TO DIAGNOSTIC SUGGESTIONS, PROCEDURE AND BILLING CODE RECOMMENDATIONS, PRESCRIPTION SUGGESTIONS, AND CLINICAL DOCUMENTATION, ARE INFORMATIONAL ONLY AND ARE SUBJECT TO THE INDEPENDENT CLINICAL JUDGMENT AND PROFESSIONAL RESPONSIBILITY OF THE TREATING HEALTHCARE PROVIDER. CUSTOMER AND ITS AUTHORIZED USERS RETAIN SOLE RESPONSIBILITY FOR ALL CLINICAL DECISIONS AND FOR THE ACCURACY OF ALL DOCUMENTATION, CODING, PRESCRIBING, AND CLINICAL CARE. COMPANY IS NOT A HEALTHCARE PROVIDER AND DOES NOT RENDER MEDICAL SERVICES OF ANY KIND.
    2. Billing and Claims Disclaimer. COMPANY DOES NOT GUARANTEE THAT CLAIMS SUBMITTED THROUGH THE SERVICES WILL BE ACCEPTED, PROCESSED, OR PAID BY ANY PAYER, INSURANCE COMPANY, OR GOVERNMENT PROGRAM. COMPANY IS NOT RESPONSIBLE FOR CLAIM DENIALS, UNDERPAYMENTS, OR DELAYED PAYMENTS. CUSTOMER IS SOLELY RESPONSIBLE FOR THE ACCURACY OF ALL CLAIMS AND BILLING INFORMATION SUBMITTED THROUGH THE SERVICES AND FOR COMPLIANCE WITH ALL APPLICABLE FEDERAL AND STATE BILLING AND ANTI-FRAUD LAWS, INCLUDING WITHOUT LIMITATION THE FALSE CLAIMS ACT (31 U.S.C. §§ 3729–3733) AND THE ANTI-KICKBACK STATUTE (42 U.S.C. § 1320a-7b). COMPANY SHALL HAVE NO LIABILITY FOR ANY PENALTIES, FINES, OR OVERPAYMENT RECOUPMENTS RESULTING FROM CLAIMS SUBMITTED BY CUSTOMER THROUGH THE SERVICES.
    3. Regulatory Certification Disclaimer. CUSTOMER ACKNOWLEDGES THAT THE SERVICES HAVE NOT BEEN CERTIFIED UNDER THE ONC HEALTH IT CERTIFICATION PROGRAM (45 CFR PART 170) UNLESS COMPANY HAS PROVIDED WRITTEN CONFIRMATION OF SUCH CERTIFICATION. COMPANY MAKES NO REPRESENTATION THAT THE SERVICES SATISFY THE REQUIREMENTS FOR ANY FEDERAL OR STATE INCENTIVE, PENALTY AVOIDANCE, OR REGULATORY COMPLIANCE PROGRAM PREDICATED ON THE USE OF CERTIFIED ELECTRONIC HEALTH RECORD TECHNOLOGY, INCLUDING WITHOUT LIMITATION THE MEDICARE PROMOTING INTEROPERABILITY PROGRAM OR ANY SUCCESSOR PROGRAM. CUSTOMER IS SOLELY RESPONSIBLE FOR DETERMINING WHETHER ITS REGULATORY OBLIGATIONS REQUIRE THE USE OF ONC-CERTIFIED TECHNOLOGY AND FOR ANY CONSEQUENCES ARISING FROM THE USE OF NON-CERTIFIED TECHNOLOGY.
    4. Company Indemnification.
      1. Company shall indemnify, defend, and hold harmless Customer from and against any and all losses, damages, liabilities, costs (including reasonable attorneys’ fees) (“Losses“) incurred by Customer resulting from any third-party claim, suit, action, or proceeding (“Third-Party Claim“) that the Services or any use of the Services in accordance with this Agreement (in each case, excluding any AI Output or AI Input used by Company to train or tune AI Technology incorporated or included in the Services), infringes or misappropriates such third party’s US intellectual property rights provided that Customer promptly notifies Company in writing of such Third-Party Claim, cooperates with Company, and allows Company sole authority to control the defense and settlement of such Third-Party Claim.
      2. If a Third Party-Claim is made or appears possible, Customer agrees to permit Company, at Company’s sole discretion, to (A) modify or replace the Services, or component or part thereof, to make it non-infringing, or (B) obtain the right for Customer to continue use. If Company determines that neither alternative is reasonably available, Company may terminate this Agreement, in its entirety or with respect to the affected component or part, effective immediately on written notice to Customer.
      3. This Section 8(a) will not apply to the extent that the alleged infringement arises from: (A) use of the Services in combination with data, software, hardware, equipment, or technology not provided by Company or authorized by Company in writing; (B) modifications to the Services or AI Output not made by Company; (C) use, misuse, or disclosure of Customer Data not entirely performed by Company; (D) Customer’s disablement or circumvention of any applicable source citation, filtering, security, or safety tools or functions of the AI Technology.
