Client Terms of Service
Revised as of July 5, 2023
Client Terms of Service
- Right of Client to Use Wondr Health Information.
- Subject to Client’s strict compliance with all terms, conditions, and restrictions of these Terms of Service (“Terms”), Wondr Health hereby grants to Client:
- a non-exclusive, non-transferable right to use the Wondr Program (“Program”) set forth on that certain Letter of Understanding by and between Wondr Health and Client (“LOU”), including (A) certain video presentations, student manuals, food sheets, instructor manuals, website content, reports, emails and other materials developed by Wondr Health for the Program (the “Curriculum”); (B) a website established and maintained by Wondr Health that permits Participants to access, display, perform and use the Program’s web-based services (the “Program Website”); and (C) all iOS and Android applications of Wondr Health that permit Participants to access, display, perform and use the Program (the “Program App”, and collectively, with the Program, Curriculum, and Program Website, the “Wondr Health Information”) to promote, advertise, market, identify and describe the Program to the Program Participants set forth in the LOU (the “Participants”), subject to those standards of quality and appearance relating to the Wondr Health Information and the Wondr Health trademarks, (“Standards”); and
- a non-exclusive, non-transferable right to grant Participants the right to access and use the Program for the intended purpose of the Program.
- All patents, trademarks, trade dress, right of publicity, copyrights, design rights, trade secrets and other intellectual property rights in the Wondr Health Information, Wondr Health’s Confidential Information (as defined herein), and the additional services Wondr Health may provide Client so that it can track and evaluate the Program’s impact on employee health and employer health care costs (the “Services”) are and shall remain the exclusive property of Wondr Health. Nothing herein shall be construed as granting any right, title or interest in or to the Wondr Health Information or the Services, other than those rights expressly granted in this Section 1 of these Terms. Except as expressly provided by the terms of these Terms, Client shall not use, reproduce, modify, reverse engineer, disassemble, distribute, display, perform or create derivative works of the Wondr Health Information without the express, written consent of Wondr Health.
- Wondr Health may update the Wondr Health Information or Services from time to time during the Term to reflect changes in, among other things, laws, regulations, rules, technology, industry practices, patterns of system use, and availability of third-party integrations or content.
Following enrollment of a Participant in the Program, Wondr Health shall provide such Participant with a copy of the Curriculum. Participants shall not make copies of the Curriculum available to non-Participants at any time or for any purpose.
- No Trademark License.
Except for Client’s use of the Wondr Health Information as expressly authorized in these Terms or as otherwise expressly authorized in writing by Wondr Health, Client has no right or license to use or license the use of any of Wondr Health’s names, trademarks, service marks, logos, emblems and other indicia of origin for any purpose whatsoever. Client agrees to permit Wondr Health to reference Client’s name and logo for legitimate business purposes including, but not limited to, on Wondr Health website and within collateral materials. Client agrees to consider reasonable requests for (a) serving as a reference, (b) collaborating on press releases regarding services, and (c) collaborating on case studies or other marketing collateral showcasing the outcomes of agreed upon services.
- Client Responsibilities.
a. Client shall promptly furnish the information needed by Wondr Health to perform its functions under these Terms, including necessary information in connection with determining the eligibility of individuals to participate in the Program and benefit from the Services. Wondr Health shall refer to Client for determination and consideration of any question of eligibility of an individual for coverage under the Program.
b. Client is solely responsible for determining whether the Program is offered to Participants as part of an employee welfare benefit plan, as defined under the Employee Retirement Income Security Act of 1974 (“ERISA”), and whether the Program is otherwise offered as part of a health plan, as defined under the Health Insurance Portability and Accountability Act (“HIPAA”). Wondr Health relies on such representation and determination by Client for purposes of determining Wondr Health’s HIPAA compliance with respect to Client.
- Presentation of the Program and Scope of Services.
- Wondr Health is solely responsible for presenting and implementing the Program in such manner as it deems appropriate, subject to mutually accepted guidelines, to ensure satisfactory delivery. Wondr Health will not be responsible for any delay in presenting or implementing the Program that results from Client’s delay or failure in providing necessary information to Wondr Health or otherwise performing under this Agreement. In addition to the Curriculum, and except as otherwise expressly agreed herein, Wondr Health will present the Program by video presentation of lecture material by professionally produced video accessed by Participants directly via the Program Website and/or Program App.
