ONECARE TERMS AND CONDITIONS 

Last Updated and Effective: December, 2024 

These TERMS AND CONDITIONS (this “Terms”) govern the relationship between J&J Companies,  LLC d/b/a OneCarePCM, a North Carolina limited liability company (“OneCarePCM”), and the  Customer identified in the Statement of Work referencing these Terms (“Customer”). Each of  OneCarePCM and Customer may be referred to herein individually as a “Party,” and collectively as the  “Parties.”  

  1. Definitions

When used in these Terms (other than in Section headings), the following initially capitalized terms will  have the meanings assigned to them in this Section 1, and include the plural as well as the singular, and  all participles of each such term, as applicable. Certain other initially capitalized terms may be defined  elsewhere in these Terms. 

1.1 Access Credentials” means any username, identification number, password, license or  security key, security token, PIN or other security code, method, technology or device used, alone or in  combination, to verify an individual’s identity and authorization to access and use the Services. 

1.2 Affiliate” means, with respect to a Person, any legal entity which directly or indirectly  controls, is controlled by, or is under common control with, such Person. For purposes of this definition,  “control” means the power to direct a Person (or to cause the direction of the management of such  Person), whether through ownership of more than fifty percent (50%) of the voting securities of such  Person, by contract, or otherwise.  

1.3 Agreement” means these Terms, together with: (a) all exhibits, schedules, or other  attachments hereto; and (b) all SOWs.  

1.4 Applicable Law” means all laws, ordinances, rules, and regulations of any  Governmental Authority that apply to the activities contemplated under this Agreement. 

1.5 Authorized User” means Customer’s employees or agents (or Third Parties pre approved in writing by OneCarePCM): (a) who are authorized by Customer to access and use the  OneCare Solution under the rights granted to Customer pursuant to this Agreement; and (b) for whom  access to the OneCare Solution has been purchased hereunder. 

1.6 Customer Data” means any and all information, data, or content provided to, uploaded,  or otherwise input into the OneCare Solution, or any component thereof, by or on behalf of Customer  (including by Authorized Users).  

1.7 Customer Systems” means Customer’s information technology infrastructure, including  computers, software, hardware, databases, electronic systems (including database management systems)  and networks, whether operated directly by Customer or through the use of Third-Party services. 

1.8 Fees” means amounts payable by Customer to OneCarePCM in consideration of the  Services, as set forth in the applicable SOW.

www.onecarepm.com  

1.9 Governmental Authority” means any: (a) federal, state, local, municipal, foreign, or  other government; (b) governmental or quasi-governmental authority of any nature (including any  agency, board, body, branch, bureau, commission, council, department, entity, governmental division,  instrumentality, office, officer, official, organization, representative, subdivision, unit, and any court or  other tribunal); (c) multinational governmental organization or body; or (d) entity or body exercising, or  entitled to exercise, any executive, legislative, judicial, administrative, regulatory, police, military, or  taxing authority or power of any nature. 

1.10 Expenses” means out-of-pocket expenses incurred by OneCarePCM in connection with  its performance of Professional Services. 

1.11 Harmful Code” means any software, hardware or other technology, device or means,  including any virus, worm, malware or other malicious computer code, the purpose or effect of which is  to permit unauthorized access to, or to destroy, disrupt, disable, distort or otherwise harm or impede in  any manner any computer, software, firmware, hardware, system, or network, or any application or  function of the foregoing or the security, integrity, or confidentiality of any data processed thereby. 

1.12 Intellectual Property Rights” means any and all current or future: (a) rights associated  with works of authorship, including copyrights, mask work rights, and moral rights; (b) trademark or  service mark rights; (c) trade secret rights; (d) patents, patent rights, and industrial property rights; (e)  layout design rights, design rights, and other proprietary rights of every kind and nature other than  trademarks, service marks, trade dress, and similar rights; and (f) registrations, applications, renewals,  extensions, or reissues of the foregoing ((a)-(e)), in each case, in any jurisdiction throughout the world. 

1.13 Losses” means any and all losses, damages, deficiencies, claims, actions, judgments,  settlements, interest, awards, penalties, fines, costs, or expenses of any kind, including reasonable  attorneys’ fees and expenses of litigation. 

1.14 OneCarePCM Personnel” means all individuals involved in the performance of  Services as employees, agents or independent contractors of OneCarePCM or any Subcontractor. 

1.15 OneCare Platform” means: (a) OneCarePCM’s software platform known as  “OneCare”; and (b) any (i) computer software, computer code, scripts, neural networks, artificial  intelligence, application programming interfaces, methodologies, processes, templates, work flows,  diagrams, tools, algorithms, formulas, user interfaces, know-how, trade secrets, techniques, designs,  inventions, Third-Party services or other tangible or intangible technical material, information, or works  of authorship, and (ii) computers, software, hardware, databases, electronic systems, networks, or other  information technology infrastructure (whether operated directly by OneCarePCM or through the use of  Third-Party services), in each case ((i) or (ii)) underlying or otherwise used to make the software platform  described in the foregoing clause (a) available for access and use on a software-as-a-service basis. For the  avoidance of doubt, OneCare Platform does not include Customer Data. 

1.16 OneCare Solution” means the features and functionalities of the OneCare Platform  made available for access and use by Customer and Authorized Users on a software-as-a-service basis, as  set forth in the applicable SOW. 

1.17 Person” means an individual, corporation, partnership, joint venture, limited liability  entity, Governmental Authority, unincorporated organization, trust, association or other entity. 

1.18 PHI” means “protected health information” as defined at 45 C.F.R. § 160.103.

www.onecarepm.com 

1.19 Professional Services” mean any implementation, training, or other services (other than  the SaaS Services) to be provided by OneCarePCM to Customer, as set forth in an SOW.  

1.20 Representatives” means, with respect to a Party, such Party’s Affiliates, and its and their  respective employees, officers, directors, consultants, agents, independent contractors, OneCarePCMs,  sublicensees, subcontractors, and legal advisors.  

1.21 SaaS Services” means the provision of the OneCare Solution by or on behalf of  OneCarePCM.  

1.22 Services” means, collectively: (a) SaaS Services; (b) Professional Services, and (c)  Support Services.  

1.23 Statement of Work” or “SOW” means a statement of work entered into by the Parties  pursuant to this Agreement, describing in reasonable detail all Services and deliverables to be provided  thereunder, and setting forth, among other things: (a) the OneCare Solution to be provided thereunder, if  any; (b) the Professional Services to be provided to Customer thereunder, if any; (c) a schedule of Fees  and any pre-approved Expenses; and (d) the term of such SOW.  

1.24 Support Services” means diagnosis, and where feasible correction, by OneCarePCM of  failures of the OneCare Solution to materially operate in accordance with the applicable SOW. 

1.25 Taxes” means any and all federal, state, local, or foreign sales, use, excise, value-added  or other similar taxes, charges, fees, levies, or imposts.  

1.26 Third Party” means any Person other than the Parties or their Affiliates. “Third-Party”  has the corresponding meaning.  

  1. Services

2.1 SOWs. Services will be provided by OneCarePCM pursuant to one or more SOWs. All  SOWs must be in writing and signed by an authorized representative of each Party to be effective. Each  executed SOW will be governed by this Agreement and each will be, and hereby is, incorporated herein  by reference. In the event of any conflict or inconsistency between a provision of the body of this  

Agreement and a provision set forth in an SOW, the body of this Agreement will control unless the  applicable SOW expressly states an intent to supersede such conflicting or inconsistent provision.  

