Assemblage Health Inc.
Terms of Use

Assemblage Health Terms and Conditions

These Terms and Conditions (“Terms”) describe the rights and obligations of Assemblage Health Inc., a Kansas corporation (“Assemblage Health”) and Assemblage Health's customer (the “Customer”) (collectively, the “Parties”) related to Assemblage Health's provision to Customer, and Customer's use of, Assemblage Health's Services (as defined below). Details related to the Services, including payment amounts, usage limitations, and other terms, shall be set forth in one or more separate statements of work, purchase orders, or other related purchasing documents previously executed by the Parties or to be executed by the Parties (each, an “Order Form" and, together with these Terms, the “Agreement”). Each Order Form is subject to these Terms. The terms of an Order Form shall govern in the event of a conflict between these Terms and an Order Form. The Agreement shall be effective upon Customer's execution of the initial Order Form (the “Effective Date”).

RECITALS

A. Assemblage Health provides an artificial intelligence-based medical software platform.

B. Customer desires to access and use such platform, and Assemblage Health is willing to permit Customer to access and use its platform, subject to the terms and conditions of this Agreement.

In consideration of the mutual promises and covenants herein contained, and for other good and valuable consideration, the receipt and sufficiency of which are hereby acknowledged, Assemblage Health and Customer agree as follows:

AGREEMENT

1. DEFINITIONS

1.1 In addition to terms defined in the body of the Agreement the following terms, when used in this Agreement, will have the following meanings.

a. "Affiliate”

means any entity that controls, is controlled by, or is under common control, in each case either directly or indirectly with Customer, where “control”, “controlled by” and “under common control with”, means the direct or indirect power to direct or cause the direction of the management and policies of an entity, whether through the ownership of voting securities, by contract, or otherwise/ownership of more than fifty percent (50%) of the voting securities of such entity.

b. “Customer Data”

means the Recordings and any other information, data, content and other materials, in any form or medium, that is submitted, transmitted or otherwise provided by or on behalf of Customer through the Assemblage Health Services or to Assemblage Health in connection with Customer's use of the Assemblage Health Services (but expressly excluding Assemblage Health Technology).

c. “Assemblage Health Services”

means the proprietary Assemblage Health products and services ordered by Customer under an Order Form.

d. “Assemblage Health Technology”

means as applicable the Assemblage Health Services, Software, Documentation, and any other materials, information (including Assemblage Health's Confidential Information) or technology delivered or made available by Assemblage Health under this Agreement.

e. “Deidentified Data”

means anonymized or deidentified data or information of similar form, derived from Customer Data (including Protected Health Information therein), that is created by or on behalf of Assemblage Health, by excluding information that makes the data contained therein personally identifiable to Customer or any other individual, and that, with respect to data derived from Protected Health Information, meets the standard for deidentification under HIPAA.

f. “Documentation”

means the printed and digital instructions, on-line help files, technical documentation and user manuals made available by Assemblage Health to Customer describing the intended operation of the Assemblage Health Services.

g. “EHR”

means the electronic health record to which Customer uploads Recordings and derivatives thereof.

h. “Fees”

means the fees for the relevant Assemblage Health Services as further set forth in Exhibit A.

i. “Order Form”

means the mutually executed order form referencing and governed by this Agreement, substantially in the form provided in Exhibit A.

j. “Protected Health Information”

has the meaning set forth in the Health Insurance Portability and Accountability Act's implementing regulations (45 C.F.R. 160.103).

k. “Recordings”

means any audio and/or video recordings created by the Software, and any derivatives thereof, including without limitation, written transcriptions of such recordings.

l. “Software”

means any web-based, desktop or mobile application hosted and provided by or on behalf of Assemblage Health, APIs or integration software, and any firmware and other programs otherwise distributed or used in connection with the Assemblage Health Services and designated on an Order Form.

m. “Supplemental Services”

means the configuration, implementation, integration, training, or other services, if any, identified in an Order Form.

n. “Usage Data”

means any and all data collected, developed, generated or derived by Assemblage Health or the Assemblage Health Services in connection with Customer's or its Users' use of the Assemblage Health Services and which does not identify individuals.

o. “User”

means Customer's employees, independent contractors and agents engaged by Customer who are authorized to access and use the Assemblage Health Services.

2. Assemblage Health SERVICES; LICENSES

2.1 License. Subject to the terms and conditions of this Agreement, including Customer's cooperation and assistance in accordance with Section 2.4, Assemblage Health hereby grants to Customer, during the Order Form Term (as defined below), a non-exclusive, non-sub-licensable, non-transferable, revocable right and license to (a) access, use, and as applicable, download, the Assemblage Health Technology solely for Customer's internal business purposes and in accordance with the Documentation, subject to any usage limitations or other restrictions set forth in an applicable Order Form, and (b) reproduce, without modification, and internally use a reasonable number of copies of the Documentation solely in connection with Customer's authorized use of the applicable Assemblage Health Services. Customer will include on any copies it makes of the Assemblage Health Services and Documentation the copyright notices or proprietary legends contained within the same.

2.2 Affiliate Purchases. From time to time, Customer may request to purchase additional licenses to the Assemblage Health Services for the benefit of an Affiliate. Assemblage Health will extend the Assemblage Health Services to such Affiliate provided that (a) Customer submits to Assemblage Health, in writing, the name and contact information for such Affiliate and acknowledges that such entity is an Affiliate of Customer, and (b) the named Affiliate countersigns this Agreement and the BAA attached hereto in the form executed by the Parties without modification. Customer agrees to cause such Affiliate to agree to and comply with the terms of this Agreement, and Customer will be responsible for all acts and omissions of such Affiliate hereunder. Assemblage Health will submit all invoices to Customer and Customer will pay such invoices in accordance with Section 5.

2.3 Supplemental Services. Subject to Customer's timely payment of all applicable Fees, Assemblage Health will use commercially reasonable efforts to provide to Customer the Supplemental Services, if any, set forth in an Order Form or as confirmed by the Parties in writing (email to suffice). Unless otherwise stated in the applicable Order Form, Assemblage Health will own and retain all right, title, and interest, including all intellectual property and proprietary rights, in and to any work product or deliverables created, or made available to Customer, in connection with the Supplemental Services. Nothing in the Agreement or any attachment hereto shall be understood to prevent Assemblage Health from developing similar work product or deliverables for other customers.