- Wondr Health will submit an invoice to Client (or to its insurance carrier or designated payor, as directed by Client) in accordance with the pricing terms set forth in the LOU. Notwithstanding any payment direction provided by Client to Wondr Health, Client shall ultimately be responsible for the payment of all Program Fees due under the LOU and in the event payment is denied or refused by Client’s insurance carrier (or other designated payor), Client shall be liable for payment of all Program Fees owed to Wondr Health under the LOU and will promptly remit all such amounts to Wondr Health within thirty (30) days of the date of Wondr Health’s invoice to Client. Wondr Health may annually modify the Program Fees upon sixty (60) days’ notice to Client prior to each anniversary of the effective date of the LOU.
- Client shall be separately responsible for any fees, expenses and/or costs incurred by Wondr Health on Client’s behalf in connection with the Program, if applicable, including travel expenses or other out-of-pocket costs (“Additional Fees”). Any Additional Fees shall be invoiced by Wondr Health as they are incurred and shall be due and payable by Client within thirty (30) days of the date of Wondr Health’s invoice.
- Client shall be responsible for all sales, use, excise, and other similar taxes arising out of or related to these Terms or the Participants participation in the Program.
- Client represents and warrants to Wondr Health that it shall receive no revenue or other material consideration of any kind in connection with providing the Program to Participants, and shall not charge its employees or any third party any fees for participating in the Program. Penalties charged to Participants, or recoupment of expenses by the employer from Participants, however, will not be considered revenue or material consideration under this paragraph. Client’s breach of this representation and warranty will constitute a material breach of these Terms.
- Term and Termination.
- Term. The term of the LOU shall commence on the effective date of the LOU and end on December 31 of the year that is two years following such effective date (“Initial Term”), and thereafter, shall automatically renew for successive twelve (12) month periods (each a “Renewal Term” and together with the Initial Term, the “Term”) unless either party provides written notice of its intent not to renew such LOU at least thirty (30) days prior to the commencement of the next Renewal Term.
- Termination. Either Party may terminate the LOU and these Terms: (i) upon ninety (90) days advance written notice to the other Party, or (ii) upon notice to the other Party if the other Party defaults in the performance of or compliance with any material provision of these Terms and such default continues without cure for a period of thirty (30) days after notice. Wondr Health may elect to terminate the LOU and these Terms immediately if the direct or indirect ownership or control of Client that exists on the date of the LOU changes in any material manner.
- Effect of Termination. Expiration or termination of the LOU or these Terms or any license by either Party shall not affect the accrued rights of the Parties arising in any way out of the LOU or these Terms as of the date of termination or limit either Party from pursing any other remedies available to it. The Parties’ rights and obligations under Sections 7, 8, 10, 11, 12, 13, 17 and 18, and any other provision that by its nature should survive termination, shall survive termination of the LOU and these Terms.
- Rights and Obligations Upon Termination. Upon termination or expiration of the LOU and these Terms, Client (i) shall have no further right or license to the Wondr Health Information; (ii) must immediately cease any and all use, distribution, display, presentation, promotion, advertisement, marketing, identification, description and sublicensing of such Wondr Health Information; and (iii) must, at Wondr Health’s sole option, immediately destroy or return all Wondr Health Information to Wondr Health at Client’s expense.
- Treatment of Incomplete Participant Enrollments Upon Termination. Notwithstanding anything herein to the contrary, upon termination or expiration of the LOU and these Terms for any reason, the Parties agree that Wondr Health shall continue to make the Program available to Participants receiving the Program prior to such termination date. Any such post-termination delivery of the Program to such Participants shall be in accordance with these Terms, and amounts due and payable by Client as relate to such Participants shall be paid in accordance with the terms hereof and thereof. The provisions of the LOU and these Terms shall continue in effect after the effective date of termination only with respect to such Participants’ enrollments and only for the duration of such Participants’ enrollments.
- Confidential Information; Privacy.
The Parties acknowledge that in connection with the LOU and these Terms either Party may provide, and the other Party may acquire and make use of, certain Confidential Information of the disclosing Party.