2.2 SaaS Services. Subject to and in accordance with this Agreement, including payment of  all applicable Fees, OneCarePCM will use commercially reasonable efforts to provide the SaaS Services.  During the term of the applicable SOW and subject to the terms of this Agreement, OneCarePCM hereby  grants Customer the right for its Authorized Users to access and use the OneCare Solution for Customer’s  internal use. OneCarePCM reserves the right, in its sole discretion, to make any changes to the OneCare Solution, provided that such changes do not materially adversely affect the functionality of the OneCare Solution.  

2.3 Access Credentials. OneCarePCM will provide Customer (or Authorized Users directly)  with Access Credentials within a reasonable time following execution of the applicable SOW, and  promptly thereafter to new Authorized Users as requested by Customer. Notwithstanding the foregoing,  any Third-Party contractor of Customer who Customer desires as an Authorized User must be either 

www.onecarepm.com  

identified in the applicable SOW or pre-approved in writing by OneCarePCM before such Access  Credentials will be issued, such approval not to be unreasonably withheld.  

2.4 Professional Services. Subject to the terms and conditions of this Agreement,  OneCarePCM will use commercially reasonable efforts to provide the Professional Services, if any, in  accordance with the applicable SOW.  

2.5 Support Services. During the Term, OneCarePCM will upon Customer’s reasonable  request and subject to the terms and conditions of this Agreement use commercially reasonable efforts to  provide Support Services based on the nature and severity of the request between the hours of 8AM and  5PM, Monday through Friday (excluding holidays). To request such support, Customer may contact  OneCarePCM by phone at 919-341-9267 or by email at support@ams-software.com or through such  other alternative contacts that OneCarePCM may provide to Customer from time to time.  

  1. Fees; Payment Terms 

3.1 Fees; Expenses; Taxes. Customer will pay the fees set forth in each SOW for the Services to be provided thereunder (“Fees”). Customer will reimburse OneCarePCM for any expenses incurred by  OneCarePCM in connection with the performance of an SOW and that are set forth in such SOW or  otherwise pre-approved by Customer in writing (“Expenses”). Customer will pay any and all sales, use,  excise, value-added or other similar taxes, charges, fees, levies, and imposts imposed by a Governmental  Authority as a result of the performance of this Agreement (other than any taxes on OneCarePCM’s net income) (collectively, “Taxes”), provided that such Taxes are invoiced to Customer by OneCarePCM.  

3.2 Invoicing; Payment. OneCarePCM will invoice Customer for any Fees, Expenses, Taxes, or other amounts due to OneCarePCM hereunder in accordance with the applicable SOW. Unless  otherwise specified in the applicable SOW, Customer will pay undisputed invoices within ten (10)  calendar days of the date of each such invoice. All Fees, Expenses, Taxes, or other amounts due to  OneCarePCM hereunder: (a) will be denominated and paid in U.S. dollars; and (b) will be paid via  electronic transfer of immediately available funds to a bank account designated by OneCarePCM. If any  undisputed amounts due hereunder are not paid when due, then: (x) OneCarePCM may charge interest on  such amounts at a rate of the lesser of 5 percent (5%) per month or the highest rate permissible under  Applicable Law from the date due until the date such amounts (including all accrued interest thereon) are  paid to OneCarePCM; and (y) OneCarePCM may, in OneCarePCM’s sole discretion, suspend the  provision of Services, or any portion thereof, without breach of this Agreement or any liability to  Customer, until such amounts (including all accrued interest thereon) are paid to OneCarePCM. If  Services are suspended by OneCarePCM pursuant to the foregoing clause (y), then (unless this  Agreement is terminated pursuant to Section 12.2), OneCarePCM will reinstate the provision of such  suspended Services upon Customer’s payment of such amounts (including all accrued interest thereon),  provided that OneCarePCM may require reasonable credit guarantees before such re-instatement of  Services. If any undisputed amounts due hereunder remain unpaid for more than sixty (60) calendar days  after the date due, then Customer will be responsible for, and agrees to pay (in addition to such amounts  and all accrued interest thereon), OneCarePCM’s reasonable costs and expenses of collecting such  amounts and all accrued interested thereon, including applicable court costs and attorneys’ fees.  

3.3 Disputes. In the event that Customer disputes any portion of an invoice: (a) Customer will pay any undisputed portion as set forth in Section 3.2; (b) Customer will provide OneCarePCM with written notice of such dispute on or before the date such invoice is due, which notice will describe the  dispute in reasonable detail; (c) the Parties will cooperate in good faith to resolve such dispute promptly,  but in any event for a period of at least thirty (30) calendar days; and (d) in the event that the Parties are

www.onecarepm.com  

unable to resolve the dispute within such thirty (30)-day resolution period, then such dispute will be  resolved in accordance with Section 13.9.  

  1. Use Restrictions; Suspension 

4.1 Use Restrictions. Customer will not, and will not permit its Representatives or  Authorized Users to, access or use the OneCare Solution except as expressly permitted by this  Agreement. Without limiting the generality of the foregoing, Customer will not, and will ensure that its  Representatives will not, except as this Agreement expressly permits: (a) copy, modify or create  derivative works or improvements of the OneCare Solution; (b) rent, lease, lend, sell, sublicense, assign,  distribute, publish, transfer or otherwise make available the OneCare Solution to any Person, including on  or in connection with the internet or any time-sharing, service bureau, software as a service, cloud or  other technology or service; (c) reverse engineer, disassemble, decompile, decode, adapt or otherwise  attempt to derive or gain access to the source code of the OneCare Solution, in whole or in part; (d)  bypass or breach any security device or protection applied to the OneCare Solution or access or use the  OneCare Solution other than by an Authorized User through the use of his or her own then valid Access  Credentials; (e) input, upload, transmit or otherwise provide to or through the OneCare Solution, any  information or materials that are unlawful or injurious, or contain, transmit or activate any Harmful Code;  (f) damage, destroy, disrupt, disable, impair, interfere with or otherwise impede or harm in any manner  the OneCare Solution or OneCarePCM’s provision of services to any Third Party, in whole or in part; (g)  remove, delete, alter or obscure any trademarks, warranties, or disclaimers or any copyright, trademark,  patent, or other intellectual property or proprietary rights notices from the OneCare Solution, including  any copy thereof; (h) access or use the OneCare Solution in any manner or for any purpose that infringes,  misappropriates or otherwise violates any Intellectual Property Right or other right of any Third Party  (including by any unauthorized access to, misappropriation, use, alteration, destruction or disclosure of  the data of any other OneCarePCM client), or that violates any Applicable Law; (i) access or use the  OneCare Solution for purposes of competitive analysis of the OneCare Solution, the development,  provision, or use of a competing software service or product or any other purpose that is to  OneCarePCM’s detriment or commercial disadvantage; or (j) otherwise access or use the OneCare Solution beyond the scope of the authorization granted under this Agreement.  

