COMMONWELL HEALTH ALLIANCE

MEMBER SERVICES AGREEMENT (MSA) EULA

Background and Purpose

This CommonWell Health Alliance (“Alliance”) Member Services Agreement (“MSA”) End User License Agreement (“EULA”) applies to Customer’s use of the Services.

Terms and Conditions

1.Description of Services. Customer acknowledges and agrees that, as part of the Services, Health Data of Customer and each of its End Users may be used and disclosed by Alliance through its Service Provider and disclosed to other Members’ Customers and End Users participating in the Services, solely as necessary to provide the Services, as further described below.  Customer represents and warrants that it has all rights and authority necessary to agree to and comply with the previous sentence and all Health Data provided to Alliance or Service Provider or exchanged via the Services by Customer and its End Users is provided with the full authority and consent of the owner of such Health Data as set forth in Section 4 of this EULA.

Health Data may be used and disclosed by Alliance and Service Provider and their subcontractors solely as necessary to provide the Services, including on behalf of Customer or End Users to carry out the following related to the Services: (a) submit requests for Health Data relating to individual patients, (b) identify whether other participants utilizing the Services maintain Health Data relating to those patients, (c) request Health Data from the participants maintaining it, (d) transmit requested Health Data to the requesting participant, and in support of other uses approved by the Alliance. In addition, Alliance and Service Provider may de-identify PHI and store Health Data and de-identified PHI for the sole purposes of performance testing, trouble shooting and improving the Services within the scope of the MSA, and for no other purpose.

2. Licenses. Customer hereby receives a limited, nonexclusive, non-transferable, non-sublicensable license to access the Services as integrated with and accessible via a designated Customer healthcare information technology solution, solely for Customer’s internal purposes, and only for purposes approved by the Alliance.

3. Access to Services. The Services include the login features described in the Documentation.  Each End User will be required to enter his or her login credentials (“Login Credentials”) in order to access the Services.  Customer is fully responsible for all uses of Login Credentials issued to or created by its End Users. Customer is responsible for authentication and identity management of each End User that accesses the Services and to ensure such Login Credentials are unique to each End User and remain secure. Customer shall ensure that each End User accessing clinical data using the Services is properly identified, authenticated and authorized under applicable law to access such Health Data.

4. Authority and Consent. Customer agrees to use or disclose data received from other participants in the Services responsibly and in accordance with Applicable Laws, including but not limited to any and all required consents. Customer shall ensure, and train and obligate its Ends Users to ensure, that patient consents are: (i) made with full transparency and education; (ii) adequate to allow all Services approved by the Alliance (iii) made only after the patient has had sufficient time to review educational material; (iv) commensurate with circumstances for why health information is exchanged; (v) not used for discriminatory purposes or as a condition for receiving medical treatment; (vi) consistent with patient expectations; and (vii) revocable at any time. Customer agrees, and shall cause and obligate each End User to agree, that it shall access and use Health Data only for purposes approved by Alliance.

5. Business Associate Agreements. Customer represents and warrants that it has and will maintain a business associate agreement in conformance with Applicable Laws with Member that is applicable to and covers the use and disclosure of Health Data for participation in the Services.

6. Suspension of Services. Alliance, Service Provider, Heand Member each retain the right to suspend the Services provided to Customer at any time in the event that Customer is not in material compliance with this EULA or to protect the performance, integrity and security of the Services.

7. PHI Accuracy and Completeness. Each Customer agrees and will require its End Users to agree to the following terms, or to terms substantially similar thereto:

7.1       Alliance through Service Provider provides the technology and services to allow Customer (and its respective Users) to request and disclose their PHI, and as such, Alliance and Service Provider give no representations or guarantees about the accuracy or completeness of the PHI disclosed through the Services;

7.2       PHI disclosed or received using the Services may not be a complete clinical record or history with respect to any individual, and it is the sole responsibility of any treating healthcare provider to confirm the accuracy and completeness of any PHI or clinical records used for treatment purposes and to obtain whatever information the provider deems necessary for the proper treatment of the patient;

7.3       Customer and each of its End Users is solely responsible for any decisions or actions taken involving patient care or patient care management, whether or not those decisions or actions were made or taken using information received through the Services; and

7.4       Alliance and Service Provider assume no responsibility or role in the care of any patient.

8. Compliance with EULA and Alliance Policies. Customer agrees (i) to utilize the Services in accordance with the terms and conditions of this EULA, and (ii) to comply with and to obligate its End Users to comply with all Alliance Policies, and (iii) to provide reasonable training to End Users regarding the use of the Services in accordance with the terms and conditions of this EULA, Alliance Policies, and Documentation.

9.  Carequality Services. Services may include products and services to Customers which involve access to, use of, and re-disclosure of Information that the Alliance obtains by virtue of being an Carequality Implementer (“Carequality Services.”). If Customer has access to or uses Carequality Services, Customer hereby agrees that: (i) with regards to such Carequality Services Customer agrees to and shall comply with the Carequality Connection Terms; (ii) acknowledges that the Carequality Connection Terms constitute a binding written agreement between Customer and Alliance, and; (iii) Customer consents and has adequate authority to consent to Customer and its customers to participate in the Carequality Services, including but not limited to any applicable exchange Activity related thereto. “Carequality Connection Terms” means the Carequality terms and conditions, as updated from time to time and available from Carequality here: https://sequoiaproject.org/. For the purpose of this Agreement “Carequality Implementer” has the meaning provided in the Carequality Connection Terms.

