Customer Platform Agreement

Customer Platform Agreement

You and Your Company (“Customer”) agree to this Customer Platform Agreement comprising of the following Terms, Conditions and Business Associate Agreement (“BAA”), where the BAA is applicable, with SkedgeAlert, Inc., a Washington corporation (“SkedgeAlert”).

 

Recitals


SkedgeAlert facilitates scheduling appointments between service providers and their clients, using web or mobile applications, messaging, texting and other communication technologies (the “Platform”). Customer desires to utilize the Platform, in accordance with the terms of this Agreement.

 

Terms and Conditions

 

  1. Definitions. In addition to capitalized terms defined elsewhere in this Agreement, capitalized terms used in this Agreement shall have the following meanings:

    1. “Alert” is a singular scheduling request for a specific appointment date, time, and location sent by the Customer utilizing the Platform.

    2. “Authorized Person” is an individual who has been authorized by Customer and approved by SkedgeAlert to access and use the Platform on behalf of Customer in accordance with the terms of this Agreement. Customer’s Authorized Person(s) may include, but are not limited to, Customer’s employees, consultants, contractors and agents.  

    3. “BAA” is the Business Associate Agreement attached as APPENDIX A to this Agreement.

    4. “Client” is a client of Customer who has created a user account on the Platform. 

    5. “Client Information” means information, including personally identifiable information, that a Client may share with Customer or SkedgeAlert.

    6. “Confirmed Appointment” means each appointment for which a Client has requested and confirmed a single appointment Alert. A Confirmed Appointment occurs on the date of appointment confirmation and not on the date of appointment.

    7. “Connection”, “Connected” is the functionality that, with the approval of both a specific Client and Customer, allows for the communication and sharing of Customer Data and Client Information between Customer and Client. This functionality will cease to be available in the event that the Connection is terminated. 

    8. “Customer” is the entity that has entered into this Agreement. 

    9. “Customer Data” means all electronic data or information provided by Customer (i) to SkedgeAlert, by any means or (ii) to Clients utilizing the Platform. Customer Data may include Client Information. 

    10. “Customer’s Trademarks” means the trademarks, service marks, service or trade names, logos, and other proprietary designations of Customer.

    11. “Effective Date” means the date Customer signs up for a SkedgeAlert Plan and agrees to this Customer Platform Agreement.

    12.  "Feedback” means any ideas, feedback, suggestions, enhancement requests, recommendations or inventions which Customer or its Authorized Person(s) create or contribute in part or in whole towards the Platform.

    13. “Fees” means the fees set forth on the SkedgeAlert website for the applicable Plan. The Plan may include a Trial Period.

    14. HIPAA means the Health Insurance Portability and Accountability Act of 1996, as amended.

    15. “Malicious Code” means any program, routine, device, or other feature, including without limitation, a so-called time bomb, automatic shut-down, virus, software lock, drop dead device, malicious logic, worm, Trojan horse or trap or back door, or any other harmful code or device which (i) is designed to delete, disable, deactivate, provide unauthorized access, interfere with, or otherwise harm any software, program, data, device, system or service; (ii) is intended to provide unauthorized access or to produce unauthorized modifications; or (iii) causes any software or system, or portion thereof, to be erased, to become inoperable or otherwise incapable of being used in the full manner for which it was designed and licensed for any reason.

    16. “Plan” means the type of SkedgeAlert services available for the Customer to subscribe to.

    17. “Platform” means the website, computer networks, servers, APIs and other data and information and technology provided or made available by SkedgeAlert to enable Customers and Clients to establish Connections and schedule and manage appointments using web or mobile applications, messaging, texting and other communication technologies.

    18. “Provider” means an individual who provides a service to a Client on behalf of Customer. Provider includes, but is not limited to, a physician, nurse practitioner, therapist, technician, specialist or other health care provider. It also includes many types of non-health care providers.

    19. “Renewal Date” means the date each month that the Agreement automatically renews for a period of 1 (one) additional month (“month-to-month”). It is the same date each month (monthly anniversary) as the original Effective Date.

    20. “SkedgeAlert Data” means all electronic data or information provided by SkedgeAlert on or through the Platform.

    21. “Trial Period” means a period of time during which SkedgeAlert’s services are offered for no charge.

