Schedule a Call
Log in

Master Subscription and License Agreement

THIS AGREEMENT is entered into as of the effective date of the applicable quote (the “Quote”) (the “Effective Date”) by and between the customer identified on such quote (hereinafter referred to as “CUSTOMER”) and EPR Systems USA, Inc., a Florida corporation, (hereinafter referred to as “EPR” or “Vendor”).

WHEREAS EPR is engaged in the business of designing and developing computer software systems and related products and has created and developed a software package called EPR FireWorks that is capable of supplying emergency agencies with an innovative, comprehensive, and integrated records management solution; and

WHEREAS CUSTOMER is engaged in providing emergency and rescue services and desires to utilize such Software to support the management of its Fire & EMS operations; and

WHEREAS EPR and CUSTOMER believe it is in their mutual interest and desire to enter into an agreement whereby CUSTOMER would use EPR’s Software pursuant to the terms and conditions hereinafter provided.

The above recitals are hereby incorporated and made a part of this Agreement as if fully recited hereby.

NOW, THEREFORE, for and in consideration of the mutual promises and covenants contained herein, the sufficiency of which is hereby mutually acknowledged, the parties hereto hereby agree as follows

1. Purchase.

1.1 CUSTOMER shall purchase, and EPR shall sell the goods and/or services set forth in the applicable Quote.

2. Terms; Compensation.

2.1 This Agreement shall be subject to the terms and conditions contained herein and as provided by the Quote and Exhibit A, attached hereto and made a part hereof. The total fees payable by CUSTOMER for the initial term of this Agreement shall be set forth in the applicable Quote and may include subscription services and any applicable one-time implementation and training fees described therein.

2.2 Uplift on Renewal: Provider reserves the right to adjust subscription fees at the time of renewal upon written notice to Customer at least thirty (30) days prior to the renewal date. Any annual increase will not exceed eight percent (8%).

3. Definitions.

3.1 In this Agreement, unless the context otherwise requires:

a) “Acceptance” means the acceptance of the Deliverables in accordance with the Section entitled Inspection of the Deliverables of this Agreement.

b) “Confidential Information” means those confidential, scientific, technical, financial, business and other information, manufacturing, marketing, sales and distribution data, scientific and test data, documents, methods, techniques, formulations, operations, know-how, experience, skills, trade secrets, computer programs and systems, processes, practices, ideas, inventions, designs, samples, plans and drawings recognized as exempt or immune from disclosure pursuant to applicable federal or State law;

c) “Contract Price” means the amounts referred to or expressed in the applicable Quote to be payable by CUSTOMER to EPR for the Deliverables.

d) “EPR FireWorks” means computer software, converted data, system interfaces, databases and documentation that are to be supplied by ·EPR and implemented by CUSTOMER, including the Deliverables to be provided by EPR to CUSTOMER all as contemplated hereunder, as the same may be upgraded, enhanced, or otherwise modified or adapted from time to time.

e) “Deliverables” means the whole of the services including, without limitation, system set-up, data conversion, training, maintenance, and software programs required to be done, furnished, or performed by EPR in accordance with the terms of this Agreement.

f) “SaaS” means software-as-a-service that EPR hosts (directly or indirectly) for Customer’s use on a periodic subscription basis.

g) “Improvements” means any improvements, updates, variations, modifications, alterations, additions, error corrections, enhancements, functional changes or other changes to the licensed computer programs and documentation, including, without limitation:

(i) improvements and upgrades to improve software efficiency and maintainability.

(ii) improvements and upgrades to improve operational integrity and efficiency.

(iii) functional improvements or changes which support legislation, regulatory or other lawful requirements.