2.4 Customer Obligations. Customer shall:

1. Be responsible for each User's compliance with this Agreement and the Documentation, and use commercially reasonable efforts to prevent unauthorized access to or use of the Assemblage Health Services;
2. be responsible for the accuracy, quality and legality of Customer Data, the means by which Customer acquired Customer Data, and Customer's use of Customer Data with the Assemblage Health Services;
3. be solely responsible for any and all license fees, and any other related fees, in connection with Customer's, and as applicable, Assemblage Health's, access and use of Customer's EHR;
4. track and provide internally generated KPI reports to Assemblage Health for Assemblage Health's internal business purposes;
5. use the Assemblage Health Services in accordance with this Agreement, Documentation, Order Forms, and applicable laws and government regulations;
6. ensure, and be solely responsible for ensuring, that all notices are given, and all rights, authorizations, and consents are obtained, as are required under applicable law or otherwise, for Customer Data to be shared with Assemblage Health and for Assemblage Health to collect, use, retain, and otherwise process the Customer Data as contemplated by this Agreement; without limiting the generality of the foregoing, Customer represents and warrants that it shall be solely responsible for obtaining and maintaining any and all consents, authorizations, or permissions that may be required by HIPAA, 42 CFR Part 2 or other applicable federal or state privacy laws and regulations before disclosing PHI to Assemblage Health as well as all applicable federal and state laws and regulations pertaining to recording conversations; Customer acknowledges and agrees that Assemblage Health relies on Customer to provide all legally required notices, and obtain all legally required consents, to allow Assemblage Health to provide the Assemblage Health Services and use the Customer Data as set forth herein;
7. be responsible for confirming the accuracy and reliability of any Recordings, including Recordings uploaded to Customer's EHR; Customer acknowledges and agrees that Assemblage Health facilitates the transcription of live interactions and is not a medical device, and Customer has reviewed each Recording and any other Assemblage Health Services to confirm accuracy and to confirm that such materials are sufficient and meet Customer's needs;
8. be responsible for obtaining and maintaining at its cost any equipment and ancillary services needed to connect to, access or otherwise use the Assemblage Health Services, including, without limitation, software, operating system, networking, servers, Internet service. Customer understands that Assemblage Health's performance is dependent in part on Customer's and Customer's third-party service providers' actions;
9. perform all required actions specified in an Order Form or otherwise required of it, including without limitation, providing reasonable assistance to allow access to Customer's premises, and to otherwise support any required EHR integrations; any dates or time periods relevant to Assemblage Health's performance will be extended appropriately and equitably to reflect any delays caused by Customer's or its third-party service providers' failure to timely perform any such action.

2.5 Restrictions.

(i) Customer will not, and will not permit third parties to, directly or indirectly:

1. reverse engineer, decompile, disassemble or otherwise attempt to discover the source code, object code or underlying structure, ideas, algorithms or associated know-how of the Assemblage Health Technology or results provided in connection with Supplemental Services (except to the extent expressly made available to Customer by Assemblage Health or permitted by applicable law notwithstanding this restriction);
2. write or develop any program based upon Assemblage Health Technology or any portion of any of the foregoing, or otherwise use the Assemblage Health Technology in any manner for the purpose of developing, distributing or making available products or services that compete with the Assemblage Health Technology;
3. sell, sublicense, transfer, assign, lease, rent, distribute, or grant a security interest in the Assemblage Health Technology or any rights to any of the foregoing;
4. permit the Assemblage Health Technology to be accessed or used by any persons other than Users accessing or using the Assemblage Health Technology in accordance with the Agreement;
5. alter or remove any trademarks or proprietary notices contained in or on the Assemblage Health Technology;
6. circumvent or otherwise interfere with any authentication or security measures of the Assemblage Health Technology or otherwise interfere with or disrupt the integrity or performance of the foregoing; or
7. otherwise use the Assemblage Health Technology for any purpose other than as expressly permitted hereunder. Customer acknowledges that Assemblage Health may, but is no under obligation to, monitor Customer's use of the Assemblage Health Services. Assemblage Health may suspend Customer's or a User's access to the Assemblage Health Services for any period during which Customer or a User is, or Assemblage Health has a reasonable basis for alleging Customer or a User is, in noncompliance with the foregoing.

(ii) Customer hereby agrees that, unless otherwise specified in an Order Form, the Software will operate on a standalone basis without integration with the Customer's EHR. If Assemblage Health provides access to Software designed to facilitate integration between the Assemblage Health Services and the EHR, such Software may be downloaded and used solely as required by this Agreement and during the applicable Order Form Term.

3. INTELLECTUAL PROPERTY

3.1 Assemblage Health Technology. Customer acknowledges and agrees that Assemblage Health exclusively owns and retains all rights, title and interests in and to the Assemblage Health Technology and all intellectual property and other proprietary rights therein, including all technology, software, algorithms, user interfaces, trade secrets, techniques, designs, inventions, works of authorship, and other tangible and intangible material and information pertaining thereto or included therein and that nothing in this Agreement will be deemed to assign, grant or convey to Customer any ownership interests in the Assemblage Health Technology or preclude or restrict Assemblage Health from using or exploiting any concepts, ideas, techniques or know-how of or related to the Assemblage Health Technology or otherwise arising in connection with Assemblage Health's performance under the Agreement. Other than as expressly set forth in the Agreement, no licenses or other rights in or to the Assemblage Health Technology are granted to Customer and all such rights are hereby expressly reserved. Customer will use its reasonable efforts to protect Assemblage Health's intellectual property rights in the Assemblage Health Services and will report promptly to Assemblage Health any infringement or misappropriation of such rights of which Customer becomes aware.