    5. Customer Indemnification. Customer shall indemnify, hold harmless, and, at Company’s option, defend Company from and against any Losses resulting from any Third-Party Claim that the Customer Data, or any use of the Customer Data in accordance with this Agreement, infringes or misappropriates such third party’s US intellectual property rights and any Third-Party Claims based on Customer’s or any Authorized User’s (i) negligence or willful misconduct; (ii) use of the Services in a manner not authorized by this Agreement; (iii) use of the Services in combination with data, software, hardware, equipment, or technology not provided by Company or authorized by Company in writing; or (iv) modifications to the Services not made by Company, provided that Customer may not settle any Third-Party Claim against Company unless Company consents to such settlement, and further provided that Company will have the right, at its option, to defend itself against any such Third-Party Claim or to participate in the defense thereof by counsel of its own choice.
      1. Customer shall also indemnify, hold harmless, and, at Company’s option, defend Company from and against any and all Losses arising from or relating to any Third-Party Claim (a) that the AI Input or processing or any other use thereof in accordance with this Agreement, infringes or misappropriates such third party’s intellectual property rights; (b) based on Customer’s or any Authorized User’s negligence or willful misconduct or use of the AI Technology; or (c) based on Customer’s or any Authorized User’s use or reliance on any AI Output; provided that Customer may not settle any Third-Party Claim against Company unless Company consents to such settlement, and further provided that Company will have the right, at its option, to defend itself against any such Third-Party Claim or to participate in the defense thereof by counsel of its own choice.
    6. Sole Remedy. EXCEPT WITH RESPECT TO SECTION 6 OF EXHIBIT B, THIS SECTION 8 SETS FORTH CUSTOMER’S SOLE REMEDIES AND COMPANY’S SOLE LIABILITY AND OBLIGATION FOR ANY ACTUAL, THREATENED, OR ALLEGED CLAIMS THAT THE SERVICES INFRINGE, MISAPPROPRIATE, OR OTHERWISE VIOLATE ANY INTELLECTUAL PROPERTY RIGHTS OF ANY THIRD PARTY. IN NO EVENT WILL COMPANY’S LIABILITY UNDER THIS SECTION 8 EXCEED THE AMOUNT OF FEES PAID BY CUSTOMER TO COMPANY PURSUANT TO THE AGREEMENT DURING THE 12-MONTH PERIOD PRECEDING THE OCCURRENCE OF THE ACTION OR INACTION GIVING RISE TO SUCH CLAIM FOR LIABILITY.
    7. Limitations of Liability. EXCEPT WITH RESPECT TO SECTION 6 OF EXHIBIT B, IN NO EVENT WILL COMPANY BE LIABLE UNDER OR IN CONNECTION WITH THIS AGREEMENT UNDER ANY LEGAL OR EQUITABLE THEORY, INCLUDING BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, AND OTHERWISE, FOR ANY: (a) CONSEQUENTIAL, INCIDENTAL, INDIRECT, EXEMPLARY, SPECIAL, ENHANCED, OR PUNITIVE DAMAGES; (b) INCREASED COSTS, DIMINUTION IN VALUE OR LOST BUSINESS, PRODUCTION, REVENUES, OR PROFITS; (c) LOSS OF GOODWILL OR REPUTATION; (d) USE, INABILITY TO USE, LOSS, INTERRUPTION, DELAY, OR RECOVERY OF ANY DATA, OR BREACH OF DATA OR SYSTEM SECURITY; OR (e) COST OF REPLACEMENT GOODS OR SERVICES, IN EACH CASE REGARDLESS OF WHETHER COMPANY WAS ADVISED OF THE POSSIBILITY OF SUCH LOSSES OR DAMAGES OR SUCH LOSSES OR DAMAGES WERE OTHERWISE FORESEEABLE. EXCEPT WITH RESPECT TO SECTION 6 OF EXHIBIT B, IN NO EVENT WILL COMPANY’S AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT UNDER ANY LEGAL OR EQUITABLE THEORY, INCLUDING BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, AND OTHERWISE EXCEED THE AMOUNT OF FEES PAID BY CUSTOMER TO COMPANY PURSUANT TO THE AGREEMENT DURING THE 12-MONTH PERIOD PRECEDING THE OCCURRENCE OF THE ACTION OR INACTION GIVING RISE TO SUCH CLAIM FOR LIABILITY.
  9. Term and Termination.
    1. Term. This Agreement continues until Customer or Company terminates it (this period, the “Term“). Customer may terminate this Agreement at any time by closing Customer account and/or deleting the services. If after termination Customer uses the Services again, this Agreement will apply with an Effective Date that is the date on which Customer first uses the Services again. Company may terminate this Agreement (or any part) or close Customer’s account for convenience only upon at least ninety (90) days’ prior written notice to Customer. During such ninety (90) day notice period, Company shall continue to provide Customer and its Authorized Users access to the Services, including reasonable access to Customer Data and the functionality necessary for Customer to access, use, and export Customer Data in accordance with Section 4(c), provided that Customer continues to comply with this Agreement and timely pays all Fees due. Notwithstanding the foregoing, Company may terminate this Agreement immediately upon written notice to Customer in the event of Customer’s material breach of this Agreement, including Exhibit B, that is incapable of cure or, if capable of cure, remains uncured for thirty (30) days after written notice specifying the breach. A Party may terminate this Agreement immediately upon notice to the other party if the other Party materially breaches this Agreement, including Exhibit B, and if capable of cure, does not cure the breach within thirty (30) days after receiving written notice specifying the breach. Termination of this Agreement shall not affect the rights or obligations of Customer under any separately executed Provider Agreement between Customer and Company, including any Rate Lock Period pricing rights established therein.
