TABULERA,INC.
TABULERA STARTER PORTAL SUBSCRIPTION AGREEMENT
This TABULERA STARTER PORTAL SUBSCRIPTION AGREEMENT (this “Agreement”) is made and entered into by and between Tabulera, Inc., a Delaware corporation, with its principal offices as listed on Tabulera’s public website (“Tabulera”), and Client, effective as of the Effective Date (the“Effective Date”). Tabulera and Client are each referred to herein as a “Party” and together are referred to herein as the “Parties.”
Upon the terms and subject to the conditions set forth in this Agreement and intending to be legally bound, the Parties hereby agree as follows:
1. Tabulera shall provide to Client, and Client agrees to receive from Tabulera, a software subscription to access and use the Tabulera Starter Portal (as defined herein), support and certain other services, on the terms and conditions set forth in this Agreement for the Tabulera Starter Portal Benefit Reconciliation module.
The Tabulera Starter Portal Benefit Reconciliation module is a limited use subscription for businesses that are reconciling list-billed benefit plan for their employer sponsored group benefit plans with a single user. Clients are permitted to upload one (1) file each for enrollment, payroll and COBRA datasources. Additional users are provided only for Client’s billing contact and broker support of the reconciliation process.
2. This Agreement incorporates by reference the following Schedules attached hereto, and any addendums and amendments signed by the Parties
ScheduleA: Terms and Conditions
ScheduleB: Business Associate Agreement
Schedule C: Tabulera Starter Portal Order Form
3. This Agreement shall continue in effect for the Term specified in Schedule C, unless terminated earlier pursuant to the terms and conditions set forth in ScheduleA.
[Schedules Follow]
SCHEDULE A
TERMS AND CONDITIONS
1. Certain Definitions
Unless otherwise specified, any reference in this Schedule A to a section or subdivision is a reference to a section or subdivision of this Schedule A. Capitalized words used in this Agreement shall have the meanings set forth in this Section1, or in another Schedule to this Agreement.
A. “Anonymized Content” means data and information related to Client’s use of services provided hereunder, that is used by Tabulera or its authorized business partners in an aggregated and anonymized manner, including without limitation, use for compiling statistical and performance information.
B. “Applicable Law”means the United States federal, state and local laws and regulations applicable to the subject matter of this Agreement.
C. “Authorized Marks” means any trademarks, trade names, service marks, logos or designs of either Party.
D. “Client” shall have the meaning of the company who is designated on the Tabulera Starter Portal Subscription Agreement credit card billing page.
E. “Client Content” means:
i. All benefits plan eligibility and transactional data and information provided to Tabulera by Client, its employees, Service Providers, Plan participants or other authorized users pursuant to this Agreement;
ii. All Personally Identifying information provided to Tabulera by Client its employees, Service Providers, Plan participants or other authorized users related to payroll and employee-level benefit plan data; and
iii. AuthorizedMarks of Client provided to Tabulera for use in any Services.
Notwithstanding the foregoing, Client Content shall not include any Anonymized Content.
F. “Confidential Information” means all information of a confidential or proprietary nature provided by the disclosing party to the receiving party for use in connection with this Agreement, including without limitation, the terms and conditions of this Agreement and the Schedules, pricing information in any Order Form, and Client’s Personally Identifying information, but excluding (i) information that is already known by the receiving party; (ii) information that becomes generally available to the public other than as a result of disclosure by the receiving party in violation of this Agreement; (ii) information that becomes known to the receiving party from a source other than the disclosing party on a non-confidential basis; and (iv) information that is independently developed by the receiving party without the use or reference to information provided by the disclosing party.
G. “Effective Date” means the date upon which the user clicked the acceptance check-box on the Tabulera Starter Portal sign up billing page.
H. “Employee Welfare Benefit Plan” is defined consistent with ERISA,29 U.S.C. §1002(1), which includes an arrangement sponsored by an employer and/oran employee association to provide medical, vision, dental and/or life benefits.
I. “Employer” is defined consistent with ERISA, 29 U.S.C. §1002(5),which includes an association of employers acting for an employer in relation to an Employee Welfare Benefit Plan.
J. “ERISA” means the Employee Retirement Income Act of 1974, 29U.S.C. 1001, et seq., as amended.
K. “EULA” means Tabulera’s End User LicenseAgreement.
L. “Fiduciary” means a person performing any activity within the meaning of ERISA,29 U.S.C. § 1002(21)(A).
M. “Indemnified Party” shall have the meaning as defined in Section 9A hereof.
N. “Losses”shall have the meaning as defined in Section 9A hereof.
O. “Personally Identifying” means information that can be used to identify a person’s identity, including Protected Health Information, or that compromises the security or confidentiality of such person.
P. “Plan”or “Plans” shall mean any of Client’s Employee Welfare BenefitPlans.
Q. “Security Incident” means any unauthorized use, access, destruction, modification, disclosure or acquisition of Client’s ConfidentialInformation while in Tabulera’s possession or control.
R. “Service Commencement Date” means the first date on which an ApprovedInsurance Carrier invoice is consolidated, reconciled or paid by Client using the Tabulera Starter Portal.
S. “Service Provider” means any payee, advisor, insurance broker,sub-broker, agent, sub-agent or other third-party designee of Client and/or any of its Employee Welfare Benefit Plans, that uses, has access to, or provides information in the Tabulera Starter Portal.
T. “Support Services” means the support services to be provided toClient as described in Section 3, hereof, or any amendment hereto.
U. “Tabulera StarterPortal” means Tabulera’s web-based administration portal which provides access to certain of Tabulera’s online solutions related to benefit plan reconciliation.
V. “Term” shall have the meaning set forth on Schedule C.
W. “Trial Period” means the thirty (30) day period commencing on the Effective Date.
2. Term.
This Agreement shall commence on the Effective Date and terminate on such date (the “Termination Date”) that is the last day of the month through which payment has been made at the end of the Term set forth on Schedule C, unless renewed or terminated in accordance with this Schedule A. The termination or expiration of thisAgreement for any reason shall not affect a Party’s rights or obligations that expressly or by their nature continue and survive such termination (including without limitation, the provisions concerning ownership, confidentiality, limitation on liability, indemnification and warranty disclaimers).