- Confidential Information. Confidential Information shall include any non-public proprietary information (whether oral, written, electronic or otherwise) disclosed by a Party (“Disclosing Party”) to other Party (“Receiving Party”) including, without limitation, all financial information, personnel information, customer information and business, product, marketing, operating and strategic information, software, data, prototypes, algorithms, reporting tools, heat mapping clinical risk score and its constituent elements, technology, patentable and unpatentable discoveries, know-how, ideas, concepts, logos, trademarks, drawings or renderings, and any other strategies pertaining to Disclosing Party. Confidential Information shall not include information that, as demonstrated by competent evidence, (i) was in Receiving Party’s possession, or was generally known to the public, prior to the disclosure of such information to Receiving Party; or (ii) becomes generally known to the public through no fault of Receiving Party; or (iii) becomes known by Receiving Party from a third party who is not in any breach of any known confidentiality obligations to Disclosing Party with respect to the disclosed information; or (iv) was or is independently developed by Receiving Party without reference to the disclosed information.
- Restriction on Use and Disclosure. Receiving Party agrees that it shall not at any time, directly or indirectly, use for its benefit, disclose, transfer, sell or permit others to use, disclose, transfer or sell, Disclosing Party’s Confidential Information to any person; provided, however, that Receiving Party may use the Disclosing Party’s Confidential Information solely as necessary to perform its obligations and exercise its rights under this Agreement and may disclose Disclosing Party’s Confidential Information to those of its employees or authorized agents who have a need to know for performance of this Agreement and who are bound by written confidentiality obligations at least as restrictive as those contained in these Terms. Receiving Party shall have full responsibility for its employees’ or authorized agents’ compliance with the these Terms.
- Required Disclosure. In the event Receiving Party is required by legal process to disclose any of Disclosing Party’s Confidential Information, Receiving Party shall provide Disclosing Party prompt notice of such requirement so that Disclosing Party may seek a protective order or other appropriate remedy or waive compliance with the provisions of these Terms. In the event that a protective order or other remedy is obtained, Receiving Party shall use all reasonable efforts to assure that any Confidential Information disclosed by Receiving Party will be covered by such order or other remedy and that a copy of the same shall be provided to Disclosing Party. Whether such protective order or other remedy is obtained or Disclosing Party waives compliance with the provisions of these Terms, Receiving Party will disclose only that portion of the Confidential Information that Receiving Party is legally required to disclose.
- Client Data. Any Participant Data (defined below) or other data submitted by or on behalf of Client to the Program, Program Website or Program App and any data returned to Client based on the results of such submitted data is “Client Data”. As between Wondr Health and Client, Client retains all rights, title, and interest in and to the Client Data. Client Data does not include any data or other information generated by Wondr Health through any automated data analysis, processing or other normal operations of the Wondr Health Information or any Wondr Health Data (as defined below). Client hereby authorizes Wondr Health to access, use, process and store Client Data as necessary to perform or provide the Services and perform its obligations hereunder and exercise its rights hereunder. For the avoidance of doubt, Participant Data that is submitted to Wonder Health in Wondr Health’s capacity as a Covered Entity under HIPAA (defined below) is not Client Data.
- Wondr Health Data. During and after the Term, Wondr Health may use any Client Data to operate and improve Wondr Health’s products and services. Client represents and warrants to Wondr Health that it has the legal right and authorization to provide all Client Data to the Platform for use as set forth in these Terms. Wondr Health may de-identify or anonymize Client Data such that it is no longer considered protected health information or personally identifiable information (such data, “Wondr Health Data”). With respect to Wondr Health Data created in accordance with the above license, Client hereby grants Wondr Health a perpetual, worldwide, irrevocable, non-exclusive, sublicensable, royalty-free, right and license to use, copy, and transmit such Wondr Health Data for internal research, product and service development and improvement purposes.