    2. Effect of Expiration or Termination. Upon expiration or earlier termination of this Agreement, Customer shall immediately discontinue use of the Company IP and, without limiting Customer’s obligations under 6, Customer shall delete, destroy, or return all copies of the Company IP and certify in writing to the Company that the Company IP has been deleted or destroyed. No expiration or termination will affect Customer’s obligation to pay all Fees that may have become due before such expiration or termination or entitle Customer to any refund. For the avoidance of doubt, expiration or termination of this Agreement does not terminate any separately executed Provider Agreement. Upon termination, Customer Data shall be retained and made available for export in accordance with the retention schedule set forth in Section 4(c). For clarity, where Company provides notice of termination for convenience under Section 9(a), the Agreement shall remain in effect during the applicable notice period, and Customer’s post-termination data export rights under Section 4(c) shall begin only after the effective date of such termination.
    3. Survival. This Section 9(c) and 1, 5, 6, 7, 8(b), 9, 10, and 11 survive any termination or expiration of this Agreement. No other provisions of this Agreement survive the expiration or earlier termination of this Agreement.
  10. Binding Arbitration.
    1. All disputes, claims and controversies, whether based on past, present or future events, arising out of or relating to statutory or common law claims, the breach, termination, enforcement, interpretation or validity of any provision of this Agreement, and the determination of the scope or applicability of Customer’s agreement to arbitrate any dispute, claim, or controversy originating from this Agreement, but specifically excluding any dispute principally related to either Party’s intellectual rights (which will be resolved in litigation before the United States District Court for the District of Utah), will be determined by binding arbitration by telephone, based on written submissions, video conference, or in person in Nashville, TN or at another mutually agreed location before a single arbitrator with subject matter expertise in matters and areas of law related to this Agreement, including, but not limited to, the Health Insurance Portability and Accountability Act of 1996 (“HIPAA“) and its implementing regulations. The arbitrator shall be familiar with the requirements of HIPAA, including the Privacy Rule, Security Rule, and Breach Notification Rule, and shall be obligated to protect the confidentiality of PHI (as defined under Exhibit B) to the extent required by applicable law.
    2. The American Arbitration Association will administer the arbitration under its Commercial Arbitration Rules. The Expedited Procedures of the American Arbitration Association’s Commercial Arbitration Rules will apply for cases in which no disclosed claim or counterclaim exceeds $250,000 USD (excluding interest, attorneys’ fees and arbitration fees and costs). Where no party’s claim exceeds $100,000 USD (excluding interest, attorneys’ fees and arbitration fees and costs), and in other cases where the Parties agree, Section E-6 of the Expedited Procedures of the American Arbitration Association’s Commercial Arbitration Rules will apply.
    3. The arbitrator will apply the substantive law of the State of Utah, in accordance with Section 11(g), and of the United States, including HIPAA and other applicable federal and state laws relating to the privacy and security of health information, excluding their conflict or choice of law rules.
    4. Nothing in this Agreement will preclude the Parties from seeking provisional remedies in aid of arbitration from a court of appropriate jurisdiction.
    5. Notwithstanding the provisions in this Section 10 referencing applicable substantive law, the Federal Arbitration Act (9 U.S.C. Sections 1-16) will govern any arbitration conducted in accordance with this Agreement.
    6. Arbitration Procedure.
      1. A Party must notify the other Party of its intent to commence arbitration prior to commencing arbitration. The notice must specify the date on which the arbitration demand is intended to be filed, which must be at least 30 days after the date of the notice. During this time period, the Parties will meet for the purpose of resolving the dispute prior to commencing arbitration.
      2. Subject to Section 10.f(i) of this Agreement, each Party may commence arbitration by providing to the American Arbitration Association and the other Party to the dispute a written demand for arbitration, stating the subject of the dispute and the relief requested.
      3. Subject to the disclaimers and limitations of liability stated in this Agreement, the appointed arbitrators may award monetary damages and any other remedies allowed by the laws of the State of Utah. In making a determination, the arbitrator will not have the authority to modify any term of this Agreement. The arbitrator will deliver a reasoned, written decision with respect to the dispute to each Party, who will promptly act in accordance with the arbitrator’s decision. The arbitrator’s decision shall address the parties’ compliance with HIPAA. Any award (including interim or final remedies) may be confirmed in or enforced by a state or federal court located in Salt Lake City, Utah. The decision of the arbitrator will be final and binding on the Parties, and will not be subject to appeal or review.
      4. In accordance with the AAA Rules, the Party initiating the arbitration is responsible for paying the applicable filing fee. Each Party will advance one-half of the fees and expenses of the arbitrator, the costs of the attendance of the arbitration reporter at the arbitration hearing, and the costs of the arbitration facility. In any arbitration arising out of or relating to this Agreement, the arbitrator will award to the prevailing party, if any, the costs and reasonable attorneys’ fees reasonably incurred by the prevailing party in connection with those aspects of its claims or defenses on which it prevails, and any opposing awards of costs and legal fees awards will be offset.