  2. SkedgeAlert Platform

    1. Right of Access.  Subject to the terms of this Agreement, SkedgeAlert grants to Customer a limited, non-exclusive right during the Term to access and use the Platform in the manner permitted by this Agreement. Customer may access and use the Platform only through the means SkedgeAlert designates and only in accordance with the policies and procedures SkedgeAlert designates for use of the Platform. No rights are granted to Customer other than those expressly set forth in this Agreement.  

    2. Permitted Use of Platform. Customer will use the Platform for the purpose of scheduling appointments between Clients and Customer and also for maintaining Customer’s appointment calendar.

    3. Customer Data. Customer owns all Customer Data and/or has all necessary rights to utilize the Customer Data and Client Information as set forth in this Agreement. Customer is responsible for obtaining all legally required consents from Clients necessary for sharing Customer Data and Client Information with SkedgeAlert in compliance with applicable laws. Customer grants SkedgeAlert a non-exclusive, royalty-free, sublicensable, and transferable license to use, reproduce, distribute, create derivative works of, display, and perform the Customer Data for the purpose of operating, providing and developing the Platform, including the right to track and record usage patterns, trends, and other statistical data related to Customer’s use of the Platform.  Customer is fully responsible for backing up the Customer Data. SkedgeAlert shall have no responsibility to use, disclose, store, retain, maintain, protect, update, amend, destroy or delete Customer Data for any reason or to any person or entity, including Customer or Clients; and SkedgeAlert shall have the absolute right to retain, store, transmit, modify, delete, destroy, anonymize, and otherwise manipulate the Customer Data, in SkedgeAlert’s sole discretion, and without notice to Customer. SkedgeAlert may delete or retain any Customer Data that remains on the Platform after this Agreement terminates.

    4. Customer’s Responsibilities. Customer agrees that it is solely responsible for (i) preserving its legal status and providing SkedgeAlert evidence thereof on request; (ii) compliance with the terms of this Agreement by Customer’s Authorized Persons, vendors and subcontractors and all actions and omissions of its Authorized Persons, vendors and subcontractors under this Agreement; (iii) the accuracy, quality, integrity and legality of Customer Data and keeping the Customer Data complete, accurate, and up to date; (iv) using commercially reasonable efforts to prevent unauthorized access to or use of the Platform; (v) using the Platform in accordance with the terms of this Agreement; (vi) providing all software programs or services or equipment or labor which Customer uses in connection with access or use of the Platform at Customer’s sole cost; (vi) ensuring that Customer has all necessary rights to software programs or services that Customer uses in connection with the Platform, and that such activities do not and will not infringe the intellectual property or other proprietary rights of any third party;  (vii) protecting access to the Platform by Authorized Person(s) including the adequate protection of  passwords, login credentials, and devices; (viii) ensuring Customer applications and any software or services used in conjunction with the Platform are current with the latest security patches or updates; and (ix) complying with all applicable laws and regulations with respect to its use of the Platform. 

    5. Restrictions.  Without limiting the foregoing, Customer may not with respect to the Platform: (i) allow access or use by anyone other than its Authorized Person(s); (ii) send information on behalf of a third party (other than a Client) or directly or indirectly offer or provide the Platform as a service to third parties (other than Clients);  (iii) store or transmit material that is infringing, libelous, otherwise unlawful or tortuous, or that violates third-party privacy rights; (iv) provide identification, password or other information of it or its Authorized Person(s), to any service that, as determined by SkedgeAlert in its sole discretion, scrapes, crawls, data-mines, or otherwise uses such information; (v) interfere with or disrupt the integrity or performance of the Platform or any third-party data contained therein; (vi) attempt to gain unauthorized access to the Platform; (vii) store or transmit any Malicious Code; (viii) post or distribute any updates, advertisements, or other information or send any information through the Platform that  denigrates, or discourages the use thereof, or promotes or solicits the use of services that are an alternative to or compete therewith (whether Customer’s or a third party’s); (ix) reproduce, reverse engineer, distribute, publish, transmit, modify, adapt, translate, sell, resell, rent, lease license, or otherwise commercially exploit the Platform or any part thereof; (x) copy, frame, or mirror any part or content of the Platform (other than copying or framing on Customer’s own internal networks or otherwise for Customer’s own internal business purposes); (xi) access the Platform to, whether directly or indirectly, build or develop or assist with the building or developing of a competitive product or service or copy any features, functions or graphics thereof; or (xii) remove, obscure, or alter any notice of any trademarks, service marks, service or trade names, logos, and other proprietary designations of SkedgeAlert.