4.2 Suspension of Services. OneCarePCM may, without liability to Customer, suspend  performance under this Agreement (including by suspending Customer’s or any Authorized User’s ability  to access and use the OneCare Solution) upon notice to Customer in the event that: (a) OneCarePCM reasonably determines that a threat to the technical security or integrity of the OneCare Solution exists,  provided that OneCarePCM promptly recommences performance upon the cessation of such threat; (b)  OneCarePCM receives an order, subpoena, or law enforcement request from any Governmental Authority that expressly or by reasonable implication requires OneCarePCM to do so; or (c) OneCarePCM reasonably believes that Customer or any Authorized User has failed to comply with this Agreement, or  has been or is likely to be involved in any fraudulent, misleading, or unlawful activities relating to or in  connection with any OneCare Solution. This Section 4.2 does not limit any of OneCarePCM’s other  rights or remedies, whether at law, in equity or under this Agreement. 

  1. Customer Responsibilities 

5.1 Customer Systems; Cooperation. Customer will, at all times during the Term: (a) acquire  and maintain Internet service and any hardware or software required to access and use the OneCare Solution; (b) provide all information, cooperation, and assistance as OneCarePCM may reasonably  request to enable OneCarePCM to perform its obligations under and in connection with this Agreement;  and (c) retain sole responsibility for all access to and use of the OneCare Solution by any Person by or  through the Access Credentials or any means controlled by Customer or any Authorized User, with or 

www.onecarepm.com  

without Customer’s knowledge or consent, including all results obtained from, and all conclusions,  decisions and actions based on, such access or use. Customer understands that OneCarePCM’s ability to  meet any deadlines set forth in the applicable SOW is conditioned upon Customer’s cooperation with  OneCarePCM, including Customer’s compliance with this Section 5.1. Customer hereby acknowledges  and agrees OneCarePCM will not be in breach of this Agreement or the applicable SOW, and will not be  liable for, delays caused primarily by Customer’s failure to provide such cooperation or otherwise comply  with Section 5.1, and any such delays will not affect Customer’s payment obligations hereunder.  

5.2 Use of the OneCare Solution for Healthcare Activities. Customer acknowledges and  agrees that, notwithstanding any warranties or other terms in the Agreement, and without limiting any  disclaimers set forth in the Agreement, the OneCare Solution is not intended to substitute for the function  or services of properly trained and licensed individuals, including without limitation physicians or other  clinicians, or billing, coding, or claims personnel. Customer is and shall be solely responsible and liable  for, and neither OneCarePCM nor the providers of any Third-Party services underlying or otherwise used  to make the OneCare Solution available are responsible or liable for: (i) any advice, course of treatment,  diagnosis, or any other information or services that any patient or other individual may obtain or receive;  (ii) billing, coding, or claims activities conducted by Customer or Authorized Users; or (iii) for the  accuracy, completeness, or suitability of any data or information used in any healthcare activities. 

5.3 Use of OneCare Solution Communications Features. The OneCare Solution may include  functionality enabling Customer to communicate with individuals through email, SMS, MMS, or other  text messages (such functionality, the “Communications Features”). Customer is solely responsible for  any use of the Communications Features by Customer and Authorized Users, including the contents of  any message or other communication sent or received through the Communications Features; and shall  ensure that any message, communication, process, action, or decision related to Customer’s and its  Authorized Users’ use of the Communications Features does not violate any Applicable Laws. Without  limiting any other provision of the Agreement, Customer further agrees that:  

(a) Customer shall comply with all laws and regulations governing communications  to or from recipients of messages transmitted through the Communications Services, including the U.S.  CAN-SPAM Act, U.S. Telephone Consumer Protection Act, Canadian Anti-Spam Legislation, S.C. 2010,  c. 23, local and state or provincial analogs to the foregoing, and industry and carrier regulations and best  practices including but not limited to the CTIA’s Messaging Principles and Best Practices and any other  applicable federal, state, local or foreign laws and regulations that require (a) documented consent be  obtained prior to transmitting, recording, collecting, or monitoring data or communications; or (b)  compliance with opt-out requests for any data or communications; or (c) the inclusion of prescribed  disclosures or other content in such data or communications (collectively, the “Communication Laws”).  Without limiting the foregoing, Customer shall provide all notices and obtain all consents and approvals  required under the Communications Laws and other Applicable Laws from message recipients to permit  such collection and monitoring.  

(b) Customer shall not, and shall not permit any Authorized User to: (a) use the  Communication Features to impersonate any other person or entity, or communicate in a fraudulent or  deceptive manner; (b) knowingly interfere in any manner with the operation of the Communication  Features, or the hardware and network used to operate the Communication Features; or (c) use the  Communications Features to transmit or store any content or communication that is illegal, harmful,  unwanted, inappropriate, objectionable, including but not limited to any content or communication that (i)  is false or inaccurate; (ii) is hateful or encourages hatred or violence against individuals or groups; (iii)  could endanger public safety; or (iv) is designed to evade filters or other mechanisms intended to detect or  prevent unwanted messages. 

www.onecarepm.com  

5.4 Corrective Action and Notice. If Customer becomes aware of any actual or threatened  activity prohibited by Section 4, or of any actual or threatened failure to comply with the requirements of  Sections 5.2 and 5.3, Customer will, and will cause its Authorized Users to, immediately: (a) take all  reasonable and lawful measures within their respective control that are necessary to stop the activity or  threatened activity and to mitigate its effects (including, where applicable, by discontinuing and  preventing any unauthorized access to the OneCare Solution and permanently erasing from their systems  and destroying any data to which any of them have gained unauthorized access); and (b) notify  OneCarePCM of any such actual or threatened activity.  

  1. Security and Privacy 

6.1 OneCarePCM’s Security Obligations. OneCarePCM will implement and maintain commercially reasonable administrative, technical, and physical safeguards intended to prevent  unauthorized exposure or disclosure of Customer Data. OneCarePCM will review its security controls  regularly, but no less than annually, and update and maintain them to ensure they are commercially  reasonable.  

6.2 Protected Health Information. To the extent that OneCarePCM, acting as a “Business  Associate” as such term is defined at 45 C.F.R. § 160.103, collects, receives, uses, maintains, creates,  discloses, transmits, destroys, or otherwise processes PHI on behalf of Customer, acting as a “Covered  Entity” as such term is defined at 45 C.F.R. § 160.103, the Parties agree to be bound by the business  associate agreement set forth at Exhibit A. Customer shall not request that OneCarePCM, or cause  OneCarePCM to, collect, receive, use, maintain, create, disclose, transmit, maintain, destroy, or otherwise  process PHI in any manner that violates any Applicable Law. 

6.3 Customer Control and Responsibility. Customer will be solely responsible for: (a) all  Customer Data, including its content and use; (b) all information, instructions and materials provided by  or on behalf of Customer or any Authorized User in connection with the Services; (c) the Customer Systems and the security thereof; and (d) the security and use of Customer’s and its Authorized Users’  Access Credentials.  

  1. Intellectual Property

7.1 OneCare Solution. As between Customer and OneCarePCM, all right, title, and interest in  and to the OneCare Solution, including all Intellectual Property Rights therein, is and will remain the sole  and exclusive property of OneCarePCM.  

7.2 Customer Data. As between Customer and OneCarePCM, all right, title, and interest in  and to the Customer Data, including all Intellectual Property Rights therein, is and will remain the sole  and exclusive property of Customer. Notwithstanding the foregoing, Customer hereby grants to  OneCarePCM, its Subcontractors, and OneCarePCM Personnel a non-exclusive, royalty-free, fully paid up, assignable, sublicensable, license to access, use, and modify the Customer Data to the extent  necessary for the performance of OneCarePCM’s obligations hereunder.  

