BFLOW Terms of Service and License Agreement

Posted by:

BSI SUBSCRIPTION TERMS OF SERVICE

These Terms of Service constitute a legally binding agreement between you (“you” or “Subscriber”) and

Bflow Solutions, Inc., a California corporation (“we” or “BSI”) governing your use and access of BSI’s

billing and compliance management software platform (the “Platform”) and the software and services

made available through the Platform (collectively the “Services”).

By clicking the “I Agree to the Terms of Service, Business Associate Addendum and Privacy Policy” box,

you agree to be bound by these Terms of Service.

These Terms of Service including provisions for individual, binding arbitration – the parties are waiving

their right to a class action or to have their disputes resolved by a judge and/or jury. See Section 25 for

more information.

Internet technology, and the applicable laws, rules and regulations change frequently. We reserve the

right to make changes to these Terms of Service at any time. Continued access and/or use of the

Platform in any manner constitutes assent to any new Terms of Service that may be posted on the

Platform.

1. Platform Services. BSI is in the business of providing revenue cycle consulting, billing and

compliance management software platform, including organizational and claims review services for

healthcare companies providing care, treatment or services to Medicare, Medicaid, Commercial

insurance, and cash paying customers and beneficiaries (collectively referred to as “Payors” or

“Payor”). Subscriber provides medical supplies to Payor beneficiaries and enters into this agreement

with BSI obtain billing and compliance management software subscription services from BSI.

2. Definitions. The following terms shall be capitalized throughout this Agreement and shall be

defined as follows:

1. Authorized Users. The term “Authorized Users” refers to all individuals authorized by Subscriber

to access Subscriber’s account and selected Services.

2. Content. The term “Content” shall mean any and all text, data, code, software, graphics,

information, Service Data, images or other materials submitted, uploaded, imported,

communicated or exchanged with Subscriber to facilitate the provision of Services under this

Agreement.

2

3. De-Identified Data. The term “De-Identified Data” refers to personally identifiable data that has

been de-identified in accordance with the Standards for Privacy of Individually Identifiable Health

Information at 45 CFR part 160 and part 164, subparts A and E.

4. PHI. The term “PHI” refers to a patient’s protected health information (“PHI”) as defined by the

Health Information Portability and Accountability Act of 1996 (“HIPPA”).

5. Service Data. The term “Service Data” means all medical practice operational, financial, medical

services, patient and insurance-related data input by Subscriber, including PHI.

6. Subscription Fees. The term “Subscription Fees” refers to the fees associated with the

Subscription Tier selected on the Platform.

7. Subscription Tier. The term “Subscription Tier” refers to the services and pricing package

provided by BSI to Subscriber upon selection and purchase by Subscriber.

8. Subscriber’s Trademarks. The term “Subscriber’s Trademarks” shall mean any trademarks,

service marks, design marks, symbols, logos and/or other indicia of source owned or used under

license by Subscriber, and all goodwill associated therewith.

9. Annual Fee Adjustments. All Fees are for the life of the contract and are also effective for

additional users added after the effective date of this agreement, except for periodic fee increases

not to exceed 15% per calendar year.

10. Free Trial Users. If you are a trial user your subscription will become activated, unless you cancel

prior to the end of your trial period.

3. Subscription Services. BSI will provide Services to Subscriber in accordance with the terms and

conditions of the Subscription Tier selected by Subscriber on the Platform. Subscription Tier services

and pricing shall be confirmed by BSI and Subscriber in writing through BSI’s Fee Schedule and

Business Services Election Form, which is incorporated by reference as though fully set forth herein.

BSI may from time to time issue updated versions of the software and Services. You consent to such

automatic updates and agree that this Agreement will apply to all such updates.

4. Your BSI Account. To be eligible to use the Services, you must (a) be at least 18 years of age or

have the legal capacity to enter into a binding contract in your country of residence, (b) establish an

online account and accept this Terms of Service, and (c) execute BSI’s Business Associates

Agreement.

5. Authorized Access. BSI will permit account access to the Authorized Users provided administrative

log-in credentials by Subscriber. Users are entirely responsible for maintaining the confidentiality and

security of their login information. Subscriber is responsible and shall be liable for any and all

activities that occur under Subscriber’s account. Subscriber must immediately notify BSI of any

change in authorization, any unauthorized use of Subscriber’s account or, or other account related

security breach of which Subscriber becomes aware. BSI will not be liable for any loss or damage

arising from your failure to keep your login and account secure.

6. End-User License Agreement (“EULA”). BSI hereby grants to Subscriber a limited, non-exclusive,

non-sublicensable, non-transferable, revocable license to access and utilize the Services during the

Subscription Term. Unless otherwise stated herein, nothing in this Terms of Service gives Subscriber

or its Authorized Users a right or license to use any of BSI’s copyrights, trade names, trademarks,

service marks, logos, domain names, or any other intellectual property rights.