  3. Authorized Persons, Account Security

    1. Customer will agree upon a list of Customer’s agents who are authorized to utilize the Platform (“Authorized Person(s)”). Customer’s Authorized Person(s) may include, but are not limited to Customer’s employees, consultants, contractors and agents, duly approved by Customer to utilize the Platform. Customer may add and/or replace Authorized Person(s).

    2. Each Authorized Person will establish a user account within the Platform and create a unique user identification and password.  Authorized Person(s) cannot share user identifications or passwords. Customer is responsible for all acts and omissions of its Authorized Person(s). Customer and its Authorized Person(s) will provide accurate, current and complete information about Customer and its Authorized Person(s) in any registration, forms, or other communication provided to SkedgeAlert, and will keep such information current and complete at all times.  Customer shall maintain the security of Customer’s and its Authorized Person(s) usernames, passwords and other similar information. Customer will promptly notify SkedgeAlert if Customer discovers or otherwise suspects any security breaches with respect to its Authorized Person(s), including any unauthorized use or disclosure of a username or password.

    3. Customer understands that any person with the usernames, passwords or similar information of Customer or its Authorized Person(s) may be able to access the Platform, including Customer Data and other confidential information. 

  4. Fees

    1. Fees.  Customer shall pay Fees in accordance with the terms of this Agreement and the then current pricing on the website. This may or may not include a free Trial Period. The Customer’s Fees are subject to change. SkedgeAlert will provide Customer with thirty (30) days prior notice for each subsequent change to the Fees.

    2. Payment Terms.  Amounts payable to SkedgeAlert under this Agreement are billed and paid for, in advance. Terms or conditions accompanying any purchase order created by Customer shall have no effect and shall not be binding on SkedgeAlert unless separately agreed to by SkedgeAlert in writing.

    3. Termination for Failure to Pay.  If any Fees payable are not received from Customer within fourteen (14) days of billing, then at SkedgeAlert’s discretion, (a) such charges may accrue late interest at the rate of 1.0% of the outstanding balance per month, or the maximum rate permitted by law, whichever is lower, from the date such payment was due until the date paid, and/or (b) SkedgeAlert may terminate or otherwise suspend Customer’s access to and use of the Platform until such Fees are paid in full, and/or (c) SkedgeAlert may condition future use of the Platform on payment terms shorter than those specified herein.

    4. Payment Disputes.  SkedgeAlert shall not exercise its rights under the preceding section if (a) the applicable Fees are under reasonable and good-faith dispute; (b) all Fees due that are not under dispute are paid in full; and (c) Customer is cooperating diligently to resolve the dispute.

    5. Taxes.  SkedgeAlert shall invoice and Customer shall be responsible for all taxes, levies, duties or similar governmental assessments of any nature, including but not limited to value-added, sales, use or withholding taxes, assessable by any local, state, or federal jurisdiction. Customer will be responsible for all costs and expenses incurred by Customer in association with this Agreement and accessing and using the Platform. SkedgeAlert shall be responsible for all taxes based on SkedgeAlert’s income, property or employees.  

    6. Renewals. The Plan the Customer is currently subscribed to will automatically renew at the end of the initial term, on the Renewal Date, for additional periods of one (1) month each (“month-to-month”). For Customers who would like to change to a different plan, which may amount to a difference in price, they should email SkedgeAlert at contactus@skedgealert.com.  

  5. Intellectual Property and Proprietary Rights

    1. Ownership; Reservation of Rights. SkedgeAlert owns all SkedgeAlert Data, the Platform, and, subject to the limited rights granted in this Agreement, reserves all right, title and interest in and to the Platform, including, without limitation, all Platform technology, content, features, design, trade secrets, patents, trademarks, copyrights and other intellectual property and proprietary rights. Customer agrees to claim no ownership or control over the Platform or SkedgeAlert Data.