- The Parties acknowledge that, in connection with providing the Services incident to the Program, Wondr Health and Client may receive from each other or from the Participants, certain information that may constitute “protected health information” or “PHI,” as those terms are defined by HIPAA, or that may otherwise be subject to protection under certain federal or state privacy and security rules, regulations and laws (such information, “Personal Information”, and such laws together with HIPAA, “Privacy Laws”). The Parties each agree that they will comply with the provisions of all Privacy Laws as it relates to the use, access to, maintenance, protection, disclosure, return and destruction of PHI and other Personal Information. As used herein, “Participant Data” means all information, data and other content, in any form or medium, that is collected, downloaded or otherwise received, directly or indirectly from the Participant. Client acknowledges and agrees that any transfer of Client Data will be in a manner, timeframe and frequency as required by Wondr Health. To the extent Client Data constitutes PHI under HIPAA, such Client Data will be covered by the Business Associate Agreement attached hereto as Appendix 1, which is hereby incorporated by reference into these Terms. Client acknowledges and agrees that it is solely responsible for maintaining the security and operability of its own systems and devices used to access the Wondr Health Information or Services and ensuring timely transmission of, and the accuracy, quality, integrity, and reliability of all Client Data. To the extent that Wondr Health (as defined in HIPAA) creates, receives, maintains, or transmits Participant Data that is PHI on behalf of Client as a Business Associate (as defined by HIPAA) of Client, Wondr Health and Client shall comply with the BAA. To the extent that Wondr Health creates or receives Participant Data that is PHI in its capacity as a Covered Entity, such Participant Data will only be used or disclosed in accordance with Wondr Health’s Notice of Privacy Practices or the Notice of Privacy Practices of independently contracted healthcare providers that provide services to Participants.
- No Provision of Medical Care or Advice.
Client understands and agrees that, while certain aspects of the Program may facilitate Participants’ receipt of healthcare services from independently contracted healthcare providers, Wondr Health’s presentation of the Wondr Health Information is not the provision of medical care or advice to Client, Client’s officers, directors, employees or Participants of the Program. The Wondr Health Information are informational in scope and are not a substitute for the sound independent medical judgment of a physician or any other health care provider. Client, Client’s officers, directors, employees or Participants of the Program and recipients of the Curriculum or any other Wondr Health Information are instructed to consult with a physician or health care provider if Client, or any of the other individuals identified in this Section, have any questions or concerns regarding a medical condition.
- Indemnification for Third-Party Claims.
- Wondr Health will indemnify, defend and hold harmless Client and its officers, directors, fiduciaries, employees, agents, successors and assigns from any direct loss, damage or cost (including reasonable attorneys’ fees) arising out of any third-party allegations, claims or lawsuits alleging that the Program infringes any copyright, trademark, patent, or incorporates any misappropriated trade secret (a “Claim”). Wondr Health shall have the right, at its sole discretion, to negotiate a commercially reasonable settlement of any such Claim and may, at its option, (i) obtain the right from third parties to continue using the Program; (ii) replace or modify the Program so that it becomes non-infringing without substantially compromising its capabilities or functionalities; or (iii) terminate the LOU and these Terms and refund any pro rata portion of prepaid fees based upon the percentage of the term that has transpired. However, Wondr Health has no obligation to indemnify Client to the extent any Claim arises in connection with: (1) any use of the Wondr Health Information or Services in combination with software, products or services not provided by Wondr Health to the extent that the Wondr Health Information or Services would not be infringing but for such combination or modification; (2) Client’s failure to use the Wondr Health Information or Services in accordance with these Terms; or (3) for any claims related to Client Data. THIS SECTION STATES THE ENTIRE LIABILITY OF WONDR HELATH, AND THE EXCLUSIVE REMEDY OF CLIENT, WITH RESPECT TO ANY ACTUAL OR ALLEGED INFRINGEMENT OF ANY INTELLECTUAL PROPERTY RIGHTS BY WONDR HEALTH OR ANY WONDR HEALTH INFORMATION.
- Wondr Health will indemnify, defend and hold harmless Client and its officers, directors, fiduciaries, employees, agents, successors and assigns from any loss, liability, claim, damage, fine, amount paid in settlement or cost (including reasonable attorneys’ fees) arising out of any third party claims to the extent resulting from the gross negligence or willful misconduct of Wondr Health.
- Client will indemnify, defend and hold harmless Wondr Health and its officers, directors, fiduciaries, employees, agents, successors and assigns from any loss, liability, claim, damage, fine, amount paid in settlement or cost (including reasonable attorneys’ fees) arising out of any third party claims resulting from Client’s, a Participant’s, or any other third party authorized by Client’s (i) use of the Wondr Health Information or the Services (ii) breach of the LOU or these Terms (iii) gross negligence, fraud, or willful misconduct, or (iv) violation of applicable law.
- Limitation of Liability.
