MD Chat

P 914.559.2060

Terms of service

Business Associate Agreement
Subscription Agreement

MOBILE HEALTH ONE, INC.
BUSINESS ASSOCIATE AGREEMENT

THIS HIPAA BUSINESS ASSOCIATE AGREEMENT (the "Agreement") is entered into as of the date the Provider electronically agrees to the Online Terms and Conditions of Use governing the MDChat and MDView service. This Agreement is entered into between the Provider ("Covered Entity") and Mobile Health One, Inc ("Business Associate").

WITNESSETH

WHEREAS, Congress enacted the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"), which protects the confidentiality of health information;

WHEREAS, pursuant to HIPAA, the United States Department of Health and Human Services ("HHS") promulgated Privacy Standards and Security Standards, each as defined below, governing confidential health information;

WHEREAS, Business Associate performs services through its provision of the MDChat and MDView service (the "Service") on behalf of Covered Entity;

WHEREAS, Business Associate's provision of the Service requires Covered Entity to provide Business Associate with access to confidential health information; and

WHEREAS, in order to comply with the business associate requirements of HIPAA and its implementing regulations, Business Associate and Covered Entity must enter into an agreement that governs the uses and disclosures of such confidential health information by the Business Associate.

NOW, THEREFORE, in consideration of the foregoing recitals, the mutual promises and covenants set forth herein, and other good and valuable consideration, the receipt and sufficiency of which are hereby acknowledged, the parties agree as follows:

1. Definitions. For purposes of this Agreement, the following words shall have the following meanings.

"Breach" when capitalized, "Breach" shall have the meaning set forth in 45 C.F.R.  164.402 (including all of its subsections); with respect to all other uses of the word "breach" in this Agreement, the word shall have its ordinary contract meaning.

"Electronic Media" shall have the meaning set forth in 45 C.F.R. 160.103, which is defined as electronic storage media (including memory devices in computers, hard drives, any removable or transportable digital memory medium, such as magnetic tape or disk, optical disk or digital memory card) or transmission media used to exchange information already in electronic storage media (including the Internet, extranet (using Internet technology to link a business with information only accessible to collaborating parties), leased lines, dial-up lines, private networks, and those transmissions that are physically moved from one location to another using magnetic tape, disk, or compact disk media). Certain transmissions, including of paper, via facsimile, and of voice, via telephone, are not considered to be transmissions via electronic media, because the information being exchanged does not exist in electronic form before the transmission.

"Electronic Protected Health Information" or "EPHI" shall mean Individually Identifiable Health Information that is (i) transmitted by Electronic Media or (ii) maintained in any medium constituting Electronic Media. For instance, EPHI includes information contained in a patient's electronic medical records and billing records. "EPHI" shall not include (i) education records covered by the Family Educational Right and Privacy Act, as amended, 20 U.S.C. 1232g; (ii) records described in 20 U.S.C.1232g(a)(4)(B)(iv); and (iii) employment records held by a Covered Entity in its role as employer.

"HITECH Act" shall mean the Health Information Technology for Economic and Clinical Health Act, found in Title XIII of the American Recovery and Reinvestment Act of 2009, effective February 17, 2009.

"Individual" shall have the same meaning as set forth in 45 C.F.R. 160.103, defined as the person who is the subject of PHI, and shall include a personal representative in accordance with 45 C.F.R. 164.502(g).

"Individually Identifiable Health Information" shall mean information that is a subset of health information, including demographic information collected from an individual, and

(i) is created or received by a health care provider, health plan, employer, or health care clearinghouse; and

(ii) relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present or future payment for the provision of health care to an individual; and (a) identifies the individual, or (b) with respect to which there is a reasonable basis to believe the information can be used to identify the individual.

"Privacy Standards" shall mean the Standards for Privacy of Individually Identifiable Health Information, 45 C.F.R. Parts 160 and 164, Subparts A, D, and E, as currently in effect.

"Protected Health Information" or "PHI" shall mean Individually Identifiable Health Information that is (i) transmitted by Electronic Media, (ii) maintained in any medium constituting Electronic Media; or (iii) transmitted or maintained in any other form or medium. For instance, PHI includes information contained in a patient's medical records and billing records. "Protected Health Information" shall not include (i) education records covered by the Family Educational Right and Privacy Act, as amended, 20 U.S.C. 1232g; (ii) records described in 20 U.S.C.1232g(a)(4)(B)(iv); and (iii) employment records held by a Covered Entity in its role as employer.

"Required by Law" shall have the same meaning as the term "Required by law" in 45 C.F.R.  164.103.

"Secretary" shall mean the Secretary of the U.S. Department of Health and Human Services or any office or person within the U.S. Department of Health and Human Services to which/whom the Secretary has delegated his or her authority to administer the Privacy Standards and the Security Standards, such as the Director of the Office for Civil Rights.

"Security Standards" shall mean Security Standards for the Protection of Electronic Protected Health Information, 45 C.F.R. Part 160 and Part 164, Subparts A and C.

"Subsequent Business Associate" shall mean any agent, including subcontractors, of Business Associate to whom Business Associate discloses Protected Health Information or Electronic Protected Health Information.

"Unsecured Protected Health Information" shall have the same meaning as the term "unsecured protected health information" in 45 C.F.R.  164.402, limited to the information created or received by Business Associate from or on behalf of Covered Entity.

All references to "days" in this Agreement shall mean calendar days. Capitalized terms used not defined herein shall have the meanings ascribed to them in the Privacy Standards or the Security Standards.

2. Business Associate Obligations. Business Associate acknowledges and agrees that it is considered a "business associate" as defined by HIPAA and by regulations promulgated thereunder. As a business associate of Covered Entity, Business Associate shall comply with the following terms of this Agreement.

2.1 Permitted Uses and Disclosures. Business Associate agrees that it shall use and disclose Protected Health Information received from Covered Entity for the purposes of providing the Service services, as otherwise permitted under this Agreement, or as Required by Law. Business Associate agrees to follow guidance issued by the Secretary regarding what constitutes "minimum necessary" with respect to the use or disclosure of PHI and EPHI. Until such time that such guidance is issued, Business Associate shall limit its use or disclosure of PHI and EPHI, to the extent practicable, to the limited data set (as defined in 45 C.F.R. 164.514(e)(2)), or to the minimum necessary to accomplish the intended purpose of such use, disclosure or request, respectively.

2.2 Disclosures to Subsequent Business Associates. Business Associate shall not disclose any PHI to any Subsequent Business Associate, unless and until Business Associate and the Subsequent Business Associate have entered into an agreement containing the same terms and conditions as set forth in this Agreement.

2.3 Reporting Violations of Law. Consistent with the requirements of 45 C.F.R. 164.502(j)(1), Business Associate may disclose Protected Health Information to report violations of law to appropriate Federal and State authorities.

2.4 Appropriate Safeguards. Business Associate shall implement appropriate administrative, technical, and physical safeguards to prevent any use or disclosure of Protected Health Information not authorized by this Agreement. Specifically, Business Associate agrees to comply with the requirements of 45 C.F.R. 164.308, 164.310, 164.312 and 164.316 to the same extent such requirements apply to Covered Entity.

2.5 Reporting of Illegal, Unauthorized or Improper Uses or Disclosures and Remedial Actions. Business Associate shall report to Covered Entity any illegal, unauthorized, or improper use or disclosure of Protected Health Information, Security Incident or any Breach (collectively, "Known Misuse") by it or a Subsequent Business Associate without unreasonable delay and within ten (10) business days of obtaining knowledge of such Known Misuse. Additionally, if the Known Misuse is a Breach of Unsecured Protected Health Information, Business Associate shall comply with the requirements of 45 C.F.R. 164.410. Business Associate shall take, or, in the event that the acts or omissions of a Subsequent Business Associate gave rise to the Known Misuse, shall require a Subsequent Business Associate to take, commercially reasonable actions to mitigate the negative impact of any Known Misuse and adopt additional or improve existing safeguards to prevent recurrence.