7. Use Restrictions. Subscriber will not, directly or indirectly, reverse engineer, decompile,

disassemble or otherwise attempt to discover or otherwise disclose to any third party that competes

with BSI, the source code, object code or underlying structure, ideas, know-how or algorithms relevant

to the Services or any software, documentation or data related to the Services. Subscriber will not

make the Services, software, documentation or data available for the benefit of any third party, or sell,

3

resell, license, sublicense, distribute, rent or lease the Services, software, documentation or data to

any third party for any purpose, commercial or otherwise.

8. Content License. Subscriber retains all right, title and license in its Content and Service Data,

including the medical practice operational, financial, patient, medical services and insurance-related

data generated by Subscriber in its use of the Services. Subscriber hereby grants to BSI a nonexclusive,

perpetual, sublicenseable, irrevocable, royalty-free, worldwide right and license to collect,

process, store, host, copy, transmit, display, distribute, disseminate, modify, and create derivative

works of any and all Subscriber Content for (a) the purposes of providing the Services, (b) to deidentify

the Service Data, and (c) to perform analytics on anonymized Service Data at the aggregate

level.

9. De-Identified Data & Transactional Data. BSI shall own all right, title and license to any De-

Identified Data created, generated and/or derived from the Service Data by BSI as well as any

anonymized transactional data generated and/or derived from the Service Data by BSI for analytic and

benchmarking purposes (‘Transactional Data”). BSI shall retain the unrestricted right, in its sole and

absolute discretion, to utilize such De-Identified and Transactional Data for any purpose whatsoever,

both commercial and non-commercial, without compensation or accounting to Subscriber. If BSI does

not automatically own such De-Identified and Transactional Data upon its creation, Subscriber hereby

assigns all right, title and interest in and to such De-Identified and Transactional Data to BSI.

10. Feedback License. BSI consider any suggestions, ideas, proposals or other comments or materials

submitted by Subscriber and its Authorized Users, whether solicited or unsolicited, (collectively, the

“Feedback”) to be non-confidential and non-proprietary. We shall not be liable for the disclosure, use

or exploitation of such Feedback. You hereby grant to BSI a worldwide, non-exclusive, perpetual,

irrevocable, royalty-free and transferable right and license to incorporate, use, publish and exploit the

Feedback for any purpose whatsoever, commercial or otherwise, without compensation or accounting.

11. Promotional License. Subscriber grants to BSI a license to use Subscriber’s Trademarks to market

and promote the Services. This includes the worldwide right to copy, translate, broadcast, transmit,

distribute, exhibit, perform, publish and display Subscriber’s Trademarks as incorporated into BSI’s

marketing and promotional materials. BSI is granted no other rights to Subscriber’s Trademarks and

acknowledges that it shall not gain any proprietary interest in Subscriber’s Trademarks. BSI is under

no obligation to make use of or to provide compensation for any of the rights or permissions granted

herein. BSI shall be the exclusive owner of all right, title, and interest, including copyright, in BSI

marketing and promotional materials. Subscriber’s permission for BSI to use Subscriber’s Trademarks

may be terminated at any time with thirty (30) days written notice to support@bflowsolutions.com.

12. Third Party Account Credentials & Authorization. To enable BSI to import/extract Content on behalf

of Subscriber, Subscriber shall provide to BSI the account credentials for applicable third party

services and applications (“Third Party Platforms”) and hereby authorizes BSI to utilize Subscriber’s

account credentials for purposes of providing the Services under this Terms of Service. BSI shall not

be liable to Subscriber for any damages in the event any Third Party Platforms terminates

Subscriber’s account or access to their services as a result of providing BSI with the authorization to

access Subscriber’s accounts.

13. Subscription Fees and Term. Fee-based subscription Services are quoted in U.S. dollars on the

Platform, pursuant to the following terms:

14. Payment: You expressly authorize us to charge the applicable Subscription Fees pursuant to the

Subscription Tier selected by you and itemized in the Fee Schedule and Business Services Election

Form. Subscriber authorizes payment of all applicable fees through the payment method selected by

Subscriber on the Platform.

15. Declined Credit Card Charges. Declined credit card charges shall incur a $60.00 fee due

immediately. In addition to any other rights or remedies available to BSI, three consecutive months of

declined charges will result in the suspension or termination of your Services.

16. Late Payments. In the event BSI is unable to process payment of the applicable fees, BSI reserves

the right to suspend or terminate services for payments that are more than fifteen (15) days past

4

due. Past due payments will accrue interest at the greater of 1.5% monthly or the highest interest rate

allowable under applicable law.

17. Subscription Term: The term of the subscription will commence on the date the subscription is

selected and shall continue for one year (“Subscription Term”), and any renewal thereof, until

terminated pursuant this Agreement.