(iv) changes or modifications to correct errors; and

(v) additional licensed computer programs to otherwise update the licensed computer programs.

h) “Live Production” means use of EPR Fireworks system in the regular business operation of CUSTOMER, which shall be twenty-four (24) hours per day, seven (7) days per week. “Maintenance Access Period”, unless otherwise specified in the Agreement, means an uninterrupted time period of hours each day beginning Sunday from 2:00 AM – 2 PM, and weekdays Monday to Friday, between 8:00 a.m. and 5:00 p.m. EST, during which EPR shall have personnel available to receive/respond to email and/or telephone support for maintenance services including remote connect. All requests for support generate a ticket that is trackable by the customer, and metrics are available upon request.

i) 24/7 support is available for Severity Level 1 as defined below.

Severity Level 1 Mission-critical customer business process(s) unable to function – The System is not functioning, and no workaround is acceptable to the Customer, thereby preventing a department or workgroup from performing a mission-critical business function(s).
Severity Level 2 Significant impact to Mission critical Customer business process(s) – A major problem impedes the ability to perform mission critical business function(s) due to major functionality not working. A temporary work-around that is acceptable to the customer is available.

Severity Level 3

 Not able to accomplish all functions – Minor function(s) not working causing non-critical work to back up.

SeverityLevel 4

 Inconvenience – The System is causing a minor disruption in the way tasks are performed but does not stop workflow. Able to accomplish all functions, but not as efficiently as normal. May include cosmetic issues – especially in constituent- facing application
Table 4: Service Level Standards Measure
Metric
Standard
Availability System is available for use 99.95%
Performance System response time 100 percent response time during User Acceptance Testing.
Problem Management Severity Level 1 Problem Resolved 99 percent resolved within 1 business day.
  Severity Level 2 Problem Resolved 99 percent resolved within 2 business days.
  Severity Level 3 Problem Resolved 80 percent resolved in 5 business days. 100 percent in 15 business days.
  Severity Level 4 Problem Resolved 80 percent resolved in 30 business days. 100 percent in 60 business days.
Vendor Help Desk Help Desk call wait time, during hours of support.

At least 90 percent of calls are answered in 2 minutes or less (a call pick system may be used).

At Least 90 percent of Help Desk emails are answered in 30 min or less.
  Help Desk call busy signal. Less than 5 percent of calls get a busy signal.
  Help Desk calls for Severity Level 1 or 2 Severity Level 1 or 2 call back time less than 30 min.

j) “Response Time” means the period of time beginning with a bona fide attempt to reach EPR by telephone, or other oral means, or email written means has been made by CUSTOMER during a Maintenance Access Period, and ending with the response of EPR;

k) “Time to Repair” means that portion of the time that EPR FireWorks system cannot be used because of error, defect, deficiency, failure, problem or non-conformance to functional specifications, starting from the response of EPR and ending with the turnover of the Deliverables to CUSTOMER in proper working order.

l) “Unapproved Modifications” means modifications to the licensed computer programs not approved by EPR but made by CUSTOMER or on its behalf by someone other than EPR.

4. Representations.

4.1 EPR represents and warrants, and it is a condition of this Agreement, that:

(a) EPR is a corporation duly organized and existing in good standing under the laws of Florida and registered to carry on business as may be contemplated hereunder.

(b) EPR has the ability and authority to enter into this Agreement, and the execution and performance of this Agreement or any part of this Agreement by EPR has been duly authorized by all requisite corporate action.

(c) The execution and performance of this Agreement or any part of this Agreement by EPR does not and will not violate any contract or other obligation of EPR, and EPR knows of no circumstances which would prevent EPR’s performance of this Agreement or any part thereof.

(d) EPR is competent to perform its obligations hereunder, and has sufficient manpower, resources, skills, experience, and all such other materials as may be required to meet its obligations on or before the required date(s).

(e) EPR has the necessary qualifications (including knowledge, experience, and skill) to provide the Deliverables, and will provide the Deliverable in a diligent, professional and timely manner; and

(f) The representations and warranties made by EPR herein, including the recitals and all schedules hereto (in particular, in EPR’s Proposal), are reasonable and correct, and may be relied upon by CUSTOMER and shall continue to be reasonable and correct, and may be relied upon by CUSTOMER throughout the performance of this Agreement.