    7. Confidentiality.
      1. The Parties will keep confidential the existence of the arbitration, the arbitration proceeding, the hearing and the arbitrator’s decision, and, jointly with the arbitrator, take all necessary steps to ensure that all PHI (as defined in Exhibit B) is safeguarded, disclosed, and used in accordance with the requirements of HIPAA.
      2. Notwithstanding the foregoing, disclosure of the existence of the arbitration, the arbitration proceeding, the hearing, and the arbitrator’s decision shall be permitted: (a) as necessary to prepare for and conduct the arbitration hearing on the merits; (b) in connection with a court application for a preliminary remedy, or confirmation of an arbitrator’s decision or its enforcement; (c) as permitted under HIPAA; (d) each Party may disclose as necessary to professional advisors that are subject to a strict duty of confidentiality; and (e) as law otherwise requires.
      3. The Parties, witnesses, and arbitrator will treat as confidential and will not disclose to any third person (other than witnesses or experts) any documentary or other evidence produced in any arbitration, except as law requires or if the evidence was obtained from the public domain or was otherwise obtained independently from the arbitration.
      4. Upon conclusion of the arbitration, all copies of PHI in the possession of the Parties and the arbitrator shall be returned to the disclosing party or, if return is not feasible, destroyed in a manner that complies with HIPAA. The arbitrator shall certify such destruction in writing.
    8. Conflict of Rules. In the case of a conflict between the provisions of this Section 10 and the AAA Rules, the provisions of this Section 10 will prevail.
    9. Class Waiver. To the extent Law permits, any dispute arising out of or relating to this Agreement, whether in arbitration or in court, will be conducted only on an individual basis and not in a class, consolidated or representative action. Notwithstanding any other provision of this Agreement or the AAA Rules, disputes regarding the interpretation, applicability, or enforceability of this class waiver may be resolved only by a court and not by an arbitrator. If this waiver of class or consolidated actions is deemed invalid or unenforceable, neither party is entitled to arbitration.
    10. No Jury Trial. If for any reason a claim or dispute proceeds in court rather than through arbitration, each party knowingly and irrevocably waives any right to trial by jury in any action, proceeding or counterclaim arising out of or relating to this Agreement or any of the transactions contemplated between the parties.
  11. Miscellaneous.
    1. Entire Agreement. This Agreement, together with any other documents incorporated herein by reference and all related Exhibits, constitutes the sole and entire agreement of the Parties with respect to the subject matter of this Agreement and supersedes all prior and contemporaneous understandings, agreements, and representations and warranties, both written and oral, with respect to such subject matter. In the event of any inconsistency between the statements made in the body of this Agreement, the related Exhibits, and any other documents incorporated herein by reference, the following order of precedence governs (unless otherwise specified): (i) first, this Agreement, excluding its Exhibits; (ii) second, the Exhibits to this Agreement as of the Effective Date; and (iii) third, any other documents incorporated herein by reference. Notwithstanding the foregoing, to the extent that Customer has separately executed a Provider Agreement with Company, the Provider Agreement shall control over this Agreement with respect to fees, pricing, Rate Lock Period rights, Development Grant terms, and late payment remedies. This Agreement shall continue to govern all other aspects of Customer’s access to and use of the Services.
    2. Notices. Unless this Agreement states otherwise, for notices to Company, Customer must contact Company at support@subqdocs.com. A notice Customer sends to Company is deemed to be received when Company receives it. Company may send Customer notices by email, physical mail, or delivery service to the postal address listed in the applicable Customer account. A notice Company sends to Customer is deemed received by Customer on the earliest of (i) when sent by email; and (iii) three business days after being sent by physical mail or when delivered, if sent by delivery service.
    3. Force Majeure. In no event shall either Party be liable to the other Party, or be deemed to have breached this Agreement, for any failure or delay in performing its obligations under this Agreement (except for any obligations to make payments), if and to the extent such failure or delay is caused by any circumstances beyond such Party’s reasonable control, including but not limited to acts of God, flood, fire, earthquake, epidemics, explosion, war, terrorism, invasion, riot or other civil unrest, strikes, labor stoppages or slowdowns or other industrial disturbances, or passage of law or any action taken by a governmental or public authority, including imposing an embargo.
    4. Amendment and Modification; Waiver. Company reserves the right to modify this Agreement, and Customer’s continued use of the Services represents Customer’s agreement to those modifications. No waiver by any Party of any of the provisions hereof will be effective unless explicitly set forth in writing and signed by the Party so waiving. Except as otherwise set forth in this Agreement, (i) no failure to exercise, or delay in exercising, any rights, remedy, power, or privilege arising from this Agreement will operate or be construed as a waiver thereof, and (ii) no single or partial exercise of any right, remedy, power, or privilege hereunder will preclude any other or further exercise thereof or the exercise of any other right, remedy, power, or privilege.
    5. Severability. If any provision of this Agreement is invalid, illegal, or unenforceable in any jurisdiction, such invalidity, illegality, or unenforceability will not affect any other term or provision of this Agreement or invalidate or render unenforceable such term or provision in any other jurisdiction. Upon such determination that any term or other provision is invalid, illegal, or unenforceable, the Parties shall negotiate in good faith to modify this Agreement so as to effect their original intent as closely as possible in a mutually acceptable manner in order that the transactions contemplated hereby be consummated as originally contemplated to the greatest extent possible.