2.6 Internal Practices, Books and Records. Business Associate shall make its internal practices, books and records relating to the use and disclosure of Protected Health Information received from, or created or received by Business Associate on behalf of Covered Entity available to the Secretary, or their designees, for purposes of determining and facilitating Business Associate's and Covered Entity's compliance with the Privacy Standards and Security Standards.

2.7 Access to Protected Health Information.

2.7.1 Within ten (10) days of a request by Covered Entity, Business Associate shall provide Protected Health Information in its possession or in the possession of a Subsequent Business Associate to Covered Entity in order for Covered Entity to comply with its obligations under 45 C.F.R. 164.524 to provide Individuals with access to their Protected Health Information.

2.7.2 Business Associate shall notify Covered Entity within five (5) days of receiving a request from an Individual to access Protected Health Information. Following receipt of such notice from Business Associate, Covered Entity shall handle such request from the Individual.

2.8 Amendments to Protected Health Information.

2.8.1 Within ten (10) days of a request by Covered Entity, Business Associate shall provide Protected Health Information in its possession or in the possession of a Subsequent Business Associate to Covered Entity in order for Covered Entity to comply with its obligations under 45 C.F.R. 164.526 to provide Individuals the right to amend their Protected Health Information.

2.8.2 Business Associate shall notify Covered Entity within five (5) days of receiving a request from an Individual to amend Protected Health Information. Following receipt of such notice from Business Associate, Covered Entity shall handle such request from the Individual.

2.9 Accounting of Disclosures.

2.9.1 Within twenty (20) days of a request by Covered Entity, Business Associate shall provide Covered Entity with an accounting of all disclosures of Protected Health Information, other than disclosures excepted from the Privacy Standards accounting requirement under 45 C.F.R. 164.528(a)(1)(i)-(ix), made by Business Associate or by a Subsequent Business Associate in the previous six (6) years (but in no event prior to April 14, 2003) in order for Covered Entity to comply with its obligations under 45 C.F.R. ? 164.528 to provide Individuals with an accounting of disclosures of their Protected Health Information.

2.9.2 Such accounting shall include, with respect to each disclosure: the date of the disclosure; the name (and address, if known) of the entity or person receiving the Protected Health Information; a description of the Protected Health Information disclosed; a statement of the purpose of the disclosure; and any other information the Secretary may require under 45 C.F.R. 164.528 (collectively, "Disclosure Information").

2.9.3 Notwithstanding Section 2.11.2, for repetitive disclosures of Protected Health Information that Business Associate makes for a single purpose to the same person or entity, Business Associate may record: (a) the Disclosure Information for the first of these repetitive disclosures; (b) the frequency, periodicity or number of these repetitive disclosures made during the accounting period; and the date of the last of these repetitive disclosures.

2.9.4 Business Associate shall notify Covered Entity within ten (10) days of receiving a request from an Individual for an accounting of disclosures of Protected Health Information. Following receipt of such notice from Business Associate, Covered Entity shall handle such request from the Individual.

2.9.5 In accordance with the HITECH Act, the parties acknowledge that the Secretary shall promulgate regulations regarding the right of Individuals to receive an accounting of disclosures made for treatment, payment and healthcare operations during the previous three (3) years if such disclosures are made through the use of an electronic health record. The parties agree to comply with such regulations promulgated by the Secretary as of the effective date of those regulations.

2.10 Subpoenas, Court Orders, and Governmental Requests. If Business Associate receives a court order, subpoena, or governmental request for documents or other information containing Protected Health Information, Business Associate will use reasonable efforts to notify Covered Entity of the receipt of the request within ten (10) business days to provide Covered Entity an opportunity to respond. Business Associate may comply with such order, subpoena, or request as required by law or permitted by law.

2.11 Remuneration in Exchange for PHI. Except as permitted by the HITECH Act or regulations promulgated by the Secretary in accordance with the HITECH Act, and as of the effective date of such regulations, Business Associate shall not directly or indirectly receive remuneration in exchange for PHI unless Covered Entity notifies Business Associate that it obtained a valid authorization from the Individual specifying that the Individual's PHI may be exchanged for remuneration by the entity receiving such Individual's PHI.

3. Covered Entity Obligations.

3.1 Notice of Privacy Practices. Covered Entity shall notify Business Associate of limitation(s) in its notice of privacy practices, to the extent such limitation affects Business Associate's permitted Uses or Disclosures.

3.2 Individual Permission. Covered Entity shall notify Business Associate of changes in, revocation of, permission by an Individual to use or disclose PHI, to the extent such changes affect Business Associate's permitted Uses or Disclosures.

3.3 Restrictions. Covered Entity shall notify Business Associate of restriction(s) in the Use or Disclosure of PHI that Covered Entity has agreed to, to the extent such restriction affects Business Associate's permitted Uses or Disclosures.

3.4 Consents and Authorizations. Covered Entity represents and warrants that any and all consents, authorizations, or other permissions necessary under the Privacy Standards or other applicable law (including state law) to transmit information through the Service and/or under this Agreement have been properly secured.

3.5 Marketing. Covered Entity represents and warrants that it has obtained any and all authorizations from Individual for any use or disclosure of PHI for marketing, unless the marketing communication is made without any form of remuneration (i) to describe medical services or products provided by either party; (ii) for treatment of the Individual; or (iii) for case management or care coordination for the Individual or to direct or recommend alternate treatments, therapies, providers or settings.

4. Term and Termination.

4.1 Term. The Term of this Agreement shall commence on and this Agreement shall be effective as of the date on which Covered Entity electronically registers for the Service, and shall continue in effect for as long as Covered Entity is registered for the Service.

4.2 Termination for Cause. In the event either party determines that the other has engaged in a pattern of activity or practice that constitutes a material breach of a term of this Agreement and such violation continues for thirty (30) days after written notice of such breach has been provided, the party claiming a breach shall have the right to terminate Covered Entity's participation on the Service or, if termination is not feasible, to report the breach to the Secretary.

4.3 Effect of Termination.

4.3.1 Return or Destruction of Protected Health Information; Disposition When Return or Destruction Not Feasible. Upon termination of this Agreement, the parties hereby acknowledge that the return or destruction of PHI received by the Business Associate from Covered Entity is not feasible, and that, therefore, Business Associate may retain a copy of such Protected Health Information provided that: (i) the provisions of this Agreement shall continue to apply to any such information retained following cancellation, termination, expiration, or other conclusion of Covered Entity's participation on the Service; and (ii) Business Associate shall limit Uses and Disclosures of such PHI to those purposes that make the return or destruction thereof not feasible, for as long as Business Associate maintains such PHI.

4.3.2 Reasonable Fees. All reasonable fees incurred to cause the return, destruction, or storage of Protected Health Information under this Section 4.3 shall be borne by the Covered Entity.

5. Miscellaneous.

5.1 Regulatory References. A reference in this Agreement to a section in HIPAA, the HITECH Act, the Privacy Standards, or the Security Standards means the section as in effect or as amended at the time.

5.2 Survival. The respective rights and obligations of the parties under Section 4.3 of this Agreement shall survive the termination of this Agreement.