7.3 Feedback. Customer and Authorized Users may provide OneCarePCM with error reports,  suggestions, feedback, oral and written reports, ideas, or concepts regarding the Services (collectively,  “Feedback”). To the extent Customer or Authorized Users provide Feedback, Customer hereby assigns to  OneCarePCM all right, title, and interest in and to Feedback, including all intellectual property rights  embodied therein.

www.onecarepm.com  

7.4 Reservation of Rights. Except as set forth in Section 2.2, nothing in this Agreement  grants any right, title, or interest in or to any Intellectual Property Rights in or relating to the OneCare Solution, whether expressly, by implication, estoppel or otherwise.  

  1. Third-Party Services. The OneCare Solution may link or provide access to, or operate with  applications, websites or services provided by a third party and not OneCarePCM, including and without  limitation as may be provided in connection with the payment processing, Speech-to-Text, and eligibility  verification services as set forth in an applicable SOW (“Third-Party Services“). Customer’s access and  use of any Third-Party Service is at Customer’s own risk and OneCarePCM disclaims all responsibility  and liability for Customer’s use of any Third-Party Service. OneCarePCM shall have no liability  whatsoever arising from or relating to Customer’s use of Third-Party Services. By using or enabling any  Third-Party Services in connection with Customer’s use of the OneCare Solution, Customer expressly  permits OneCarePCM to disclose Customer Data and other information about Customer and its use of the  Services to the extent necessary to facilitate Customer’s use of the Third-Party Services. CUSTOMER’S  USE OF THIRD-PARTY SERVICES IS AT CUSTOMER’S OWN RISK AND IS SUBJECT TO ANY  ADDITIONAL TERMS, CONDITIONS AND POLICIES APPLICABLE TO SUCH THIRD-PARTY  SERVICES (SUCH AS TERMS OF SERVICE OR PRIVACY POLICIES OF THE PROVIDERS OF  SUCH THIRD-PARTY SERVICES). ONECAREPCM MAKES NO REPRESENTATIONS OR  WARRANTIES, EXPRESS OR IMPLIED, WITH RESPECT TO THIRD-PARTY SERVICES, AND  EXPRESSLY DISCLAIMS ANY WARRANTY OR CONDITION OF MERCHANTABILITY, NON INFRINGEMENT, OR FITNESS FOR A PARTICULAR PURPOSE. Customer agrees to resolve any  disagreement between Customer and a third party regarding the Third-Party Services with that third party  directly in accordance with the terms and conditions of that relationship. 
  2. Confidentiality

9.1 Definition of Confidential Information. “Confidential Information” means all  information disclosed during the Term by a Party (or by such Party’s Representatives) (the “Disclosing  Party”) to the other Party (the “Receiving Party”), or to such other Party’s Representatives, whether in  written, visual, oral, electronic, or other form. “Confidential Information” will also include and any and  

all notes, analyses, memoranda, compilations, reports, forecasts, studies, samples, data, statistics,  summaries, interpretations, or other documents or materials prepared by or on behalf of the Receiving  Party or its Representatives that are based on or derived from (in whole or in part), or that otherwise  contain or embody, any Confidential Information of the Disclosing Party. For the avoidance of doubt: (a)  all Customer Data constitutes Customer’s Confidential Information, with respect to which Customer will  be deemed the Disclosing Party, and OneCarePCM will be deemed the Receiving Party; and (b) all  information regarding OneCare constitutes OneCarePCM’s Confidential Information, with respect to  which OneCarePCM will be deemed the Disclosing Party, and Customer will be deemed the Receiving  Party. 

9.2 Exceptions. Notwithstanding Section 8.1, the term “Confidential Information” will not  include information disclosed to the Receiving Party or its Representatives to the extent that the  Receiving Party can establish, by competent evidence, that such information: (a) is or becomes part of the  public domain, other than by breach of this Agreement by the Receiving Party or its Representatives; (b)  was lawfully in the Receiving Party’s or any of its Affiliates’ possession at the time of disclosure by the  Disclosing Party, from a source other than the Disclosing Party, without any obligation of confidentiality  or restriction on use; (c) is provided to the Receiving Party or any of its Representatives without any  obligation of confidentiality or restriction on use by a Third Party lawfully entitled to possess and disclose  such Confidential Information; or (d) is independently developed or acquired by the Receiving Party or its  Affiliates without use of, reference to, or reliance upon, the Confidential Information of the Disclosing  Party.

www.onecarepm.com  

9.3 Confidentiality, Nonuse, and Nondisclosure Obligations. The Receiving Party and its  Representatives will use the Confidential Information of the Disclosing Party only in connection with the  performance of this Agreement, and such Confidential Information will not be used for any other purpose  without the prior written consent of the Disclosing Party. The Receiving Party will keep the Disclosing  Party’s Confidential Information confidential and secure, and will take security measures at least equal to  those security measures as the Receiving Party employs to protect its own confidential information of like  character (but in any event, not less than reasonable security measures) to maintain the confidentiality of  the Disclosing Party’s Confidential Information and prevent disclosure to Third Parties. The Receiving  Party will promptly report to the Disclosing Party any actual or suspected violation of the terms of this  Section 8.  

9.4 Permitted Disclosures. The Receiving Party may only disclose the Disclosing Party’s  Confidential Information to such of its Representatives who: (a) have a need to know such Confidential  Information in connection with the performance of the Receiving Party’s obligations under this  Agreement; and (b) have been advised of the confidential nature of such Confidential Information, and  who are bound by written obligations at least as protective of such Confidential Information as those  contained in this Section 8. The Receiving Party will be responsible and liable for any unauthorized use or  disclosure of the Disclosing Party’s Confidential Information by the Receiving Party’s Representatives.  Notwithstanding the foregoing, the Receiving Party may also disclose the Disclosing Party’s Confidential  Information to the extent that such disclosure is: (x) necessary for the Receiving Party to enforce its rights  under this Agreement in connection with a legal proceeding; or (y) required by Applicable Law or by the  order of a court or similar judicial or administrative body of competent jurisdiction, provided that the  Receiving Party, as permitted by Applicable Law, (i) promptly notifies the Disclosing Party of such  required disclosure in writing, (ii) reasonably cooperates with the Disclosing Party, at the Disclosing  Party’s expense, in any lawful action to contest or limit the scope of such required disclosure, and (iii)  limits any such required disclosure to only that portion of the Disclosing Party’s Confidential Information  which the Receiving Party is required to disclose.  

9.5 Return of Confidential Information. If requested in writing by the Disclosing Party, the  Receiving Party will (and will ensure that its Affiliates will) promptly destroy (or, at the Disclosing  Party’s request and expense, and to the extent embodied in tangible form, return), all or any portion of the  Disclosing Party’s Confidential Information which is no longer necessary for the Receiving Party’s  performance hereunder. Notwithstanding the foregoing, the Receiving Party will not be required to delete  or destroy any electronic back-up files that have been created solely by the automatic or routine archiving  and back-up procedures of the Receiving Party or its Representatives, to the extent created and retained in  a manner consistent with its or their standard archiving and back-up procedures. In addition, the  Receiving Party will be entitled to retain one (1) copy of the Disclosing Party’s Confidential Information  solely for purposes of determining the scope of its obligations under this Section 8. Any Confidential  Information of the Disclosing Party retained by the Receiving Party pursuant to this Section 8.5 will  remain subject to the Receiving Party’s obligations under this Section 8. At the Disclosing Party’s request  and expense, the Receiving Party will certify in writing that it has fully complied with its obligations  under this Section 8.5.  