TO THE MAXIMUM EXTENT PERMITTED BY LAW, UNDER NO CIRCUMSTANCE SHALL WONDR HEALTH, NOR ANY OF ITS SUBSIDIARIES, AFFILIATES, AGENTS, OR EMPLOYEES, BE LIABLE FOR ANY LOSS OF USE, REVENUE, OR PROFIT OR LOSS OF DATA OR DIMINUTION OF VALUE, OR FOR ANY INCIDENTAL, CONSEQUENTIAL, NON-DIRECT, EXEMPLARY, PUNITIVE, OR OTHER SPECIAL CATEGORY OF DAMAGES ARISING IN ANY WAY OUT OF THESE TERMS OR THE LOU, HOWEVER CAUSED, WHETHER ARISING UNDER A THEORY OF CONTRACT, TORT (INCLUDING NEGLIGENCE OR OTHERWISE), INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOST PROFITS, OR LOSS OF DATA, REGARDLESS OF WHETHER SUCH DAMAGE WAS FORESEEABLE AND WHETHER OR NOT WONDR HEALTH HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, AND NOTWITHSTANDING THE FAILURE OF ANY AGREED OR OTHER REMEDY OF ITS ESSENTIAL PURPOSE. TO THE MAXIMUM EXTENT PERMITTED BY LAW, IN NO EVENT SHALL WONDR HEALTH’S NOR ANY OF ITS SUBSIDIARIES’, AFFILIATES’, AGENTS’ OR EMPLOYEES LIABILITY FOR DAMAGES ARISING OUT OF OR RELATING TO THESE TERMS (INCLUDING ANY APPLICABLE BAA) OR THE LOU, WHETHER ARISING OUT OF OR RELATED TO BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE), OR OTHERWISE, EXCEED THE FEES PAID BY CLIENT TO WONDR HEALTH FOR THE SPECIFIC SERVICE OR PROGRAM GIVING RISE TO THE ACTION IN THE TWELVE (12) MONTHS PRIOR TO THE DATE THE CAUSE OF ACTION FIRST AROSE. THE LIMITATIONS ON LIABILITY SET FORTH HEREIN SHALL APPLY NOTWITHSTANDING THE FAILURE OF ESSENTIAL PURPOSE OF ANY OF THE LIMITED REMEDIES SET FORTH ABOVE.
EXCEPT AS SPECIFICALLY SET FORTH IN THESE TERMS, WONDR HEALTH SPECIFICALLY DISCLAIMS ALL WARRANTIES OF ANY KIND, ARISING OUT OF OR RELATED TO THESE TERMS OR THE LOU, INCLUDING WITHOUT LIMITATION, (i) ANY WARRANTY THAT THE SERVICES OR PROGRAM PROVIDED HEREUNDER ARE FREE OF ERRORS, OR WILL OPERATE WITHOUT INTERRUPTION OR THAT ALL ERRORS WILL BE CORRECTED, (ii) ANY WARRANTIES WITH RESPECT TO THE ACCURACY OR COMPLETENESS OF THE SERVICES OR PROGRAM PROVIDED HEREUNDER, (iii) ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND FREEDOM FROM ERRORS, VIRUSES OR ANY OTHER MALICIOUS CODE. CLIENT ACKNOWLEDGES THAT USE OF OR CONNECTION TO THE INTERNET PROVIDES THE OPPORTUNITY FOR UNAUTHORIZED THIRD PARTIES TO CIRCUMVENT SECURITY PRECAUTIONS AND ILLEGALLY GAIN ACCESS TO THE SERVICES, PROGRAM AND PARTICIPANT DATA. ACCORDINGLY, WONDR HEALTH CANNOT AND DOES NOT GUARANTEE THE PRIVACY, SECURITY OR AUTHENTICITY OF ANY INFORMATION SO TRANSMITTED OVER OR STORED IN ANY SYSTEM TO THE INTERNET.
Client recognizes that the breach or threatened breach of its obligations under these Terms would likely cause irreparable and continuing injury to the Wondr Health. Accordingly, Client understands and agrees that any breach or threatened breach by Client of these Terms will cause the Wondr Health irreparable injury and damage for which money damages may not be adequate. In addition to all other remedies that are available to it, the Wondr Health shall be entitled to preliminary and permanent injunctive relief or other equitable relief without posting a bond to prevent or remedy such a breach by Client.
- Independent Contractors.