    6. Governing Law; Submission to Jurisdiction. This Agreement is governed by and construed in accordance with the internal laws of the State of Delaware without giving effect to any choice or conflict of law provision or rule that would require or permit the application of the laws of any jurisdiction other than those of the State of Delaware. Any legal suit, action, or proceeding arising out of or related to this Agreement or the licenses granted hereunder will be instituted exclusively in the federal courts of the United States or the courts of the State of Delaware, and each Party irrevocably submits to the exclusive jurisdiction of such courts in any such suit, action, or proceeding.
    7. Assignment. Customer may not assign any of its rights or delegate any of its obligations hereunder, in each case whether voluntarily, involuntarily, by operation of law or otherwise, without the prior written consent of Company, which consent shall not be unreasonably withheld, conditioned, or delayed. No assignment or delegation will relieve the assigning or delegating Party of any of its obligations hereunder. This Agreement is binding upon and inures to the benefit of the Parties and their respective permitted successors and assigns.
    8. Equitable Relief. Each Party acknowledges and agrees that a breach or threatened breach by such Party of any of its obligations under 6 or, in the case of Customer, Section 2(c), would cause the other Party irreparable harm for which monetary damages would not be an adequate remedy and agrees that, in the event of such breach or threatened breach, the other Party will be entitled to equitable relief, including a restraining order, an injunction, specific performance, and any other relief that may be available from any court, without any requirement to post a bond or other security, or to prove actual damages or that monetary damages are not an adequate remedy. Such remedies are not exclusive and are in addition to all other remedies that may be available at law, in equity, or otherwise.

Exhibit B – Business Associate Agreement

  1. PREAMBLE AND DEFINITIONS.
    1. Pursuant to the Health Insurance Portability and Accountability Act of 1996, as amended (“HIPAA”), Customer (“Covered Entity”) and subQdocs, or any of its corporate affiliates (“Business Associate”), a Utah limited liability company, enter into this Business Associate Agreement (“BAA”) as upon the date Customer first accesses or uses the Services (the “Effective Date”) that addresses the HIPAA requirements with respect to “business associates,” as defined under the privacy, security, breach notification, and enforcement rules at 45 C.F.R. Part 160 and Part 164 (“HIPAA Rules”). A reference in this BAA to a section in the HIPAA Rules means the section as in effect or as amended.
    2. This BAA is intended to ensure that Business Associate will establish and implement appropriate safeguards for the Protected Health Information (“PHI”) (as defined under the HIPAA Rules) that Business Associate may receive, create, maintain, use, or disclose in connection with the functions, activities, and services that Business Associate performs for Covered Entity. The functions, activities, and services that Business Associate performs for Covered Entity are defined in the Agreement (the “Underlying Agreement”). The Parties acknowledge that the Services include, without limitation, electronic medical records management, patient scheduling, electronic prescribing, labs and pathology integration, billing and revenue cycle management, insurance verification and payer interactions, patient engagement features, photo and document management, and AI-assisted clinical documentation, each of which may involve the creation, receipt, maintenance, use, or disclosure of PHI. Business Associate’s obligations under this BAA apply to all PHI processed in connection with all features and functions of the Services.
    3. Consistent with the Health Information Technology for Economic and Clinical Health Act of 2009 (the “HITECH Act”) and the American Recovery and Reinvestment Act of 2009 (“ARRA”), this BAA also reflects federal breach notification requirements imposed on Business Associate when “Unsecured PHI” (as defined under the HIPAA Rules) is acquired by an unauthorized party, and the expanded privacy and security provisions imposed on business associates.
    4. Unless the context clearly indicates otherwise, the following terms in this BAA shall have the same meaning as those terms in the HIPAA Rules: Breach, Data Aggregation, Designated Record Set, disclosure, Electronic Media, Electronic Protected Health Information (ePHI), Health Care Operations, individual, Minimum Necessary, Notice of Privacy Practices, Required By Law, Secretary, Security Incident, Subcontractor, Unsecured PHI, and use.
    5. A reference in this BAA to the Privacy Rule means the Privacy Rule, in conformity with the regulations at 45 C.F.R. Parts 160-164 (the “Privacy Rule”) as interpreted under applicable regulations and guidance of general application published by HHS, including all amendments thereto for which compliance is required, as amended by the HITECH Act, ARRA, and the HIPAA Rules.
  2. GENERAL OBLIGATIONS OF BUSINESS ASSOCIATE.
    1. Business Associate agrees not to use or disclose PHI, other than as permitted or required by this BAA or as Required By Law, or if such use or disclosure does not otherwise cause a Breach of Unsecured PHI.
    2. Business Associate agrees to use appropriate safeguards, and comply with Subpart C of 45 C.F.R. Part 164 with respect to ePHI, to prevent the use or disclosure of PHI other than as provided for by the BAA.
    3. Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate as a result of a use or disclosure of PHI by Business Associate in violation of this BAA’s requirements or that would otherwise cause a Breach of Unsecured PHI.
