WELLSKY CORPORATION
MASTER CLOUD SERVICES AGREEMENT
This Master Cloud Services Agreement (the “Agreement”) is incorporated in the Business Associate Agreement (“BAA”) between CarePort Health, LLC and its Affiliates, with offices at 11300 Switzer Road, Overland Park, Kansas 66210 (“CarePort”), and its Company and governs Company’s use of the Cloud Services, defined below. Each of CarePort and Company may be referred to herein individually as a “Party” and together as the “Parties.” The effective date of this Agreement shall be the date of last signature on the BAA (“Effective Date”). The Parties agree as follows:
1. DEFINITIONS. Capitalized terms used herein or in the BAA, but not defined, have the meaning set forth in Exhibit A.
2. SERVICES.
2.1. Cloud Services. CarePort shall provide Company a non-exclusive, non-assignable, limited right to access and use the Cloud Services during the Term, solely for Company’s internal business operations and subject to the terms of this Agreement. Company shall not have any physical access to the Cloud Services hardware.
2.2 Professional Services. Unless otherwise set forth in an Order Form, Professional Services shall be performed on a time and materials basis at WellSky’s standard rates.
2.3 Company Responsibilities. Company shall: (a) approve access for all Permitted Users to the Cloud Services and shall prevent unauthorized access and use of the Cloud Services. Company shall not, and shall ensure that its Permitted Users do not: (i) sell, resell, lease, lend or otherwise make available the Cloud Services to a third-party; (ii) modify, adapt, translate, or make derivative works of the Cloud Services; or (iii) sublicense or operate the Cloud Services for timesharing, outsourcing, or service bureau operations; (b) provide network connectivity between Company’s local environment and the Cloud Services for the implementation and execution of the Cloud Services as provided in the Documentation; (c) maintain bandwidth of sufficient capacity for the operation of the Cloud Services; (d) have sole responsibility for installation, testing, and operations of Company facilities, telecommunications and internet services, equipment, and software upon Company’s premises necessary for Company’s use of the Cloud Services; and (e) pay all third-party access fees incurred by Company to access and use the Cloud Services.
2.4 Suspension of Services. If there is a threat to the security of CarePort’s systems or the Services, CarePort may suspend the Services without liability until all issues are resolved.
3. PROPRIETARY RIGHTS.
3.1 Ownership. CarePort or its licensor retains all right, title, and interest, in the Documentation, Services, and Work Product. CarePort shall grant to Company a non-exclusive, non-transferable license to use Work Product only for Company’s own internal purposes in connection with the Services.
4. LIMITED WARRANTIES.
4.1 Disclaimer. CAREPORT DISCLAIMS ALL WARRANTIES, ORAL, WRITTEN, EXPRESS, IMPLIED, OR STATUTORY; INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE AND MERCHANTABILITY, AND ANY WARRANTY OF NON-INFRINGEMENT, OR ANY WARRANTIES ARISING FROM TRADE PRACTICE, COURSE OF PERFORMANCE, OR COURSE OF DEALING. CAREPORT DOES NOT WARRANT THAT THE CLOUD SERVICES SHALL BE ERROR-FREE OR UNINTERRUPTED, OR THAT ALL DEFECTS SHALL BE CORRECTED, OR THAT THE LICENSED SOFTWARE OR CLOUD SERVICES SHALL MEET COMPANY’S REQUIREMENTS.
5. LIMITATION OF LIABILITY. CAREPORT’S MAXIMUM LIABILITY FOR DAMAGES TO COMPANY FOR ANY CAUSE WHATSOEVER ARISING UNDER OR RELATED TO THIS AGREEMENT SHALL NOT EXCEED ONE THOUSAND DOLLARS ($1,000). NEITHER CAREPORT NOR ITS LICENSORS SHALL BE LIABLE FOR ANY SPECIAL, CONSEQUENTIAL, INCIDENTAL, INDIRECT, EXEMPLARY, PUNITIVE DAMAGES, OR LOST PROFITS BASED UPON BREACH OF WARRANTY, BREACH OF CONTRACT, NEGLIGENCE, STRICT LIABILITY, OR ANY OTHER LEGAL THEORY, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, OR FOR ANY CLAIM BY A THIRD-PARTY AGAINST CLIENT. CarePort shall not be deemed to be engaged, directly or indirectly, in the practice of medicine or the dispensing of medical services, nor shall it be responsible or liable for the use, application, or interpretation of any information, results, or product generated by or resulting from the Services, or arising from the Company’s use of the Services.