3. Support Services
A. Description and Use. Client hereby agrees to the following terms and conditions regarding Support Services:
i. Support Services shall be available from 5:00 a.m. to 5:00 p.m. PacificTime, Monday through Friday, except on U.S. national holidays.
ii. To submit a request for Support Services, Client shall use the in-applicationSupport link, the support chat feature, if any, or send an email to client.support@tabulera.com which shall include a general description of the nature of its request, which shall be recorded through Tabulera’s automated case acknowledgement system.
iii. Client shall use Support Services provided pursuant to thisAgreement solely for Client’s internal business purposes and not for the processing of third-party data.
iv. Client shall be responsible for the manner in which it uses SupportServices, including the manner in which it interprets and implements any guidance or recommendations provided thereby.
v. Client shall be responsible for all effects and consequences of any information, instructions, descriptions or interpretations Client provides to Tabulera in connection with its use of the Tabulera Starter Portal orSupport Services (“Client Instructions”), and Tabulera shall have no liability for any costs, losses, penalties or other damages arising from adherence to Client Instructions.
vi. Tabulera may suspend access to Support Services by Client or any of its Service Providers if Tabulera reasonably believes that such employee orService Provider is in violation of the terms of this Agreement, the EULA or this Section 3A, or is otherwise using SupportServices in an inappropriate manner
vii. Tabulera may modify the Support Services and the manner in whichSupport Services are provided from time to time at its sole discretion, provided that Tabulera shall provide Client with prior written notice of any modification that may materially adversely change the Support Services.
B. Compliance with Laws.Client acknowledges and agrees that:
i. Support Services are provided by Tabulera solely to support Client’s use of the Tabulera Starter Portal. Support Services shall not impose any Fiduciary obligations on Tabulera and Tabulera shall not be deemed a Fiduciary hereunder.
ii. Support Services are provided to support Client in its responsibility to comply with ApplicableLaw. Tabulera shall not express any opinion with regard to compliance ofClient’s health and benefit plan arrangements with Applicable Law. Client shall be solely responsible for its compliance with Applicable Law.
iii. Client shall use the Tabulera Starter Portal and SupportServices solely for employees residing in the United States, and employee benefit plans for employees residing in the United States.
iv. Client shall be solely responsible for complying with ApplicableLaw regarding any actual or suspected Security Incident related to any ConfidentialInformation, Personally Identifying information or other data of Client or Tabulera that is retained, collected or stored by Client or its employees, ServiceProviders, subcontractors or other third parties on its behalf.
v. Tabulera shall provide all Services hereunder in accordance with its reasonable, good faith interpretation of all federal regulations applicable to the Services. Tabulera shall comply with Applicable Law related to its business and performance of the Services provided hereunder.
C. Services Do Not Constitute Legal orOther Advice. Client acknowledges and agrees that the Services provided by Tabulera (including without limitation, all information, materials, forms, reports, worksheets of the Tabulera Starter Portal) are not intended to be and will not be relied upon by Client as legal, financial, insurance or tax advice. Tabulera is not acting as an investment advisor, broker-dealer, insurance agent or intermediary or a financial or benefit planner, plan fiduciary or plan administrator. Client should consult with qualified legal, financial, insurance and accounting experts and other professionals, and review Applicable Law in all jurisdictions where Client operates and where its employees are located.
D. No Undertakings. Client expressly acknowledges and agrees that Tabulera is not a “Plan Sponsor” within the meaning of ERISA,Section 3(16)(A), a “Plan Administrator” within the meaning of Section 414(g)of the Internal Revenue Code of 1986, as amended, or a Fiduciary within the meaning of ERISA, and Client shall not request or otherwise require Tabulera to act as such.
E. Representation and Warranties. Each Party hereby represents and warrants to the other Party that: (i) it is duly organized, validly existing, and in good standing under the laws of its jurisdiction; (ii) it has, and will retain throughout the Term, all authority necessary to enter into this Agreement and perform its obligations hereunder;(iii) the execution of this Agreement by its representative whose electronic signature is set forth at the end of this Agreement has been duly authorized by all necessary corporate or organizational action; and (iv) when executed and delivered, this Agreement will constitute the legal, valid, and binding obligation of each party, enforceable against the other party in accordance with its terms.
4. Fees and Payments
A. Fees; Pricing. At the Client’s choice and after theTrial Period, the Client will be billed for either a month-to-month or an annual subscription for fees on the Order Form (the “Fees”)and pursuant to the terms and conditions of this Section 4.
B. Invoicing; Payment. Tabulera shall bill Client in advance for Fees for subscriptions on an annual or monthly basis through a credit card payment on file and after the expiration of a Trial Period, if one exists, or earlier if theClient wishes to proceed with concluding the Trial Period and commencing the production use of the Tabulera Starter Portal. If Client fails to pay any Fees on a timely basis (whether by acceleration or otherwise), which are not under good faith dispute, interest shall accrue on the unpaid balance at the rate of 1.5% per month (or the maximum allowable by law), commencing on date payment of such Fees were due, until paid in full. Client shall reimburse Tabulera for any expenses incurred (including accrued interest and attorney fees and costs) in collecting amounts due Tabulera hereunder that are not under good faith dispute by Client.
C. Taxes. The Fees shall not include any federal, state or local sales taxes or charges, premium taxes, use, excise, value-added, business, goods and services, consumption, withholding and other similar taxes or duties (“Taxes”). Tabulera shall invoice Client for any Taxes in a separate line item in the relevant invoice. Client shall pay all such Taxes due and payable, unlessClient provides a valid exemption to Tabulera in writing at least 30 days prior to the date of any invoice. Client shall not be liable for any fees, penalties or interest for late payment to any government agency in the event that Tabulera fails to provide Client with a timely and accurate invoice pursuant to the terms of this Section.
5. Tabulera Starter Portal
A. User Access. Client may grant access to theTabulera Starter Portal andSupport Services to its Service Providers solely for the administration ofClient’s benefits. Account access and passwords shall be protected by the users and may not be disclosed or shared with other parties. All users must execute the EULA upon registration on the Tabulera Starter Portal. Tabulera may suspend or terminate access to the TabuleraStarter Portal for any user that violates the terms of this Agreement or the EULA.