5.3 Interpretation. Any ambiguity in this Agreement shall be resolved in favor of a meaning that permits the parties to comply with the Privacy Standards and Security Standards. Except to the extent specified by this Agreement, all of the terms and conditions governing Covered Entity's participation on the Service shall be and remain in full force and effect. In the event of any inconsistency or conflict between this Agreement and the terms and conditions governing Covered Entity's participation on the Service, the terms and provisions and conditions of this Agreement shall govern and control.

5.4 Amendment. The parties shall work together through reasonable negotiations to amend this Agreement as necessary to comply with any changes in law, including, but not limited to, the promulgation of amendments to the Privacy Standards or Security Standards required by the HITECH Act or any other future laws, applicable to or affecting the rights, duties, and obligations of the parties under this Agreement or the terms and conditions governing Covered Entity's participation on the Service.

5.5 Independent Relationship. None of the provisions of this Agreement are intended to create, nor will they be deemed to create, any relationship between the parties other than that of independent parties contracting with each other as independent contractors solely for the purposes of effecting the provisions of this Agreement and the terms and conditions governing Covered Entity's participation on the Service.

5.6 Notices. All notices and notifications under this Agreement shall be sent in writing by traceable carrier to the listed persons on behalf of Business Associate and Covered Entity at the addresses indicated on the last page hereof, or such other address as a party may indicate by at least ten (10) days' prior written notice to the other party. Notices will be effective upon receipt.

5.7 Construction and Jurisdiction. This Agreement shall be governed by and construed in accordance with the laws of the State of New York (excepting any conflict of laws provisions which would serve to defeat application of New York law). Each of the parties hereto submits to the exclusive jurisdiction of the state and/or federal courts located within the State of New York for any suit, hearing or other legal proceeding of every nature, kind and description whatsoever in the event of any dispute or controversy arising hereunder or relating hereto, or in the event any ruling, finding or other legal determination is required or desired hereunder.

5.8 Counterparts. This Agreement may be executed in two or more counterparts, each of which shall be an original, but all of which take together shall constitute one and the same agreement.

ADDRESSES FOR NOTICES

FOR MOBILE HEALTH ONE, INC:

MOBILE HEALTH ONE, INC.

ATTN: CEO

150 Motor Parkway

Suite 401

Hauppauge, NY 11788

 

FOR COVERED ENTITY:

The notice address for Covered Entity will be the address provided by that entity on the online registration page for the MDChat and MDView service.

MOBILE HEALTH ONE, INC.
SUBSCRIPTION AGREEMENT

THIS SUBSCRIPTION AGREEMENT (“Agreement”) is made and entered into as of the Effective Date set forth on the signature page hereof (“Effective Date”), by and between MOBILE HEALTH ONE, INC., a New York corporation (“Mobile Health”), and the subscriber named on the Signature Page (“Subscriber”).

A. Mobile Health provides its Users with MDChat and MDView, a secure communication platform for healthcare providers to commuicate, share information and data,collaborate, and to provide a means by which secure communication, and the exchange of clinical data and patient information between Subscribers for treatment, operations and related purposes;

B. Mobile Health may provide access to patient health records by integrating with various electronic medical record software or by participating in regional and national electronic health information exchanges, Medical Homes, and such other forums and venues for the storage and exchange of electronic health records; and

C. You agree that by executing this Agreement [OR by registering with Mobile Health] you are entering  into a legally binding agreement with Mobile Health.  If you are using MDChat or MDView as an Authorized User of a Subscriber, and you have not entered into a Subscription Agreement or paid for the MDChat or MDView service, click here to be redirected to our Terms of Use. 

In consideration of the recitals, covenants, conditions and promises contained in this Agreement, and for other valuable consideration, the receipt and sufficiency of which the parties hereby acknowledge Mobile Health and the Subscriber hereby agree as follows:

1. Definitions.  The meanings of all terms used in this Agreement shall be consistent with the defined terms set forth in this Section 1 (Definitions).

a. “Authorized User” means an individual, i.e., a natural person, who is directly subscribing to use the MDChat or MDView service or is authorized by a Subscriber to use the Services on behalf of that Subscriber, including without limitation, an employee of the Subscriber.  If the Subscriber is an individual, e.g., a physician, then that individual is both a Subscriber and an Authorized User.

b. “Cloud” means and shall be interchangeable with the phrases “remote host” or “virtual server”.

c. “Data Provider” means a Subscriber, other organization or data base owner that is registered or otherwise able to provide information electronically for use through the Services.

d. “Data Recipient” means a Subscriber that is registered to use the Services to obtain health information electronically.

e. “Effective Date” means the start of the Subscription Agreement as defined on the signature page.

f. “HIPAA” means the Health Insurance Portability and Accountability Act of 1996 and the regulations promulgated thereunder at 45 CFR Parts 160 and 164, as amended by the American Recovery and Reinvestment Act, Public Law 111-5.

g.  “Operations Committee” means the committee described in Section 10.3 (Operations Committee).

h. “Subscriber” means a party that has entered into a Subscription Agreement with Mobile Health.

i. “Subscription Agreement” means a legally binding written agreement pursuant to which a Subscriber has agreed to act in accordance with terms and conditions that are not inconsistent with the terms and conditions of this Agreement.  This Agreement is a Subscription Agreement.

j. “Patient Data” means electronic health, demographic and related information provided by a Data Provider to Data Recipients pursuant to Section 6.2 (Provision of Data).

k. “Policies and Procedures” means those policies and procedures adopted by Mobile Health to describe in detail the Services and the System and the terms and conditions pursuant to which they shall be operated, all of which are incorporated herein and made a part of this Agreement.

l. “Services” means MDChat or MDView and the Mobile Health electronic health information delivery and aggregation services and/or software described in the Policies and Procedures. 

m. “System” means the MDChat or MDView system and Mobile Health’s electronic health information exchange infrastructure, as described in the Policies and Procedures. 

2. Amendments to Agreement and Policies and Procedures.

a. Amendments Required by Law.  Mobile Health may amend, or repeal and replace this Agreement or the Policies and Procedures upon notice to the Subscriber at any time that Mobile Health determines that such change is required to comply with applicable laws and regulations.

b. Other Amendments.  Mobile Health may amend, or repeal and replace, this Agreement or the Policies and Procedures at any time that it determines it is desirable to do so; provided, that Mobile Health shall notify the Subscriber of any material changes to this Agreement or the Policies and Procedures at least thirty (30) days prior to the implementation of the change.

c. Termination Based on Objection to Change.  If a change to this Agreement or the Policies and Procedures, other than a change made pursuant to Section 2 (Amendments Required by Law) affects a material right or obligation of the Subscriber, and the Subscriber objects to that change, the Subscriber may terminate this Agreement by giving Mobile Health written notice within fifteen (15) days following Mobile Health’s notice of the change.  Such termination of this Agreement shall be effective as of the effective date of the change to which the Subscriber objects; provided, however, that following receipt of the Subscriber’s notice of its objection to the change, Mobile Health may decide in its discretion to refrain from implementing the change to which the Subscriber has objected, in which event this Agreement shall not be terminated and shall continue in force and effect.