18. Monthly Maintenance Fee. The term “maintenance fee” refers to the services provided by BSI for

the maintenance of the subscriber’s platform(s). Fees are charged per NPI number and shall be billed

quarterly beginning January 1, 2018.

19. No Refunds: Subscriber shall be responsible for all fees for the entire Subscription Term. Fees will

not be prorated upon cancellation and/or termination and all fees paid through the date of termination

are nonrefundable.

20. Liquidated Damages. In the event the Services are terminated by Subscriber prior to the expiration

of the initial, or any renewal, Subscription Term, Subscriber shall within ten (10) days of the effective

date pay to BSI a termination fee as liquidated damages equal to: (a) 100% of the Total User Fees

Per Month and Total Monthly Service Fees, as set forth in the applicable Fee Schedule and Business

Services Election Form, that would have been paid for the Services had the Services been provided

for the entire duration of the then current Subscription Term, and (b) 100% of the total Per Transaction

Fees paid by Subscriber in three (3) highest grossing months of Per Transaction Fees paid to BSI in

the 12 months preceding Subscriber’s early termination or $5500.00, whichever is greater (collectively

the “Termination Fee”). BSI and Subscriber acknowledge and agree that the Termination Fee reflects

a reasonable measure of the actual damages incurred by BSI and do not intend for it to be a penalty

for early termination.

21. Fair Use of BSI under Subscription Fees and Term. If Subscriber exceeds 1,000 healthcare

transactions, subscriber shall be billed $85 per each additional 1,000 transactions.

22. Subscription Automatic Renewal- Your Subscription Will Renew Unless You Cancel: BSI shall

automatically renew Subscriber’s subscription and charge Subscriber’s account on the last day of the

applicable Subscription Term (the “Renewal Date”), unless Subscriber PROVIDES WRITTEN NOTICE

OF CANCELLATION BY EMAIL NO SOONER THAN 120 DAYS BEFORE THE RENEWAL DATE

AND NO LATER THAN 90 DAYS BEFORE THE RENEWAL DATE at support@bflowsolutions.com.

The renewal fees will be the current rate then in effect at the time of renewal.

23. Confidentiality & Non-Disclosure.

24. BSI’s Confidential Information. Subscriber shall not disclose BSI’s financial terms, source code,

object code or underlying structure, ideas, know-how or algorithms relevant to the Services, any

software, documentation or data related to the Services and any and all information defined as “Trade

Secrets” under the Uniform Trade Secrets Act (“BSI Confidential Information”) to any third party

without BSI’s prior written consent or authorization under this Agreement. Subscriber shall not use

any Confidential Information for any purpose outside the scope of this Terms of Service.

25. Subscriber’s Confidential Information. BSI shall not disclose any Content (excluding De-Identified

Data) generated by Subscriber in its use of the Services to any third party for any purpose outside the

scope of this Terms of Service.

26. Notice. In the event either Party is requested or required by legal process to disclose any of the

other Parties’ Confidential Information, the receiving party shall give the disclosing party prompt notice

so that it may seek a protective order or other appropriate relief prior to any such disclosure.

27. Equitable Relief. Both parties agree that money damages will not be a sufficient remedy for any

breach by the receiving party of this Section 15 and that the disclosing party will be entitled to seek

equitable relief, including injunction and specific performance, as a remedy for any such breach,

without having to post any bond or any other form of security, without having to show any likelihood of

irreparable harm, and without having to prove that money damages would be an inadequate remedy.

28. Authorization to Disclose to Third Party Channel Partners/Service Providers. You hereby authorize

BSI to disclose, request and receive PHI and related patient and medical services information on your

5

behalf from BSI’s third party service providers and channel partners who facilitate the provision of

Services pursuant to this Terms of Service.

29. HIPPA Compliance.

30. By Subscriber:

31. Compliance. Subscriber shall comply with all state and federal laws pertaining to the

protection of their patient’s PHI, including a Notice of Privacy Practices in compliance with HIPPA, and

the regulations promulgated thereunder.

32. Written Authorization. Subscriber shall obtain from its patients written authorization to

disclose PHI to BSI for purposes of providing the Services, including the express disclosure that BSI

shall share PHI with third party service providers and channel partners whom facilitate the provision of

its Services.

iii. Business Associate Agreement. Subscriber shall execute BSI’s Business Associate Addendum prior

to utilizing the Services.

1. By BSI: BSI shall comply with all state and federal laws pertaining to the protection of Subscriber’s

patients’ PHI, including, but not limited to, HIPPA, and the regulations promulgated thereunder.

2. Privacy. Each Party shall comply with any and all privacy rules or regulations and/or data collection

laws or regulations applicable to use of the Content submitted in connection with the use of the

Services.