B. Internet Access. Client shall access the Tabulera Starter Portal through Client’s Internet service provider.Except for scheduled maintenance periods as posted on the Tabulera Starter Portal login page, Tabulera will use commercially reasonable efforts to provide continuous access to the Tabulera Starter Portal. Tabulera shall not be responsible for (i) providing Client with Internet access; (ii)any interception or interruption of communications through the Internet; (iii)changes or losses of data through the Internet; or (iv) third-party software used and/or accessed through the Tabulera Starter Portal or Support Services.
C. Usernames and Passwords.Client and its Service Providers shall protect, safeguard and maintain the privacy of usernames and passwords used to access the Tabulera Starter Portal and Support Services. Client shall be responsible for all activity resulting from access of the Tabulera Starter Portal and Support Services using usernames and passwords provided to or established by Client and its Service Providers.Client and its Service Providers agree to notify Tabulera at legal@tabulera.com immediately of any unauthorized use of Client’s usernames or passwords or any other Security Incident. Tabulera shall not be liable for any damage or losses caused by Client, its Service Providers or any third party arising from any failure to comply with this Section 5.
D. Suspension for Misuse. Tabulera may suspend access to and use of the Tabulera Starter Portal and/or Support Services immediately and without prior notice upon any actual or suspected misuse of a user account or any other Security Incident. Tabulera shall take commercially reasonable steps to restore access to the TabuleraStarter Portal promptly.
E. Unauthorized Use. Client and its Service Providers shall not assign, loan, lease, rent, sublicense, alter, modify, adapt or cause to be altered, modified or adapted),reproduce, duplicate, copy, sell, trade, resell, distribute, transfer, publicly perform, publicly display or exploit for any commercial purposes, all or any portion of the TabuleraStarter Portal or SupportServices, or permit any improper access or use thereof, including without limitation, writing or modifying interfaces or reports to Tabulera except as expressly authorized by Tabulera. Client and its Service Providers shall not(a) modify, disassemble, decompile, reverse engineer or copy the Tabulera Starter Portal; (b) remove, circumvent, disable, damage or other interfere with security features of the Tabulera Starter Portal, including without limitation, features that prevent or restrict use or copying of any content accessible through TabuleraStarter Portal, or features that enforce limitations on use of the Tabulera Starter Portal; or(c) delete the copyright and other proprietary rights notices on theTabulera Starter Portal.
F. Links to Third-Party Sites. The Tabulera Starter Portal may contain links to third-party websites. Links to and from the Tabulera Starter Portal to third-party websites do not constitute an endorsement by Tabulera or any of its subsidiaries or affiliates of such third-party websites or the acceptance of responsibility for the content on such websites.
6. Disclaimer of Warranties. The Tabulera Starter Portal and Support Services are provided “as is.” Tabulera and its licensors expressly disclaim any warranty, either express or implied, including without limitation, any implied warranties of merchantability, fitness for a particular purpose, non-infringement under the Uniform Commercial Code, non-interruption of use, or freedom from program errors, viruses or any other malicious code. Tabulera and its licensors further disclaim any warranty that results obtained through the use of the Tabulera StarterPortal or Support Services will meet Client’s needs.
7. IntellectualProperty
A. Proprietary Rights; License. The right to use theTabulera Starter Portal is granted to Client and its Service Providers for the sole purpose of utilizing the TabuleraStarter Portal and Support Services as provided in thisAgreement. TheTabulera Starter Portal is licensed to Client under the terms and conditions of this Agreement. Client receives no rights to theTabulera Starter Portal or any intellectual property of Tabulera or its licensors except as expressly stated in this Agreement.
B. Ownership. Tabulera owns or has a license to all right, title and interest in and to the Tabulera StarterPortal and any and all Services provided under this Agreement, which constitute the proprietary trade secrets and technology of Tabulera and/or its licensor(s)(“Tabulera IP”), and are protected by all Applicable Law, including without limitation, copyright laws, international copyright treaties and intellectual property laws related thereto. All unauthorized use, copying, alteration, modification, adaptation, reproduction, duplication, sale, resale, distribution, transfer, public performance, public display or exploitation of theTabulera Starter Portal and any Tabulera IP is strictly prohibited.
C. Client Content.Client shall be solely responsible for obtaining all rights and licenses necessary for the use and display of Client Content by Tabulera for purposes of this Agreement, and updating Client Content on a timely basis. Client shall maintain sole responsibility for the completeness and accuracy of all Client Content. Client grants Tabulera the right to use Client Content solely for purposes of this Agreement.
D. Tabulera Trademarks and Logos. Tabulera retains the right to include its trademarks and logos, including without limitation, ‘Powered by Tabulera’ trademarks and logos, on and as part of the Tabulera Starter Portal pages, which shall be displayed less prominently than Client’s logo.
8. Confidentiality; Data Security
A. Confidential Information. All Confidential Information disclosed by either Party to the other in connection with the Agreement shall remain the sole and exclusive property of the disclosing party. The receiving party shall not disclose Confidential Information of the disclosing party, and shall use at least the same degree of care, discretion and diligence in protecting theConfidential Information of the disclosing party as it uses with respect to its own Confidential Information. The receiving party will limit access toConfidential Information to affiliates, employees and authorized representatives with a need to know, and that are subject to confidentiality obligations at least as restrictive as those contained in this Section 8,and shall instruct such parties to maintain the confidentiality of such ConfidentialInformation.
i. Notwithstanding any other provisions of this Section 8A, the receiving party may disclose Confidential Information of the disclosing party (a) to the extent necessary to comply with any applicable order, law, rule, regulation or ruling, (b) as necessary, and with prior notice where practicable, to respond to any summons or subpoena or in connection with any litigation, and (c) with respect to information related to a specific employee, to the extent such employee has consented to its release in writing.
ii. Upon the request of the disclosing party, the receiving party will return or destroy all Confidential Information of the disclosing party in its possession. Notwithstanding the foregoing sentence, Tabulera may retain information as required by Applicable Law, for regulatory purposes, or in back-up files, subject to the confidentiality obligations set forth herein.
iii. Tabulera’s obligations in this Section 8A shall not apply to any suggestions, ideas, comments, corrections, modifications, improvements or feedback provided to Tabulera by Client in connection with any present or future Tabulera product or service (“Feedback”). Tabulera shall own, and Client shall irrevocably assign to Tabulera, all right, title and interest in and to Feedback and all intellectual property rights therein. Tabulera and its clients and business partners shall have no obligation to Client with respect to the use or disclosure of Feedback.