3. Term and Termination.

a. Term.  The term of this Agreement (the “Term”) shall commence on the date on which Mobile Health gives notice thereof to the Subscriber (the “Effective Date”), and shall continue through and until the termination of this Agreement pursuant to this Section 3 (Term and Termination).

b. Termination Upon Cessation of Business. Mobile Health may terminate this Agreement by notice to the Subscriber at any time that Mobile Health ceases to provide the Services.

c. Termination Upon Anniversary. Either Mobile Health or the Subscriber may terminate this Agreement at any time without cause effective as of the next anniversary of the Effective Date, by giving not less than forty five (45) days prior written notice to the other.

d. Termination Upon Material Breach. Either Mobile Health or the Subscriber (the “Terminating Party”) may terminate this Agreement upon the failure of the other party (the “Breaching Party”) to perform a material responsibility arising out of this Agreement, and that failure continues uncured for a period of sixty (60) days after the Terminating Party has given the Breaching Party notice of that failure and requested that the Breaching Party cure that failure.  Without limiting the generality of the foregoing, either party may terminate this Agreement upon a failure by the other party to correct a Breach of Confidentiality or Security within thirty (30) days following written notice thereof from the other.

e. Effect of Termination.  Upon any termination of this Agreement, the Subscriber shall cease to be a Subscriber to the Mobile Health System or Services and at that time neither the Subscriber nor its Authorized Users shall have any rights to use the System or the Services.  Certain provisions of this Agreement shall continue to apply to the former Subscriber and its Authorized Users following that termination, as described in Section 3(f) (Survival of Provisions).

f. Survival of Provisions.  The following provisions of this Agreement shall survive any termination hereof: Section 4(d) (Responsibility for Conduct of Subscriber and Authorized Users), Section 9 (Protected Health Information (“PHI”)), Section 13 (Proprietary Information), Section 14 (Limitation on Liability) and Section 15 (Indemnification).

4. Authorized Users. 

a. Identification of Authorized Users.  The Subscriber shall provide Mobile Health with a list identifying all of Subscriber’s Authorized Users, in accordance with the requirements described in the Policies and Procedures.   Mobile Health shall restrict access to the System and, if applicable, use of the Services, only to the Authorized Users that the Subscriber has so identified to Mobile Health.  The Subscriber shall inform Mobile Health in writing within two (2) business days whenever an Authorized User is added or removed.

b. Certification of Authorized Users.  The Subscriber shall certify to Mobile Health that each of the Subscriber’s Authorized Users:

i. Will be permitted by the Subscriber to use the Services and the System only as reasonably necessary for the performance of the Subscriber’s activities as described in the Policies and Procedures;

ii. Has agreed not to disclose to any other person any passwords and/or other security measures issued to the Authorized User pursuant to Section. 4(c) (Passwords and Other Security Mechanisms); and

iii. Has acknowledged in writing that the Authorized User’s failure to comply with this Agreement and the Policies and Procedures may result in the withdrawal of User’s privileges to use the Services and the System and may constitute cause for disciplinary action by Subscriber.

c. Passwords and Other Security Mechanisms.  Mobile Health shall issue a user name and password and/or other security measures, such as tokens or keys to access the virtual servers, as described in the Policies and Procedures, to each Authorized User that shall permit the Authorized User to access the System and use the Services.  Mobile Health shall provide each such user name and password and/or other security measures to the Subscriber and the Subscriber shall be responsible to communicate that information to the appropriate Authorized User.  When the Subscriber informs Mobile Health of the removal of any Authorized User, Mobile Health shall de-activate the user name and password and/or other security measures of such individual.

d. Responsibility for Conduct of Subscriber and Authorized Users. The Subscriber shall be solely responsible for all acts and omissions of the Subscriber and/or the Subscriber’s Authorized Users, and all other individuals who access the System and/or use the Services either through that Subscriber or by use of any password, identifier or log-on received or obtained, directly or indirectly, lawfully or unlawfully, from that Subscriber or any of that Subscriber’s Authorized Users, with respect to the System, the Services and/or any confidential and/or other information accessed in connection therewith, and all such acts and omissions shall be deemed to be the acts and omissions of that Subscriber.

e. Termination of Authorized Users.  The Subscriber shall require that all of its Authorized Users use the System and the Services only in accordance with this Agreement and the Policies and Procedures, including without limitation the provisions thereof governing the confidentiality, privacy and security of PHI.  The Subscriber shall discipline appropriately any of its Authorized Users who fail to act in accordance with this Agreement or the Policies and Procedures in accordance with that Subscriber’s disciplinary policies and procedures.

1. Your Profile

f. The Profile.  Each Subscriber and any Authorized User of a Subscriber may create its own Profile containing personal and professional information about such user.  An Authorized User or a Subscriber who is an individual may select an “autofill” option using data aggregated from certain public sources including but not limited to CAQH to complete a profile.  Mobile Health takes no responsibility for incorrect data culled from other third party sources, and each Subscriber and Authorized User is responsible to ensure the accuracy of all content in such party’s Profile.  Each profile may contain a link to the Subscriber’s website.  

Access to and use of the Services is at Subscriber’s own risk. Subscriber understands and agrees that the Services are provided on an "AS IS" and "AS AVAILABLE" basis. Without limiting the foregoing, to the maximum extent permitted under applicable law, MOBILE HEALTH DISCLAIMS ALL WARRANTIES AND CONDITIONS, WHETHER EXPRESS OR IMPLIED, OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT.

g. Ownership of Content.  Each Subscriber agrees that the Subscriber owns the information posted in its Profile.  All content, regardless of whether content is posted in a Subscriber’s Profile or communicated privately through MDChat or MDView, is the sole responsibility of the person originating the content.  Mobile Health does not control or monitor content posted to Profiles or communicated via secure chat or IM in MDChat or MDView or other channels provided by Mobile Health to Subscribers and their Authorized Users.  Subscriber agrees that to the extent it uses or relies on any content posted to any other party’s Profile or transmitted via MDChat or MDView, it does so at its own risk.  Subscriber also agrees and understands that any content posted to a Profile or transmitted via MDChat or MDView is subject to loss, duplication or modification by other subscribers and Mobile Health does not accept any responsibility for such loss, duplication or modification.  By posting or transmitting content Subscriber hereby represents and warrants that Subscriber has the legal right to post or transmit any data posted or transmitted through the Services or Systems and that the information is accurate, is not subject to any confidentiality agreements, and the posting or transmission of the data does not violate any contractual restrictions or other third party rights.  

All Content, whether publicly posted or privately transmitted, is the sole responsibility of the person who originated such Content. Mobile Health may not monitor or control the Content posted via the Services and, we cannot take responsibility for such Content. Any use or reliance on any Content or materials posted via the Services or obtained by you through the Services is at your own risk.

Mobile Health does not warrant the accuracy or reliability of any content or data posted or transmitted in its System or Services, and does not endorse or support, any content, communications or opinions posted or communicated through the System or Services. Subscriber hereby acknowledges that other Subscribers or their Authorized Users may post or communicate content or data that may be unreliable, inaccurate, offensive, inappropriate, deceptive or otherwise harmful. Under no circumstances will Mobile Health be liable in any way for any content, communications, data, images, errors, inaccuracies or otherwise nor for any loss or damage of any kind, nature or amount alleged to be suffered or incurred by any Subscriber or Authroized User as a result of any content, communication, data, images etc. that are posted or transmitted through the Mobile Health System or Services.  

h. Intellectual Property Rights.  Subscriber acknowledges and agrees that for as long as Subscriber maintains a Profile on the Mobile Health System and Services, Mobile Health is hereby granted a non-exclusive, irrevocable, transferable, royalty free, worldwide license to use any content posted to Subscriber’s Profile.   Mobile Health is not responsible for and will not be liable for any loss or damage alleged or incurred by any Subscriber as a result of the infringement of any Subscriber’s copyright or other intellectual property rights by any other Subscriber or Authorized User.   Without limiting the foregoing, Subscriber may provide notice to Mobile Health of a copyright infringement provided that such notice complies with the Mobile Health Policies and Procedures.  