3. Representations and Warranties:

4. By Each Party: Each Party represents and warrants that each Party (i) is a business duly

incorporated and in good standing under the laws of its state of incorporation, (ii) has all requisite

corporate power and authority to execute, deliver, and perform its obligations under this Terms of

Service, and (iii) shall comply with all federal or state laws or regulations applicable to the performance

of its obligations under this Terms of Service.

5. By Subscriber: Subscriber represents and warrants: (i) it is not the subject of any existing

investigation regarding its processing and handling of Payors claims; (ii) (3) it is active and in good

standing in any state claims in which claims are to be submitted; (iii) it has a valid and legally effective:

(1) Provider/supplier number; (2) accreditation; and (3) surety bond required by Medicare.

6. Export Compliance. Services may be subject to export laws and regulations of the United States and

other jurisdictions. Each party represents and warrants that it is not named on any U.S. government

denied-party list. Subscriber shall not permit access or use any Services in a U.S. embargoed

country or in violation of any U.S. export law or regulation.

7. Termination. This Terms of Service shall automatically terminate upon the bankruptcy or insolvency

of either party. Either party may terminate this Terms of Service if the other party breaches any

material provisions of this Terms of Service and fails to cure such breach within fifteen (15) days after

receipt of written notice of such breach. The following Sections survive termination of this Terms of

Service: Individual Arbitration, Content License, Feedback License, Promotional License, Liquidated

Damages, Confidentiality & Non-Disclosure, Disclaimer of Warranties, Disclaimer of Third Party

Conduct, Limitation of Liability, Indemnity, and Governing Law.

8. Post-Termination Service Data Access. For a period of sixty (60) days following termination or

expiration of the Subscription Term, Subscriber may, for an additional charge as agreed to in writing

by the parties, retain BSI to extract the Service Data and transfer to a mutually agreed upon digital

depository. After expiration of the sixty-day period, BSI, shall, without liability or obligation of further

notice to Subscriber, delete Subscriber’s account and destroy all Service Data in accordance with the

provisions of HIPPA and the Business Associate Addendum.

9. Security. All Service Data is stored in highly secure data centers. BSI shall protect the security of all

Service Data pursuant to commercially acceptable standards, but in no case less than reasonable

6

care. BSI will implement, maintain and use appropriate administrative, technical and physical security

measures to preserve the confidentiality, integrity and availability of the Service Data.

10. Back Up Data Responsibility. BSI will use good faith commercially reasonable efforts to backup data

periodically. BSI cannot guarantee that a backup of data input by Subscriber in the 24 hours prior to

any outage will be available for restore upon your request and shall not be liable for any such loss of

data or damages arising therefrom.

11. Customer Questions. Subscriber questions or issues may be directed by email at

support@bflowsolutions.com to address any issues you may have regarding your use of the

Platform. Most concerns can be quickly resolved in this matter.

12. Individual Binding Arbitration.

EXCEPT AS OTHERWISE STATED HEREIN, any claim or controversy with BSI arising out of or relating

to the Platform, Services and/or this Agreement (including its formation, interpretation, performance,

enforceability and breach) shall be settled by binding arbitration administered by the American Arbitration

Association in accordance with its Commercial Arbitration Rules, excluding any rules or procedures

governing or permitting class actions. Any judgment on the award rendered by the arbitrator(s) may be

entered in any court having jurisdiction thereof. The Federal Arbitration Act shall govern the interpretation

and enforcement of this Agreement.

ANY ARBITRATION UNDER THIS AGREEMENT WILL BE ON AN INDIVIDUAL BASIS ONLY. THE

PARTIES EXPRESSLY WAIVE THEIR RIGHT TO FILE OR JOIN A CLASS ACTION OR PRIVATE

ATTORNEY GENERAL ACTION, OR TO CONSOLIDATE THEIR ARBITRATION WITH OTHER

ARBITRATIONS. YOU ARE WAIVING YOUR RIGHTS TO HAVE YOUR CASE DECIDED BY A JUDGE

OR JURY. IF ANY PROVISION OF THIS ARBITRATION AGREEMENT IS FOUND UNENFORCEABLE,

THE UNENFORCEABLE PROVISION SHALL BE SEVERED AND THE REMAINING PROVISIONS

SHALL REMAIN ENFORCEABLE.

The AAA’s rules, as well as forms for initiating arbitration proceedings, are available

at www.adr.org. When initiating a request to arbitrate with the AAA, you must also send a copy of the

completed form to: 8050 North Palm Avenue, Suite 300, Fresno, California 93711.

Exception – Small Claims Court Claims. Notwithstanding the parties’ agreement to resolve all disputes

through arbitration, either party may seek relief in small claims courts for disputes or claims within the

scope of that court’s jurisdiction.

7

28. The Platform ’s Intellectual Property

29. Copyrights. The Platform ’s logos, design, text, graphics, and other files, and the selection

arrangement and organization thereof, are owned by BSI. 2017 Bflow Solutions, Inc. ALL RIGHTS

RESERVED.