5. Grant of Subscription.

5.1 Grant of Subscription: Saas. For SaaS, during the term of this Agreement, Customer may access and use the SaaS and Reporting Services, subject to Customer’s compliance with the Use

Restrictions and other limitations contained in this Agreement.

6. Ownership of Data.

6.1 As between EPR and Customer, all Customer Data shall be owned by Customer.

7. Term.

7.1 This Agreement shall have an initial term of One (1) year, commencing on the Effective Date. This Agreement will auto renew annually on the effective date unless written notice is received by EPR 60 days in advance.

8. Trademarks and Proprietary Notices.

8.1 EPR expressly reserves all rights to its own tradenames, logos, trademarks, other identifying symbols and all of its proprietary rights in its product packaging or labelling of any licensed computer programs. CUSTOMER shall not acquire any right, title or interest in or to any such tradename, logo, trade- mark, or other identifying symbols of EPR.

8.2 Notwithstanding anything to the contrary provided for herein, CUSTOMER shall retain exclusive ownership of all CUSTOMER generated and/or supplied data. In no event shall such CUSTOMER-related data or information be used by EPR without the prior written consent of the CUSTOMER.

9. Payment by a 3rd Party Payer.

9.1 Third-Party Payer. If Customer desires to use a third-party entity, including, without Limitation, Digitech Computer, LLC, to pay some or al1 of the Fees on behalf of Customer (a”Third-Party Payer“), then (i) CUSTOMER shall notify EPR in writing of the designated Third Party Payer and the terms of the arrangement, (ii) the Third-Party Payer will enter into a written agreement with EPR regarding such arrangement, (iii) Customer may replace the Third-Party Payer by written notice to EPR (provided that no such change shall be made until the then-current Term’s renewal), (iv) references within this Section 8 to Customer’s responsibility for Fees shall be understood to refer to the Third-Party Payer when applicable, and (v) Customer shall remain responsible for payment if the Third-Party Payer does not pay the Fees.

9.2 Either CUSTOMER or the Third-Party Payer, if applicable, shall pay EPR in accordance with the Payment Schedule described in the applicable Quote within forty-five (45) days of receipt of a proper invoice in accordance with the Customers Local Government Prompt Payment Act.

9.3 CUSTOMER shall notify EPR, within Fifteen (15) days of receipt of a proper invoice, of any inadequacy of the invoice or of the supporting documentation, and where any such notice is given within that period, the date for payment of the amount invoiced shall be postponed until EPR remedies the inadequacy to the satisfaction of CUSTOMER, at no additional cost to CUSTOMER. Payment will be made by CUSTOMER within forty-five (45) days of receipt of a proper invoice issued by EPR.

10. Piggybacking Clause.

10.1 It is understood and agreed by Customer and EPR Systems that any governmental entity may purchase the services specified herein in accordance with the prices, terms, and conditions of this agreement. It is also understood and agreed that each local entity will establish its own contract with EPR Systems, be invoiced therefrom and make its own payments to EPR Systems in accordance with the terms of the contract established between the new governmental entity and EPR Systems. It is also hereby mutually understood and agreed that the Customer is not a legally bound party to any contractual agreement made between EPR Systems and any entity other than Customer.

11. Confidentiality.

11.1 EPR shall be bound by an obligation of strict confidence to CUSTOMER in respect of any confidential information disclosed by or on behalf of CUSTOMER to EPR or developed by EPR for CUSTOMER. EPR shall not:

(a) Disclose, either directly or indirectly, any such confidential information, or any part thereof, to any person except as is specifically contemplated in this Agreement; and

(b) Use any such confidential information, or any part thereof, for any purpose, except as is specifically contemplated within this Agreement, without the prior written consent of CUSTOMER and on terms and conditions satisfactory to CUSTOMER in its sole discretion.