9.6 Injunctive Relief. Both Parties acknowledge and agree that the Disclosing Party may be  irreparably harmed by any violation of this Section 8, and that the use of Confidential Information for any  purpose other than that stated herein may, among other things, enable the Receiving Party or Third Parties  receiving such Confidential Information to compete unfairly with the Disclosing Party. Therefore, in the  event of any breach or threatened breach of this Section 8, the Disclosing Party will be entitled (in  addition to all other rights and remedies available under this Agreement, at law, or in equity) to seek, in  any court of competent jurisdiction and without the posting of any bond: (a) an injunction restraining such  breach; or (b) a decree for specific performance of the applicable provision of this Agreement.

www.onecarepm.com  

9.7 Duration. Notwithstanding any expiration or earlier termination of this Agreement, the  Receiving Party’s obligations under this Section 7 will remain in effect for a period of five (5) years  following such expiration or termination.  

  1. Representations, Warranties, and Covenants; Disclaimer  

10.1 Mutual Representations and Warranties. Each Party represents and warrants to the other  Party that, as of the Effective Date: (a) it is duly organized, validly existing and in good standing as a  corporation or other entity under the laws of the jurisdiction of its incorporation or other organization; (b)  it has the full right, power and authority to enter into and perform its obligations and grant the rights,  licenses, consents and authorizations it grants or is required to grant under this Agreement; (c) the  execution of this Agreement by the Person signing the signature page hereto has been duly authorized by  all necessary corporate or organizational action of such Party; and (d) when executed and delivered by  both Parties, this Agreement will constitute the legal, valid and binding obligation of such Party,  enforceable against such Party in accordance with its terms.  

10.2 Additional Customer Representations, Warranties, and Covenants. Customer represents,  warrants, and covenants to OneCarePCM that Customer owns or otherwise has and will have the  necessary rights and consents in and relating to the Customer Data so that, as received by OneCarePCM and processed in accordance with this Agreement, such Customer Data does not and will not infringe,  misappropriate, or otherwise violate any Intellectual Property Rights, or any privacy or other rights of any  Third Party or violate any Applicable Law. Customer further represents, warrants and covenants that the  Services will be utilized by Customer in full compliance with all Applicable Laws.  

10.3 Disclaimer of Warranties. EXCEPT AS EXPRESSLY SET FORTH HEREIN, ONECAREPCM MAKES, AND CUSTOMER RECEIVES, NO WARRANTIES WHATSOEVER, AND ONECAREPCM HEREBY  EXPRESSLY DISCLAIMS ANY AND ALL OTHER WARRANTIES (WHETHER WRITTEN, ORAL, EXPRESS, OR  IMPLIED) INCLUDING ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR  NONINFRINGEMENT. WITHOUT LIMITING THE GENERALITY OF FOREGOING, ONECAREPCM MAKES NO  WARRANTY OF ANY KIND THAT ANY SERVICES OR ONECARE, OR ANY RESULTS OF THE USE THEREOF, WILL MEET CUSTOMERS OR ANY OTHER PERSONS REQUIREMENTS, OPERATE WITHOUT INTERRUPTION, ACHIEVE ANY INTENDED RESULT, BE COMPATIBLE OR WORK WITH ANY SOFTWARE, HARDWARE, SYSTEMS, OR OTHER SERVICES, OR BE SECURE, ACCURATE, COMPLETE, ERRORFREE, OR FREE OF  HARMFUL CODE.  

  1. Indemnification

11.1 OneCarePCM Indemnification. OneCarePCM will indemnify, defend, and hold harmless  Customer and its Representatives (collectively, “Customer Indemnified Parties”) from and against any  and all Losses incurred by or imposed upon any Customer Indemnified Party in connection with any  claims, suits, actions, or other proceedings brought or asserted by a Third Party (each, a “Claim”), to the  extent arising out of any claim that Customer’s use of the OneCare Solution infringes, misappropriates, or  violates any Intellectual Property Rights of a Third Party. In the event that the OneCare Solution or any  part thereof becomes subject to (or, in OneCarePCM’s sole discretion, is likely to become subject to) any  such infringement-related Claim, then OneCarePCM may (at OneCarePCM’s option and expense): (a)  procure for Customer the right to continue using the infringing aspects of OneCare; (b) modify the  infringing aspects of the OneCare Solution to make them non-infringing; or (c) replace the infringing  aspects of the OneCare Solution with a non-infringing product or service of substantially equivalent  functionality. If the foregoing options ((a)–(c)) are, in OneCarePCM’s sole discretion, not available on  commercially reasonable terms, then OneCarePCM may terminate this Agreement upon written notice to  Customer and provide Customer with a refund of any pre-paid Fees as of such termination. 

www.onecarepm.com  

Notwithstanding the foregoing, OneCarePCM’s indemnification obligation under this Section 10.1 will not apply to any Claim: (v) arising from the use or combination of the OneCare Solution (or any  component thereof) with software, hardware, or other materials not developed or authorized by  OneCarePCM, if the OneCare Solution would not be infringing in the absence of such use or  combination; (w) arising from the modification of the OneCare Solution performed by any Third Party  not authorized by OneCarePCM in writing, if the OneCare Solution would not be infringing in the  absence of modification; (x) arising from any use of the OneCare Solution by Customer or any  Authorized User in a manner outside the scope of any right granted herein or in violation of Applicable  Law, if the Claim would not have arisen but for such use; (y) arising from subject matter described in  clauses (c) or (d) Section 10.2. The foregoing states OneCarePCM’s entire liability, and Customer’s  exclusive remedy, for any infringement, misappropriation, or violation of Intellectual Property Rights by  OneCarePCM in connection with this Agreement.  

11.2 Customer Indemnification. Customer will indemnify, defend and hold harmless  OneCarePCM and its Representatives (collectively, “OneCarePCM Indemnified Parties”) from and  against any and all Losses incurred by or imposed upon any OneCarePCM Indemnified Party in  connection with any Claims (including Claims made or brought by Users), to the extent arising out of: (a)  Customer Data, including any processing of Customer Data by or on behalf of OneCarePCM in  accordance with this Agreement; (b) any access to or use of the OneCare Solution by or on behalf of  Customer or occurring through Access Credentials issues to Customer; (c) Customer’s material breach of this Agreement; or (d) any gross negligence, willful misconduct, or violation of applicable laws, rules or  regulations by any Customer Indemnified Party in connection with this Agreement. Customer’s  indemnification obligations under this Section 10.2 will not apply to any Claims for which OneCarePCM is required to indemnify Customer pursuant to Section 10.1.  

11.3 Indemnification Procedure. With respect to any Claim for which a Party seeks  indemnification under this Section 10, the indemnified Party will: (a) promptly provide the indemnifying  Party with written notice of such Claim (which notice will be provided no later than thirty (30) days after  the indemnified Party becomes aware of such Claim); (b) permit the indemnifying Party, at its option, to  assume control over the investigation, defense, and disposition of such Claim; (c) reasonably cooperate  with the indemnifying Party, at the indemnifying Party’s reasonable expense and request, in the  investigation, defense, and disposition of such Claim; and (d) promptly furnish the indemnifying Party  with copies of all notices and documents (including court papers) received by the indemnified Party in  connection with such Claim. In no event will the indemnifying Party settle or otherwise dispose of a  Claim in any manner that admits material fault or wrongdoing by the indemnified Party, or that or incurs  any non-indemnified liability on the part of the indemnified Party, without the indemnified Party’s prior  written consent. In the event that the indemnifying Party assumes control over the investigation, defense,  and disposition of a Claim, the indemnified party will have the right, but not the obligation, to be  represented by counsel of its own selection, at its own expense.  