The Parties shall perform activities under these Terms only as independent contractors and nothing contained herein shall be construed to be inconsistent with this relationship or status. None of the provisions of these Terms is intended to create or shall be deemed or construed to create any relationship between Wondr Health, Client or any third party provider, other than that of independent entities contracting with each other solely for the purpose of effecting the provisions of these Terms. None of Wondr Health, Client or any third party provider, nor any of their respective agents, employees, or representatives shall be construed to be the agent, employee, or representative of the other.
Notices will be deemed given either (a) upon delivery if delivered in person; (b) by e-mail upon confirmation of receipt (with “read receipts” not constituting such confirmation of receipt); (c) sent by courier or other messenger upon confirmation of delivery by such courier or messenger service; or (d) sent by a type of first-class mail, postage prepaid, upon a signed receipt of confirm delivery. Any notice or request to Client shall be delivered to the address set forth in the LOU. Any notice or request to Wondr Health shall be addressed as follows:
Wondr Health: NS412, LLC
12790 Merit Drive
Dallas, TX 75251
Attn: Contracts Manager
Client may not assign, transfer or otherwise convey these Terms or any rights granted hereunder except with the written consent of the Wondr Health. Subject to such restrictions, these Terms shall be binding upon, and inure to the benefit of, the successors in interest and permitted assignees of the Parties.
The Parties agree to resolve all disputes arising under or in connection with this Agreement through binding arbitration. A Party who intends to seek arbitration must first send a written notice of the dispute to the other party. The Parties will use good faith efforts to resolve the dispute directly, but if the parties do not reach an agreement to do so within 30 days after the notice is received, either party may commence an arbitration proceeding. The arbitration will be conducted in accordance with the applicable rules of the American Arbitration Association (“AAA”). The arbitration will be conducted in English in the state of Texas. If the Parties do not agree on an arbitrator, the arbitrator will be selected in accordance with the applicable rules of the AAA for the appointment of an arbitrator. The selection of an arbitrator under the rules of the AAA will be final and binding on the parties. The arbitrator must be independent of the Parties. The arbitrator’s decision will be final and binding on both Parties, and the arbitrator must issue a reasoned written decision sufficient to explain the essential findings and conclusions on which the decision and award, if any, are based. The costs and expenses of the arbitration will be shared equally by both Parties; however, if the arbitrator finds that either the substance of the claim or the relief sought in arbitration is frivolous or brought for an improper purpose (as measured by the standards set forth in Federal Rule of Civil Procedure 11(b)), then the payment of all fees will be governed by the AAA Rules. Notwithstanding the foregoing, this Section 9.7 will not prohibit either Party from: (i) bringing an individual action in small claims court; (ii) seeking injunctive or other equitable relief in a court of competent jurisdiction; (iii) pursuing an enforcement action through the applicable federal, state, or local agency if that action is available; or (iv) filing suit in a court of law to address an intellectual property infringement or misappropriation claim. If this Section 18 is found to be unenforceable, the parties agree that the exclusive jurisdiction and venue described in Section 19 will govern any action arising out of or related to these Terms.
No provisions of these Terms will be waived by any Party except in writing and no waiver by any Party of a breach shall be construed as a waiver of any subsequent breach by the same Party. If any provision of these Terms is held invalid or unenforceable, the remaining provisions and applications of these Terms shall remain valid and enforceable. These Terms may be amended or modified only by a written amendment duly signed by each of the Parties. These Terms shall be construed with the substantive laws of the State of Texas, without giving effect to any conflict of laws principles that would cause the laws of any other jurisdiction to apply. Any controversy or claim arising out of or relating to these Terms, or any breach hereof, must be brought in the appropriate state or federal courts located in Dallas County, Texas. The Parties hereby irrevocably submit to the exclusive jurisdiction of these courts and waive the defense of inconvenient forum to the maintenance of any action or proceeding in such venue. SUBJECT TO SECTION 18, EACH PARTY HEREBY ACKNOWLEDGES AND AGREES THAT ANY CONTROVERSY WHICH MAY ARISE UNDER THESE TERMS IS LIKELY TO INVOLVE COMPLICATED AND DIFFICULT ISSUES, AND THEREFORE EACH SUCH PARTY, TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, IRREVOCABLY AND UNCONDITIONALLY WAIVES ANY RIGHT SUCH PARTY MAY HAVE TO A TRIAL BY JURY IN RESPECT OF ANY LITIGATION DIRECTLY OR INDIRECTLY ARISING OUT OF OR RELATING HERETO. These Terms, together with the LOU and any Business Associate Agreement executed herewith, constitute the complete and exclusive statement of the agreement of the Parties with respect to the subject matter hereof, and supersedes all prior written and oral statements with respect to the subject matter hereof. If any term or provision of these Terms is invalid, illegal, or unenforceable in any jurisdiction, such invalidity, illegality, or unenforceability shall not affect any other term or provision of these Terms or invalidate or render unenforceable such term or provision in any other jurisdiction. The Parties agree that these Terms shall be construed as drafted by both of them, as parties of equivalent bargaining power, and not for or against either of them as the drafter. These Terms may be executed in any number of counterparts (including by facsimile, pdf or other electronic means) each of which shall be deemed an original and which together shall constitute one agreement.