(c) Notwithstanding anything to the contrary herein, CUSTOMER’s good faith compliance with the provisions of Florida Statutes, or the federal Freedom of Information Act shall not be construed as and shall not constitute a breach of this Agreement.

12. Law and Jurisdictions.

This Agreement is subject to and governed by the laws of the State of Florida. Any disputes arising out of or relating to this Agreement or its subject matter shall be resolved in accordance with the laws of Florida and shall be subject to the exclusive jurisdiction of the state or federal courts located in Oviedo, Florida. The parties irrevocably submit to the personal jurisdiction of such courts and waive any objection to the venue or jurisdiction on the grounds of inconvenience or otherwise. EPR agrees that service by first class U.S. mail to EPR Systems USA, Inc., 257 Plaza Drive Suite D, Oviedo, FL 32765 shall constitute effective service.

13. Notice.

13.1 Unless otherwise specified herein or otherwise agreed to by the parties in writing, any notice required to be given hereunder must be given in writing and delivered by postage- paid mail, personally, by prepaid courier with a copy delivered by electronic means, addressed to the appropriate party as specified on the Quote.

13.2 All notices in connection with this Agreement shall be in writing and may be given by certified, registered, or first-class mail or personally delivered at the address set forth in the Quote. For purposes of this Agreement, a notice shall be deemed effective upon personal delivery to the party or if by mail, five days after it is properly deposited with the United States Postal Service or other applicable postal service, with postage fully paid, and a copy of the notice is sent by email to the recipient.

14. Modification.

This Agreement may only be modified or amended by written instrument signed by all parties hereto, executed with the same formalities as the original agreement.

15. Interest.

EPR hereby waives any and all claims or rights to interest on money claimed to be due pursuant to this Agreement and waives any and all such rights to interest to which it may otherwise be entitled pursuant to law, including, but not limited to, pursuant to the Local Government Prompt Payment Act, as amended. The provisions of this paragraph shall survive any expiration, completion and/or termination of this Agreement.

16. Severability.

The terms of this Agreement shall be severable. In the event any of the terms or the provisions of this Agreement are deemed to be void or otherwise unenforceable for any reason, the remainder of this Agreement shall remain in full force and effect.

17. Compliance with Law.

Notwithstanding any other provision of this Agreement, it is expressly agreed and understood that in connection with the performance of this Agreement, EPR shall comply with all applicable federal, state, and other requirements of law, including, but not limited to, any applicable requirements regarding prevailing wages, minimum wage, workplace safety and legal status of employees. Without limiting the foregoing, EPR hereby certifies, represents, and warrants to the customer that all EPR employees and/or agents who will be providing products and/or services with respect to this Agreement shall be legally authorized to work in the United States. EPR shall also, at its expense, secure all permits and licenses, pay all charges and fees, and give all notices necessary and incident to the due and lawful prosecution of the work, and/or the products and/or services to be provided for in this Agreement. CUSTOMER shall have the right to audit any records in the possession or control of EPR to determine EPR’s compliance with the provisions of this section. In the event CUSTOMER proceeds with such an audit, EPR shall make available to CUSTOMER EPR’s relevant records at no additional cost. CUSTOMER shall pay any and all costs associated with any such audit.

18. Execution.

This Agreement may be executed by execution of the applicable Quote referencing this Agreement. The Quote may be executed in counterparts, each of which shall be an original, and all of which shall constitute one and the same Agreement. Signatures transmitted electronically, including by PDF, electronic signature platform, or other electronic means, shall be deemed original signatures and shall be binding for all purposes. No party shall contest the validity or enforceability of this Agreement or any Quote based on the method of transmission or execution. Upon request of either party, any electronically executed document may be re-executed in original form, but failure to do so shall not affect its validity or enforceability.

19. Conflict.

In the event of any conflict between the terms and provisions of this Agreement and the applicable Quote and Exhibit A hereto, the terms and provisions of this Agreement shall supersede and control.