6. INDEMNIFICATION.
6.1 CarePort Indemnity. CarePort shall defend, indemnify, and hold Company and its officers, directors, and employees harmless from and against any third-party claims, suits, liabilities, obligations, judgments, and causes of action (“Third-Party Claims”) and associated costs and expenses (including reasonable attorneys’ fees) to the extent arising out of any claim that the Cloud Services infringe any currently existing United States patent or copyright, or misappropriates any trade secret, of any third-party. If Company’s use of the Cloud Services is finally enjoined, CarePort shall, at its sole option and expense, and as Company’s sole and exclusive remedy, either: (a) secure for Company the right to continue to use the Cloud Services; (b) replace, modify or correct such Cloud Services to avoid such infringement, or (c) terminate the Agreement. CarePort’s indemnification obligations shall not apply if the Third-Party Claim results from: (i) modifications of the Cloud Services by Company or third parties; (ii) use of the Cloud Services with non-CarePort software or equipment; or (iii) use of Cloud Services in violation of this Agreement, Applicable Law, or not in conformance with the Documentation.
6.2 Company Indemnity. Company shall defend, indemnify, and hold CarePort and its officers, directors, and employees harmless from and against any Third-Party Claim and associated costs and expenses (including reasonable attorneys’ fees) to the extent arising out of or resulting from Company’s use of the Cloud Services, CarePort’s use of Company Data, or any claim by any party receiving services from Company in connection with the Cloud Services.
6.3 Indemnification Procedures. To be indemnified, the party seeking indemnification must: (a) give the other party timely written notice of such Third-Party Claim (unless the other party already has notice); provided, however, that failure to give such notice will not waive any rights of the indemnified party except to the extent that the rights of the indemnifying party are prejudiced thereby, and; (b) give the indemnifying party authority, information, and assistance for the Third-Party Claim’s defense and settlement. The indemnifying party has the right, at its option, to defend the Third-Party Claim at its own expense and with its own counsel. The indemnified party has the right, at its option, to join in the defense and settlement of such Third-Party Claim and to employ counsel at its own expense, but the indemnifying party shall retain control of the defense. The indemnifying party has the right to settle the claim so long as the settlement does not require the indemnified party to pay any money or admit any fault without the indemnified party’s prior written consent, which will not be unreasonably withheld, conditioned, or delayed.
7. TERM AND TERMINATION OF LICENSE AND AGREEMENT.
7.1 Term. This Agreement remains in effect until terminated in accordance with this Agreement or the BAA (“Term”).
7.2 Termination. Either Party may terminate this Agreement at any time and may terminate for right to access granted herein for cause if: (a) the other Party materially breaches this Agreement and fails to cure such breach within sixty (60) days after receipt of written notice of the same; or (b) the other Party becomes the subject of a voluntary proceeding relating to insolvency, receivership, liquidation, bankruptcy, or composition for the benefit of creditors and such petition or proceeding is not dismissed within sixty (60) days of filing. Failure to use Cloud Services in accordance with Applicable Law is a material breach of this Agreement.
7.3 Effect of Termination. Upon termination of this Agreement, Company shall immediately cease all use of the Cloud Services, and rights of Company under this Agreement shall terminate and revert to CarePort. Company shall, within ten (10) days following such termination, destroy or return to CarePort all CarePort Confidential Information, and certify such return or destruction in writing to CarePort.