10. Accuracy and Data Backup. Customer acknowledges and agrees that it is solely responsible for the accuracy of data it provides through the Services and that Alliance and Service Provider are not responsible for the accuracy or content of the data used or disclosed in providing the Services. Customer is responsible for establishing and operating its own back-up, and other procedures and controls appropriate to maintain the integrity and continuity of Customer’s operations, including the protection of its data and PHI or of its End Users.

11. Breach Detection and Notification. Customer shall comply with all applicable breach notification requirements pursuant to 45 CFR § 164.410. Customer shall make reasonable efforts to notify Member of any Breach of Confidentiality or Security within three (3) days from discovery.

12. Compliance with Laws. Customer is, and will remain, and will obligate End Users to be and remain, compliant with all Applicable Laws in their use of the Services, including laws that become effective during the use of the Services.

13. Proprietary Rights. Customer acknowledges and agrees, as between Customer, Alliance and Service Provider, Customer is only being granted a limited use right to the Services provided by Alliance or Service Provider. Alliance and Service Provider retain all rights title and interest in and to their own respective Intellectual Property rights. The Services and all additions or modifications to the Services provided by Alliance or Service Provider, and all Intellectual Property rights associated therewith, are the sole and exclusive property of Alliance, Service Provider, or their licensors.

14. LIMITATION OF LIABILITY. IN NO EVENT WILL ALLIANCE OR SERVICE PROVIDER BE LIABLE TO CUSTOMER UNDER, IN CONNECTION WITH, OR RELATED TO THE SERVICES FOR ANY SPECIAL, INCIDENTAL, INDIRECT, OR CONSEQUENTIAL DAMAGES, INCLUDING, BUT NOT LIMITED TO, LOST PROFITS OR LOSS OF GOODWILL, WHETHER BASED ON BREACH OF CONTRACT, WARRANTY, TORT, PRODUCT LIABILITY, OR OTHERWISE, AND WHETHER OR NOT ALLIANCE OR SERVICE PROVIDER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.  ALLIANCE AND SERVICE PROVIDER’S ENTIRE LIABILITY TO CUSTOMER FOR ANY LOSS OR DAMAGE, DIRECT OR INDIRECT, FOR ANY CAUSE WHATSOEVER AND REGARDLESS OF THE FORM OF ACTION, RELATED TO CUSTOMER’S USE OF THE SERVICES, WILL BE LIMITED TO CUSTOMER’S ACTUAL DIRECT OUT-OF-POCKET EXPENSES WHICH ARE REASONABLY INCURRED BY CUSTOMER IN AN AMOUNT NOT TO EXCEED $25,000.00.

15. Exclusive Warranty and Disclaimer. ALLIANCE AND SERVICE PROVIDER MAKE NO WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT, INCLUDING WITHOUT LIMITATION WITH REGARDS TO THE SERVICES.

16. Service Provider as Third Party Beneficiary. Alliance and Service Provider are third party beneficiaries of this EULA and are each entitled to enforce any rights herein that relate to its rights in the Services, including rights related to any Intellectual Property owned by each of them.

Definitions

In addition to terms defined elsewhere in this EULA, the following defined terms shall apply:

“Alliance Policies” means all policies approved by the Alliance relating to the Alliance or the Services, including but not limited to the Data, Security, and Privacy Policy available on Alliance’s website, as updated from time to time. (Please see: http://www.commonwellalliance.org/data-and-security/)

“Applicable Laws” means all applicable federal, state, and local laws, including but not limited to privacy laws, HIPAA, and those concerning the use of PHI related to minors, personally identifiable information, and sensitive personal information.

“Breach” has the meaning provided for in 45 CFR 164.402 (Definitions, effective March 26, 2013; 78 Federal Register 5695) or its successor.

“Breach of Confidentiality or Security” means an incident that is reasonably likely to adversely affect: (a) the viability, security, or reputation of the Services, or (b) the legal liability of Alliance, Service Provider, or any Member.

“Customer” means a customer or user of a Member that receives the benefits of the Services.

“Documentation” means the user documentation containing the functional descriptions for the Services as may be reasonably modified from time to time by Alliance or Service Provider.

“End User” means a healthcare provider facility, practice group, or physician (including any individual or legal entity), permitted by an Adopter to access the Services or any enrollment user interface to utilize the Services.

“Health Data” means health information, including information and PHI that is received, transmitted, stored or maintained through the Services.

“HIPAA” means the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations.

“Intellectual Property” means all forms of legal rights and protections in any country of the world regarding intellectual property rights, including all right, title and interest arising under common and statutory law to all: patents, trademarks, copyrights, trade secrets, and other industrial property rights and other rights to inventions or designs, and all applications, registrations, issuances, divisions, continuations, continuations-in-part, renewals, reissuances and extensions of the foregoing.

“Login Credentials” means unique user identification and password combination, as well as any other applicable security measures that are required by Service Provider to allow Member, a Customer or a User to gain access to the Services.

“Member” means WellSky Corporation.

“Protected Health Information” or “PHI” has the meaning set forth in 45 C.F.R. 160.103, as applied to the information created, received, transmitted or maintained through the Services.

“Services” means the services approved and offered by or on behalf of the Alliance, including but not limited to those related to patient registration, enrollment, linking, and retrieval of electronic healthcare records. Services may include products and services, which involve access to, use of, and re-disclosure of information that the Alliance obtains by virtue of being a Carequality Implementer.

“Service Provider” means a service provider that provides services relating to the Services on behalf of Alliance.