5. Data Recipient’s Rights and Obligations.  If the Subscriber is registered with Mobile Health to act as a Data Recipient, the terms of this Section 5 (Data Recipient’s Rights and Obligations) shall apply.

a. Grant of Rights.  A Data Recipient may use the System and the Services for the permitted uses described in Section 5(b) (Permitted Uses), subject to the Data Recipient’s full compliance with this Agreement and the Policies and Procedures.  Mobile Health retains all ownership and other rights to the System, the Services and all the components thereof.  A Data Recipient shall not obtain any rights to the System except for the limited rights to use the System expressly granted by this Agreement.

b. Permitted Uses.  A Data Recipient may use the System and the Services for which that Data Recipient has registered only for the permitted purposes described in the Policies and Procedures.

c. Prohibited Uses.  A Data Recipient shall not use or permit the use of the System or the Services for any prohibited use described in the Policies and Procedures.  Without limiting the foregoing, a Data Recipient shall not use the System or the Services for any purpose or in any manner that is prohibited by applicable federal, state and local laws and regulations.

6. Data Provider’s Rights and Obligations.

a. Grant of Rights.  A Data Provider may use the System for the purposes of complying with the obligations described in this Section 6 (Data Provider’s Rights and

Obligations), subject to the Data Provider’s full compliance with this Agreement and the Policies and Procedures.  Mobile Health retains all ownership and other rights to the System, the Services and all the components thereof.  A Data Provider shall not obtain any rights to the System except for the limited rights to use the System expressly granted by this Agreement.

b. Provision of Data.  A Data Provider shall provide through the System the patient data that the Data Provider has registered with Mobile Health to provide.  Without limiting Section 9(a) (Compliance with Laws and Regulations), a Data Provider shall not use the system to make any disclosure of patient data through the System that is unauthorized or unlawful.

c. Measures to Assure Accuracy of Data.  A Data Provider shall, in accordance with the Policies and Procedures, use reasonable and appropriate efforts to assure that all data it provides to the System is accurate, free from serious error, reasonably complete, and provided in a timely manner.

d. License.  Subject to Section 6(e) (Limitations on Use of Patient Data), a Data Provider grants to Mobile Health a perpetual, fully-paid, worldwide, non-exclusive, royalty free right and license (i) to license and/or otherwise permit others to access through the System and/or the NHIN and use all Patient Data provided by the Data Provider in accordance with the terms and conditions of this Agreement and the Policies and Procedures, and (ii) to use such Patient Data to carry out Mobile Health’s duties under Subscription Agreements and the Policies and Procedures, including without limitation system administration, testing, problem identification and resolution, management of the System, data aggregation activities as permitted by applicable state and federal laws and regulations, including without limitation, those promulgated under HIPAA, and otherwise as Mobile Health determines is necessary and appropriate to comply with and carry out its obligations under all applicable federal, state, and local laws and regulations.  Subject to the foregoing, a Data Provider retains all other ownership rights it has to the Patient Data it provides pursuant to this Agreement.

e. Limitations on Use of Patient Data.  Notwithstanding Section 6.4 (License), Patient Data provided by a Data Provider shall not be used for any of purpose that is prohibited by applicable laws and regulations.

7. Cloud Computing.  Subscriber agrees and understands that Mobile Health operates in a Cloud environment, whereby Mobile Health licenses the use of virtual servers that are remotely hosted by a third party that meets HIPAA standards for securing PHI.  Subscriber acknowledges and understands that Mobile Health does not own its own cloud, rather it licenses use in a cloud owned by a third party.  Subscriber understands and agrees to the following:

a. Subscriber Access.  Subscriber shall have the right to access to the cloud network and to its own data at all times except during regularly scheduled maintenance.  If at any time the cloud host determines that it must migrate data due to server degradation or otherwise, it shall notify the Subscriber wherever possible in advance, or if not possible shall notify the Subscriber promptly following migration.  All reasonable efforts shall be made to secure the data and ensure that data is not lost;

b. No Warranty.  Mobile Health expressly does not warrant that any remotely hosted cloud will continue to host Mobile Health and its subscribers indefinitely, or that any remote host will have unlimited storage capacity for Subscriber’s data.

c. Data Security.

i. Encryption.  Mobile Health is fully familiar with HIPAA’s Privacy Rule and regulations and HIPAA standards regarding the encryption of all PHI in transmission (“in-flight”) and in storage (“at-rest”).  Mobile Health and its remote host vendor use the same data encryption mechanisms used in a traditional computing environment to protect the security of PHI.  Mobile Health utilizes a encryption technologies such as 256 bit AES algorithms.  Subscriber agrees and understands that it shall be responsible for using a secure HTTP connections for all web applications running in the cloud to ensure that any PHI is protected as it travels to and from the cloud and the Subscriber’s web browser.  Should Subscriber request it, a complete firewall solution is available as more fully described in the Policies and Procedures.

ii. Authorized Access.  Mobile Health warrants and represents that neither it nor its employees, nor its cloud host shall access any subscriber PHI, nor have any access to Subscriber’s operating systems.  While Subscriber may request that Mobile Health or its cloud host access its data in cases where it seeks maintenance or support, access is not generally required.  However, where access may be requested, Subscriber agrees to provide Mobile Health or its cloud host access for such limited purpose, shall be as limited as possible so as to grant the least access required to perform the requested maintenance or support, and any authentication identifiers or access keys issued for such access shall be revoked immediately following performance of the requested maintenance or service.

iii. Auditing.  Mobile Health offers its subscribers a HIPAA compliant system with appropriate auditing capabilities.  At any time, Subscriber shall have access to detailed activity logs to confirm, at minimum, the identity of all individuals who accessed Subscriber’s virtual server, such individual’s IP address entry and identify the data accessed.  Audit trails will be available for Subscriber to copy, print or download to its own servers, discs or hard drives.  Subscriber shall be solely responsible to maintain a record of such audit trails it being agreed and understood that neither Mobile Health nor its remote host shall have the obligation to store audit records indefinitely and shall have no obligation to maintain unlimited data storage on behalf of any Subscriber, unless Subscriber requests such additional storage capabilities, as more fully described in Policies and Procedures.

iv. Data Back-Up and Disaster Recovery.  Subscriber shall have access to a redundant storage system and data back up plan at any time during the term of this Subscription which shall assist Subscriber in securing relevant and sensitive data and ensure its availability in the event of a disaster.  Subscriber shall have the obligation to select those records which it requires to be stored and backed up for persistent storage and replicated in multiple retrievable locations in the cloud.  Data so stored can be accessed at any time as more fully described in the Policies and Procedures.

8. Technology License Agreement.  If Mobile Health determines that it is necessary in order to obtain and or use the software and/or hardware required to use the Mobile Health System or Services, the Subscriber shall enter into one or more Technology License Agreement(s) in such form(s) as Mobile Health requires.

9. Protected Health Information (“PHI”).

a. Compliance with Policies and Procedures.  Mobile Health and the Subscriber shall comply with the standards for the confidentiality, security, and use of patient health information, including without limitation PHI described in HIPAA, as provided in the Policies and Procedures.  The Subscriber shall comply with such standards regardless of whether or not the Subscriber is a “covered entity” under HIPAA.

b. Legal Requirements.  Without limiting Section 8(a) (Compliance with Policies and Procedures), Mobile Health and the Subscriber shall comply with the requirements for the privacy, security, and use of patient health information imposed under HIPAA and under the laws of the State of New York.

c. Reporting of Serious Breaches.  Mobile Health and the Subscriber shall report to the other any serious use or disclosure of PHI not provided for by this Agreement or the Policies and Procedures of which Mobile Health or that Subscriber becomes aware, and any security incident concerning electronic PHI (in either event, a “Serious Breach of Confidentiality or Security”).  A “Serious Breach of Confidentiality or Security” is one that adversely affects (a) the viability of the System or the Services, (b) Mobile Health’s program of electronic health information exchange; (c) the trust among Subscribers or (d) Mobile Health’s or other Subscribers’ legal liability.