30. Trademarks: The Platform and its logos, page headers, custom graphics, button icons and scripts

are trademarks or trade dress of BSI.

31. Ownership and Use: Unless otherwise stated herein, nothing in this Agreement or your use of the

Platform and Services gives you a right or license to use any of our copyrights, trade names,

trademarks, service marks, logos, domain names, or any other intellectual property rights.

32. Future Functionality. Subscriber agrees that Subscription to the Services is not contingent on the

delivery of any future functionality or features, or dependent on any oral or written public comments

made by BSI regarding future functionality or features.

33. DISCLAIMER OF WARRANTIES. TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE

PLATFORM OR SERVICES INCLUDED ON OR OTHERWISE MADE AVAILABLE TO YOU

THROUGH THIS TERMS OF SERVICE ARE PROVIDED ON AN “AS IS” AND “AS AVAILABLE”

BASIS. BSI DOES NOT REPRESENT OR WARRANT THAT THE SERVICES (I) WILL BE

UNINTERRUPTED, TIMELY OR SECURE, (II) WILL BE FREE OF DEFECTS, INACCURACIES OR

ERRORS, (III) WILL MEET YOUR REQUIREMENTS, OR (IV) WILL OPERATE IN THE

CONFIGURATION OR WITH OTHER HARDWARE OR SOFTWARE YOU USE. BSI EXPRESSLY

DISCLAIMS ANY AND ALL REPRESENTATIONS, WARRANTIES OR CONDITIONS OF ANY KIND,

EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, IMPLIED WARRANTIES OF

FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY AND NON-INFRINGEMENT.

34. DISCLAIMER OF THIRD PARTY CONDUCT. BSI DISCLAIMS ANY AND ALL LIABILITY FOR THE

ACTS, OMISSIONS AND CONDUCT OF ANY THIRD PARTIES, INCLUDING THIRD PARTY

SERVICE PROVIDERS AND CHANNEL PARTNERS WHOM PROVIDE THE SERVICES SELECTED

BY SUBSCRIBER. TO THE EXTENT PERMITTED BY APPLICABLE LAW, BSI MAKES NO

WARRANTIES REGARDING THIRD PARTY SERVICES, GOODS, RESOURCES AND

INFORMATION INCLUDING, WITHOUT LIMITATION, WARRANTIES OF FITNESS FOR A

PARTICULAR PURPOSE, MERCHANTABILITY AND NON-INFRINGEMENT AND WILL NOT BE

LIABLE FOR YOUR USE OF OR RELIANCE ON SUCH THIRD PARTY SERVICES, GOODS,

RESOURCES OR INFORMATION.

35. DISCLAIMER OF LIABILITY: BSI shall not be liable for any delays in claim processing or otherwise

as a result of non-compliant, late submissions or non-submission of information or claims by

Subscriber. BSI does not warrant that noncompliant claims can be corrected for subsequent billing

submission. Subscriber is responsible for verifying the accuracy of all claims processed through the

Platform. BSI shall not be liable for any errors or inaccuracies in any claims processed through the

Platform.

36. LIMITATION OF LIABILITY. SUBSCRIBER’S USE OF THE SERVICES IS AT ITS SOLE RISK. TO

THE EXTENT PERMITTED BY APPLICABLE LAW, NEITHER BSI NOR ANY OTHER PARTY

INVOLVED IN CREATING, PRODUCING, OR DELIVERING THE SERVICES WILL BE LIABLE TO

YOU OR ANY THIRD PARTY FOR ANY CONSEQUENTIAL, INCIDENTAL, INDIRECT,

EXEMPLARY, PUNITIVE OR SPECIAL DAMAGES (INCLUDING DAMAGES FOR LOST PROFITS,

SECURITY BREACH, LOST DATA OR LOSS OF GOODWILL) ARISING OUT OF, RELATING TO

OR CONNECTED WITH THE USE OF THE SERVICES, EVEN IF BSI HAS BEEN ADVISED OF THE

POSSIBILITY OF SUCH DAMAGES. IN NO EVENT WILL BSI’S AGGREGATE LIABILITY, OR THAT

OF ITS OFFICERS, DIRECTORS, EMPLOYEES AND AGENTS, ARISING OUT OF OR IN

CONNECTION WITH YOUR USE OF, OR OF THE INABILITY TO USE, THE PLATFORM OR

SERVICES, EXCEED THE FEES PAID TO BSI IN THE THREE (3) MONTHS PRIOR TO THE

EVENT GIVING RISE TO YOUR CLAIM.