    2. Feedback. Any ideas, feedback, suggestions, enhancement requests, recommendations or inventions which Customer or its Authorized Person(s) create or contribute in part or in whole towards the Platform (collectively, “Feedback”) shall be considered work(s) made for hire for SkedgeAlert and shall belong exclusively to SkedgeAlert.  If by operation of law, any of the Feedback, including all related intellectual property rights, are not owned in their entirety by SkedgeAlert automatically upon creation thereof, then Customer agrees to assign, and hereby assigns to SkedgeAlert, by the execution of this Agreement, the ownership of such Feedback, including all of Customer and its Authorized Person(s)’ rights, title and interest in and to the Feedback, including all copyrights, inventions, patents, and related intellectual property rights. If the foregoing conveyance of title or ownership to the Feedback, in part or in whole, is not possible for any reason, then Customer hereby grants to SkedgeAlert a royalty-free, worldwide, transferable, sublicensable, irrevocable, perpetual license to use or incorporate into the Platform and otherwise fully commercially exploit any and all Feedback.  The rights granted in this paragraph are absolute, irrevocable, world-wide and survive any termination of this Agreement.  Customer agrees that SkedgeAlert may contact and communicate with Customer and Clients to solicit feedback regarding the Platform.

    3. Use of Customer’s Trademarks; Marketing. Customer hereby grants to SkedgeAlert a limited revocable, royalty-free, worldwide license to use the Customer’s trademarks, service marks, service or trade names, logos, and other proprietary designations of Customer, (collectively “Customer’s Trademarks”), as follows: SkedgeAlert will incorporate Customer’s Trademarks into the Platform and into messages, communications, and correspondence with Customer and Clients. In addition, Customer authorizes SkedgeAlert to represent, market, and advertise Customer’s use of the Platform to third parties.

  6. Confidentiality; HIPAA; Privacy; Security; Communication

    1. Confidential Information.  “Confidential Information” of SkedgeAlert or of Customer means (a) non-public information, whether verbal or written, disclosed between the parties and relating to the parties’ research, design and development of software, source code, business plans, strategies, financial  strategies and plans, financial information, research and development and marketing, including, without limitation, trade secrets, software, source code, product design information, target clients, target customers, vendors and potential client lists, prices and pricing policies, research and development materials, prototypes, business plans, new products and services under development, and marketing, business and internet strategies; or (b) information which is designated as “confidential”. Confidential Information does not include information that (i) is, or becomes, publicly available without a breach of this Agreement; (ii) was lawfully known to the receiver of the information without an obligation to keep it confidential; (iii) is received from another source who can disclose it lawfully and without an obligation to keep it confidential; or (iv) is independently developed without reliance on the Confidential Information of the other party.  During and after the Term of this Agreement, neither party will use or disclose the other’s Confidential Information, except to its employees, contractors, advisors, or consultants who have a need for such access consistent with the purposes of this Agreement and who are under an obligation to maintain its confidentiality no less stringent than the terms of this Section 6.1.  Each party shall use at least the same degree of care that it uses to protect the confidentiality of its own Confidential Information of like kind (but in no event less than reasonable care) in protecting the other party’s Confidential Information.  Either party may disclose the other’s Confidential Information if required to do so to comply with a court order or other government demand that has the force of law, provided that before disclosure that party must seek the highest level of protection available and provide the other party with reasonable notice to seek a protective order. Each party shall be entitled to, in addition to all other rights and remedies available at law or in equity, specific performance and injunctive relief requiring the other party to comply with the terms of this Section 6.1.

    2. Business Associate Agreement (Only applicable for businesses required to be HIPAA Compliant). The parties agree that the transfer, use and processing of Protected Health Information is governed by the Business Associate Agreement attached as Appendix A to this Agreement.

    3. Privacy - Client Information. SkedgeAlert’s use and disclosure of Client Information is governed by SkedgeAlert’s Consumer Terms of Service available at https://www.skedgealert.com/tos/ as well as SkedgeAlert’s Privacy Policy available at https://www.skedgealert.com/privacy/. Customer acknowledges, that in order for Clients to register for and utilize the Platform, Clients must separately agree to SkedgeAlert’s Consumer Terms of Service and Consumer Privacy Policy.  Customer agrees to update its privacy related notices and policies to reflect the use of Client Information permitted in the SkedgeAlert Consumer Privacy Policy.  