7.4 Survival. The sections that by their natures survive termination or expiration of this Agreement shall survive.
8. CONFIDENTIAL INFORMATION. Each Party shall (a) secure and protect the Confidential Information using the same degree or greater level of care that it uses to protect such Party’s own confidential information, but no less than a reasonable degree of care; (b) use the Confidential Information of the other Party solely to perform its obligations or exercise its rights under this Agreement; (c) require their respective employees, agents, attorneys, and independent contractors who have a need to access such Confidential Information to be bound by confidentiality obligations sufficient to protect the Confidential Information; and (d) not transfer, display, convey, or otherwise disclose or make available all or any part of such Confidential Information to any third-party. Either Party may disclose the other Party’s Confidential Information to the extent required by Applicable Law or regulation, including without limitation any applicable Freedom of Information or sunshine law, or by order of a court or other governmental entity, in which case the disclosing Party shall notify the other Party as soon as practical prior to such disclosure and provide an opportunity to respond or object to the disclosure.
9. REGULATORY COMPLIANCE.
9.1 General. CarePort shall make available to the Secretary of Health & Human Services or Comptroller General of the United States its books, documents, and records necessary to verify the nature and extent of the costs of those Cloud Services. Said access shall be limited to a period of four (4) years after the provision of the applicable services hereunder.
10. GENERAL PROVISIONS.
10.1 Force Majeure. Neither Party shall be liable for any loss, damages, or penalty (other than the obligation to pay money) resulting from any failure to perform due to causes beyond the reasonable control of such Party, including, but not limited to: supplier delay, acts of God, labor disputes, acts of terrorism, war, epidemic, unavailability of components, acts of governmental authorities or judicial action, compliance with laws, or material interruption in telecommunications or utility service. The delayed party shall perform its obligations within a reasonable time after the cause for the failure has been remedied, and the other party shall accept the delayed performance.
10.2 Data Use. Company hereby grants to CarePort a non-exclusive, perpetual license (a) to use the Company Data in connection with the provision of the Cloud Services; and/or (b) to use the Company Data to create Deidentified Data. The license includes a right to sublicense. Additionally, Company authorizes CarePort to aggregate Company Data with other CarePort client data for the purpose of creating and maintaining consumer or patient health records. Company will include a description of the disclosure to CarePort in Company’s privacy policies and will notify CarePort promptly of any consumer or patient request to opt-out of such disclosure. CarePort owns any Deidentified Data.
10.3 Injunctive Relief. Company acknowledges that any breach by Company of Section 2.2 or 8 of this Agreement shall cause CarePort irreparable harm not compensable with money damages, and that in the event of such breach, CarePort shall be entitled to seek injunctive relief, without bond, from any court of competent jurisdiction.
10.4 Assignment. Company shall not assign its rights, duties or obligations under this Agreement without the prior written consent of CarePort.
10.5 Relationship of the Parties. CarePort is an independent contractor, and none of CarePort’s employees or agents shall be deemed employees or agents of Company. Nothing in this Agreement is intended or shall be construed to create or establish any agency, partnership, or joint venture relationship between the Parties.
10.6 Severability. If any provision of this Agreement adopted in connection herewith is held invalid or otherwise unenforceable, the enforceability of the remaining provisions shall not be impaired thereby and the illegal provision shall be replaced with a legal provision that encapsulates the original intent of the Parties.
10.7 Entire Agreement; Amendment; Waiver. This Agreement constitutes the entire agreement between the Parties and supersedes any prior or contemporaneous agreement or understandings with respect to the subject matter of this Agreement. In the event of a conflict between this Agreement and an Order Form, the Agreement shall control. This Agreement shall be construed as if both Parties had equal say in its drafting, and thus shall not be construed against the drafter. This Agreement may be modified only by a written agreement signed by all of the Parties hereto. No waiver or consent granted for one matter or incident will be a waiver or consent for any different or subsequent matter or incident. Waivers and consents must be in writing and signed by an officer of the other Party to be effective.
10.8 Limitation on Actions. Neither party may bring any action arising out of or otherwise associated with this Agreement or the rights granted hereunder more than two years after the cause of action accrues.