  1. Limitations of Liability

12.1 Exclusion of Indirect Damages. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE  LAW, IN NO EVENT WILL EITHER PARTY HAVE ANY LIABILITY HEREUNDER FOR ANY INDIRECT, SPECIAL, EXEMPLARY, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES (INCLUDING ANY LOSS OF PROFITS, BUSINESS, OR DATA), HOWEVER CAUSED, WHETHER ARISING UNDER STATUTE, CONTRACT, TORT, OR ANY  OTHER THEORY OF LIABILITY, REGARDLESS OF WHETHER SUCH PARTY HAS BEEN ADVISED OF THE  POSSIBILITY OF SUCH DAMAGES, AND REGARDLESS OF WHETHER SUCH DAMAGES WERE FORESEEABLE. NOTWITHSTANDING THE FOREGOING, THIS SECTION 11.1 WILL NOT APPLY TO EITHER PARTYS  INDEMNIFICATION OBLIGATIONS UNDER SECTION 10 (INDEMNIFICATION).

www.onecarepm.com  

12.2 Limitation of Liability. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN  NO EVENT WILL EITHER PARTYS AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THIS  AGREEMENT (WHETHER ARISING UNDER STATUTE, CONTRACT, TORT, OR ANY OTHER THEORY OF  LIABILITY) EXCEED THE AMOUNTS ACTUALLY PAID BY CUSTOMER PURSUANT TO THE SOW UNDER  WHICH THE APPLICABLE CLAIM OR CAUSE OF ACTION AROSE DURING THE ONE (1)-YEAR PERIOD PRIOR TO  THE DATE ON WHICH SUCH CLAIM OR CAUSE OF ACTION AROSE. THE FOREGOING LIMITATIONS ARE  CUMULATIVE AND NOT PER INCIDENT AND WILL APPLY EVEN IF THE NONBREACHING PARTYS REMEDIES  UNDER THIS AGREEMENT FAIL OF THEIR ESSENTIAL PURPOSE. NOTWITHSTANDING THE FOREGOING, THIS  SECTION 11.2 WILL NOT APPLY TO: (A) EITHER PARTYS INDEMNIFICATION OBLIGATIONS UNDER  SECTION 10 (INDEMNIFICATION); OR (B) CUSTOMERS PAYMENT OBLIGATIONS HEREUNDER.  

  1. Term; Termination

13.1 Term. The term of this Agreement will commence upon the Effective Date and continue  thereafter until terminated as set forth in Section 12.2, provided that if at any time there has been no SOW  in effect hereunder for a period of at least one (1) consecutive year, then this Agreement will expire  automatically at the end of such one (1)-year period (such period, the “Term”). The term of each SOW  will be as set forth therein. 

13.2 Termination.  

(a) Termination for Breach In the event that either Party materially breaches any  provision of this Agreement or any SOW, the non-breaching Party may terminate the applicable SOW, or  this Agreement in its entirety, effective upon thirty (30) calendar days’ prior written notice to the  breaching Party, provided that such material breach remains uncured upon the expiration of such thirty  (30)-day period.  

(b) Termination for Insolvency. Either Party may terminate this Agreement in its  entirety, effective immediately upon written notice to the other Party, in the event that: (i) the other Party  files a petition in bankruptcy or for reorganization; (ii) a Third Party files a bankruptcy or reorganization  petition against such other Party which is not dismissed within sixty (60) calendar days; (iii) an  assignment is made by such other Party for the benefit of its creditors; or (iv) a receiver, trustee,  liquidator, or custodian is appointed with respect to all or a substantial part of such other Party’s assets.  

13.3 Effect of Termination or Expiration. Upon the termination of this Agreement in its  entirety, all SOWs hereunder will be deemed terminated. Upon the termination of this Agreement in its  entirety, or the expiration or termination of any SOW, then (except as otherwise expressly set forth  herein): (a) all rights and licenses granted by either Party thereunder will immediately terminate; and (b)  each Party will (i) cease all use of the other Party’s Confidential Information which as of such expiration  or termination no longer relates to any active SOW, and (ii) if requested, return or destroy the other  Party’s Confidential Information in accordance with Section 8.5.  

13.4 Survival. The provisions of Sections 1 (Definitions; Interpretation) (to the extent used in  other surviving provisions, 3 (Fees; Payment Terms), 4.1 (Use Restrictions), 7 (Intellectual Property),  8 (Confidentiality), 9.3 (Disclaimer of Warranties), 10 (Indemnification), 11 (Limitations of Liability),  12 (Term; Termination), and 13 (Miscellaneous) will survive any expiration or earlier termination of this  Agreement. Any payment obligations incurred prior to the expiration or earlier termination of this  Agreement or any SOW will survive such expiration or termination. 

www.onecarepm.com  

  1. Miscellaneous

14.1 Use of Name. Neither Party will use the other Party’s name or logo without such other  Party’s prior written consent. Notwithstanding the foregoing: (a) OneCarePCM may, without such  consent, use Customer’s name and logo for the sole purpose of identifying Customer as a customer of  OneCarePCM in OneCarePCM’s marketing and promotional materials; and (b) either Party may use the  other Party’s name, without such consent, to the extent necessary for such Party’s compliance with  Applicable Law, any listing requirements of a securities exchange applicable to such Party, or for such  Party’s bona fide regulatory purposes. 

14.2 Independent Contractors. The relationship of the Parties established by this Agreement is  that of independent contractors, and nothing contained in this Agreement will be construed to create a  joint venture or partnership between the Parties or to give either Party the power to act as agent for the  other or to enter into any agreement on behalf of the other Party. OneCarePCM may from time to time, in  its discretion, engage Third Parties to perform Services (each, a “Subcontractor”). 

14.3 Force Majeure. Each Party will be excused from any delay or failure in the performance of its obligations under this Agreement (other than payment obligations) if such delay or failure results  from any event beyond such Party’s reasonable control, including, acts of God, internet or  telecommunications breakdowns, utility or transmission failures, power failures, denial of service attacks,  acts of Governmental Authorities, acts of the public enemy, insurrections, riots, embargoes, pandemics or  epidemics, labor disputes (including strikes, lockouts, job actions or boycotts), fires, floods, or other  natural disasters (each, a “Force Majeure Event”). 

14.4 Assignment; Successors. Neither Party may assign this Agreement or its rights or  obligations hereunder without the other Party’s prior written consent, which consent will not be  unreasonably withheld. Notwithstanding the foregoing, either Party may, without such consent, assign  this Agreement and its rights and obligations hereunder in connection with the transfer or sale of all or  substantially all of its business, or in the event of its merger, consolidation, change in control or similar  transaction. This Agreement will be binding upon and inure to the benefit of the successors and permitted  assigns of the Parties. Any attempted assignment of this Agreement or any rights or obligations hereunder  in contravention of this Section 13.4 will be null and void ab initio.  

14.5 Notices.  

(a) Addresses. All notices related to this Agreement must be in writing, and  addressed: (i) if to OneCarePCM, as set forth below in this Section 13.5(a); (ii) if to Customer, to the  address set forth on the signature page to this Agreement; or (iii) to such other address as either Party may  instead reasonably designate by written notice to the other Party.  