10. Other Obligations of the Subscriber.

a. Compliance with Laws and Regulations.  Without limiting any other provision of this Agreement requiring compliance with applicable laws and regulations, the Subscriber shall perform its roles and responsibilities hereunder in all respects in compliance with applicable federal, state, and local laws and regulations.

b. System Security.  The Subscriber shall implement reasonable and appropriate security measures to limit unauthorized use of equipment through which access to the System and the Services may be gained, and to prevent unauthorized use or disclosure of PHI and other Patient Data.

c. Subscriber’s Equipment.  Except to the extent provided by the Technology License Agreement, the Subscriber shall be responsible for procuring all equipment and software necessary for it to access the System, use the Services, and provide to Mobile Health all information required to be provided by the Subscriber (“Subscriber’s Required Hardware and Software”).  The Subscriber’s Required Hardware and Software shall conform to Mobile Health’s then-current specifications, as set forth in the Policies and Procedures.  As part of the Subscriber’s obligation to provide Subscriber’s Required Hardware and Software, the Subscriber shall be responsible for ensuring that all of the Subscriber’s computers to be used to interface with the System are properly configured, including but not limited to the operating system, web browser, and Internet connectivity.

d. Malicious Software, Viruses, and Other Threats.  The Subscriber shall use reasonable efforts to ensure that its connection to and use of the System, including without limitation the medium containing any data or other information provided to the System, does not include, and that any method of transmitting such data will not introduce, any program, routine, subroutine, or data (including without limitation malicious software or “malware,” viruses, worms, and Trojan Horses), overloading, flooding, spamming, mail-bombing the Services, or taking any other similar action which will disrupt the proper operation of the System or any part thereof or any hardware or software used by Mobile Health or other Subscribers in connection therewith, or which, upon the occurrence of a certain event, the passage of time, or the taking of or failure to take any action will cause the System or any part thereof or any hardware, software or data used by Mobile Health or any other Subscriber in connection therewith, to be destroyed, damaged, or rendered inoperable.  Subscriber further agrees that it shall not attempt or actually access, tamper with, or use any non-public components of the System or Services, or any of the Mobile Health technical infrastructure for any purpose including without limitation to  investigate the vulnerability of the Mobile Health Systems or Services or try to circumvent  any Mobile Health security or authentication procedures.  Subscriber further agrees that it shall not falsify any TCP/IP header information in any Profile posting or any communication sent through the System or Services

e. Training.  The Subscriber shall provide appropriate and adequate training to all of the Subscriber’s personnel, including without limitation Authorized Users, in the use of the System and the Services, the requirements of this Agreement and the Policies and Procedures, the requirements of applicable laws and regulations governing the confidentiality, privacy, and security of PHI, including without limitation requirements imposed under HIPAA.

f. Patient Consent; Notice of Privacy.  The Subscriber warrants and represents that it shall utilize Notice of Privacy notifying the patient of the intended use and mode of disclosure of PHI, and patient consent forms which are compliant with applicable laws and regulations including without limitation, HIPAA, SAMSHA and New York State Public Health Law and appropriate for use in the Mobile Health System, and that all patient consent forms shall have been executed by Subscriber’s patients who consent to the transmission of their PHI via the Mobile Health System.  Subscriber hereby agrees to indemnify, hold harmless and defend Mobile Health, its remote cloud host, and Mobile Health’s shareholders, officers, directors, employees, agents and representatives from any and all loss, damages and expenses, including reasonable attorneys’ fees, arising out of any claim, action, proceeding, investigation or otherwise in connection with Subscriber’s failure to obtain patient consent or other unauthorized disclosure of PHI via the Mobile Health System.  Subscriber will provide each patient with a copy of Subscriber’s Notice of Privacy Practices.

g. Subscriber Audit.  Subscriber will be subject to audit by Mobile Health (or a third party engaged by Mobile Health for such purposes) to confirm compliance with this Agreement and proper use of the System and Services in accordance with this Agreement and the Policies and Procedures.  Such audits will take place during business hours and upon reasonable notice to Subscriber.  Such audits will be performed at the expense of Mobile Health, and in a manner designed to reasonably minimize interference with Subscriber’s day-to-day operations.

11. Mobile Health’s Operations and Responsibilities.

a. Compliance with Terms and Conditions.  Mobile Health shall require that access to the System and the Services shall be limited to Subscribers and their Authorized Users, and that each Subscriber shall enter into a Subscription Agreement with Mobile Health substantially similar to this Subscription Agreement.

b. Maintenance of System. Mobile Health shall maintain the functionality of the System and the Services as described in the Policies and Procedures, and shall provide such service, security, and other updates as Mobile Health determines are appropriate from time to time.

c. Compliance with Laws and Regulations. Without limiting any other provision of this Agreement requiring compliance with applicable laws and regulations, Mobile Health shall perform its roles and responsibilities hereunder in all respects in compliance with applicable federal, state, and local laws and regulations, including without limitation, those provisions of HIPAA and the American Recovery and Reinvestment Act, Public Law 111-5 applicable to business associates.

12. Fees and Other Charges. 

a. Service Fees.  As payment for use of the System and the Services, the Subscriber shall pay to Mobile Health Service Fees as described in the attached Schedule 12.

b. Other Charges.  The Subscriber also shall pay Mobile Health’s charges for all goods or services that Mobile Health provides at the Subscriber’s request that are not specified in Schedule 12 in accordance with Mobile Health’s then-current Fee Schedule (“Miscellaneous Charges”).  The Fee Schedule is subject to change at any time.

c. Payment. The Subscriber shall pay all Service Fees and any Miscellaneous Charges within thirty (30) days following the date of invoice by Mobile Health sent to that Subscriber’s address as shown in Mobile Health’s records or emailed in accordance with the Subscriber’s instructions.

d. Late Charges.  Service Fees and Miscellaneous Charges not paid to Mobile Health on or before the due date for those fees and charges are subject to a late charge of one and one half percent (1.5%) per month, of the amount owing, or the highest amount permitted by law, whichever is lower.

e. Suspension of Service.  Failure to pay Service Fees and Miscellaneous Charges within thirty (30) days following the due date for those fees and charges may result in termination of the Subscriber’s access to the System and/or use of the Services on ten (10) days prior written notice.  A reconnection fee may be assessed to re-establish connection after termination due to non-payment, in accordance with Mobile Health’s then-current Fee Schedule.

f. Taxes.  All Service Fees and Miscellaneous Charges shall be exclusive of all federal, state, municipal, or other government excise, sales, use, occupational, or like taxes now in force or enacted in the future, and the Subscriber shall pay any tax (excluding taxes on Mobile Health’s net income) that Mobile Health may be required to collect or pay now or at any time in the future and that are imposed upon the sale or delivery of items and services provided under this Agreement.

g. Other Charges and Expenses. The Subscriber shall be solely responsible for any other charges or expenses the Subscriber may incur to access the System and use the Services, including without limitation, telephone and equipment charges, and fees charged by third-party vendors of products and services.