10.9 Discounts. Client is reminded that if the purchase includes a discount or loan, Client may be required to fully and accurately report such discount or loan on cost reports or other applicable claims for payment submitted under any federal health care program, including but not limited to Medicare and Medicaid, as required by federal law – see 42 CFR 1001.952 (h).
10.10 Governing Law. This Agreement will be governed by, construed, and interpreted in accordance with the laws of the State of Kansas, excluding its rules of conflicts of law. Both parties hereby consent and submit to the courts located solely in the state of Kansas.
10.11 Non-Solicitation. During the term of this Agreement and for a period of one (1) year thereafter, Company agrees not to hire, directly or indirectly, any employee or former employee of CarePort, without obtaining CarePort’s prior written consent.
10.12 California Consumer Privacy Act. The Parties agree that the California Consumer Privacy Act under Cal. Civ. Code § 1798 et seq. (“CCPA”) may be applicable to the Agreement. If applicable, CarePort shall be deemed a “service provider” under the CCPA if CarePort receives the “personal information” of any “consumer” for “processing” on Company’s behalf.
10.13 Incorporation. The Parties agree that this Agreement is incorporated by reference into the BAA and shall be binding and in full force and effect as of the Effective Date.
EXHIBIT A
a. “Affiliate” means with respect to CarePort, any other entity directly or indirectly, through one or more intermediaries, Controlling, Controlled by, or under common Control with such entity.
b. “Applicable Law” means any law or regulation, or related administrative agency requirement affecting or governing the features, functionality, use, or testing of the Cloud Services.
c. “Cloud Services” means the CarePort software as a service offering and defined in the Documentation, including (i) the CarePort hosted software and any upgrades, enhancements, or new releases thereto, (ii) hardware and other equipment at CarePort’s hosting site, and (iii) use of the telephone support for Company in the operation of the Cloud Services. The term “Cloud Services” does not include Professional Services.
d. “Company Data” means all electronic data or information submitted by Company to the Cloud Services but excluding Deidentified Data (as defined below).
e. “Confidential Information” means (i) the source and object code of all components of the Cloud Services, (ii) the Documentation, (iii) the design and architecture of the database, (iv) the terms and conditions of this Agreement, and (v) all other information of a confidential or proprietary nature disclosed by one Party to the other Party in connection with this Agreement which is either (x) disclosed in writing and clearly marked as confidential at the time of disclosure or (y) disclosed orally and clearly designated as confidential in a written communication to the receiving Party within 7 days following the disclosure. “Confidential Information” shall not include information (a) publicly available through no breach of this Agreement, (b) independently developed or previously known to it, without restriction, prior to disclosure by the disclosing Party, (c) rightfully acquired from a third-party not under an obligation of confidentiality.
f. “Control” over an Affiliate means (a) ownership of at least fifty percent (50%) of such Affiliate, or (b) the right to determine management direction of such Affiliate.
g. “Deidentified Data” means Company Data that is deidentified by CarePort and such deidentification is certified by a third-party as compliant with the deidentification standards under HIPAA or otherwise meets the deidentification requirements under HIPAA.
h. “Documentation” means the most recent documentation of the functional operation of the Cloud Services.
i. “Permitted User” means an authorized user of the Cloud Services.
j. “Professional Services” means, collectively, the implementation, installation, data conversion, validation, or training services provided by WellSky under or in connection with this Agreement.
k. “Work Product” means any technology, documentation, software, procedures developed, conceived or introduced by CarePort in the course of CarePort performing Services, whether acting alone or in conjunction with Company or its employees, Permitted Users, affiliates or others, designs, inventions, methodologies, techniques, discoveries, know-how, show-how and works of authorship, and all United States and foreign patents issued or issuable thereon, all copyrights and other rights in works of authorship, collections and arrangements of data, mask work rights, trade secrets on a world-wide basis, trademarks, trade names, and other forms of corporate or product identification, and any division, continuation, modification, enhancement, derivative work or license of any of the foregoing.