Address for notices to OneCarePCM: J&J Companies, LLC (d/b/a OneCarePCM) Attn: Legal 

2012 S. Main Street, Suite 510  

Wake Forest, NC 27587  

info@ams-software.com 

(b) Delivery. All notices related to this Agreement must be delivered: (i) in person;  (ii) by nationally recognized overnight courier (e.g., FedEx); or (iii) by registered or certified mail,  postage prepaid, return receipt requested. All notices will be accompanied by a courtesy copy emailed to  the applicable Party (which email will not constitute notice). 

www.onecarepm.com  

(c) Receipt. Notices given in accordance with this Section 13.5 will be deemed to  have been properly given: (i) if delivered in person, when actually delivered; (ii) if delivered by nationally  recognized overnight courier, one (1) business day after the date sent; or (iii) if delivered by registered or  certified mail, postage prepaid, return receipt requested, three (3) business days after the date postmarked. 

14.6 Entire Agreement. This Agreement constitutes the entire agreement and understanding  between OneCarePCM and Customer, and supersedes all prior and contemporaneous agreements,  documents, and proposals, oral or written, between OneCarePCM and Customer.  

14.7 No Waiver; Remedies. A Party’s failure to exercise any of its rights under this  Agreement will not constitute or be deemed to constitute a waiver or forfeiture of such rights or of any  preceding or subsequent breach or default. Except as expressly stated herein, the remedies described in  this Agreement are cumulative, and are in addition to any other remedies that either Party may have at  law or in equity. 

14.8 Amendment. This Agreement (including, for the avoidance of doubt, any SOW) may not  be amended or modified except by the written consent of both Parties.  

14.9 Dispute Resolution; Governing Law; Forum Selection. This Agreement and any action  related thereto will be governed by, construed, and interpreted in accordance with the laws of the State of  North Carolina, USA, without regard to any choice of law principle that would dictate the application of  the law of another jurisdiction. The Parties hereby irrevocably consent to the exclusive jurisdiction and  venue of the state and federal courts sitting in Raleigh, North Carolina, which will be the sole forum  regarding any actions, suits, or other legal proceedings relating to this Agreement (except as set forth in  Section 8.6). EACH PARTY HEREBY IRREVOCABLY WAIVES ANY AND ALL RIGHT TO TRIAL BY JURY IN ANY  LEGAL PROCEEDING RELATING TO THIS AGREEMENT.  

14.10 Construction; Interpretation. All Exhibits hereto and all SOWs hereunder are hereby  incorporated into this Agreement by reference, and the term “Agreement” will be deemed to include all  such Exhibits and SOWs. This Agreement will be interpreted in accordance with its terms, without any  strict construction against or in favor of the drafting Party. The descriptive headings of this Agreement are  for convenience only, and will be of no effect in construing or interpreting any provision. As used in this  Agreement, the term “including” (or “includes”) will be deemed to mean “including without limitation”  (or “includes without limitations”), and the word “or” will be deemed to be disjunctive but not necessarily  exclusive. 

14.11 Severability. If any provision of this Agreement is held to be invalid or unenforceable by  a court of competent jurisdiction, then: (a) such invalidity or unenforceability will not affect the other  provisions of this Agreement; and (b) such invalid or unenforceable provision will be reformed as  necessary to make it valid and enforceable, in a manner that most closely approximates the original intent  of such provision.  

14.12 Signatures; Counterparts. Any documents to be signed by the Parties in connection with  this Agreement may be executed in counterparts, each of which will be deemed an original, but all of  which together will constitute one and the same instrument. Counterparts may be delivered via email in  “PDF” form with any electronic signature complying with the U.S. federal ESIGN Act of 2000 (e.g.,  DocuSign), or via other transmission method. 

www.onecarepm.com  

Exhibit A  

BUSINESS ASSOCIATE AGREEMENT 

This BUSINESS ASSOCIATE AGREEMENT (this “BAA”) is made and entered into in connection  with the Agreement by and between OneCarePCM (“Business Associate”), and Customer (“Covered  Entity”), and is hereby incorporated therein by reference. Capitalized terms used but not defined in this  BAA will have the meanings assigned in the Agreement.  

WHEREAS, under the Agreement, Business Associate may perform functions or activities regulated by the  Health Insurance Portability and Accountability Act (“HIPAA”) for or on behalf of Covered Entity the performance  of which may require Business Associate to create, receive, transmit, or maintain Protected Health Information in a  capacity other than part of Covered Entity’s Workforce as a “business associate” (as defined at 45 C.F.R. § 160.103);  and  

WHEREAS, to the extent the Services require Business Associate to act as a business associate to Covered  Entity, the Parties agree that this BAA sets forth the Parties intentions to comply with HIPAA and will apply to the  Services; and  

THEREFORE, in consideration of the Parties’ continuing obligations under the Agreement, compliance with  HIPAA, and for other good and valuable consideration, the receipt and sufficiency of which is hereby acknowledged,  and intending to be legally bound, the Parties agree to the provisions of this BAA.  

  1. Definitions 

Except as otherwise defined herein, any and all capitalized terms in this BAA shall have the  meanings ascribed to those terms in the HIPAA Rules or in the Agreement, as applicable.  

  1. HIPAA Rules” means the implementing regulations of HIPAA set forth at 45 C.F.R. Parts 160  and 164, Subpart A, C, D and E.  
  2. Security Rule” means the Security Standards for the Protection of Electronic Protected Health  Information set forth at 45 C.F.R. Parts 160 and 164, Subparts A and C.  
  3. Privacy Rule” means the requirements for the Privacy of Individually Identifiable Health  Information set forth at 45 C.F.R. Parts 160 and 164, Subparts A and E.  
  4. “Protected Health Information” or “PHI” shall have the same meaning as the term “protected  health information” in 45 C.F.R. § 160.103 and shall include Electronic Protected Health  Information (“ePHI”), except limited to the PHI Business Associate receives from or creates,  receives, transmits, or maintains on behalf of Covered Entity.  
  5. Business Associate Obligations  
  6. Permitted Uses and Disclosures. Business Associate expressly agrees that any and all uses or  disclosures of PHI by Business Associate will be done in accordance with the terms of this  BAA and applicable provisions of the HIPAA Rules. Unless otherwise limited herein, Business  Associate may: 
  7. Use and Disclose PHI in order to provide the Services and as otherwise permitted or  required under the Agreement and this BAA; 