B. Protection of Client Data. Client acknowledges and agrees that data transmission over the Internet is inherently risky, and the security of data transmission cannot be guaranteed. Client shall be responsible for any loss or alteration of data experienced by Client while accessing the Internet. Tabulera shall maintain commercially reasonable administrative, physical, and technical safeguards typical of its industry to protect the security, confidentiality, and integrity of Client Content and payee-level information from loss or alteration while in Tabulera’s possession or control, in compliance with Applicable Law,including storage protection (backups, archiving, and redundant data storage,on-site and off-site). Tabulera shall conduct security risk assessments (“Audits”)on at least an annual basis and shall use address vulnerabilities identified in Audits applying industry standards, within a reasonable period of time after completion thereof. If Tabulera hosts applications which store or process Protected Health Information as defined in 45 C.F.R. § 160.103, Tabulera shall engage a third party to perform an annual audit of its controls. At Client’s request, no more frequently than once each year, Tabulera shall provide a copy of its Audit report to Client. Client may share the Audit report with its clients, auditors, and regulators, provided that such third parties are subject to confidentiality obligations at least as restrictive as those set forth in this Section 8.
C. Data Transmission Requests. Client represents and warrants that prior to any Client request that Tabulera (i) provide any Client Content or employee-level or plan-participant information or other data to any third party, or (ii)transmit any Client Content or employee-level or plan-participant information or other data to any of Client’s non-U.S. locations or any employee or Service Provider located outside of the United States, Client shall have obtained or provided any and all consents, authorizations, and notices required with respect thereto, in compliance with the applicable law of all relevant jurisdictions. Client represents and warrants to Tabulera that such transfer request shall not violate applicable international, federal, state, or local laws or regulations.
D. Security Incidents. In the event of any Security Incident, Tabulera and Client agree to electronically notify (i) each other of such Security Incident promptly and no later than 72 hours after discovery thereof, (ii)reasonably cooperate in any investigation of such Security Incident, and (iii)take reasonable measures to mitigate the risk of future Security Incidents. Tabulera and Client shall comply with all Applicable Law related to such Security Incident, including but not limited to sharing information with the other party related thereto as it becomes available or known, regularly updating the other party regarding the status of any investigation, and such other information as each party shall reasonably request. The parties shall cooperate in preparing any related public statements or notices to affected persons.
9. Indemnification; Limitations of Liability
A. Indemnification. Subject to the limitations of liability set forth in this Section 9:
i. Client shall defend, indemnify, and hold harmless Tabulera and its affiliates and their directors, officers, employees, legal representatives, agents, successors, and assigns (each, an “Indemnified Party”) from and against all claims, losses, liabilities, damages, demands, causes of action, proceedings, costs, and expenses (including reasonable attorneys’ fees and costs of litigation)(collectively, “Losses”) incurred as a result of any third-party claim that ClientContent infringes on any U.S. patent, copyright, trade secret, or other proprietary right of any third party.
ii. Tabulera shall defend, indemnify, and hold harmless Client and its Indemnified Parties from and against all Losses incurred as a result of any third-party claim that Tabulera IP infringes any U.S. patent, copyright, trade secret, or other proprietary right of any third party; provided, however, that Tabulera shall have no liability under this Section 9 for any portion of Losses that arise from or relate to (a) services, products, processes, or materials that were not of Tabulera’s origin; (b) use of the Services in combination with products or services not furnished by Tabulera, where the infringement would not have been present without such combination, or where such combination was not contemplated under this Agreement; or (c) use of the Services in a manner for which they were not intended or where contrary to specifications. In cases related to subsections (a) through (c), Client will defend and hold Tabulera harmless subject to the same terms and conditions of Section 9(i).
iii. In the event any Tabulera IP is determined to infringe, or is likely to be determined to infringe, the IP of a third party, then Tabulera at its sole option and without the need for notice to or consent from Client,shall have the right to: (a) modify the allegedly infringing Tabulera IP to be non-infringing; or (b) obtain a license for the allegedly infringing technology without additional cost to Client.
iv. Each party shall promptly notify the other electronically of any claim or legal proceeding and shall take reasonable steps requested by the indemnifying party to mitigate potential damages which may result from such claim. The indemnifying party shall control the defense of any claim or legal proceedings, and the indemnified party shall provide reasonable assistance therein defense of such claim upon the indemnifying party’s request. Neither party shall settle any claim unless such settlement is approved in writing by the indemnified party.
B. Sole Remedy for Errors. Tabulera shall promptly correct any report, worksheet, or data that contains any errors caused by Tabulera at no additional cost to the Client, which shall be the Client’s sole remedy for any such errors.
C. Limitation on Monetary Damages. Notwithstanding anything to the contrary contained in this Agreement, to the maximum extent permitted by law,each Party’s aggregate liability (monetary or otherwise) under this Agreement during any calendar year for any Losses of any type under any circumstances arising from or related to this Agreement shall be limited to the lesser of(i) the amount of actual damages incurred by such party, or (ii) the aggregate Fees paid by Client pursuant to this Agreement during the twelve (12) month period preceding the event giving rise to the claim.