3.2 Customer Data. Customer acknowledges that the Assemblage Health Services and its capabilities rely on insights derived from Customer Data. Accordingly, subject to compliance with the BAA, Customer grants Assemblage Health a worldwide, royalty-free license to use, store, host, perform, display and create derivative works from the Customer Data, including by combining Customer Data with data from third party sources and utilizing machine learning and artificial intelligence applications, for the purposes of (a) providing the Assemblage Health Services and performing its obligations and exercising its rights under this Agreement; (b) complying with applicable laws and regulations; and (c) operating, analyzing and improving Assemblage Health's products and services. Assemblage Health will not sell, distribute, rent, license, lease, or publicly display Customer Data without Customer's prior written permission. For purpose of this Agreement, including the BAA, where applicable, the “Assemblage Health Services” includes the improvement of the underlying technologies as Customer Data is ingested in the course of providing the Assemblage Health Services. Customer acknowledges and agrees that, to the extent permitted by applicable law, Assemblage Health may collect, create, use, and disclose, and will be the owner of Usage Data. During the Term Assemblage Health may create De-Identified Data, and during and after the Term, may retain, share, and use the De-Identified Data for any legal purpose including without limitation for purposes of operating, analyzing, improving or marketing the Assemblage Health Services.

3.3 Feedback. If Customer or a User provides any suggestions, enhancement requests, recommendations or other feedback regarding the Assemblage Health Services (“Feedback”), Customer hereby grants to Assemblage Health a royalty-free, worldwide, transferable, sub-licensable, irrevocable, perpetual license to use any Feedback for any legal purpose, including by incorporating Feedback into the Assemblage Health Services. Assemblage Health will not identify Customer as the source of any such Feedback. Customer hereby acknowledges that Assemblage Health shall not have any obligation to pay any compensation to Customer regarding Feedback.

4. CONFIDENTIALITY

4.1 Definition. “Confidential Information” means any information of a confidential or non-public nature disclosed by one Party (“Disclosing Party”) to the other Party (“Receiving Party”) that is marked as “Confidential” or an equivalent designation or that should reasonably be understood to be confidential given the nature of the information and/or the circumstances surrounding the disclosure. Without limiting the foregoing, Assemblage Health's Confidential Information includes, without limitation, the Assemblage Health Technology and all documentation, data and reports relating to the Assemblage Health Services, but expressly excluding Protected Health Information, which is addressed separately herein. Confidential Information does not include information that:

1. is or becomes publicly known through no breach by the Receiving Party;
2. was rightfully received by the Receiving Party from a third party who was not subject to a duty of confidentiality to the Disclosing Party without restriction on use or disclosure;
3. was already in the Receiving Party's possession without a duty of confidentiality owed to the Disclosing Party at the time of disclosure, as shown by Receiving Party's reasonable contemporaneous records; or
4. is independently developed by Receiving Party without reference to the Confidential Information of the Disclosing Party.

4.2 Use; Maintenance. Neither Party shall use the Confidential Information of the other Party for any purpose except to exercise its rights and perform its obligations under the Agreement. Neither Party shall disclose any Confidential Information of the other Party, except where the Receiving Party becomes legally compelled to disclose Confidential Information, notwithstanding the Receiving Party's having given the Disclosing Party prior notice of such legally compelled disclosure and a reasonable opportunity to seek a protective order or other confidential treatment for such Confidential information (if permitted by applicable law). Each Party will take reasonable measures and care to protect the secrecy of, and avoid disclosure and unauthorized use of, the other Party's Confidential Information.

4.3 Protected Health Information. In addition to the confidentiality obligations set forth herein, any information accessed or received by Assemblage Health for or on behalf of Customer that is Protected Health Information shall be protected in accordance with HIPAA, as set forth in the BAA. If there is any conflict regarding Protected Health Information between the terms of this Agreement and its other attachments, on the one hand, and the BAA, on the other, the BAA shall control.

5. PAYMENT OF FEES

5.1 Fees. During the Term, Customer will pay all Fees of the type and amount set forth in an Order Form. Unless otherwise set forth in an Order Form, Fees for the Assemblage Health Services will be invoiced on a monthly basis. If fees for Supplemental Services are not set forth on the Assemblage Health Order Form, such fees will be paid for services to be rendered at Assemblage Health's then-prevailing time and materials rates. Customer agrees to promptly reimburse Assemblage Health upon invoice for any actual, out-of-pocket travel and lodging expenses incurred by Assemblage Health in connection with any on-site Supplemental Services set forth in a Assemblage Health Order Form. Unless otherwise set forth in an Order Form:

1. all Fees are non-cancellable, non-refundable, and non-recoupable; and
2. all invoices for Fees are due and payable in United States dollars within 30 days after the invoice date, without deduction or setoff. Interest accrues from the due date at the lesser of 1.5% per month or the highest rate allowed by law. Customer is responsible for all federal, state, local, sales, use, value added, excise, or other taxes, fees, or duties arising out of the Agreement or the transactions contemplated by the Agreement (other than taxes based on Assemblage Health's net income).

5.2 Fee Dispute. If Customer believes in good faith that Assemblage Health has billed Customer incorrectly or otherwise disputes the invoiced amount, Customer must provide specific written objection to Assemblage Health no later than the date on which the invoiced amount was due.

5.3 Audit Rights. Assemblage Health will have the right during the term of this Agreement to inspect and audit the books and records of Customer that are relevant to verifying the accuracy of the amounts owed to Assemblage Health by Customer pursuant to this Agreement; provided, however, that:

1. any such inspection and audit will be conducted at Customer's place of business during regular business hours with three (3) days' notice of the audit,
2. if any audit should disclose an underpayment, Customer will pay such amount to Assemblage Health within thirty (30) days from notice thereof and
3. the reasonable fees and expenses relating to any audit which reveals an underpayment in excess of five percent (5%) of the amount owed, will be borne entirely by Customer.