    4. Business Associate agrees to the following breach notification requirements:
      1. Business Associate agrees to report to Covered Entity any Breach of Unsecured PHI not provided for by the BAA of which it becomes aware within five (5) calendar days of “discovery” within the meaning of the HITECH Act. Such notice shall include the identification of each individual whose Unsecured PHI has been, or is reasonably believed by Business Associate to have been, accessed, acquired, or disclosed in connection with such Breach. Business Associate also shall provide any additional information reasonably requested by Covered Entity for purposes of investigating the Breach and any other available information that Covered Entity is required to include to the individual under 45 C.F.R. § 164.404(c) at the time of notification or promptly thereafter as information becomes available. Business Associate’s notification of a Breach of Unsecured PHI under this Section shall comply in all respects with each applicable provision of Section 13400 of Subtitle D (Privacy) of ARRA, the HIPAA Rules, and related guidance issued by the Secretary or the delegate of the Secretary from time to time.
      2. In the event of Business Associate’s use or disclosure of Unsecured PHI in violation of HIPAA, the HITECH Act, or ARRA, Business Associate bears the burden of demonstrating that notice as required under this Section 2.4 was made, including evidence demonstrating the necessity of any delay, or that the use or disclosure did not constitute a Breach of Unsecured PHI.
    5. Business Associate agrees, in accordance with 45 C.F.R. §§ 164.502(e)(1)(ii) and 164.308(b)(2), if applicable, to require that any Subcontractors that create, receive, maintain, or transmit PHI on behalf of the Business Associate agree to the same restrictions, conditions, and requirements that apply to the Business Associate with respect to such information.
    6. Business Associate agrees to make available PHI in a Designated Record Set to the Covered Entity as necessary to satisfy Covered Entity’s obligations under 45 C.F.R. § 164.524.
      1. Business Associate agrees to comply with an individual’s request to restrict the disclosure of their personal PHI in a manner consistent with 45 C.F.R. § 164.522, except where such use, disclosure, or request is required or permitted under applicable law.
      2. Business Associate agrees to charge fees related to providing individuals access to their PHI in accordance with 45 C.F.R. § 164.524(c)(4).
      3. Business Associate agrees that when requesting, using, or disclosing PHI in accordance with 45 C.F.R. § 164.502(b)(1) that such request, use, or disclosure shall be to the minimum extent necessary, including the use of a “limited data set” as defined in 45 C.F.R. § 164.514(e)(2), to accomplish the intended purpose of such request, use, or disclosure, as interpreted under related guidance issued by the Secretary from time to time.
    7. Business Associate agrees to make any amendments to PHI in a Designated Record Set as directed or agreed to by the Covered Entity pursuant to 45 C.F.R. § 164.526, or to take other measures as necessary to satisfy Covered Entity’s obligations under 45 C.F.R. § 164.526.
    8. Business Associate agrees to maintain and make available the information required to provide an accounting of disclosures to the Covered Entity as necessary to satisfy Covered Entity’s obligations under 45 C.F.R. § 164.528.
    9. Business Associate agrees to make its internal practices, books, and records, including policies and procedures regarding PHI, relating to the use and disclosure of PHI and Breach of any Unsecured PHI received from Covered Entity, or created or received by the Business Associate on behalf of Covered Entity, available to Covered Entity (or the Secretary) for the purpose of Covered Entity or the Secretary determining compliance with the Privacy Rule (as defined in 1.5).
    10. To the extent that Business Associate is to carry out one or more of Covered Entity’s obligation(s) under Subpart E of 45 C.F.R. Part 164, Business Associate agrees to comply with the requirements of Subpart E that apply to the Covered Entity in the performance of such obligation(s).
    11. Business Associate agrees to account for the following disclosures:
      1. Business Associate agrees to maintain and document disclosures of PHI and Breaches of Unsecured PHI and any information relating to the disclosure of PHI and Breach of Unsecured PHI in a manner as would be required for Covered Entity to respond to a request by an individual or the Secretary for an accounting of PHI disclosures and Breaches of Unsecured PHI.
      2. Business Associate agrees to provide to Covered Entity, or to an individual at Covered Entity’s request, information collected in accordance with this Section 2.11, to permit Covered Entity to respond to a request by an individual or the Secretary for an accounting of PHI disclosures and Breaches of Unsecured PHI.
      3. Business Associate agrees to account for any disclosure of PHI used or maintained as an Electronic Health Record (as defined in 5) (“EHR”) in a manner consistent with 45 C.F.R. § 164.528 and related guidance issued by the Secretary from time to time; provided that an individual shall have the right to receive an accounting of disclosures of EHR by the Business Associate made on behalf of the Covered Entity only during the three years prior to the date on which the accounting is requested from the Covered Entity.
      4. In the case of an EHR that the Business Associate acquired on behalf of the Covered Entity as of January 1, 2009, paragraph (c) above shall apply to disclosures with respect to PHI made by the Business Associate from such EHR on or after January 1, 2014. In the case of an EHR that the Business Associate acquires on behalf of the Covered Entity after January 1, 2009, paragraph (c) above shall apply to disclosures with respect to PHI made by the Business Associate from such EHR on or after the later of January 1, 2011, or the date that it acquires the EHR.