    4. Security.  SkedgeAlert agrees that the Platform will use industry standard security measures.  Nevertheless, SkedgeAlert has no control over and makes no warranty as to the security and privacy of the devices and systems utilized by Customer and its Clients to utilize the Platform. Customer assumes all risks associated with the unauthorized use or disclosure of Customer Data or Client Information, resultant from Customer or its Clients’ failure to maintain appropriate security systems and privacy settings on their systems or devices utilized to access the Platform. Customer further agrees and acknowledges that use of the Platform may involve Customer and Clients sending and receiving text messages. Customer assumes the risk that Customer Data and Client Information may be compromised or unintentionally disclosed because of the lack of encryption technology available with text messages.  

    5. Communication with Client. Customer authorizes SkedgeAlert to directly communicate with its Clients by e-mail, phone, mobile application, web-application, texting and SMS/SNS messaging for the purpose of registering Clients on the Platform, scheduling Client appointments, obtaining Client feedback, and as otherwise set forth in this Agreement and the BAA, where the BAA is applicable. Customer expressly acknowledges and warrants that it has obtained necessary and lawful consent from its Clients authorizing SkedgeAlert to communicate with its Clients as set forth above.  Customer acknowledges and agrees that, as part of the communication authorized herein, SkedgeAlert is expressly authorized to represent itself as Customer’s agent acting on Customer’s behalf for the purpose of registering Clients on the Platform, scheduling Client appointments, and obtaining Client feedback. In doing so, SkedgeAlert may send communications (by e-mail, phone, mobile application, web-application, texting and SMS/SNS messaging) which identify Customer as the ‘sender’ and originator of said communication, sent by SkedgeAlert, on Customer’s behalf. 

  7. Warranties and Disclaimer

    1. Mutual Warranties. Each party represents and warrants that it has the legal power to enter into this Agreement and to perform its obligations as contemplated by this Agreement.

    2. Disclaimer. EXCEPT AS EXPRESSLY PROVIDED HEREIN, NEITHER PARTY MAKES ANY WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, AND EACH PARTY SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES, INCLUDING ANY WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, WARRANTIES TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW.

  8. Indemnification

    1. Each party (the “Indemnifying Party”) shall indemnify and hold harmless the other party, its officers, directors, employees, agents and representatives (each, an “Indemnified Party”) from and against any and all third party damages, costs, judgments, penalties and expenses of any kind (including reasonable legal fees and disbursements) (a “Claim”) that may be obtained against or suffered by an Indemnified Party as a result of the gross negligence or intentional misconduct of the Indemnifying Party or any breach by an Indemnifying Party of any of its representations, warranties, covenants or obligations set forth in this Agreement.  

  9. Limitation of Liability

    1. Limitation of Liability. EXCEPT FOR A PARTY’S BREACH OF ITS OBLIGATIONS REGARDING INTELLECTUAL PROPERTY RIGHTS, CONFIDENTIAL INFORMATION OR WITH RESPECT TO INDEMNIFICATION CLAIMS, IN NO EVENT SHALL EITHER PARTY’S AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT, WHETHER IN CONTRACT, TORT OR UNDER ANY OTHER THEORY OF LIABILITY, EXCEED $100.

    2. Exclusion of Consequential and Related Damages. EXCEPT FOR A PARTY’S BREACH OF ITS OBLIGATIONS REGARDING INTELLECTUAL PROPERTY RIGHTS, CONFIDENTIAL INFORMATION OR WITH RESPECT TO INDEMNIFICATION CLAIMS, IN NO EVENT SHALL EITHER PARTY HAVE ANY LIABILITY TO THE OTHER PARTY FOR ANY LOST PROFITS OR REVENUES OR FOR ANY INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, COVER OR PUNITIVE DAMAGES HOWEVER CAUSED, WHETHER IN CONTRACT, TORT OR UNDER ANY OTHER THEORY OF LIABILITY, AND WHETHER OR NOT THE PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THE FOREGOING DISCLAIMER SHALL NOT APPLY TO THE EXTENT PROHIBITED BY APPLICABLE LAW.

  10. Term and Termination

    1. Term of Agreement. The initial term (“Term”) of this Agreement shall be 3 months from the Effective Date.   The Plan will automatically renew, on the Renewal Date, for additional periods of one (1) month, unless the Customer notifies SkedgeAlert that they would like to terminate or change to a different Plan.

    2. Termination for Cause. This agreement may be terminated if either party has violated a material term of this Agreement and that party has not cured the breach or ended the violation within a reasonable time. Upon termination, all unpaid Fees due and owing to SkedgeAlert will be invoiced and paid by Customer upon invoice. 