6. TERM AND TERMINATION

6.1 Term and Termination. This Agreement shall commence on the Effective Date and continue as long as there is an active Order Form, unless terminated earlier as provided in this Agreement (the “Term”). The term length of each Order Form will be as set forth in the Order Form (“Order Form Term”). Each Order Form Term will automatically renew for terms equal to the duration of the initial Order Form (except as otherwise provided in the Order Form) unless either Party notifies the other in writing of its intent not to renew such Order Form at least thirty (30) days prior to the end of the then-current Order Form Term. If either Party materially breaches any term of this Agreement and fails to cure such breach within sixty (60) days after notice thereof by the non-breaching Party (thirty (30) days in the case of non-payment), the non-breaching Party may terminate this Agreement immediately upon notice. In addition, Customer may terminate the Agreement as provided in the BAA. Either Party may terminate this Agreement upon notice to the other Party if there are no active Order Forms.

6.2 Effect of Termination. Customer will pay in full for all Assemblage Health Services performed up to and including the effective date of termination and for Assemblage Health Services provided under Surviving Orders. Upon any termination of this Agreement:

1. Customer's and Users' right to access and use the Assemblage Health Services shall immediately terminate, Customer and its Users shall immediately cease all use of the Assemblage Health Services; and
2. each Party shall return to the other Party or destroy all Confidential Information of the other Party in its possession, provided that Confidential Information saved pursuant to back-up policies or procedures shall not be returned or destroyed.

6.3 Survival. Sections 1, 2.3, 2.4, 2.5, 3.2 (solely with respect to Usage Data and De-Identified Data), 3.3, 4, 5, 6.2, 6.3, 7, 8, 9 and 10 shall survive any expiration or termination of this Agreement.

7. WARRANTIES AND DISCLAIMERS

7.1 Assemblage Health Representations and Warranties. Assemblage Health represents and warrants that: (a) it has all right and authority necessary to enter into and perform this Agreement; (b) it will provide the Assemblage Health Services in a professional and workmanlike manner consistent with general industry standards; and (c) the Assemblage Health Services will conform in all material respects to the specifications and the functionality set forth in the applicable Documentation, provided, however, that in the event that the Assemblage Health Services fail to conform to the foregoing warranty, as Customer's sole and exclusive remedy and Assemblage Health's sole and exclusive liability for such failure, Assemblage Health will, at its expense, use commercially reasonable efforts to correct the non-conformity.

7.2 Customer Representations and Warranties. Customer represents and warrants to Assemblage Health that Customer (a) has all right and authority necessary to enter into and perform this Agreement; (b) has all rights, licenses and consents from third parties and has provided all notices required by law necessary to allow Assemblage Health to perform the activities set forth in this Agreement and provide the Assemblage Health Services; and (c) will comply with all applicable laws in connection with its use of the Assemblage Health Technology and the Assemblage Health Services.

7.3 General Disclaimer. EXCEPT AS EXPRESSLY SET OUT IN SECTION 7.1, THE Assemblage Health SERVICES INCLUDING ANY RECORDINGS GENERATED IN CONNECTION THEREWITH ARE PROVIDED “AS IS” AND Assemblage Health EXPRESSLY DISCLAIMS ALL OTHER WARRANTIES, REPRESENTATIONS, OR CONDITIONS, WHETHER EXPRESS, IMPLIED OR STATUTORY, INCLUDING, BUT NOT LIMITED TO, IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. NO INFORMATION OBTAINED FROM Assemblage Health OR ELSEWHERE SHALL CREATE ANY WARRANTY NOT EXPRESSLY STATED IN THIS SECTION 7. WITHOUT LIMITING THE GENERALITY OF THE FOREGOING, Assemblage Health DOES NOT WARRANT THAT THE Assemblage Health SERVICES ARE ERROR-FREE OR THAT THE Assemblage Health SERVICES WILL OPERATE WITHOUT INTERRUPTION. THE Assemblage Health TECHNOLOGY MAY BE SUBJECT TO LIMITATIONS, DELAYS, AND OTHER PROBLEMS INHERENT IN THE USE OF THE INTERNET AND ELECTRONIC COMMUNICATIONS. Assemblage Health IS NOT RESPONSIBLE FOR ANY DELAYS, DELIVERY FAILURES OR OTHER DAMAGES RESULTING FROM SUCH PROBLEMS. CUSTOMER ACKNOWLEDGES THAT Assemblage Health DOES NOT WARRANT OR GUARANTEE THAT THE Assemblage Health SERVICES WILL PROVIDE ACCURATE OR INFORMATIVE RECORDINGS. Assemblage Health DOES NOT WARRANT OR GUARANTEE THAT THE INFORMATION OBTAINED THROUGH THE Assemblage Health SERVICES WILL BE ACCURATE, RELEVANT, COMPLETE, OR UP TO DATE. CUSTOMER IS SOLELY RESPONSIBLE FOR VERIFYING THE ACCURACY OF RECORDINGS AND OTHER INFORMATION AND CONTENT MADE AVAILABLE THROUGH THE Assemblage Health SERVICES, FOR MAKING DIAGNOSTIC AND CLINICAL DECISIONS, AND FOR COMPLYING WITH ALL LAWS RELATING THERETO. Assemblage Health IS NOT LIABLE OR RESPONSIBLE FOR, AND HEREBY EXPRESSLY DISCLAIMS, UNDER ANY CIRCUMSTANCES: (A) HOW THE Assemblage Health SERVICES ARE USED BY CUSTOMER OR ANY THIRD PARTY, (B) HOW CUSTOMER OR ANY THIRD PARTIES USE ANY INFORMATION OR OUTPUT DATA OBTAINED THROUGH THE Assemblage Health SERVICES, OR (C) ANY CONSEQUENCES THEREOF.