D. NO CONSEQUENTIAL DAMAGES. NOTWITHSTANDING ANYTHING TO THE CONTRARY CONTAINED IN THIS AGREEMENT, TO THE MAXIMUM EXTENT PERMITTED BY LAW, NEITHER PARTY SHALL BE RESPONSIBLE FOR ANY SPECIAL, INDIRECT,INCIDENTAL, CONSEQUENTIAL, OR OTHER SIMILAR DAMAGES (INCLUDING WITHOUT LIMITATION, ANY LOST PROFITS OR DAMAGES FOR BUSINESS INTERRUPTION OR LOSS OF INFORMATION) INCURRED OR EXPERIENCED IN CONNECTION WITH THIS AGREEMENT, HOWEVER CAUSED AND UNDER THE WHATEVER THEORY OF LIABILITY (WHETHER IN CONTRACT, TORT,INCLUDING NEGLIGENCE, OR UNDER ANY OTHER THEORY OF LIABILITY), EVEN IF A PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
E. This Section 9 sets forth the Parties’ sole liability to and exclusive remedy against the other Party for any Losses described herein.
10. Termination
A. Termination. Either Party may terminate this Agreement with an electronic notice and without prejudice to enforce any legal right or remedy, if:
i. the other Party materially breaches any material term, condition,representation, warranty, or covenant of this Agreement, provided that the breaching party shall have thirty (30) calendar days after receipt of a notice to terminate to cure such breach (“Cure Period”), unless such breach is due to Client’s failure to pay amounts due hereunder, in which case the Cure Period shall be ten (10) calendar days. Termination shall be effective upon the expiration of the applicable Cure Period if cure has not been made to the other party’s sole satisfaction;
ii. the other Party winds up, liquidates, or otherwise ceases business operations, or
iii. the other Party becomes insolvent, stops paying its debts as they become due, or seeks protection under any bankruptcy, receivership, trust deed, creditors’ arrangement, composition, or comparable proceeding, or if any such proceeding is instituted against the other (and not dismissed within ninety (90) days after commencement of one of the foregoing events).
Clients may continue to access the Tabulera Starter Portal for thirty (30) days after the expiration of the Cure Period for the sole purpose of downloading records related to transactions that have already been processed.
B. Termination by Tabulera. Tabulera may terminate this Agreement immediately without prior notice if:
i. Client or any of its Service Providers fails to fulfill its obligations in connection with the implementation services provided by Tabulera under this Agreement, such that Tabulera is unable to complete the implementation services and commence providing the Tabulera Starter Portal and Support Services on or prior to the Service Commencement Date set forth in the Order Form; or
ii. Client, any of its Service Providers, or any third party given access to the Services thereby (a) includes any content on the Tabulera Starter Portal or Support Services provided to Client which is obscene, offensive, inappropriate, threatening, or malicious, violates Applicable Law or the rights of Tabulera or any third party, or exposes Tabulera to any civil or criminal liability, or (b)wrongfully uses or accesses the Tabulera Starter Portal or Tabulera’s servers, technology, or other systems.
C. Termination for Convenience. Tabulera and Client may each terminate this Agreement for any reason with thirty (30) days’ prior written notice to the other party.
D. Client Post-Termination Obligations. Upon termination of this Agreement, Tabulera shall have the right, in Tabulera’s sole discretion, to allocate any funds remitted or otherwise made available by Client to Tabulera to satisfy Client’s obligations under this Agreement (including reimbursement to Tabulera for payments made by Tabulera hereunder on Client’s behalf to a third party), and Clients shall immediately (i) pay any and all Fees invoiced by Tabulera to Client on or prior to termination; (ii) assume sole responsibility for all payments due at such time or thereafter to third parties for services provided thereby in connection with the Tabulera Starter Portal or Support Services; and (iii) reimburse Tabulera for all payments made on Client’s behalf by Tabulera to any third party.
11. Miscellaneous
A. Entire Agreement; Amendment. This Agreement, together with the Schedules and any amendment or addendum attached hereto and signed by both Parties, constitutes the complete and exclusive agreement between the Parties, and all previous representations,discussions, and writings are superseded by this Agreement. This Agreement may be modified only by a writing signed by both Parties (an “Amendment”)and each party specifically disclaims and rejects any click-through agreements that may be presented to it by the other.
B. Non-Solicitation. Except as prohibited by Applicable Law, during the Term and for twelve (12)months thereafter, neither Client nor Tabulera shall knowingly solicit, directly or indirectly, for employment, or engage as a consultant or contractor, any employee, consultant, contractor, or former employee of the other party who has been directly engaged in performing services under this Agreement.
C. Assignment. Neither Party may assign this Agreement without the prior written consent of the other Party and an express written assumption by the assignee hereof of all obligations of the assignor under this Agreement, except in connection with a merger, acquisition,reorganization, reincorporation, or sale of all or substantially all of such Party’s assets. Any attempted assignment in derogation of this subsection shall be null and void.
D. Waiver. The failure of either Party at any time to enforce any right or remedy available to it under this Agreement or otherwise with respect to any breach or failure by the other Party shall not be construed to be a waiver of such right or remedy with respect to any other breach or failure by the other Party.
E. Severability. If any provision of this Agreement is found invalid or unenforceable, such finding shall not invalidate or render unenforceable any other term of this Agreement, but rather the Agreement shall be construed as if it did not contain such invalid provision, and the rights and obligations of the Parties shall be construed and enforced accordingly.
F. Relationship of the Parties. The Parties understand and agree that each Party is an independent contractor in the performance of each and every part of this Agreement, is solely responsible for all of its employees and agents and its labor costs and expenses arising in connection therewith.
G. Governing Law. This Agreement is governed by the laws of the State of California without giving effect to its conflict of law provisions. The Parties agree to waive all rights or claims to a trial by jury.
H. Headings. The headings used in this Agreement are for reference only and do not define, limit, or otherwise affect the meaning of any provisions hereof.
I. Limitation of Claims. No action arising under or in connection with this Agreement, regardless of the form, may be brought by either Party more than two (2) years after a Party first becomes aware thereof or should reasonably have become aware of the occurrence of events giving rise to the cause of action.
J. Use of Tabulera Employees or Agents. Tabulera may designate any employee, agent, or subcontractor, without notice to, or the consent of, Client, to perform any services, tasks, or functions for Tabulera or provided under this Agreement from within or outside of the United States.
K. Conflicts. In the event of a conflict between the terms of this Agreement and any Schedule, addendum, or additional terms, the terms of this Agreement shall control, except as provided to the contrary in writing in any addendum or amendment to this Agreement executed by the Parties, in which case the terms of such addendum or amendment shall control.