    3. Termination. For Customers who would like to cancel their current Plan, they should email SkedgeAlert at contactus@skedgealert.com, giving 20 days’ notice prior to the end of the initial term or any subsequent one-month renewal terms. If less than 20 days’ notice is given, the Plan will automatically renew for another month, on the next Renewal Date. In such circumstances, the Customer’s access to the Platform will continue through the end of that additional month.

      1. Otherwise, there is no termination allowed for customers, with the exception of Sections 4.3 and 10.2 above. 

      2. Once Termination occurs, no refunds are provided.

    4. Surviving Provisions. All provisions which are intended to survive termination or expiration of this Agreement, shall so survive.

    5. Suspension of Customer’s Account. Without limiting any rights of SkedgeAlert hereunder, SkedgeAlert may, with or without prior notice to Customer, immediately suspend Customer’s access and use of the Platform when: (a) Customer breaches any of Customer’s responsibilities, representations or warranties under this Agreement; (b) Customer uses or attempts to use the Platform in any manner that does not comply with this Agreement; or (c) SkedgeAlert believes suspension is in the best interests of the Platform, Customers or Clients. SkedgeAlert will notify Customer of any such suspension and will work in good faith with Customer to resolve the issue which resulted in suspension.  

  11. General Provisions

    1. Governing Law; Dispute Resolution. This Agreement shall be construed and controlled by the laws of the State of Washington, without giving effect to any choice or conflict of law provision or rule. Each party consents to exclusive jurisdiction and venue by the courts sitting in Pierce County, Washington for any dispute arising out of this Agreement. In the event of a dispute pertaining to this Agreement, each party agrees to attempt to negotiate in good faith an acceptable resolution. If a resolution cannot be negotiated, then each party agrees to submit the dispute to voluntary non-binding mediation before pursuing other remedies. In the event that any legal or administrative proceeding is brought by a party under this Agreement, the prevailing party shall be entitled to recover its reasonable attorneys’ fees and court costs from the non-prevailing party.

    2. Severability.  If any provision of this Agreement is held to be unlawful, void, or for any reason unenforceable, that provision will be deemed severable and will not affect the validity and enforceability of the remaining provisions. 

    3. No Waiver.  No failure or delay by a party in exercising any right, power or privilege under this Agreement shall operate as a waiver thereof. 

    4. Notices.  Customer agrees that all notices and other communications under this Agreement may be sent to Customer by e-mail to the email address provided by Customer or by delivery of the notice via the Platform.  Customer may provide notices to SkedgeAlert at contactus@skedgealert.com with a copy delivered to 2522 N. Proctor #273, Tacoma, WA 98406.

    5. No Agency.  The parties are independent contractors. This Agreement does not create a partnership, franchise, joint venture, agency, fiduciary or employment relationship between the parties.

    6. No Third-Party Beneficiaries. There are no third-party beneficiaries to this Agreement.

    7. Assignment. Neither party may assign any of its rights or obligations hereunder, whether by operation of law or otherwise, without the prior written consent of the other party (not to be unreasonably withheld). Notwithstanding the foregoing, either party may assign this Agreement in its entirety, without consent of the other party, in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of its assets.  Subject to the foregoing, this Agreement shall bind and inure to the benefit of the parties, their respective successors and permitted assigns.

    8. Entire Agreement; Amendments. This Agreement constitutes the entire agreement between the parties and supersedes all prior and contemporaneous agreements, proposals or representations, written or oral, concerning its subject matter. Except as otherwise set forth in this Agreement, no modification, amendment, or waiver of any provision of this Agreement shall be effective unless in writing and either signed or accepted electronically by the party against whom the modification, amendment or waiver is to be asserted.

 

Last Updated: November 14, 2022

 

Appendix A

Business Associate Agreement

This Business Associate Agreement (“Agreement”) is between SkedgeAlert (“business associate”) and Customer, (“covered entity”); (individually, a ‘party’, collectively the “parties”).

The parties agree that use of the Platform involves the Protected Health Information (“PHI”) of one or more Covered Entities and this Appendix addresses how PHI will be handled in connection with the use of the Platform. Any capitalized terms used but not defined in this Appendix will have the meaning set forth in the Agreement or HIPAA, as applicable.