7.4 Medical Services Disclaimer. Assemblage Health does not practice medicine or any other clinical profession, provide medical or other professional clinical advice, make diagnostic, treatment, coding, billing, or other clinical decisions, judgments, or recommendations. Assemblage Health does not, and is not intended to, replace any clinical providers. The Assemblage Health Services do not replace clinical care. The Assemblage Health Services and content provided in connection therewith are not a substitute for the competent analysis and professional judgment of a healthcare professional. The information that is provided to you through the Assemblage Health Services is dependent upon the Customer Data you provide, as well as the specifics of your situation. Further, Customer understand that the Assemblage Health Services are not, and are not intended to be used as, a medical records repository. Customer is solely responsible for meeting the medical records retention requirements that are applicable to it. Assemblage Health is not and will not be responsible for, Recordings uploaded or transmitted, or not uploaded or transmitted, through the Assemblage Health Services. CUSTOMER ACKNOWLEDGES AND AGREES THAT (I) THE Assemblage Health SERVICES DO NOT REPLACE MEDICAL CONSULTATION, EXAMINATION, AND RECORD REVIEW; AND (II) THE PROFESSIONAL DUTY TO ANY OF CUSTOMER'S PATIENTS IN THE PROVISION OF HEALTHCARE SERVICES LIES SOLELY WITH CUSTOMER, AS A HEALTHCARE PROFESSIONAL PROVIDING SUCH PATIENT CARE SERVICES AND NOT WITH Assemblage Health. THEREFORE, CUSTOMER, AND NOT Assemblage Health, SHALL BE RESPONSIBLE FOR VERIFYING THE ACCURACY OF ALL MEDICAL INFORMATION, INCLUDING MEDICAL INFORMATION CONTAINED WITHIN THE RECORDINGS, FOR MAKING DIAGNOSTIC, CODING BILLING, AND OTHER CLINICAL DECISIONS, AND FOR COMPLYING WITH ALL APPLICABLE LAWS, REGULATIONS, AND THE APPLICABLE STANDARD OF CARE IN DELIVERING HEALTH CARE SERVICES, IN DELIVERING HEALTH CARE SERVICES AND THE CODING, BILLING, PAYMENT, AND REIMBURSEMENT THEREFOR, AND WILL INDEMNIFY Assemblage Health FROM AND AGAINST ANY CLAIMS BY THIRD PARTIES (INCLUDING, SUCH THIRD PARTIES' THEIR AGENTS, REPRESENTATIVES, HEIRS, SUCCESSORS, AND ASSIGNS) RELATED TO CUSTOMER'S PROVISION OF CARE IN CONNECTION OR CONJUNCTION WITH THE Assemblage Health SERVICES.

8. LIMITATION OF LIABILITY.

8.1 OTHER THAN IN CONNECTION WITH A BREACH OF SECTIONS 2.5, 3.1 OR SECTION 4, THE PARTIES AGREE THAT UNDER NO CIRCUMSTANCES SHALL EITHER PARTY HAVE ANY LIABILITY TO THE OTHER PARTY, OR ANY OTHER PERSON OR ENTITY, FOR ANY INDIRECT, SPECIAL, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES OF ANY DESCRIPTION, WHETHER ARISING OUT OF WARRANTY OR OTHER CONTRACT, NEGLIGENCE OR OTHER TORT, OR OTHERWISE, INCLUDING WITHOUT LIMITATION, LOST GOODWILL, LOSS OF INVESTMENT, LOST PROFITS, BUSINESS INTERRUPTION, LOST DATA, LOST USE OR OTHER LOSSES.

8.2 EXCEPT AS SET FORTH IN THIS SECTION 8, AND WITHOUT LIMITING CUSTOMER'S OBLIGATION TO PAY FEES WHEN DUE, THE PARTIES AGREE THAT THE TOTAL AGGREGATE LIABILITY OF ONE PARTY TO THE OTHER PARTY FOR ALL CLAIMS, LOSSES, DAMAGES, OR LOSSES UNDER THIS AGREEMENT, WHETHER IN CONTRACT, WARRANTY, TORT, OR OTHERWISE, SHALL NOT EXCEED THE FEES PAID OR PAYABLE BY CUSTOMER TO Assemblage Health IN THE TWELVE MONTHS PRIOR TO THE ACT THAT GAVE RISE TO THE LIABILITY UNDER THIS AGREEMENT; PROVIDED THAT THE TOTAL AGGREGATE LIABILITY OF ONE PARTY TO THE OTHER SHALL NOT EXCEED THE GREATER OF (i) $1,000,000 or (ii) THREE TIMES THE FEES PAID OR PAYABLE BY CUSTOMER TO Assemblage Health IN THE TWELVE MONTHS PRIOR TO THE ACT THAT GAVE RISE TO THE LIABILITY UNDER THIS AGREEMENT, WHERE THE CLAIMS, LOSSES, OR DAMAGES UNDER THIS AGREEMENT AROSE FROM A PARTY'S BREACH OF ITS CONFIDENTIALITY OBLIGATIONS OR A VIOLATION OF THE BUSINESS ASSOCIATE AGREEMENT.

8.3 THE PARTIES AGREE THAT THE LIMITATIONS OF LIABILITY UNDER THIS SECTION 8 SHALL NOT APPLY TO: (A) THE INTENTIONAL MISCONDUCT OR FRAUD OF A PARTY; (B) A PARTY'S INDEMNIFICATION OBLIGATIONS UNDER SECTION 9; OR (C) A PARTY'S BREACH OF SECTIONS 2.4 OR 2.5.

8.4 THE PARTIES AGREE THAT THE LIMITATIONS OF LIABILITY IN THIS SECTION 8 ARE COMPLETE AND EXCLUSIVE, SHALL APPLY EVEN IF THE LIABLE PARTY OR THE OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH POTENTIAL CLAIMS, LOSSES, OR DAMAGES, AND SHALL APPLY REGARDLESS OF THE SUCCESS OR EFFECTIVENESS OF ANY OTHER REMEDIES POSSESSED BY THE OTHER PARTY OR THIRD PARTIES.

9. INDEMNIFICATION

9.1 Indemnification by Assemblage Health. Assemblage Health shall indemnify, hold harmless, and defend Customer from and against any losses, damages, liabilities, costs (including reasonable attorneys' fees) (“Losses”) incurred by Customer resulting from a claim brought by a third party (a) that arises out of Assemblage Health's fraud or intentional misconduct; or (b) alleging that the Assemblage Health Technology infringes or misappropriates such third party's United States intellectual property rights; provided, however, that Assemblage Health shall have no obligations under this Section 9.1 to the extent such claim arises from or in connection with Customer's breach of this Agreement. If the Assemblage Health Technology becomes, or in Assemblage Health's reasonable opinion is likely to become, the subject of an infringement claim, Assemblage Health may at its sole discretion:

1. obtain for Customer the right to use the Assemblage Health Services;
2. modify the Assemblage Health Services so that it becomes non-infringing; or
3. terminate the Agreement and provide Customer with a pro-rated refund.