    12. Business Associate agrees to comply with the “Prohibition on Sale of Electronic Health Records or Protected Health Information,” as provided in Section 13405(d) of Subtitle D (Privacy) of ARRA, and the “Conditions on Certain Contacts as Part of Health Care Operations,” as provided in Section 13406 of Subtitle D (Privacy) of ARRA and related guidance issued by the Secretary from time to time.
    13. Business Associate acknowledges that, effective on the Effective Date of this BAA, it shall be liable under the civil and criminal enforcement provisions set forth at 42 U.S.C. § 1320d-5 and 1320d-6, as amended, for failure to comply with any of the use and disclosure requirements of this BAA and any guidance issued by the Secretary from time to time with respect to such use and disclosure requirements.
  3. PERMITTED USES AND DISCLOSURES BY BUSINESS ASSOCIATE.
    1. General Uses and Disclosures. Business Associate agrees to receive, create, use, or disclose PHI only in a manner that is consistent with this BAA, the Privacy Rule, or Security Rule (as defined in 5), and only in connection with providing services to Covered Entity; provided that the use or disclosure would not violate the Privacy Rule, including 45 C.F.R. § 164.504(e), if the use or disclosure would be done by Covered Entity. For example, the use and disclosure of PHI will be permitted for “treatment, payment, and health care operations,” in accordance with the Privacy Rule.
    2. Business Associate may use or disclose PHI as Required By Law.
    3. Business Associate agrees to make uses and disclosures and requests for PHI consistent with Covered Entity’s Minimum Necessary policies and procedures.
    4. Business Associate may not use or disclose PHI in a manner that would violate Subpart E of 45 C.F.R. Part 164 if done by the Covered Entity. Notwithstanding the foregoing, Business Associate may use or disclose PHI as follows:
      1. Except as otherwise limited in this Agreement, Business Associate may disclose PHI for the proper management and administration of the Business Associate, provided that disclosures are Required By Law, or Business Associate obtains reasonable assurances from the person to whom the information is disclosed that it will remain confidential and used or further disclosed only as Required By Law or for the purpose for which it was disclosed to the person, and the person notifies the Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached.
      2. Business Associate may de-identify any and all PHI obtained by Business Associate and use such de-identified data on Business Associate’s own behalf as set forth herein, all in accordance with the de-identification requirements of the Privacy Rule. The Parties acknowledge and agree that de-identified data does not constitute PHI; provided, however, such de-identified information may only be used and disclosed by Business Associate in connection with the services provided to Covered Entity under the Underlying Services Agreement or a SOW and/or for Business Associate’s internal purposes, such as to improve, develop, adapt, modify, train, or enhance the Services or other products or services, but such de-identified data shall not otherwise be sold or commercialized by Business Associate.
      3. Except as otherwise limited in this Agreement, Business Associate may use PHI to provide Data Aggregation services to Covered Entity as permitted by 45 C.F.R. § 164.504(e)(2)(i)(B).
      4. Business Associate may use PHI to report violations of law to appropriate Federal and State authorities, consistent with 45 C.F.R. § 164.502(j)(1).
      5. Business Associate may use PHI to the extent and for any purpose authorized by an Individual under 45 C.F.R. § 164.508.
  4. OBLIGATIONS OF COVERED ENTITY.
    1. Covered Entity shall:
      1. Provide Business Associate with the Notice of Privacy Practices that Covered Entity produces in accordance with the Privacy Rule, and any changes or limitations to such notice under 45 C.F.R. § 164.520, to the extent that such changes or limitations may affect Business Associate’s use or disclosure of PHI.
      2. Notify Business Associate of any restriction on the use or disclosure of PHI that Covered Entity has agreed to or is required to comply with under 45 C.F.R. § 164.522, to the extent that such restriction may affect Business Associate’s use or disclosure of PHI under this BAA.
      3. Notify Business Associate of any changes in or revocation of permission by an individual to use or disclose PHI, if such change or revocation may affect Business Associate’s permitted or required uses and disclosures of PHI under this BAA.
    2. Covered Entity shall not request Business Associate to use or disclose PHI in any manner that would not be permissible under the Privacy and Security Rule if done by Covered Entity, except as provided under 3 of this BAA.
  5. COMPLIANCE WITH SECURITY RULE.
    1. Business Associate shall comply with the HIPAA Security Rule, which shall mean the Standards for Security of Electronic Protected Health Information at 45 C.F.R. Part 160 and Subparts A and C of Part 164, as amended by ARRA and the HITECH Act. The term “Electronic Health Record” or “EHR” as used in this BAA shall mean an electronic record of health-related information on an individual that is created, gathered, managed, and consulted by authorized health care clinicians and staff.
    2. In accordance with the Security Rule, Business Associate agrees to:
      1. Implement the administrative safeguards set forth at 45 C.F.R. § 164.308, the physical safeguards set forth at 45 C.F.R. § 164.310, the technical safeguards set forth at 45 C.F.R. § 164.312, and the policies and procedures set forth at 45 C.F.R. § 164.316, to reasonably and appropriately protect the confidentiality, integrity, and availability of the ePHI that it creates, receives, maintains, or transmits on behalf of Covered Entity as required by the Security Rule. Business Associate acknowledges that, effective on the Effective Date of this BAA: (a) the foregoing safeguards, policies, and procedures requirements shall apply to Business Associate in the same manner that such requirements apply to Covered Entity; and (b) Business Associate shall be liable under the civil and criminal enforcement provisions set forth at 42 U.S.C. § 1320d-5 and 1320d-6, as amended from time to time, for failure to comply with the safeguards, policies, and procedures requirements and any guidance issued by the Secretary from time to time with respect to such requirements.