Appendix 1 – Business Associate Addendum
The purpose of this Business Associate Addendum (“BAA”) is to help facilitate your compliance with the requirements of HIPAA and our compliance with HIPAA to the extent you disclose Protected Health Information (as defined below) to us in connection with Client’s use of the Wondr Health Information.
This BAA applies to the extent Client is acting as a Covered Entity or a Business Associate and, as a result, Wondr Health is deemed under HIPAA to be acting as Client’s Business Associate or Subcontractor. To the extent of any conflict or inconsistency between this BAA and the Terms, this BAA will govern with respect to Protected Health Information. Client may be referred to herein as “you”, and Wondr Health may be referred to herein as “we”, “us”, or “our”.
- “Business Associate” has the definition given to it under HIPAA.
- “Breach” has the definition given to it under HIPAA.
- “Covered Entity” has the definition given to it under HIPAA.
- “Designated Record Set” has the definition give to it under HIPAA.
- “HIPAA” means the Health Insurance Portability and Accountability Act of 1996, as amended by the Health Information Technology for Economic and Clinical Health Act of the American Recovery and Reinvestment Act of 2009, and their implementing regulations, as amended from time to time.
- “Protected Health Information” or “PHI” has the definition given to it under HIPAA, but for purposes of this BAA is limited to PHI within Client Data to which we have access through the Service in connection with your permitted use of the Service. References to PHI in this BAA include electronic PHI.
- “Required by Law” has the definition given to it under HIPAA.
- “Security Incident” has the definition given to it under HIPAA.
- “Subcontractor” has the definition given to it under HIPAA.
- Other capitalized terms used in this BAA without definition will have the respective meanings given to such terms under HIPAA.
- PERMITTED USES AND DISCLOSURES
- Use and Disclosure. Except as otherwise stated in this BAA, we may use and disclose PHI only (a) as permitted or required by the Terms or this BAA, or (b) as Required by Law, and we will not otherwise use or disclose PHI. Except as set forth in Sections 2.2, 2.3, and 2.5 of this BAA, we will not use or disclose PHI in any manner that would constitute a violation of HIPAA if so used or disclosed by you.
- Uses for Proper Management and Administration. We may use PHI for our proper management and administration and to carry out our legal responsibilities.
- Disclosures for Proper Management and Administration. We may disclose PHI to a third party for our proper management and administration, provided that the disclosure is Required by Law or we obtain reasonable assurances from the third party to whom PHI will be disclosed that (a) it will be held confidentially, (b) used or further disclosed only for the purpose for which it was disclosed to the third party, and (c) the third party will notify us of any instances of which it is aware in which the confidentiality of the PHI has been breached.
- Reporting Violations of Law. We may use PHI to report violations of law to appropriate federal and state authorities, consistent with 45 C.F.R. 164.502(j)(1).
- Data Aggregation. We may use PHI to provide Data Aggregation services relating to your Health Care Operations if required or permitted under the Terms.
- De-Identification. We may use PHI to create de-identified health information in accordance with the HIPAA de-identification standards. We may use and disclose de-identified health information for any purpose permitted by law.
- OUR OBLIGATIONS
- No Other Use or Disclosure. We will not use or further disclose PHI other than as permitted or required by the Terms, this BAA or as Required by Law
- Safeguards. We will use appropriate safeguards and comply, where applicable, with the HIPAA security standards with respect to electronic PHI, to prevent use or disclosure of the PHI other than as provided for by the Terms and this BAA.
- Unauthorized Uses and Disclosures; Breaches. We will report to you any use or disclosure of PHI not permitted by this BAA of which we become aware, including Breaches of Unsecured PHI as required by 45 CFR § 164.410.