13. Proprietary Information.

a. Scope of Proprietary Information.  In the performance of their respective responsibilities pursuant to this Agreement, Mobile Health and Subscribers may come into possession of certain Proprietary Information of the others.   For the purposes hereof, “Proprietary Information” means all trade secrets, business plans, marketing plans, know-how, data, contracts, documents, scientific and medical concepts, member and customer lists, costs, financial information, profits and billings, and referral sources, existing or future services, products, operations, management, pricing, financial status, goals, strategies, objectives, and agreements, whether written or verbal, that are confidential in nature; provided, however, that “Proprietary Information” does not include Patient Data or any information that:

i. Is in the public domain;

ii. Is already known or obtained by any other party other than in the course of the other party’s performance pursuant to this Agreement;

iii. Is independently developed by any other party; and/or

iv.  Becomes known from an independent source having the right to disclose such information and without similar restrictions as to disclosure and use and without breach of this Agreement, or any other confidentiality or nondisclosure agreement by such other party.

b. Nondisclosure of Proprietary Information.  Mobile Health and the Subscriber each (i) shall keep and maintain in strict confidence all Proprietary Information received from the other, or from any of the other’s employees, accountants, attorneys, consultants, or other agents and representatives, in connection with the performance of their respective obligations under this Agreement; (ii) shall not use, reproduce, distribute or disclose any such Proprietary Information except as permitted by this Agreement; and (iii) shall prevent its employees, accountants, attorneys, consultants, and other agents and representatives from making any such use, reproduction, distribution, or disclosure.

c. Equitable Remedies.  All Proprietary Information represents a unique intellectual product of the party disclosing such Proprietary Information (the “Disclosing Party”).  The unauthorized disclosure of said Proprietary Information would have a detrimental impact on the Disclosing Party.  The damages resulting from said detrimental impact would be difficult to ascertain but would result in irreparable loss.  It would require a multiplicity of actions at law and in equity in order to seek redress against the receiving party in the event of such an unauthorized disclosure.  The Disclosing Party shall be entitled to equitable relief in preventing a breach of this Section 13 (Proprietary Information) and such equitable relief is in addition to any other rights or remedies available to the Disclosing Party.

d. Notice of Disclosure.  Notwithstanding any other provision hereof, nothing in this Section 13 (Proprietary Information) shall prohibit or be deemed to prohibit a party hereto from disclosing any Proprietary Information (or any other information the disclosure of which is otherwise prohibited hereunder) to the extent that such party becomes legally compelled to make such disclosure by reason of a subpoena or order of a court, administrative agency or other governmental body of competent jurisdiction, and such disclosures are expressly permitted hereunder; provided, however, that a party that has been requested or becomes legally compelled to make a disclosure otherwise prohibited hereunder by reason of a subpoena or order of a court, administrative agency or other governmental body of competent jurisdiction shall provide the other party with written notice thereof within ten (10) calendar days, or, if sooner, at least five (5) business days before such disclosure will be made so that the other party may seek a protective order or other appropriate remedy.  In no event shall a party be deemed to be liable hereunder for compliance with any such subpoena or order of any court, administrative agency or other governmental body of competent jurisdiction.

14. Disclaimers, Exclusions of Warranties and Limitations of Liability.

a. Third Party Carrier Lines.  By using the System and the Services, the Subscriber acknowledges that access to the System is to be provided over various facilities and communications lines, and information will be transmitted over local exchange and Internet backbone carrier lines and through routers, switches, and other devices (collectively, “Carrier Lines”) owned, maintained, and serviced by third-party carriers, utilities, and Internet service providers, all of which are beyond Mobile Health’s control.  Mobile Health assumes no liability for or relating to the integrity, privacy, security, confidentiality, or use of any information while it is transmitted on the Carrier Lines, or any delay, failure, interruption, interception, loss, transmission, or corruption of any data or other information attributable to transmission on the Carrier Lines.  Use of the Carrier Lines is solely at the Subscriber’s risk and is subject to all applicable local, state, national, and international laws. 

b. No Warranties.  Access to the System, use of the Services, and the information obtained by a Data Recipient pursuant to the use of those services are provided “as is” and “as available” without any warranty of any kind, expressed or implied, including but not limited to, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement.  The Subscriber is solely responsible for any and all acts or omissions taken or made in reliance on the System or the information in the System, including inaccurate or incomplete information.  It is expressly agreed that in no event shall Mobile Health be liable for any special, indirect, consequential, or exemplary damages, including but not limited to, loss of profits or revenues, loss of use, or loss of information or data, whether a claim for any such liability or damages is premised upon breach of contract, breach of warranty, negligence, strict liability, or any other torts or other theories of liability, even if Mobile Health has been apprised of the possibility or likelihood of such damages occurring. Mobile Health disclaims any and all liability for erroneous transmissions and loss of service resulting from communication failures by telecommunication service providers or the System.

c. Other Subscribers.  By using the System and the Services, the Subscriber acknowledges that other Subscribers have access to the System and Services.  Such other Subscribers shall have agreed to comply with the terms and conditions of this Agreement and the Policies and Procedures concerning use of the information made available through the System and the Services; however, the actions of such other parties are beyond the control of Mobile Health.  Accordingly, Mobile Health does not assume any liability for or relating to any impairment of the privacy, security, confidentiality, integrity, availability, or restricted use of any information on the System resulting from any Subscriber’s actions or failures to act.

d. Subscriber’s Actions.  The Subscriber shall be solely responsible for any damage to a computer system, loss of data, and any damage to the System caused by that Subscriber or any person using a user ID assigned to the Subscriber or a member of the Subscriber’s workforce.

e. Unauthorized Access; Lost or Corrupt Data.  Mobile Health is not responsible for unauthorized access to the Subscriber’s transmission facilities or equipment by individuals or entities using the System or for unauthorized access to, or alteration, theft, or destruction of the Subscriber’s data files, programs, procedures, or information through the System, whether by accident, fraudulent means or devices, or any other method.  The Subscriber is solely responsible for validating the accuracy of all output and reports and protecting the Subscriber’s data and programs from loss by implementing appropriate security measures, including routine backup procedures.  The Subscriber waives any damages occasioned by lost or corrupt data, incorrect reports, or incorrect data files resulting from programming error, operator error, equipment or software malfunction, security violations, or the use of third-party software.  Mobile Health is not responsible for the content of any information transmitted or received through the System or the Services.  The Data Provider is solely responsible for the content of all Patient Data that the Data Provider makes available pursuant to this Agreement.

f. Inaccurate Data.  All data to which access is made through the System and/or the Services originates from Data Providers, and not from Mobile Health.  All such data is subject to change arising from numerous factors, including without limitation, changes to PHI made at the request of the patient, changes in the patient’s health condition, the passage of time and other factors.  Without limiting any other provision of this Agreement, Mobile Health shall have no responsibility for or liability related to the accuracy, content, currency, completeness, content, or delivery of any data either provided by a Data Provider or used by a Data Recipient. 

g. Patient Care.  Without limiting any other provision hereof, the Subscriber and the Subscriber’s Authorized Users shall be solely responsible for all decisions and actions taken or not taken involving patient care, utilization management, and quality management for their respective patients and clients resulting from or in any way related to the use of the System or the Services or the data made available thereby.  Neither the Subscriber nor any Authorized User shall have any recourse against, and shall waive, any claims against Mobile Health for any loss, damage, claim, or cost relating to or resulting from its own use or misuse of the System and/or the Services or the data made available thereby. 

h. Limitation of Liability.  Mobile Health makes no warranty and disclaims all responsibility and liability for: (i) any harm to your computer system, loss of data, or other harm that results from your access to or use of the Services or any Content; (ii) any failure to store, transmit or prevent the deletion of any content posted or transmitted using the Services or System; (iii) the security or reliability of the Services and the accuracy, completeness, or reliability of any content posted or transmitted on the System or Services; and (iv) the Services being uninterrupted, secure, or error-free. 

 TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, MOBILE HEALTH, ITS OFFICERS, DIRECTORS, EMPLOYEES, AGENTS OR REPRESENTATIVES SHALL NOT BE LIABLE FOR ANY SPECIAL, CONSEQUENTIAL, INDIRECT, INCIDENTAL, OR PUNITIVE DAMAGES, OR ANY LOSS OF PROFITS OR REVENUES, WHETHER INCURRED DIRECTLY OR INDIRECTLY, OR ANY LOSS OF DATA, USE, GOOD-WILL, OR OTHER INTANGIBLE LOSSES, RESULTING FROM SUBSCRIBER’S ACCESS TO OR USE OF OR INABILITY TO ACCESS OR USE THE SERVICES, ANY THIRD PARTY CONTENT OR CONDUCT, INCLUDING WITHOUT LIMITATION, ANY INACCURATE, UNRELIABLE, INCOMPLETE, HARMFUL, OFFENSIVE, DEFAMATORY, OR ILLEGAL CONTENT OR CONDUCT OR UNAUTHORIZED ACCESS, USE OR ALTERATION OF SUBSCRIBER’S CONTENT POSTED OR TRANSMITTED BY ANY THIRD PARTY REGARDLESS OF WHETHER ANY ALLEGED LIABILITY IS BASED ON TORT, CONTRACT, STATUTE, BREACH OF WARRANTY, NEGLIGENCE OR OTHERWISE AND REGARDLESS OF WHETHER MOBILE HEALTH HAS BEEN INFORMED OF THE POSSIBILITY OF SUCH DAMAGE. 

IN NO EVENT SHALL THE AGGREGATE LIABILITY OF MOBILE HEALTH EXCEED THE GREATER OF ONE HUNDRED U.S. DOLLARS (U.S. $100.00) OR THE FEES PAID BY SUBSCRIBER UNDER THIS AGREEMENT TO MOBILE HEALTH IN THE PAST SIX MONTHS.

15. Insurance and Indemnification.

a. Insurance.  The Subscriber shall obtain and maintain insurance coverage for general and professional liability with coverage limits that are reasonable and customary for a party engaged in the activities of the Subscriber, and as may be described more specifically in the Policies and Procedures.  If any policy of such insurance is issued on a “claims made” basis, then upon the termination of any such policy, the Subscriber shall procure extended reporting (“tail”) coverage for such policy for the longest extended reporting period that is commercially available.

b. Indemnification.

i. Indemnification.  In addition to any other specific indemnities provided in this Agreement, Mobile Health and the Subscriber (each, an “Indemnifying Party”) each shall indemnify and hold the other and, if the Subscriber is the Indemnifying Party, the other Subscribers (each, the “Indemnified Party”), harmless from all liability, judgments, costs, damages, claims, or demands, including reasonable attorneys' fees, net of the proceeds of insurance, arising out of the act or omission of the Indemnifying Party or any of the Indemnifying Party's Authorized Users, members, agents, staff, or employees, including the Indemnifying Party’s breach of any representation, warranty or covenant under this Agreement, or failure to comply with or perform its obligations under this Agreement.

ii. Specific Indemnities.  Without limiting the generality of Section 15(b)(i) (Indemnification, Generally), acts or omissions giving rise to the obligation to indemnify and hold harmless pursuant to Section 15(b)(i) (Indemnification, Generally) shall include, but not be limited to, (a) acts or omissions that result in a Serious Breach of Confidentiality or Security or (b) a Data Provider’s provision of any Patient Data or other data through the Services or System that is inaccurate, incomplete or defamatory.

iii. Rules for Indemnification.  Any indemnification made pursuant to this Agreement shall include payment of all costs associated with defending the claim or cause of action involved, whether or not such claims or causes of action are meritorious, including reasonable attorneys’ fees and any settlement by or judgment against the party to be indemnified.  A party seeking to be indemnified pursuant to this Section 15(b) (Indemnification) shall make a demand for indemnification upon the Indemnifying Party promptly and within a period of time within which the Indemnifying Party is not prejudiced by lack of notice.  Upon receipt of such notice, the Indemnifying Party shall, at its sole cost and expense, retain legal counsel and defend the party to be indemnified.  The Indemnifying Party shall be responsible for, and have control of, such claim and any litigation arising therefrom, but may not settle such litigation without the express consent of the party(ies) to be indemnified where such settlement would include an agreement of the Indemnified Party to pay damages or admit liability, which consent shall not be unreasonably withheld, conditioned or delayed.  The indemnification obligations of the parties shall not, as to third parties, be a waiver of any defense or immunity otherwise available, and the indemnifying party, in indemnifying the indemnified party, shall be entitled to assert in any action every defense or immunity that the indemnified party could assert on its own behalf. 

16. Miscellaneous.

a. Applicable Law.  The interpretation of this Subscription Agreement and the resolution of any disputes arising under this Subscription Agreements shall be governed by the laws of the State of New York.  If any action or other proceeding is brought on or in connection with this Agreement, the venue of such action shall be exclusively in Suffolk County, in the State of New York.

b. Non-Assignability.  No rights of the Subscriber under this Agreement may be assigned or transferred by the Subscriber, either voluntarily or by operation of law, without the prior written consent of Mobile Health, which it may withhold in its sole discretion.

c. Third-Party Beneficiaries.  There shall be no third-party beneficiaries of any Subscription Agreement.

d. Force Majeure.  Except for payment of fees due under this Agreement, neither the Subscriber nor Mobile Health shall be deemed in violation of any provision of this Agreement if it is prevented from performing any of its obligations by reason of: (a) severe weather and storms; (b) earthquakes or other natural occurrences; (c) strikes or other labor unrest; (d) power failures; (e) nuclear or other civil or military emergencies; (f) acts of legislative, judicial, executive, or administrative authorities; or (g) any other circumstances that are not within its reasonable control.  This Section 15(d) shall not apply to obligations imposed under applicable laws and regulations or obligations to pay money.

e. Severability.  Any provision of this Subscription Agreement that shall prove to be invalid, void, or illegal, shall in no way affect, impair, or invalidate any other provision of that Agreement, and such other provisions shall remain in full force and effect.

f. Notices.  Any and all notices required or permitted under this Agreement shall be sent by United States mail certified return receipt requested, nationally recognized overnight delivery service to the address(es) set forth below; provided, that either party may change its address for purposes of notice by giving notice of that address change to the other in compliance with this Section 15(f).  If the Subscriber has supplied Mobile Health with an electronic mail address, Mobile Health may give notice by email message addressed to such address; provided however that if Mobile Health receives notice that the email message was not delivered, it shall give the notice by United States mail, overnight delivery service, or facsimile.  Mobile Health will accept notices by electronic mail.  

g. Waiver.  No provision of the terms and conditions of this Agreement shall be deemed waived and no breach excused, unless such waiver or consent shall be in writing and signed by the party claimed to have waived or consented.  Any consent by any party to, or waiver of a breach by the other, whether expressed or implied, shall not constitute a consent to, waiver of, or excuse for any other different or subsequent breach.

h. Entire Agreement; Modifications.  This Agreement contains the entire understanding of the parties, and there are no other written or oral understandings or promises between the parties with respect to the subject matter of this Agreement other than those contained or referenced in this Agreement. All modifications or amendments to this Agreement shall be in writing and signed by all parties.

i. Counterparts; Electronic Signature.  This agreement may be signed in counterparts, and each such counterpart, when taken together, shall constitute one, single and binding Agreement.

IN WITNESS WHEREOF, and intending to be legally bound hereby, the Parties have duly executed this Agreement.

MOBILE HEALTH ONE, INC.