L. Notices. All legal notices shall be sent electronically to legal@tabulera.com.
[End of Schedule A]
SCHEDULE B
BUSINESS ASSOCIATE AGREEMENT
This BUSINESS ASSOCIATE AGREEMENT (“BAA”) is entered into by and between the Client (“CoveredEntity” or“Client”) and Tabulera, Inc. (“Business Associate” or “Tabulera”), effective as of the Effective Date (as defined below).
RECITALS
A. Covered Entity has engaged Business Associate to evaluate, perform, or assist in the performance of a function or activity that may or will involve the use or disclosure of protected health information and/or any other function or activity subject to the Business Associate Agreement requirements of the Health Insurance Portability and Accountability Act of 1996, as amended by the Health Information Technology for Economic and Clinical Health Act, as incorporated in the American Recovery and Reinvestment Act of 2009 (“HITECH”), and all applicable implementing regulations, including without limitation, the Standards for Privacy of Individually Identifiable Health Information (the “Privacy Rule”), Notification in the Case of Breach of Unsecured Protected Health Information (“Breach Notification Rule”), and the Security Standards for the Protection of Electronic Protected Health Information (the “Security Rule”), set forth in Title 45,Parts 160 and 164 of the Code of Federal Regulations, dealing with the security, confidentiality, integrity, and availability of protected health or health-related information as well as related data breach notifications (such laws and regulations collectively referred to herein as “HIPAA”).
B. Such services shall be performed pursuant to that certain Tabulera Starter Portal Subscription Agreement (together with any successor agreement, the “Subscription Agreement”).
C. The parties are entering into this BAA to satisfy the requirements of Sections 164.502(e) and 164.504(e) of the Privacy Rule and 164.308(b) and 164.314(a) of the Security Rule and to otherwise facilitate implementation of HIPAA by both parties, all on the terms and conditions hereinafter set forth.
D. Unless otherwise defined in this BAA, all capitalized terms used herein shall have the meanings ascribed in the HIPAA Regulations, provided, however, that “PHI” and “ePHI” shall mean “Protected Health Information” and “Electronic Protected Health Information” respectively, each as defined in 45 C.F.R. § 160.103, limited to the information Business Associate received from or created or received on behalf of Covered Entity. “Administrative Safeguards” shall have the same meaning as the term “administrative safeguards” in 45 C.F.R. § 164.304, with the exception that it shall apply to the management of the conduct of Business Associate’s workforce, not Covered Entity’s workforce, in relation to the protection of that information.
E. Capitalized words used in this Agreement but not otherwise defined herein shall have the meanings in Schedule A or Schedule C.
AGREEMENT
1. Permitted Uses and Disclosures by Business Associate
1.1 General. Except as otherwise specified in this BAA, Business Associate may use or disclose PHI to evaluate or perform its proposed obligations or its obligations for, or on behalf of, Covered Entity as set forth in the Subscription Agreement, provided that Business Associate uses and discloses PHI in the following manner:
1.1.1. consistent with the minimum necessary policies and procedures of Covered Entity; and
1.1.2. would not violate 45 C.F.R. Subpart E if done by Covered Entity,except as specified in Sections 1.2.2 and 1.2.3.
1.2 Other Permitted Uses. Except as otherwise limited by this BAA,Business Associate may use PHI it receives or creates in its capacity as a business associate of Covered Entity, if necessary:
1.2.1 for the evaluation, proper management, and administration of Business Associate;
1.2.2 to carry out the legal responsibilities of Business Associate;or
1.2.3 to provide Data Aggregation services to Covered Entity which relate to the health care operations of Covered Entity in accordance with the HIPAA Privacy Regulations.
1.3 Other Permitted Disclosures. Except as otherwise limited by this BAA, Business Associate may disclose to a third party PHI it receives or creates in its capacity as a business associate of Covered Entity for the evaluation, proper management, and administration of Business Associate,provided that:
1.3.1 the disclosure is required by law; or
1.3.2 Business Associate obtains reasonable assurances from the third party to whom the information is disclosed that (i) the PHI will remain confidential and used or further disclosed only as required by law or for the purpose for which it was disclosed to the third party, and (ii) the third party notifies Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached.
1.4 De-Identified Information. Health information that has been de-identified in accordance with the requirements of 45 C.F.R. §§ 164.514 and 164.502(d) and is therefore not Individually Identifiable Health Information (“De-Identified Information”) is not subject to the provisions of this BAA. Covered Entity may disclose PHI to Business Associate to use for the purpose of creating De-Identified Information, whether or not the De-Identified Information is to be used by Covered Entity.
2. Obligations and Activities of Business Associate Regarding PHI.
2.1 Limitations on Uses and Disclosures. Business Associate shall not use or further disclose PHI other than as permitted or required by this BAA or as required by law.
2.2 Safeguards. Business associates will use appropriate safeguards and comply with Subpart C of 45 CFR Part 164 with respect to ePHI to prevent use or disclosure of the PHI other than as provided for by this BAA.
2.3 Mitigation. Business Associate will mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of PHI by Business Associate or subcontractor or agent of a Business Associate in violation of the requirements of this BAA.
2.4 Reporting. Business Associate will report to Covered Entity any use or disclosure of the PHI not provided for by this BAA of which it becomes aware.
2.5 Agents and Subcontractors. Business Associate will ensure that any agent, including any subcontractor, to whom Business Associate provides PHI that was created for or received from or on behalf of Covered Entity, has executed an agreement containing the same restrictions and conditions that apply through this BAA to Business Associate with respect to such information. Business associates will ensure only those who reasonably need to know such information in order to perform Services receive such information and, in such case, only the minimum amount of such PHI is disclosed as is necessary for such performance.
2.6 Access. Where PHI held by Business Associate is contained in a Designated Record Set, within fifteen (15)days of receiving a request to legal@tabulera.com from Covered Entity, Business Associate will make such PHI available to Covered Entity or, as directed by Covered Entity to an Individual, that is necessary for Covered Entity to respond to Individuals’ requests for access to PHI in accordance with 45 C.F.R. § 164.524. Business Associate will provide such PHI in an electronic format upon request by Covered Entity unless it is not readily producible in such format, in which case Business Associate will provide CoveredEntity a readable electronic format as agreed to by Covered Entity and Individual.