9.2 Indemnification by Customer. Customer shall indemnify, hold harmless, and at Assemblage Health's option, defend Assemblage Health from and against any Losses incurred by Assemblage Health resulting from a claim brought by a third party that (a) arises out of Section 2.4, 7.2, or 7.4; or (b) arises out of Customer's fraud or intentional misconduct.

9.3 Indemnification Procedures. The indemnified Party must promptly notify the indemnifying Party in writing of the claim, reasonably cooperate with the indemnifying Party, and allow the indemnifying Party authority to control the defense and settlement of any such claim, provided that the indemnifying Party may not settle any claim against the indemnified Party unless the indemnified Party consents to such settlement (which consent shall not be unreasonably withheld), and further provided that the indemnified Party will have the right, at its option and at its expense, to participate in the defense against any such claim by counsel of its own choice.

10. GENERAL

10.1 Publicity. Assemblage Health may use the name, trademarks, logos, or other indicia of source (“Marks”) of Customer in Assemblage Health's customer list (including on Assemblage Health's website, social media accounts, and in sales and marketing materials and presentations), in the same manner in which it uses the names and Marks of its other customers; provided, however, that Assemblage Health shall use Customer's Marks in accordance with Customer's branding guidelines, as may be provided from time to time. Customer will cooperate with reasonable requests of Assemblage Health to support marketing and public relations efforts pertaining to the Assemblage Health Services and Assemblage Health, which efforts may include but are not limited to:

1. a press release announcing Customer's use of the Assemblage Health Services; and
2. participation in video interviews and/or webinars with leadership on industry trends, requirements and partnership.

Other than as set forth in this Section 10.1, neither Party may use the other Party's name or Marks in any other way without the other Party's prior written consent. Any use of a Party's name or Marks shall comply with such Party's applicable branding guidelines.

10.2 Governing Law. This Agreement will be governed by and construed in accordance with the laws of the State of California, excluding its body of law controlling conflict of laws. Any legal action or proceeding arising under this Agreement will be brought exclusively in the federal or state courts located in San Francisco County, California and the Parties irrevocably consent to the personal jurisdiction and venue therein.

10.3 Assignment. Neither Party may assign this Agreement without the other Party's prior written consent. Notwithstanding the foregoing, either Party may assign or transfer this Agreement to a third party that succeeds to all or substantially all of the assigning Party's business and assets relating to the subject matter of this Agreement, whether by sale, merger, operation of law or otherwise. Subject to the foregoing, this Agreement will bind and benefit the Parties and their respective successors and assigns. Any attempted assignment in violation of this Section will be null and void.

10.4 Non-Exclusive Remedies. Except as expressly set forth in this Agreement, the exercise by either Party of any of its remedies under this Agreement will be without prejudice to its other remedies under this Agreement or available at law or in equity or otherwise.

10.5 Equitable Relief. Each Party acknowledges that a breach by the other Party of any confidentiality or proprietary rights provision of this Agreement may cause the non-breaching Party irreparable damage, for which the award of damages would not be adequate compensation. Consequently, the non-breaching Party may institute an action to enjoin the breaching Party from any and all acts in violation of those provisions, which remedy shall be cumulative and not exclusive, and a Party may seek the entry of an injunction enjoining any breach or threatened breach of those provisions, in addition to any other relief to which the non-breaching Party may be entitled at law or in equity.

10.6 Severability. If any provision of this Agreement is held invalid or unenforceable by a court of competent jurisdiction, the remaining provisions of the Agreement will remain in full force and effect, and the provision affected will be construed so as to be enforceable to the maximum extent permissible by law.

10.7 Notices. All notices required or permitted under this Agreement will be in writing, will reference this Agreement, and will be deemed given:

1. when delivered personally;
2. one (1) business day after deposit with a nationally-recognized express courier, with written confirmation of receipt; or
3. three (3) business days after having been sent by registered or certified mail, return receipt requested, postage prepaid.

All such notices will be sent to the addresses set forth above or to such other address as may be specified by either Party to the other Party in accordance with this Section.

10.8 Waiver. The failure by either Party to enforce any provision of this Agreement will not constitute a waiver of future enforcement of that or any other provision.

10.9 Relationship of the Parties. Nothing in this Agreement shall be construed to create a partnership, joint venture or agency relationship between the Parties. Neither Party will have the power to bind the other or to incur obligations on the other's behalf without such other Party's prior written consent.

10.10 Entire Agreement. This Agreement constitutes the complete and exclusive agreement between the Parties concerning its subject matter and supersedes all prior or contemporaneous agreements or understandings, written or oral, concerning the subject matter of this Agreement. This Agreement may not be modified or amended except in a writing signed by a duly authorized representative of each Party.

10.11 Force Majeure. Neither Party will be responsible for any failure or delay in its performance under this Agreement (except for the payment of money) due to causes beyond its reasonable control, including, but not limited to, labor disputes, strikes, lockouts, shortages of or inability to obtain labor, energy, raw materials or supplies, failure of the Internet, denial of service, malware, or other cyber-attacks, war, acts of terror, riot, or acts of God (each a “Force Majeure Event”). Upon the occurrence of a Force Majeure Event, the non-performing Party will be excused from any further performance of its obligations effected by the Force Majeure Event for so long as the event continues and such Party continues to use commercially reasonable efforts to resume performance.

10.12 No Third-Party Beneficiaries. This Agreement is intended for the sole and exclusive benefit of the Parties and is not intended to benefit any third Party. Only the Parties to this Agreement may enforce it.

10.13 Counterparts. This Agreement may be executed in counterparts, each of which will be deemed an original, but all of which together will constitute one and the same instrument.