A-1  

  1. Use and Disclose PHI to provide Data Aggregation services relating to the Health Care  Operations of Covered Entity;  
  2. Use or Disclose PHI as Required by Law;  
  3. Use and Disclose PHI as necessary for the proper management and administration of  Business Associate or to carry out its legal responsibilities, provided that as to any such  disclosure, the following requirements are met:  
  4. The disclosure is Required by Law; or  
  5. Business Associate obtains satisfactory assurances through a written agreement  with the other agents or parties to whom PHI is disclosed that it will be held  confidentially and used or further disclosed only as Required by Law or for the  purpose for which it was disclosed to the recipient; and 
  6. de-identify PHI as provided by 45 C.F.R. § 164.514, and use, disclose, modify, store and  otherwise process the resulting de-identified data for any purpose permitted by law.  
  7. Compliance with HIPAA. To the extent that Business Associate is to carry out any of Covered  Entity’s obligations under the Privacy Rule, Business Associate shall comply with the  applicable requirements of the Privacy Rule that apply to Covered Entity in the performance  of such obligations.  
  8. Availability of Books and Records. Business Associate shall cooperate with and make  available to the Secretary its internal practices, books, and records relating to the use and  disclosure of PHI for purposes of determining the Parties’ compliance with HIPAA.  
  9. Subcontractors. Business Associate agrees to ensure that any subcontractors or agents to whom  Business Associate provides PHI agree in writing to the same restrictions and conditions that  apply to Business Associate with respect to such PHI.  
  10. Impermissible Uses and Disclosures. Business Associate shall promptly report to Covered  Entity any use or disclosure of PHI of which Business Associate is aware and which is not in  compliance with the terms of this BAA. Business Associate shall report to Covered Entity any  Security Incident of which it becomes aware. Notwithstanding the foregoing, the Parties  acknowledge and agree that Business Associate shall not be required to report attempted but  unsuccessful Security Incidents that do not result in actual unauthorized access, use or  disclosure of Protected Health Information, and that this BAA constitutes notice to Covered  Entity that such unsuccessful Security Incidents (such as broadcast attacks on Business  Associate’s firewall, port scans, unsuccessful log-on attempts, or denial of service attacks) may  occur periodically.  

Business Associate shall, following the discovery of a Breach of Unsecured Protected Health  Information (“Breach”), notify Covered Entity of such Breach pursuant to 45 C.F.R. § 164.410.  Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is  known to Business Associate of a Breach, Security Incident, or any use or disclosure of  Protected Health Information by Business Associate or its agents or subcontractors in violation  of the requirements of this BAA.

A-2  

  1. Safeguards. Business Associate will implement reasonable and appropriate administrative,  technical, and physical safeguards as required by the Security Rule designed to prevent the use  or disclosure of PHI other than as permitted in this BAA.  
  2. Access. To the extent Business Associate maintains a Designated Record Set, Business  Associate agrees, upon written request from Covered Entity, to make such PHI available as  required for Covered Entity to meet its obligations under 45 C.F.R. § 164.524. Business  Associate will not respond directly to Individual requests for access to such information.  
  3. Amendment. To the extent Business Associate maintains a Designated Record Set, Business  Associate agrees, upon written request from Covered Entity, to make such PHI available for  amendment and incorporate any amendments to PHI as required for Covered Entity to meet its  obligations under 45 C.F.R. § 164.526. Business Associate will not respond directly to  Individual requests for amendments to such information. 
  4. Accounting of Disclosures. Business Associate agrees to document disclosures of PHI as  required by HIPAA. Business Associate further agrees to provide access to such information,  upon written request from Covered Entity, as would be required for Covered Entity to respond  to a request by an Individual for an accounting of disclosures of PHI in accordance with 45  C.F.R. § 164.528. Business Associate will not respond directly to Individual requests for such  accountings of disclosures. 
  5. Covered Entity Obligations 
  6. Permissions and Notices. Covered Entity represents, warrants, and covenants that it has  obtained and will continue to obtain all necessary authorizations, consents, releases, and  permissions to permit Business Associate to Use and Disclose PHI pursuant to this Agreement  and in order to provide the Services in compliance with all applicable laws, regulations, and  other governmental requirements and that it has provided, and will continue to provide,  appropriate notice to Individuals to permit Business Associate to Use and Disclose PHI  pursuant to this Agreement and in order to provide the Services in compliance with all  applicable laws, regulations, and other governmental requirements. Covered Entity shall notify Business Associate of any changes in, or revocation of the authorization, consent, release, or  permission by an Individual to Use or Disclose their PHI, to the extent that such changes may affect Business Associate’s Use or Disclosure of PHI. 
  7. Compliance with HIPAA. Covered Entity shall comply with all of its obligations under  HIPAA.  
  8. Instructions. Covered Entity will not request or cause Business Associate to make a Use or  Disclosure of PHI or take other actions in a manner that does not comply with HIPAA, any  other law, or this Agreement.  
  9. Notice of Privacy Practices. Covered Entity shall notify Business Associate of any limitations in the notice of privacy practices of Covered Entity under 45 C.F.R. § 164.520, to the extent that such limitation may affect Business Associate’s Use or Disclosure of PHI. 
  10. Restrictions on PHI Use and Disclosure. Covered Entity shall notify Business Associate of any restrictions on the Use or Disclosure of PHI that Covered Entity has agreed to or is required to abide by under 45 C.F.R. § 164.522, to the extent that such restriction may affect Business  Associate’s Use or Disclosure of PHI.

A-3  

  1. Term And Termination 
  1. The term of this BAA shall begin as of the Effective Date written above and shall terminate  upon the termination or expiration of the Agreement.  
  2. Notwithstanding anything in this BAA to the contrary, Covered Entity shall have the right to  terminate this BAA if Covered Entity determines that Business Associate has violated any  material term of this BAA and Business Associate has not cured or ended the violation within  ninety (90) days following Covered Entity’s written notice to Business Associate of the  violation.  
  3. Upon termination, Business Associate will return or destroy all PHI that Business Associate still maintains in any form, inclusive of PHI in the possession of Business Associate’s agents  or subcontractors, and retain no copies of such information to the extent feasible. If such return  or destruction is infeasible, Business Associate shall extend the protections of this BAA to the  information and limit further uses and disclosures to those purposes that make the return or  destruction infeasible.  
  4. Miscellaneous 
  5. Third Party Beneficiaries. Nothing express or implied in this BAA conveys or is intended to  convey any rights, remedies, obligations, or liabilities to any party other than Covered Entity  and Business Associate or their respective successors or assigns. 
  6. Amendment. This BAA may be amended or modified only in a writing signed by the Parties.  In addition, in the event a Party believes in good faith that any provision of this BAA fails to  comply with the then-current requirements of HIPAA, such Party shall notify the other Party  in writing. The Parties agree to take such action as is necessary to amend this BAA from time  to time as is necessary for compliance with the requirements of HIPAA. 
  7. Independent Contractor Status. None of the provisions of this BAA are intended to create, nor  will they be deemed to create, any relationship between the Parties other than that of  independent parties contracting with each other solely for the purposes of effecting the  provisions of this BAA and any other agreements between the Parties evidencing their business  relationship.  
  8. Governing Law. This BAA will be governed by the laws of the State of North Carolina, without  regard to principles of conflicts of laws.  
  9. Waiver. No change, waiver or discharge of any liability or obligation hereunder on any one or  more occasions shall be deemed a waiver of performance of any continuing or other obligation,  or shall prohibit enforcement of any obligation, on any other occasion.  
  10. Conflict. This BAA forms part of and will be subject to the terms of the Agreement,  including the limitations and exclusions of liability set forth therein, provided that in the  event of a conflict between the provisions of this BAA and the Agreement or any other  documentation of the arrangement(s) pursuant to which Business Associate provides Services  to Covered Entity, the provisions of this BAA will control to the extent necessary for the  Parties to comply with HIPAA. The provisions of this BAA will be interpreted to permit  compliance by the Parties with HIPAA. 

A-4  

  1. Survival. In the event that any provision of this BAA is held by a court of competent jurisdiction  to be invalid or unenforceable, the remainder of the provisions of this BAA will remain in full  force and effect.  
  2. Interpretation. In the event of an inconsistency between the provisions of this BAA and  mandatory provisions of the HIPAA Rules, the HIPAA Rules shall control. 

A-5  

Submit support request for AMS, Doctors Access, MARS, or OneCare