37. INDEMNITY. To the maximum extent permitted by law, Subscriber agrees to indemnify, defend and

hold harmless BSI, and its subsidiaries, affiliates, officers, directors, shareholders, employees,

8

representatives, agents, volunteers, attorneys, managers, licensors, business partners and each of

their respective successors and assigns (the “Indemnified Parties”) from and against all damages,

losses, liabilities, claims, expenses, fees or costs (including, without limitation, reasonable attorneys’

fees and costs) incurred in connection with any claim, demand or action brought or asserted against

any of the Indemnified Parties arising out of or relating to Subscriber’s (a) use of the Services (b)

breach of this Terms of Service, (c) violation of its HIPPA and related obligations under state and

federal law, (d) violation of any other state or federal law, including, without limitation, any applicable

privacy or data security laws, (e) violation of any third party right, including without limitation any

intellectual property right, publicity, property or privacy right, and/or (e) a breach of Subscriber’s

representation or warranties under this Terms of Service.

38. Miscellaneous Provisions.

39. Force Majeure. BSI will not be liable or responsible for any delays in providing the Services, or for

failing to provide the Services, as a result of any event beyond its reasonable control, including,

without limitation, adverse weather conditions, internet outage or interruption of service,

telecommunications or power outage, fire, flood, civil disobedience, labor disruptions, strikes, lockouts,

freight, embargoes, terrorism, natural disaster, war or acts of God.

40. Severability. The validity or unenforceability of any provision of this Terms of Service shall not

affect the validity or enforceability of any other provision of this Terms of Service.

41. Modifications. Our employees, volunteers or agents are not authorized to vary our Terms of

Service. No modification of these Terms of Service shall be effective unless it is in writing and either

signed by an authorized representative of BSI or posted on the Platform.

42. Choice of Law. This Terms of Service shall be governed by and construed and enforced in

accordance with the laws of the State of California, without regard to or application of California’s

conflict of law principles. The parties consent to the jurisdiction of the State of California, and venue in

the County of Fresno, with regard to any controversy or claim arising out of or relating to this Terms of

Service, or the breach thereof.

43. Assignment. You shall not assign any of the rights or obligations under this Term of Service without

the prior written consent of BSI. BSI may at any time assign, transfer or subcontract any or all of its

rights or obligations under these Terms of Service without your consent. This Terms of Service is

binding on and inures to the benefit of the Parties and their respective successors and permitted

assigns.

44. No Waiver. No failure or delay by a party exercising any right, power or privilege under this Terms

of Service will operate as a waiver thereof.

45. No Agency. No agency, partnership, joint venture, employee-employer, or franchiser-franchisee

relationship is intended or created by this Terms of Service.

46. Interpretation. Headings are for reference purposes only and do not limit the scope or extent of

such section.

47. Notices. All notices required or permitted to be given under this Terms of Service will be in writing

and delivered to: BSI at 8050 North Palm Avenue, Suite 300, Fresno, California. All notices will be

sent to you by email or will be conspicuously posted on the Platform.

48. Entire Agreement. This Terms of Service comprises the entire agreement between the parties and

supersedes all prior or contemporaneous agreements, written or oral, between the parties regarding

the subject matter contained herein.