This Business Associate Agreement (this “Agreement”) by and between Assemblage Health, Inc. (“Business Associate”) and Assemblage Health's customer (“covered entity”), is entered into for the purposes of complying with the Health Insurance Portability and Accountability Act of 1996 and regulations promulgated thereunder (“HIPAA”) and the security provisions of the American Recovery and Reinvestment Act of 2009, also known as the Health Information Technology for Economic and Clinical Health Act (the “HITECH Act”).

WITNESSETH

Whereas, Covered Entity is a covered entity as such term is defined under HIPAA and as such is required to comply with the requirements thereof regarding the confidentiality and privacy of Protected Health Information; and

Whereas, Business Associate has entered or may enter into an agreement or agreements with Covered Entity (“Service Agreement”), pursuant to which Business Associate may receive Protected Health Information for or on behalf of Covered Entity; and

Whereas, by providing services pursuant to the Service Agreement and receiving Protected Health Information for or on behalf of Covered Entity, Business Associate shall become a Business Associate of Covered Entity, as such term is defined under HIPAA, and will therefore have obligations regarding the confidentiality and privacy of Protected Health Information that Business Associate receives from or on behalf of, Covered Entity.

Now Therefore, in consideration of the mutual covenants, promises, and agreements contained herein, the parties hereto agree as follows:

1. Definitions.

For the purposes of this Agreement, capitalized terms shall have the meanings ascribed to them below. All capitalized terms used but not otherwise defined herein will have the meaning ascribed to them by HIPAA.

1. “Protected Health Information” or “PHI” is any information, whether oral or recorded in any form or medium that is created, received, maintained, or transmitted by Business Associate for or on behalf of Covered Entity, that identifies an individual or might reasonably be used to identify an individual and relates to: (i) the individual's past, present or future physical or mental health; (ii) the provision of health care to the individual; or (iii) the past, present or future payment for health care.
2. “Secretary” shall refer to the Secretary of the U.S. Department of Health and Human Services.
3. “Unsecured PHI” shall mean PHI that is not rendered unusable, unreadable, or indecipherable to unauthorized individuals through the use of a technology or methodology specified by the Secretary (e.g., encryption). This definition applies to both hard copy PHI and electronic PHI.

2. Obligations of Business Associate.

(a) General Compliance with Law
Business Associate warrants that it, its agents and its subcontractors:

1. shall use or disclose PHI only in connection with fulfilling its duties and obligations under this Agreement and the Service Agreement;
2. shall not use or disclose PHI other than as permitted or required by this Agreement or required by law;
3. shall not use or disclose PHI in any manner that violates applicable federal and state laws or would violate such laws if used or disclosed in such manner by Covered Entity; and
4. shall only use and disclose the minimum necessary PHI for its specific purposes.

(b) Use and Disclosure of Protected Health Information
Subject to the restrictions set forth throughout this Agreement, Business Associate may use the information received from Covered Entity if necessary for

1. the proper management and administration of Business Associate; or
2. to carry out the legal responsibilities of Business Associate.

1. disclosures are required by law, or
2. Business Associate obtains reasonable assurances from the person or entity to whom the information is disclosed that it will remain confidential and used or further disclosed only as Required by Law or for the purpose for which it was disclosed to the person or entity, and the person or entity notifies the Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached.

(c) Covered Entity Obligations
To the extent that Business Associate is to carry out any of Covered Entity's obligations that are regulated by HIPAA, Business Associate shall comply with the HIPAA requirements that apply to the Covered Entity in the performance of such obligation.

(d) Safeguards
Business Associate shall employ appropriate administrative, technical and physical safeguards, consistent with the size and complexity of Business Associate's operations, to protect the confidentiality of PHI and to prevent the use or disclosure of PHI in any manner inconsistent with the terms of this Agreement. Business Associate shall comply, where applicable, with Subpart C of 45 C.F.R. Part 164 with respect to electronic PHI to prevent use or disclosure of such electronic PHI other than as provided for by this Agreement.

(e) Availability of Books and Records
Business Associate shall permit the Secretary and other regulatory and accreditation authorities to audit Business Associate's internal practices, books and records at reasonable times as they pertain to the use and disclosure of PHI in order to ensure that Covered Entity and/or Business Associate is in compliance with the requirements of HIPAA.

(f) Individuals' Rights to Their PHI

(i) Access to Information

To the extent Business Associate maintains PHI in a Designated Record Set, in order to allow Covered Entity to respond to a request by an Individual for access to PHI pursuant to 45 CFR Section 164.524, Business Associate shall make available to Covered Entity such PHI in a reasonable time and manner, to fulfill Covered Entity's obligations. In the event that any Individual requests access to PHI directly from Business Associate, Business Associate shall forward such request to Covered Entity.

Covered Entity will be responsible for making all determinations regarding the grant or denial of an Individual's request for PHI and Business Associate will make no such determinations. Except as Required by Law, only Covered Entity will be responsible for releasing PHI to an Individual pursuant to such a request. Any denial of access to PHI determined by Covered Entity pursuant to 45 CFR Section 164.524, and conveyed to Business Associate by Covered Entity, shall be the responsibility of Covered Entity, including resolution or reporting of all appeals and/or complaints arising from denials.

(ii) Amendment of Information

To the extent Business Associate maintains PHI in a Designated Record Set, in order to allow Covered Entity to respond to a request by an Individual for an amendment to PHI, Business Associate shall, within fifteen (15) business days upon receipt of a written request by Covered Entity, make available to Covered Entity such PHI. In the event that any Individual requests amendment of PHI directly from Business Associate, Business Associate shall forward such request to Covered Entity.

Covered Entity will be responsible for making all determinations regarding the grant or denial of an Individual's request for an amendment to PHI and Business Associate will make no such determinations. Any denial of amendment to PHI determined by Covered Entity pursuant to 45 CFR Section 164.526, and conveyed to Business Associate by Covered Entity, shall be the responsibility of Covered Entity, including resolution or reporting of all appeals and/or complaints arising from denials.