2.7 Compliance with Requirements. To the extent Business Associate is to carry out Covered Entity’s obligation under HIPAA,Business Associate will comply with the requirements applicable to such obligation.
2.8 Amendment of PHI. Where PHI held by Business Associate is contained in a Designated Record Set,within fifteen (15) days of receiving a written request from Covered Entity or an Individual, Business Associate will make any requested amendment(s) or correction(s) to PHI in accordance with 45 C.F.R. § 164.526.
2.9 Disclosure Documentation. Business Associate will document its disclosures of PHI and information related to such disclosures as would be required for Covered Entity to respond to a request by an Individual for an accounting of disclosures of PHI in accordance with 45 C.F.R. § 164.528.
2.10 Accounting of Disclosures. Within thirty (30) days of receiving a request from Covered Entity, Business Associate will provide to Covered Entity information collected in accordance with this BAA, as necessary to permit Covered Entity to make an accounting of disclosures of PHI about an Individual in accordance with 45 C.F.R. § 164.528.
2.11 Access to Business Associate’s Internal Practices. Except to the extent that it violates or interferes with attorney-client privilege, the duty of client confidentiality, or the applicable rules of professional responsibility, Business Associate will make its internal practices, books, and records, including policies and procedures and PHI, relating to the use and disclosure of (a) PHI, including ePHI,created, used, disclosed, received, maintained, or transmitted by Business Associate on behalf of Covered Entity, available to the Secretary, in a time and manner designated by the Secretary, for purposes of the Secretary determining Business Associate or Covered Entity’s compliance with the HIPAA Privacy Regulations and HIPAA Security Regulations.
2.12 Breach Notification. Business Associate, following the discovery of a Breach of Unsecured Protected Health Information, shall notify electronically Covered Entity of such Breach. Except as otherwise required by law, Business Associate shall provide such electronic notice without unreasonable delay, and in no case later than dd hours after discovery of the Breach.
2.12.1 Notice to Covered Entity required by this Section 2.12 shall include: (i) to the extent possible, the names of the individual(s) whose Unsecured Protected Health Information has been, or is reasonably believed by Business Associate to have been accessed, acquired, used, or disclosed during the Breach; (ii) a brief description of what happened, including the date of the Breach and the date of the discovery of the Breach, if known; (iii) a description of the types of Unsecured Protected Health Information that were involved in the Breach; (iv) a brief description of what Business Associate is doing or will be doing to investigate the Breach to mitigate harm to the individual(s) and to protect against further Breaches; and (v) any other information required to be provided in accordance with 45 C.F.R. § 164.404(c).
2.13 Remuneration in Exchange for PHI. Business Associate shall not directly or indirectly receive remuneration in exchange for any PHI unless Covered Entity notifies Business Associate that it obtained a valid authorization from the Individual specifying that the Individual’s PHI may be exchanged for remuneration by the entity receiving such Individual’s PHI.
2.14 Marketing. Business Associate must obtain or confirm that Covered Entity has obtained an authorization for any use or disclosure of PHI for marketing, as defined in 45 C.F.R. § 164.501.
3. Obligations of Covered Entity.
3.1 Limited Disclosure Obligations. Covered Entity will limit the PHI provided to Business Associate to only that necessary to the representation of Covered Entity. Prior to the transmission of PHI to Business Associate, Covered Entity shall notify Business Associate electronically of the need to transmit PHI and will arrange with Business Associate for the proper and secure transmission of such PHI.
3.2 Requested Restrictions. Covered Entity shall notify Business Associate, electronically to legal@tabulea.com, of any restriction on the use or disclosure of PHI that Covered Entity has agreed to in accordance with 45 C.F.R. § 164.522, which permits an Individual to request certain restrictions of uses and disclosures, to the extent that such restriction may affect Business Associate's use or disclosure of PHI.
3.3 Changes in or Revocation of Permission. Covered Entity shall notify Business Associate electronically at legal@tabulera.com of any changes in, or revocation of, permission by an Individual to use or disclose PHI, to the extent that such changes or revocation may affect Business Associate's use or disclosure of PHI.
3.4 Permissible Requests by Covered Entity. Covered Entity shall not request Business Associate use or disclose PHI in any manner that would not be permissible under the HIPAA Privacy Regulations and HIPAA Security Regulations if done by Covered Entity, except to the extent that Business Associate will use or disclose PHI for Data Aggregation or management and administrative activities and legal responsibilities of Business Associate.
3.5 Notice of Privacy Practices. Covered Entity shall notify Business Associate at legal@tabulera.com of any limitation(s) in the notice of privacy practices of covered entity under 45 CFR 164.520, to the extent that such limitation may affect business associate’s use or disclosure of protected health information.
4. Security Restrictions on Business Associate.
4.1 General. Business Associate shall implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the ePHI that Business Associate creates,receives, maintains, or transmits on behalf of Covered Entity as required by the HIPAA Security Regulations.
4.2 Agents; Subcontractors. Business Associate will ensure that any agent, including a subcontractor, to whom Business Associate provides ePHI, agrees to implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of such ePHI.
4.3 Reporting of Security Incidents. Business Associate shall report to Covered Entity any Security Incident affecting ePHI created, received, maintained, or transmitted by Business Associate on behalf of Covered Entity, of which Business Associate becomes aware. This Section constitutes notice to Covered Entity of routine and ongoing attempts to gain unauthorized access to Business Associate's information systems (each an "Unsuccessful Attack"), including without limitation, pings, port scans, and denial of service attacks, for which no additional notice shall be required provided that no such incident results in unauthorized access to ePHI.
4.4 HIPAA Security Regulations Compliance. Business Associate agrees to comply with Sections 164.306, 164.308, 164.310, 164.312, and 164.316 of Title 45, Code of Federal Regulations with respect to all ePHI.