  1. General

    1. Effect. The terms and provisions of this Agreement will supersede any conflicting or inconsistent terms and provisions of the Agreement to the extent of such conflict or inconsistency.

    2. HIPAA Amendments. Any future amendments to HIPAA affecting business associate agreements are hereby incorporated by reference into this Appendix, effective on the later of the effective date of this Appendix or such subsequent date as may be specified by HIPAA.

    3. No Third-Party Beneficiaries. The parties have not and do not intend to create by this Appendix any third-party rights, including third-party rights for Covered Entities’ patients or insureds.

 

  1. Obligations of SkedgeAlert

    1. Use and Disclosure of PHI. SkedgeAlert may use and disclose PHI as permitted or required under this Appendix or the Agreement, or as Required by Law, but will not otherwise use or disclose any PHI. SkedgeAlert will not use or disclose PHI in any manner that would constitute a violation of HIPAA. To the extent SkedgeAlert carries out any of Business Associate’s or the Covered Entities’ obligations under the HIPAA privacy standards, SkedgeAlert will comply with the requirements of the HIPAA privacy standards that apply to Customer or the Covered Entities (as applicable) in the performance of such obligations. Without limiting the generality of the foregoing, SkedgeAlert is permitted to use or disclose PHI as set forth below:

      1. SkedgeAlert may use PHI internally for SkedgeAlert’s proper management and administrative services or to carry out its legal responsibilities;

      2. SkedgeAlert may disclose PHI to a third party for SkedgeAlert’s proper management and administration, provided that the disclosure is required by Applicable Law or SkedgeAlert obtains reasonable assurances from the third party to whom the PHI is to be disclosed that the third party will (1) protect the confidentiality of the PHI, (2) only use or further disclose the PHI as required by Applicable Law or for the purpose for which it was disclosed to the third party and (3) notify Customer of any instances of which the third party is aware in which the confidentiality of the PHI has been breached;

      3. SkedgeAlert may use PHI to provide Data Aggregation services relating to the Health Care Operations of Customer or the Covered Entities if required or permitted under the Agreement;

      4. SkedgeAlert may use PHI to create Limited Data and to use and disclose such Limited Data Sets for Research, public health, or Health Care Operations as permitted by 45 C.F.R. § 164.514(e)(3) and (4);

      5. SkedgeAlert may use PHI to create de-identified health information in accordance with the HIPAA de-identification requirements. SkedgeAlert may disclose de-identified health information for any purpose permitted by Applicable Law.

    2. Safeguards. SkedgeAlert will use appropriate physical, technical, and administrative safeguards to (i) prevent the use or disclosure of PHI other than as permitted or required by this Appendix, and (ii) that reasonably and appropriately protect the confidentiality, integrity and availability of   Electronic PHI that SkedgeAlert creates, receives, maintains or transmits on behalf of Customer or the Covered Entities. SkedgeAlert will comply with the HIPAA Security Rule with respect to Electronic PHI.

    3. Minimum Necessary Standard. To the extent required by the “minimum necessary” requirements of HIPAA, SkedgeAlert will only request, use and disclose the minimum amount of PHI necessary to accomplish the purpose of the request, use or disclosure.

    4. Mitigation. SkedgeAlert will take reasonable steps to mitigate, to the extent practicable, any harmful effect (that is known to SkedgeAlert) of a use or disclosure of PHI by SkedgeAlert in violation of this Agreement.

    5. Subcontractors. SkedgeAlert will enter into a written agreement meeting the requirements of 45 C.F.R. §§ 164.504(e) and 164.314(a)(2) with each Subcontractor (including, without limitation, a Subcontractor that is an agent under Applicable Law) that creates, receives, maintains or transmits PHI on behalf of SkedgeAlert. SkedgeAlert will ensure that the written agreement with each Subcontractor obligates the Subcontractor to comply with restrictions and conditions that are at least as restrictive as the restrictions and conditions that apply to SkedgeAlert under this Appendix.

    6. Reporting Requirements.

      1. If SkedgeAlert becomes aware of a use or disclosure of PHI in violation of this Agreement by SkedgeAlert or a third party to which SkedgeAlert disclosed PHI, SkedgeAlert will report the use or disclosure to Customer within ten (10) business days of discovery.