20. Limitation of Damages.

In no event shall CUSTOMER be liable for any monetary damages in excess of the purchase price contemplated by this Agreement. In no event shall CUSTOMER be liable for any consequential, special or punitive damages, or any damages resulting from loss of profit.

21. Transfer of Title/Risk.

Transfer of title, and risk of loss shall pass to CUSTOMER upon delivery of the goods. All transportation and delivery shall be at EPR’s sole expense

22. Indemnification.

To the fullest extent permitted by law, EPR agrees to and shall indemnify, defend and hold harmless CUSTOMER, its officers, employees, boards and commissions from and against any and all claims, suits, judgments, costs, attorney’s fees, damages or any and all other relief or liability arising out of or resulting from or through or alleged to arise out of any acts or negligent acts or omissions of EPR or EPR’s officers, employees, agents or subcontractors in the performance of this Agreement, including but not limited to, all goods delivered or services or work performed hereunder. In the event of any action against CUSTOMER, its officers, employees, agents, boards or commissions covered by the foregoing duty to indemnify, defend and hold harmless, such action shall be defended by legal counsel of CUSTOMER’s choosing.

23. Relationship Between the Parties.

This Agreement shall not be construed so as to create a joint venture, partnership, employment or other agency relationship between the parties hereto.

24. Waiver.

Neither party hereto shall be responsible for any consequential, indirect, punitive or incidental damages, for any reason whatsoever. Any delay or failure to enforce any rights by either party arising out of or pursuant to this Agreement shall not constitute, and shall not be construed as, a waiver of any such rights.

25. Limitation of Actions

EPR shall not be entitled to, and hereby waives, any and all rights that it might have to file suit or bring any cause of action or claim for damages against the CUSTOMER and/or its affiliates, officers, employees, agents, attorneys, boards and commissions of any nature whatsoever and in whatsoever forum after two (2) years from the date of this Agreement.

26. No Other Agreements.

This Agreement, together with the applicable Quote and any exhibits expressly incorporated herein, constitutes the entire agreement between the parties with respect to its subject matter and supersedes all prior or contemporaneous proposals, discussions, communications, and agreements, whether oral or written. This Agreement may be amended only by a written instrument executed by both parties, except that additional Quotes referencing this Agreement may be executed in accordance with its terms.

27. Appropriation of Funds.

The obligations of the CUSTOMER under any contract for any fiscal year are subject to and contingent upon the appropriation of funds sufficient to discharge the obligations which accrue in that fiscal year and authorization to spend such funds for the purposes of the contract. If, for any fiscal year the term of the Contract, sufficient funds for the discharge of the CUSTOMER’s obligations under this Agreement are not appropriated and authorized, then this Agreement shall terminate as of the last day of the preceding fiscal year, or when such appropriated and authorized funds are exhausted, whichever is later, without liability to CUSTOMER for damages, penalties, or other charges on account of such termination.

The person executing this Agreement certifies that s/he has been authorized by CUSTOMER to commit CUSTOMER contractually and has been authorized to execute this Agreement on its behalf.

The person executing this Agreement on behalf of EPR certifies that s/he has been authorized by EPR to commit EPR contractually and has been authorized to execute this Agreement on its behalf.

28. HIPAA Compliance.

The Business Associate Agreement between EPR and the CUSTOMER, attached hereto as Exhibit A, is made part of this Agreement.

29. System Backup.

The parties agree and acknowledge that all EPR FireWorks system data shall be housed in the secure Amazon Web Services cloud environment, with security, back up and disaster recovery built-in.

30. Data Conversion.

CUSTOMER agrees to provide EPR with a copy of CUSTOMER’s database for data conversion purposes, and EPR agrees to destroy such data upon completion of the conversion.

31. Compatibility.

EPR guarantees compatibility with Microsoft Entra ID SSO.