EXHIBIT C – HIPAA BUSINESS ASSOCIATE ADDENDUM

This HIPAA Business Associate Addendum (“Addendum’) supplements and is made a part of the Billing Services Agreement (“BSA”) by and between Client and BSI, and is effective as of the compliance date of the Privacy and Security Rules, defined below (the “Addendum Effective Date”) RECITALS A. Client wishes to disclose certain information to BSI pursuant to the terms of the Agreement, some of which may constitute protected health Information (“PHI’) (defined below). B. Client and BSI intend to protect the privacy and provide for the security of PHI disclosed to BSI pursuant to the Agreement in compliance with the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191 (“HIPAA”) and regulations promulgated thereunder by the U.S. Department of Health and Human Services (the “HIPAA Regulations”) and other applicable laws, all as may be amended from time to time. C. As part of the HIPAA Regulations, the Privacy Rule requires Client to enter into an agreement with BSI containing specific requirements prior to the disclosure of PHI and electronic PHI, as set forth in, but not limited to, Title 45, Sections 164.308(b)(1), 164.314(a), 164.502(e) and 164.504(e) of the Code of Federal Regulation (“CFR’) and contained in this Addendum. In consideration of the mutual promises below and the exchange of information pursuant to this Addendum, the parties agree as follows. 1. DEFINITIONS A. “Business Associate” shall have the meaning given to such term under the Privacy Rule, 45 CFR Section 160.103. B. “Covered Entity” shall have the meaning given to such term under the Privacy Rule, 45 CFR Section 160.103. C. “Data, Aggregation” shall have the meaning given to such term under the Privacy Rule, 45 CFR Section 164.501 D. “Designated Record Set” shall have the meaning given to such term under the Privacy Rule, 45 CFR Section, 164-501 E. “Health Care Operation” shall have the meaning given to such term under the Privacy Rule, 45 CFR Section 164.501 F. “Privacy Rule” shall mean the HIPAA Regulation that is codified at 45 CFR Parts 160 and 164 G. “Protected Health Information” or PHI means any information, whether oral or recorded in any form or medium, that (I) relates to the past, present or future physical or mental condition of an individual, the provision of health care to an Individual, or the past, present or future payment for the provision of health care to an individual; and (ii) identifies the individual or with respect to which there is a reasonable basis to believe the information can be used to identify the individuals; and (iii) otherwise conforms to the meaning given to such term under the Privacy Rule, 45 CFR Section 160.103 H. “Protected Information” shall mean PHI provided by Client to BSI, or created or received by BSI on Clients behalf. I. “Security Incident”, as provided in 45 C.F.R 164.304, shall mean the attempted or successful unauthorized access, use, disclosure, modification or destruction of information or interference with system operation in an information system. J. “Security Rule” shall mean the Standards for Privacy of Individually identifiable Health Information codified at 45 C.F.R. Part 160 and part 164. Subparts A and C. 2. OBLIGATION OF BSI A. Permitted Uses, BSI shall not use Protected Health Information except for the purpose of performing BSI’s obligations under the Agreement and as permitted under the Agreement, including this Addendum. Further BSI shall not use Protected Health Information in any manner that would constitute a violation of the Privacy Rule. If so used by Client, except that BSI may use Protected Health Information (1) for the proper management and administration of BSI, or (2) to carry out the legal responsibilities of BSI. B. Permitted Disclosures. BSI shall not disclose Protected Health Information in any manner that would constitute a violation of the privacy rule if disclosed by client, except that BSI may disclose Protected health information (1) in a manner permitted pursuant to the Agreement including this Addendum, (2) for the proper management and administration of BSI, or (3) as required by law. C. Appropriate Safeguards. BSI shall implement such appropriate safeguards as are necessary to prevent the use or disclosure of Protected Health Information other than as permitted by the Agreement, within (5) days of becoming aware of such use or disclosure. D. Reporting of Improper Use or Disclosure. BSI shall report to Client any use or disclosure of Protected Health Information otherwise then as provided for by the Agreement. Including this addendum, within (5) days of becoming aware of such use or disclosure. E. BSI Agents. BSI shall ensure that any agents, including subcontractors, to whom it provides protected health information, agree in writing to the same restrictions and conditions that apply to BSI with respect to such PHI. F. Access to PHI. BSI shall make PHI maintained by BSI or its agents or subcontractors in Designated Record Sets available to client for inspection and copying within (10) days of a request by Client to enable client to fulfill its obligations under the Privacy Rule, including, but not limited to , 45 CFR Section 164.524. G. Amendment of PHI. Within (10) days of receipt of a request from Client for an amendment of PHI or a record about an individual contained in a designated record set. BSI or its agents or subcontractors shall make such PHI available to Client for amendment and incorporate any such amendment to enable Client to fulfill its obligations under the Privacy Rule, 45 CFR Section 164.526. H. Accounting Rights. Within ten (10) days of notice by Client of a request for an accounting of disclosures of PHI, BSI and its agents or subcontractors shall make available to Client the information required to provide an accounting of disclosure to enable Client to fulfill its obligations under the privacy rule, 45 CFR Section 164.528. As set forth in, and as limited by 45, CFR Section 164.528, BSI shall not provide an accounting to Client of disclosures: (1) to carry out treatment, payment or health care operations, as set forth in 45 CFR Section164.502; (2) to individuals of PHI about them as set forth in 45 CFR 164.502; (3) to persons involved in the individual’s care or for other notification purposes as set forth in 45 CFR Section 164.510; (4) for national security or intelligence purposes as set forth in 45 CFR Section 164.512(k)(2); (5) to correctional institutions or law enforcement officials as set forth in 45 CFR Section164.514(e). BSI agrees to implement a process that allows for an accounting to be collected and maintained by BSI and its agents or subcontractors for at least (6) years prior to the request, but not before the compliance date of the privacy rule. At a minimum, such information shall include: (i) the date of disclosure; (ii) the name of the entity or person who received Protected information and, if known, the address of the entity or person; (iii) a brief description of protected information disclosed and (iv) a brief statement of purpose