      2. SkedgeAlert will report any Security Incident involving Electronic PHI that is not an Unsuccessful Security Incident (as defined below) of which SkedgeAlert becomes aware within five (5) business says of discovery. SkedgeAlert hereby notifies Customer of pings and other broadcast attacks on a firewall, denial of service attacks, port scans, unsuccessful login attempts, interception of encrypted information where the encryption key is not compromised, and other Unsuccessful Security Incidents. SkedgeAlert will provide additional information about Unsuccessful Security Incidents on a reasonable basis, if requested by Customer. If the HIPAA security regulations are amended to remove the requirement to report Unsuccessful Security Incidents, the requirement hereunder to report Unsuccessful Security Incidents will no longer apply as of the effective date of the amendment. “Unsuccessful Security Incident” means a Security Incident that does not involve unauthorized access, use, disclosure, modification or destruction of Electronic PHI or interference with an Information System in a manner that poses a material threat to the confidentiality, integrity, or availability of the Electronic PHI.

      3. SkedgeAlert will, following the discovery of a Breach of PHI, notify Customer of the Breach in accordance with 45 C.F.R. § 164.410 without unreasonable delay and in no case later than five (5) business days after discovery.

    7. Accounting of Disclosures. Within fifteen (15) business days of notice by Customer to SkedgeAlert that it has received a request for an accounting of disclosures of PHI (other than disclosures to which an exception to the accounting requirement applies), SkedgeAlert will make available to Customer such information as is in SkedgeAlert’s possession and is required for Customer and Covered Entity to make the accounting required by 45 C.F.R. §164.528. If SkedgeAlert receives a request for an accounting directly from an Individual, SkedgeAlert will forward such request to Customer within ten business days. Customer will have the sole responsibility to provide an accounting of disclosures to Covered Entity and the Individual.

    8. Availability of Books and Records. SkedgeAlert will make its internal practices, books and records relating to the use and disclosure of PHI received from, or created or received by SkedgeAlert on behalf of, Customer or the Covered Entities available to the Secretary for purposes of determining Customer’s compliance with HIPAA.

  2. Obligations of Customer

    1. Permissible Requests. Customer will not request SkedgeAlert to use or disclose PHI in any manner that would not be permissible under HIPAA if done directly by Customer (except as expressly provided in this Appendix).

    2. Minimum Necessary PHI. When Customer discloses PHI to SkedgeAlert, Customer will provide the minimum amount of PHI necessary for the accomplishment of SkedgeAlert’s purpose.

    3. Permissions; Restrictions. Customer warrants that it has obtained and will obtain any consents, authorizations and/or other legal permissions required under HIPAA and other Applicable Law for the disclosure of PHI to SkedgeAlert. Customer will notify SkedgeAlert of any changes in, or revocation of, the permission by an Individual to use or disclose his or her PHI, to the extent that such changes may affect SkedgeAlert’s use or disclosure of PHI. Customer will not agree to any restriction on the use or disclosure of PHI under 45 C.F.R. § 164.522 that restricts SkedgeAlert’s use or disclosure of PHI under the Agreement or this Agreement unless such restriction is Required by Law or SkedgeAlert grants its written consent, which consent will not be unreasonably withheld.

    4. Notice of Privacy Practices. Customer will notify SkedgeAlert of any limitation in a Covered Entity’s notice of privacy practices that may have the effect of limiting SkedgeAlert’s use or disclosure of PHI under the Agreement or this Agreement.

  3. Term and Termination

    1. Term. The term of this Appendix will commence on the Effective Date of the Agreement and expire when SkedgeAlert has returned or destroyed all PHI.

    2. Termination Upon Termination or Expiration of the Agreement. This Appendix will terminate immediately upon termination or expiration of the Agreement for any reason.

    3. Return or Destruction of PHI upon Termination. Upon expiration or earlier termination of the Agreement or this Appendix, SkedgeAlert will either return or destroy all PHI received from or on behalf of Customer or the Covered Entities or created by SkedgeAlert on behalf of Customer or the Covered Entities that SkedgeAlert still maintains in any form. Notwithstanding the foregoing, to the extent that SkedgeAlert determines that it is not feasible to return or destroy such PHI, the terms and provisions of this Agreement will survive termination and such PHI will be used or disclosed solely for such purpose or purposes which prevented the return or destruction of such PHI.

​Last Updated: November 14, 2022