32. Scrutinized Companies and Business Operations Certification; Termination. (FL Customers) Certification(s).

By its execution of this Agreement, the Vendor hereby certifies to the Customer that the Vendor is not on the Scrutinized Companies that Boycott Israel List, created pursuant to Section 215.4725, Florida Statutes, nor is the Vendor engaged in a boycott of Israel, nor was the Vendor on such List or engaged in such a boycott at the time it submitted its bid, proposal, quote, or other form of offer, as applicable, to the Customer with respect to this Agreement.

Additionally, if the value of the goods or services acquired under this Agreement are greater than or equal to One Million Dollars ($1,000,000), then the Vendor further certifies to the Customer as follows:

  • the Vendor is not on the Scrutinized Companies with Activities in Sudan List, created pursuant to Section 215.473, Florida Statutes; and
  • the Vendor is not on the Scrutinized Companies with Activities in the Iran Petroleum Energy Sector List, created pursuant to Section 215.473, Florida Statutes; and
  • the Vendor is not engaged in business operations (as that term is defined in Florida Statutes, Section 287.135) in Cuba or Syria; and
  • the Vendor was not on any of the Lists referenced in this subsection A(ii), nor engaged in business operations in Cuba or Syria when it submitted its proposal to the Customer concerning the subject of this Agreement.

The Vendor hereby acknowledges that it is fully aware of the penalties that may be imposed upon the Vendor for submitting a false certification to the Customer regarding the foregoing matters.

33. Termination.

In addition to any other termination rights stated herein, the Customer may immediately terminate this Agreement upon the occurrence of any of the following events:

  • The Vendor is found to have submitted a false certification to the Customer with respect to any of the matters set forth in subsection A(i) above, or the Vendor is found to have been placed on the Scrutinized Companies that Boycott Israel List or is engaged in a boycott of Israel.
  • The Vendor is found to have submitted a false certification to the Customer with respect to any of the matters set forth in subsection A(ii) above, or the Vendor is found to have been placed on the Scrutinized Companies with Activities in Sudan List, or the Scrutinized Companies with Activities in the Iran Petroleum Energy Sector List, or has been engaged in business operations in Cuba or Syria, and the value of the goods or services acquired under this Agreement are greater than or equal to One Million Dollars ($1,000,000).
EXHIBIT A

HIPAA BUSINESS ASSOCIATE ADDENDUM

Customer and EPR Systems (“Business Associate”) agree that this HIPAA Business Associate Addendum is entered into for the benefit of Customer, which is a covered entity under the Privacy Standards (“Covered Entity”).

Pursuant to the Master Subscription and License Agreement (the “Agreement”) into which this HIPAA Business Associate Addendum (this “Addendum”) has been incorporated, Business Associate may perform functions or activities involving the use and/or disclosure of PHI on behalf of the Covered Entity, and therefore, Business Associate may function as a business associate. Business Associate, therefore, agrees to the following terms and conditions

  1. Scope. This Addendum applies to and is hereby automatically incorporated into all present and future agreements and relationships, whether written, oral or implied, between Covered Entity and Business Associate, pursuant to which PHI is created, maintained, received or transmitted by Business Associate from or on behalf of Covered Entity in any form or medium whatsoever.
  2. Definitions. For purposes of this Addendum, the terms used herein, unless otherwise defined, shall have the same meanings as used in the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), or the Health Information Technology for Economic and Clinical Health Act (“HITECH”), and any amendments or implementing regulations, (collectively “HIPAA Rules”).
  3. Compliance with Applicable Law. The parties acknowledge and agree that, beginning with the relevant effective date, Business Associate shall comply with its obligations under this Addendum and with all obligations of a business associate under HIPAA, HITECH, the HIPAA Rules, and other applicable laws and regulations, as they exist at the time this Addendum is executed and as they are amended, for so long as this Addendum is in place.
  4. Permissible Use and Disclosure of PHI. Business Associate may use and disclose PHI as necessary to carry out its duties to a Covered Entity pursuant to the terms of the Agreement and as required by law. Business Associate may also use and disclose PHI (i) for its own proper management and administration, and (ii) to carry out its legal responsibilities. If Business Associate discloses Protected Health Information to a third party for either above reason, prior to making any such disclosure, Business Associate must obtain: (i) reasonable assurances from the receiving party that such PHI will be held confidential and be disclosed only as required by law or for the purposes for which it was disclosed to such receiving party; and (ii) an agreement from such receiving party to immediately notify Business Associate of any known breaches of the confidentiality of the PHI.
  5. Limitations on Use and Disclosure of PHI. Business Associate shall not, and shall ensure that its directors, officers, employees, subcontractors, and agents do not, use or disclose PHI in any manner that is not permitted by the Agreement or that would violate Subpart E of 45 C.F.R. 164 (“Privacy Rule”) if done by a Covered Entity. All uses and disclosures of, and requests by, Business Associate for PHI are subject to the minimum necessary rule of the Privacy Rule.
  6. Required Safeguards to Protect PHI. Business Associate shall use appropriate safeguards and comply with Subpart C of 45 C.F.R. Part 164 (“Security Rule”) with respect to electronic PHI, to prevent the use or disclosure of PHI other than pursuant to the terms and conditions of this Addendum.