of the disclosure that reasonably informs the individual of the basis for the disclosure, or a copy of the individual’s authorization, or a copy of the written request for disclosure, as applicable. I. Governmental Access to records. BSI shall make its internal practices, books and records relating to the use and disclosure of protected information available to the Secretary of the US Department of Health and Human Services (the “Secretary”) for the purposes of determining compliance with the Privacy Rule. J. Minimum Necessary. BSI and its subcontractors or agents shall only request, use and disclose the minimum amount of PHI necessary to accomplish the purpose of the request, use or disclosure. K. Retention of PHI. BSI and its subcontractors or agents shall retain all PHI throughout the term of the Agreement, and shall continue to maintain the information required under Section 2(h) of this Addendum for a period of six (6) years prior to the request. L. Notification of breach. During the term of this agreement, BSI shall notify Client within twenty-four (24) hours of any suspected or actual breach of security, intrusion or unauthorized use or disclosure of PHI, or any actual or suspected use or disclosure of data in violation of any applicable federal or state law or regulations. BSI shall take (1) prompt corrective action to cure any deficiencies, and (2) any action pertaining to such unauthorized disclosure required by applicable federal and state laws and regulations. M. Audits, inspections and enforcement. Within ten (10) days of a written request by client; BSI and its agents or subcontractors shall allow client to conduct a reasonable inspection of the facilities, systems, books, records, agreements, policies and procedures relating to the use or disclosure of PHI pursuant to this addendum for the purpose of determining whether BSI has complied with this addendum; provided however, that (1) BSI and Client shall mutually agree in advance upon the scope, timing and location of such an inspection; (2) Client and its agents shall protect the confidentiality of all confidential and proprietary information of BSI to which client has access during the course of such inspection; and (3) Client shall execute a nondisclosure agreement with terms mutually agreed upon by the parties, if requested by BSI. N. Security standards. BSI shall implement administrative, physical and technical safeguards that reasonably and appropriately protect the confidentiality, integrity and availability of the electronic PHI that it creates, receives, maintains or transmits on behalf of Client. O. Notification of security breach. BSI shall promptly report to client any security incident with respect to Client electronic PHI of which it becomes aware. 3. TERMINATION A. Material breach. A breech by BSI of any material provision of this addendum shall constitute a material breach of the Agreement and shall provide grounds for immediate termination of the Agreement by Client pursuant to Section 7 of the Agreement. B. Reasonable steps to cure breach. If Client knows of a pattern of activity or practice of BSI that constitutes a material breach or violation of BSI’s obligations under the provisions of this addendum or other arrangement and does not terminate this agreement pursuant to 3(A), then the client shall take reasonable steps to cure either (1) terminate the agreement, if feasible, or (2) if termination is not feasible, Client shall report BSI’s breach or violation to the Secretary of the Department of Health and Human Services. C. Effect of Termination. Upon termination of the Agreement for any reason, BSI shall return or destroy all PHI that BSI or its agents or subcontractors still maintain in any form, and shall retain no copies of such PHI. If return or destruction is not feasible, BSI shall continue to extend the protections of sections 2(A), 2(B), 2(C), and 2(E) of this addendum to such information, and limit further use of such PHI to those purposes that make the return or destruction of such PHI infeasible. If BSI elects to destroy the PHI, BSI shall certify in writing to client that such PHI has been destroyed. 4. Amendment to comply with law. The parties acknowledge that state and federal laws relating to data security and privacy of health information are rapidly evolving and that this addendum may be required to provide for procedures to ensure compliance with such developments. The parties specifically agree to take such action as is necessary to implement the standards and requirements of HIPAA, the privacy rule, and other applicable laws relating to the security or confidentiality of PHI. Upon the request of either party, the other party agrees to promptly enter into negotiations concerning the terms of an amendment to this addendum embodying written assurances consistent with the standards and requirements of HIPAA, the privacy rule or other applicable laws. Client may terminate this agreement upon thirty (30) days prior written notice in the event BSI (1) does not promptly enter into negotiations to amend this agreement when requested by client pursuant to this section; or (2) does not enter into an amendment to this Agreement providing assurances regarding the safeguarding of PHI sufficient to satisfy the standards and requirements of HIPAA and the Privacy Rule. 5. No third party beneficiaries. Nothing express or implied in this agreement is intended to confer, nor shall anything herein confer, upon any person other than the client, BSI and their respective successors or assigns, any rights, remedies, obligations or liabilities whatsoever. 6. Interpretation. The provision of this Addendum shall prevail over any provisions in the Agreement that may conflict or appear inconsistent with any provision in this Addendum. This Addendum and the Agreement shall be interpreted as broadly as necessary to implement and comply with HIPAA and the Privacy Rule. The parties agree that any ambiguity in this Addendum shall be resolved in favor of a meaning that complies and is consistent with HIPAA and the Privacy Rule.

VERSION: October 29, 2019

0

About the Author:

As CEO of the fastest growing HME technology business, I spend a great deal of my time listening to customer needs and developing the solutions they demand. “White glove” support is the key to our success and I demand that every Bflow Solutions customer or prospect receives it from the moment they contact us. I’ve never met a prospective customer who didn’t express concern over being overcharged and receiving too little support in return. So at Bflow Solutions, we are reinventing what support means and how best to deliver it. My goal is to help your business achieve its goals. Whether, you're focused on service, compliance or revenue, Bflow business management software is the best solution to help you achieve high rankings in all three areas. Talk to us about your business goals and let us help you develop a winning strategy for success! LinkedIn (https://www.linkedin.com/in/thedfordjones/)
  Related Posts
  • No related posts found.