- Security Incidents. We will report to you any successful Security Incident of which we become aware. Notwithstanding the foregoing, notice is hereby deemed provided, and no further notice will be given, regarding the existence of unsuccessful Security Incidents, such as pings and other broadcast attacks on a firewall, denial of service attacks, port scans, unsuccessful login attempts, malware such as worms or viruses, or interception of encrypted information where the key is not compromised, or any combination of the above.
- Subcontractors. We will enter into a written agreement meeting the requirements of 45 CFR §§ 164.504(e) and 164.314(a)(2) with each Subcontractor that creates, receives, maintains, or transmits PHI on our behalf that obligates the Subcontractor to comply with restrictions and conditions that are at least as restrictive as those that apply to us under this BAA.
- Access to PHI. To the extent we maintain PHI in a Designated Record Set, within 15 business days of receipt of a written request from you, we will make PHI contained in such Designated Record Set available to you so that you may comply with 45 CFR § 164.524. Between you and us, you are solely responsible for making decisions regarding whether to approve a request for access to PHI.
- Amendments to PHI. To the extent we maintain PHI in a Designated Record Set, within 15 business days of receipt of a written request from you, we will make PHI contained in such Designated Record Set available to you for amendment and incorporate any such amendments to such PHI in accordance with 45 CFR § 164.526. Between you and us, you are solely responsible for making decisions regarding whether to approve a request for amendment to PHI.
- Accounting of Disclosures. Within 30 business days of receipt of written notice from you, we will make available to you the information required for you to provide an accounting of disclosures in accordance with 45 CFR § 164.528 of which we are aware. Because we cannot readily identify which Individuals are identified or what types of PHI are included in Client Data you or your Users upload to the Service under your account, you will be solely responsible for identifying which Individuals, if any, may have been included in Client Data that we have disclosed and for providing a brief description of the PHI disclosed.
- Books and Records. We will make our internal practices, books, and records relating to the use and disclosure of PHI received from you, or created or received by us on your behalf of, available to the Secretary for purposes of determining your compliance with HIPAA.
- Minimum Necessary. To the extent required by the “minimum necessary” requirements of HIPAA, we will only request, use and disclose the minimum amount of PHI necessary to accomplish the purpose of the request, use or disclosure.
- YOUR OBLIGATIONS
- Permissible Requests. You will not request that we use or disclose PHI in any manner that would not be permissible under HIPAA if done directly by you (2.2, 2.3[, / and] 2.4[, and 2.5] of this BAA).
- Minimum Necessary. When you disclose PHI to us, you will provide only the minimum amount of PHI necessary for the accomplishment of your purpose.
- Restrictions; Revocation of Authorization. You must promptly notify us in writing of any changes in, or revocation of, the permission by an Individual to use or disclose his or her PHI, to the extent that such changes may affect our use or disclosure of PHI and take affirmative steps to remove such PHI from the Service.
- Notice of Privacy Practices. You must notify us in writing of any limitation in any applicable notice of privacy practices in accordance with 45 CFR § 164.520, to the extent that such limitation may affect our use or disclosure of PHI.
- Termination for Cause. Any other provision of the Terms or this BAA notwithstanding, either party (the “Non-Breaching Party”) may terminate this BAA and the Terms upon 30 days advance written notice to the other party (the “Breaching Party”) in the event that the Breaching Party materially breaches this BAA and such breach is not cured to the reasonable satisfaction of the Non-Breaching Party within such 30-day period.
- Return or Destruction of PHI. Upon expiration or earlier termination of this BAA, we will either return or destroy all PHI received from you or created or received by us on your behalf and which we still maintain in any form. Notwithstanding the foregoing, to the extent that we reasonably determine that it is not feasible to return or destroy such PHI, the terms and provisions of this BAA will survive termination of this BAA and such PHI shall be used or disclosed solely for such purpose or purposes which prevented the return or destruction of such PHI.
- GENERAL PROVISIONS
- HIPAA Amendments. Any future amendments to HIPAA affecting business associate agreements are hereby incorporated by reference into this BAA as if set forth in this BAA in their entirety, effective on the later of the effective date of this BAA or such subsequent date as may be specified by HIPAA.
- Regulatory References. A reference in this BAA to a section in HIPAA means the section as it may be amended from time to time.