  7. Reporting to Covered Entity. Business Associate shall report to the affected Covered Entity without unreasonable delay: (a) use or disclosure of PHI not provided for by the Agreement of which it becomes aware; (b) any breach of unsecured PHI in accordance with 45 C.F.R. Subpart D of 45 C.F.R. 164 (“Breach Notification Rule”); and (c) any security incident of which it becomes aware. With regard to Security Incidents caused by or occurring to Business Associate, Business Associate shall cooperate with the Covered Entity’s investigation, analysis, notification and mitigation activities, and except for Security Incidents caused by Covered Entity, shall be responsible for reasonable costs incurred by the Covered Entity for those activities. Notwithstanding the foregoing covered Entity acknowledges and shall be deemed to have received advanced notice from Business Associate that there are routine occurrences of: (i) unsuccessful attempts to penetrate computer networks or services maintained by Business Associate; and (ii) immaterial incidents such as “pinging” or “denial of services” attacks.

  8. Mitigation of Harmful Effects. Business Associate agrees to mitigate, to the extent practicable, any harmful effect of a use or disclosure of PHI by Business Associate in violation of the requirements of the Agreement, including, but not limited to, compliance with any state law or contractual data breach requirements.
  9. Agreements by Third Parties. Business Associate shall enter into an agreement with any subcontractor of Business Associate that creates, receives, maintains, or transmits PHI on behalf of Business Associate. Pursuant to such agreement, the subcontractor shall agree to be bound by the same or greater restrictions, conditions, and requirements that apply to Business Associate under this Addendum with respect to such PHI.
  10. Access to PHI. Within five business days of a request by a Covered Entity for access to PHI about an individual contained in a Designated Record Set, Business Associate shall make available to the Covered Entity such PHI for so long as such information is maintained by Business Associate in the Designated Record Set, as required by 45 C.F.R. 164.524. In the event any individual delivers directly to Business Associate a request for access to PHI, Business Associate shall within five (5) business days forward such request to the Covered Entity.
  11. Amendment of PHI. Within five business days of receipt of a request from a Covered Entity for the amendment of an individual’s PHI or a record regarding an individual contained in a Designated Record Set (for so long as the PHI is maintained in the Designated Record Set), Business Associate shall provide such information to the Covered Entity for amendment and incorporate any such amendments in the PHI as required by 45 C.F.R. 164.526. In the event any individual delivers directly to Business Associate a request for amendment to PHI, Business Associate shall within five business days forward such request to the Covered Entity.

  12. Documentation of Disclosures. Business Associate agrees to document disclosures of PHI and information related to such disclosures as would be required for a Covered Entity to respond to a request by an individual for an accounting of disclosures of PHI in accordance with 45

    C.F.R. 164.528 and HITECH.