      2. Require that any agent, including a Subcontractor, to whom it provides such PHI agrees to implement reasonable and appropriate safeguards to protect the PHI.
      3. Report to the Covered Entity any Security Incident of which it becomes aware.
  6. INDEMNIFICATION.

    Business Associate shall indemnify, defend, and hold harmless the Covered Entity and Covered Entity’s affiliates (“Indemnified Parties”), from and against any and all losses, expense, damage, or injury (including, without limitation, all costs and reasonable attorney’s fees) that the Indemnified Parties may sustain as a result of, or arising out of: (a) a breach of this BAA by Business Associate or its agents or Subcontractors, including but not limited to any unauthorized use, disclosure, or breach of PHI; (b) Business Associate’s failure to notify any and all parties required to receive notification of any Breach of Unsecured PHI pursuant to 2.4; or (c) any negligence or wrongful acts or omissions by Business Associate or its agents or Subcontractors, including without limitations, failure to perform Business Associate’s obligations under this BAA, the Privacy Rule, or the Security Rule.

    Notwithstanding the foregoing, nothing in this Section shall limit any rights that any of the Indemnified Parties may have to additional remedies under the Underlying Agreement or under applicable law for any acts or omissions of Business Associate or its agents or Subcontractors.

  7. TERM AND TERMINATION.
    1. This BAA shall be in effect as of Effective Date, and shall terminate per Section 9 of the Underlying Agreement or, if:
      1. All of the PHI received from Covered Entity, or created or received by Business Associate on behalf of Covered Entity, is destroyed or returned to Covered Entity. If it is not feasible to return or destroy PHI, protections are extended in accordance with 7.3.
    2. Upon termination of this BAA for any reason, Business Associate, with respect to PHI received from Covered Entity, or created, maintained, or received by Business Associate on behalf of Covered Entity, shall:
      1. Retain only that PHI that is necessary for Business Associate to continue its proper management and administration or to carry out its legal responsibilities.
      2. Return to Covered Entity or destroy the remaining PHI that the Business Associate still maintains in any form.
      3. Continue to use appropriate safeguards and comply with Subpart C of 45 C.F.R. Part 164 with respect to ePHI to prevent use or disclosure of the PHI, other than as provided for in this Section 7, for as long as Business Associate retains the PHI.
      4. Not use or disclose the PHI retained by Business Associate other than for the purposes for which such PHI was retained and subject to the same conditions set out at paragraphs (2) and (3) above which applied prior to termination.
      5. Return to Covered Entity or destroy the PHI retained by Business Associate when it is no longer needed by Business Associate for its proper management and administration or to carry out its legal responsibilities.
    3. The obligations of Business Associate under this Section 7 shall survive the termination of this BAA.
  8. MISCELLANEOUS.
    1. The parties agree to take such action as is necessary to amend this BAA to comply with the requirements of the HIPAA, ARRA, the HITECH Act, the Consolidated Appropriations Act, 2021 (CAA-21), the HIPAA Rules, and any other applicable law.
    2. The respective rights and obligations of Business Associate under 6 and 7 of this BAA shall survive the termination of this BAA.
    3. This BAA shall be interpreted in the following manner:
      1. Any ambiguity shall be resolved in favor of a meaning that permits Covered Entity to comply with the HIPAA Rules.
      2. Any inconsistency between the BAA’s provisions and the HIPAA Rules, including all amendments, as interpreted by the HHS, a court, or another regulatory agency with authority over the Parties, shall be interpreted according to the interpretation of the HHS, the court, or the regulatory agency.
      3. Any provision of this BAA that differs from those required by the HIPAA Rules, but is nonetheless permitted by the HIPAA Rules, shall be adhered to as stated in this BAA.
    4. This BAA constitutes the entire agreement between the parties related to the subject matter of this BAA. This BAA supersedes all prior negotiations, discussions, representations, or proposals, whether oral or written related to the subject matter of this BAA. This BAA may not be modified unless done so in writing and signed by a duly authorized representative of both parties. If any provision of this BAA, or part thereof, is found to be invalid, the remaining provisions shall remain in effect.
    5. This BAA will be binding on the successors and assigns of the Covered Entity and the Business Associate. However, this BAA may not be assigned, in whole or in part, without the written consent of the other party. Any attempted assignment in violation of this provision shall be null and void.
    6. This BAA may be executed in two or more counterparts, each of which shall be deemed an original.
    7. Except to the extent preempted by federal law, this BAA shall be governed by and construed in accordance with the same internal laws as that of the Underlying Agreement.
×

Reserve your spot

Saturday, March 28th 4pm To 7pm Slate Hotel. 1250 Welton st.

Please share a few details so we can plan the evening.

My Details

+ Add a guest