(iii) Accounting of Disclosures

In order to allow Covered Entity to respond to a request by an Individual for an accounting pursuant to 45 CFR Section 164.528, Business Associate shall, within thirty (30) days of a written request by Covered Entity for an accounting of disclosures of PHI about an Individual, make available to Covered Entity such PHI. At a minimum, Business Associate shall provide Covered Entity with the following information: (a) the date of the disclosure; (b) the name of the entity or person who received the PHI, and if known, the address of such entity or person; (c) a brief description of the PHI disclosed; and (d) a brief statement of the purpose of such disclosure. In the event that any Individual requests an accounting of disclosures of PHI directly from Business Associate, Business Associate shall forward such request to Covered Entity. Covered Entity will be responsible for preparing and delivering an accounting to Individual. Business Associate shall implement an appropriate record keeping process to enable it to comply with the requirements of this Agreement.

(g) Disclosure to Subcontractors and Agents
Notwithstanding anything to the contrary in the Services Agreement or this Agreement, Business Associate, subject to the restrictions set forth in this provision, may use subcontractors to fulfill its obligations under this Agreement. Business Associate shall obtain and maintain a written agreement with each subcontractor or agent that has or will have access to PHI, which is received from, or created or received by, Business Associate for or on behalf of Covered Entity, pursuant to which such subcontractor and agent agrees to be bound by the same restrictions, terms, and conditions that apply to Business Associate under this Agreement with respect to such PHI.

(h) Reporting Obligations
In the event of a Breach of any Unsecured PHI that Business Associate accesses, maintains, retains, modifies, records, or otherwise holds or uses on behalf of Covered Entity, Business Associate shall report such Breach to Covered Entity as soon as practicable, but in no event later than ten (10) business days after the date the Breach is discovered. Notice of a Breach shall include, to the extent such information is available:

1. the identification of each individual whose PHI has been, or is reasonably believed to have been, accessed, acquired, or disclosed during the Breach;
2. the date of the Breach, if known, and the date of discovery of the Breach;
3. the scope of the Breach; and
4. the Business Associate's response to the Breach.

3. Obligations Of Covered Entity.

(a) Permissible Requests
Covered Entity shall not request Business Associate to use or disclose PHI in any manner that would violate applicable federal and state laws if such use or disclosure were made by Covered Entity. Covered Entity may request Business Associate to disclose PHI directly to another party only for the purposes allowed by HIPAA and the HITECH Act.

(b) Notifications
Covered Entity shall notify Business Associate of any limitation in any applicable notice of privacy practices in accordance with 45 CFR Section 164.520, to the extent that such limitation may affect Business Associate's use or disclosure of PHI.
Covered Entity shall notify Business Associate of any changes in, or revocation of, permission by individual to use or disclose PHI, to the extent that such changes may affect Business Associate's use or disclosure of PHI.
Covered Entity shall notify Business Associate of any restriction to the use or disclosure of PHI that Covered Entity has agreed to in accordance with 45 CFR Section 164.522, to the extent that such restriction may affect Business Associate's use or disclosure of PHI.

4. Term and Termination.

(a) General Term and Termination
This Agreement shall become effective on the Effective Date set forth above and shall terminate upon the termination or expiration of the Service Agreement and when all PHI provided by either party to the other, or created or received by Business Associate on behalf of Covered Entity is, in accordance with this Section, destroyed, returned to Covered Entity, or protections are extended.

(b) Material Breach
Where either party has knowledge of a material breach by the other party, the non-breaching party shall provide the breaching party with an opportunity to cure. Where said breach is not cured to the reasonable satisfaction of the non-breaching party within twenty (20) business days of the breaching party's receipt of notice from the non-breaching party of said breach, the non-breaching party shall, if feasible, terminate this Agreement and the portion(s) of the Service Agreement affected by the breach. Where either party has knowledge of a material breach by the other party and cure is not possible, the non-breaching party shall, if feasible, terminate this Agreement and the portion(s) of the Service Agreement affected by the breach.

(c) Return or Destruction of PHI
Upon termination of this Agreement for any reason, Business Associate shall:

1. if feasible as determined by Business Associate, return or destroy all PHI received from, or created or received by Business Associate for or on behalf of Covered Entity that Business Associate or any of its subcontractors and agents still maintain in any form, and Business Associate shall retain no copies of such information; or
2. if Business Associate determines that such return or destruction is not feasible, extend the protections of this Agreement to such information and limit further uses and disclosures to those purposes that make the return or destruction of the PHI infeasible, in which case Business Associate's obligations under this Section shall survive the termination of this Agreement.

5. Miscellaneous.

(a) Limitations of Liability
The limitations set forth in Section 8 of the Services Agreement shall apply to this Agreement.

(b) Amendment
If any of the regulations promulgated under HIPAA or the HITECH Act are amended or interpreted in a manner that renders this Agreement inconsistent therewith, the parties shall amend this Agreement to the extent necessary to comply with such amendments or interpretations.

(c) Interpretation
Any ambiguity in this Agreement shall be resolved to permit the parties to comply with HIPAA and the HITECH Act.

(d) Conflicting Terms
In the event that any terms of this Agreement conflict with any terms of the Service Agreement, the terms of this Agreement shall govern and control.

(e) Notices
Any notices pertaining to this Agreement shall be given in writing and shall be deemed duly given: (i) when personally delivered; (ii) one (1) business day after deposit with a nationally-recognized express courier with tracking capabilities; (iii) three (3) business days after having been sent by registered or certified mail, return receipt requested, postage prepaid; or (iv) when sent by electronic mail (email) to the email addresses specified below, provided that the sender does not receive a system error message (e.g., 'bounce-back') indicating failed delivery. Notices shall be addressed to the appropriate Party as follows:

If to Business Associate:
Assemblage Health, Inc.
Email: contact@assemblagehealth.com

Attn: Legal

(f) Severability
The provisions of this Agreement shall be severable, and if any provision of this Agreement shall be held or declared to be illegal, invalid or unenforceable, the remainder of this Agreement shall continue in full force and effect as though such illegal, invalid or unenforceable provision had not been contained herein.

Version 2.1
Updated on October 17th, 2024