5. Term and Termination.
5.1 Term. This BAA shall take effect on the Effective Date of the Subscription Agreement, and shall terminate when all of the PHI disclosed to Business Associate by Covered Entity or created, or received by Business Associate on behalf of Covered Entity, is destroyed or returned to Covered Entity, or, if it is infeasible to return or destroy PHI, protections are extended to such information, in accordance with the termination provisions in this Section 5.
5.2 Termination for Cause. If Covered Entity determines that Business Associate has breached a material term of this BAA, Covered Entity will provide written notice to Business Associate which sets forth Covered Entity's determination that Business Associate breached a material term of this BAA, and Covered Entity may:
5.2.1 Provide written notice to Business Associate which provides an opportunity for Business Associate to cure the breach or end the violation, as applicable. If Business Associate does not cure the breach or end the violation within the time specified by Covered Entity, then Covered Entity may immediately thereafter terminate this BAA; or
5.2.2 Immediately terminate this BAA if Business Associate has breached a material term of this BAA and cure is not possible; and
5.2.3 If neither termination nor cure is feasible as provided in Sections 5.2.1 and 5.2.2 of this BAA, Covered Entity may report the violation to the Secretary.
5.3 Effect of Termination. Upon termination of this BAA for any reason, Business Associate, with respect to protected health information received from Covered Entity, or created, maintained, or received by Business Associate on behalf of Covered Entity, shall:
5.3.1 Retain only that protected health information which is necessary for Business Associate to continue its proper management and administration or to carry out its legal responsibilities;
5.3.2 Return to Covered Entity or destroy the remaining protected health information that the Business Associate still maintains in any form;
5.3.3 Continue to use appropriate safeguards and comply with Subpart C of 45 CFR Part 164 with respect to electronic protected health information to prevent use or disclosure of the protected health information, other than as provided for in this Section, for as long as Business Associate retains the protected health information;
5.3.4 Not use or disclose the protected health information retained by Business Associate other than for the purposes for which such protected health information was retained and subject to the same conditions set out at Sections 1.2 and 1.3, above, which applied prior to termination; and
5.3.5 Return to Covered Entity or destroy the protected health information retained by Business Associate when it is no longer needed by Business Associate for its proper management and administration or to carry out its legal responsibilities.
6. Penalties
6.1 Business Associate shall be responsible for the full cost of all civil and criminal penalties assessed upon Business Associate as a result of the failure of Business Associate, its officers, directors, employees, contractors, or agents to comply with this BAA. This obligation shall survive the expiration or termination of this BAA.
6.2 Covered Entity shall be responsible for the full cost of all civil and criminal penalties assessed upon Covered Entity as a result of the failure of Covered Entity, its officers, directors, employees, contractors, or agents to comply with this BAA. This obligation shall survive the expiration or termination of this BAA.
7. Miscellaneous
7.1 Regulatory References. A reference in this BAA to a section in HIPAA means the section as in effect or as amended.
7.2 Changes in Law. If any new state or federal law, rule, regulation, or policy, or any judicial or administrative decision affecting the use or disclosure of PHI is enacted or issued, including without limitation, any law or regulation affecting compliance with the requirements of HIPAA, the parties agree to take such action in a timely manner and as is necessary for Covered Entity and Business Associate to comply with such law, rule, regulation, policy, or decision. If the parties are not able to agree on the terms of such an amendment, either party may terminate this BAA on at least thirty (30) days’ prior written notice to the other party.
7.3 Survival. The respective rights and obligations of Business Associate under Section 5.3 – “Effect of Termination” shall survive the termination of this BAA.
7.4 Interpretation. Any ambiguity in this BAA shall be resolved to permit Covered Entity to comply with HIPAA. The section and paragraph headings of this BAA are for the convenience of the reader only, and are not intended to act as a limitation of the scope or meaning of the sections and paragraphs themselves.
7.5 No Third Party Beneficiaries. Nothing express or implied in this BAA is intended to confer, nor shall anything herein confer, upon any person other than Business Associate and Covered Entity and their respective successors or assigns, any rights,remedies, obligations, or liabilities whatsoever.
7.6 Assignment. Neither Party may assign this BAA without the prior written consent of the other Party and an express written assumption by the assignee hereof of all obligations of the assignor under this BAA,except in connection with a merger, acquisition, reorganization,reincorporation, or sale of all or substantially all of such Party’s assets. Any attempted assignment in derogation of this subsection shall be null and void.
7.7 Entire Agreement; Amendment. This BAA constitutes the entire agreement between the parties as to its subject matter hereof and supersedes all prior communications, representations, and agreements, oral or written, of the parties with respect to its subject matter.No modification or amendment of any provision of this BAA shall be effective unless in writing and signed by authorized representatives of each party.
7.8 Applicability. Tabulera and Client acknowledge that this BAA is applicable only to the extent Tabulera and Client constitute a Business Associate and Covered Entity,respectively, as those terms are defined under HIPAA, and that, to the extent Tabulera and Client do not constitute a Business Associate and Covered Entity,respectfully, as those terms are defined under HIPAA, this BAA shall not apply,and the parties are governed solely by the terms and conditions of the Subscription Agreement.
7.9 Subscription Agreement. This BAA is entered into and is governed by the Subscription Agreement, the terms and conditions of which are incorporated herein by reference and remain in effect. To the extent a term or condition in the Subscription Agreement is contrary to a term or condition in this BAA and the term or condition in this BAA is required to ensure compliance with HIPAA, the term or condition in this BAA shall control.
7.10 Severability and Waiver. The invalidity of any term or provision of this BAA shall not affect the validity of any other provision. Waiver by any party of strict performance of any provision of this BAA shall not constitute a waiver of or prejudice any party’s right to require strict performance of the same provision in the future or of any other provision of this BAA.
7.11 Notices. Any notices permitted or required by this BAA will be addressed as to the parties reflected on the Order Form pursuant to the terms of the section entitled “Notices” in the Subscription Agreement.
7.12 Governing Law. This BAA shall be governed by the laws of the State of California, without giving effect to any conflicts of laws principles.
[End of Schedule B]
SCHEDULE C
TABULERA STARTER PORTAL ORDER FORM
Term:
Month to Month or Annual Subscription based on subscription term selected on sign up page.