  13. Accounting of Disclosures. Within five business days of notice by a Covered Entity to Business Associate that it has received a request for an accounting of disclosures of PHI, Business Associate shall make available to a Covered Entity information to permit the Covered Entity to respond to the request for an accounting of disclosures of PHI, as required by 45 C.F.R. 164.528 and HITECH.
  14. Other Obligations. To the extent that Business Associate is to carry out one or more of a Covered Entity’s obligations under the Privacy Rule, Business Associate shall comply with such requirements that apply to the Covered Entity in the performance of such obligations.
  15. Judicial and Administrative Proceedings. In the event Business Associate receives a subpoena, court or administrative order or other discovery request or mandate for release of PHI, the affected Covered Entity shall have the right to control Business Associate’s response to such request, provided that, such control does not have an adverse impact on Business Associate’s compliance with existing laws. Business Associate shall notify the Covered Entity of the request as soon as reasonably practicable, but in any event within seven business days of receipt of such request.
  16. Availability of Books and Records. Business Associate hereby agrees to make its internal practices, books, and records available to the Secretary of the Department of Health and Human Services for purposes of determining compliance with the HIPAA Rules.
  17. Breach of Contract by Business Associate. In addition to any other rights a party may have in the Agreement, this Addendum or by operation of law or in equity, either party may: i) immediately terminate the Agreement if the other party has violated a material term of this Addendum; or ii) at the non-breaching party’s option, permit the breaching party to cure or end any such violation within the time specified by the non-breaching party. The non-breaching party’s option to have cured a breach of this Addendum shall not be construed as a waiver of any other rights the non-breaching party has in the Agreement, this Addendum or by operation of law or in equity.
  18. Effect of Termination of Agreement. Upon the termination of the Agreement or this Addendum for any reason, Business Associate shall return to a Covered Entity or, at the Covered Entity’s direction, destroy all PHI received from the Covered Entity that Business Associate maintains in any form, recorded on any medium, or stored in any storage system. This provision shall apply to PHI that is in the possession of Business Associate, subcontractors, and agents of Business Associate. Business Associate shall retain no copies of the PHI. Business Associate shall remain bound by the provisions of this Addendum, even after termination of the Agreement or Addendum, until such time as all PHI has been returned or otherwise destroyed as provided in this Section. For the avoidance of doubt, de- identified Customer Data shall not be subject to this provision.
  19. Injunctive Relief. Business Associate stipulates that its unauthorized use or disclosure of PHI while performing services pursuant to this Addendum would cause irreparable harm to a Covered Entity, and in such event, the Covered Entity shall be entitled to institute proceedings in any court of competent jurisdiction to obtain damages and injunctive relief.
  20. Owner of PHI. Under no circumstances shall Business Associate be deemed in any respect to be the owner of any PHI created or received by Business Associate on behalf of a Covered Entity.

  21. Safeguards and Appropriate Use of Protected Health Information. Covered Entity is responsible for implementing appropriate privacy and security safeguards to protect its PHI in compliance with HIPAA. Without limitation, it is Covered Entity’s obligation to:

    21.1. Not include PHI in information Covered Entity submits to technical support personnel through a technical support request or to community support forums. In addition, Business Associate does not act as, or have the obligations of a Business Associate under the HIPAA Rules with respect to Customer Data once it is sent to or from Covered Entity outside EPR’s Software over the public Internet.

    21.2. Implement privacy and security safeguards in the systems, applications, and software Covered Entity controls, configures and connects to EPR’s Software.

  22. Third Party Rights. The terms of this Addendum do not grant any rights to any parties other than Business Associate and Covered Entity.

  23. Signatures. The signatures to the Agreement (or the document evidencing the parties’ adoption thereof) indicate agreement hereto and shall be deemed signatures hereof, whether manual, or electronic

cookie preferences

Sharing your cookies helps us enhance site functionality and optimize your browsing experience.
Click here to read our Cookie Policy. Manage Settings

Accept