Laserfiche WebLink
A TRUE COPY <br />CERTIFICATION ON LAST PAGE <br />RYAN L. BUTLER, CLERK <br />16. Indemnification. Limitation of Liability. Each party to this Agreement hereby agrees to indemnify, <br />defend, and hold harmless the other party (including, but not limited to, its directors, employees, officers, and agents) from <br />and against any and all claims, causes of action, liabilities, damages, costs, or expenses (including, but not limited to, <br />attorneys' fees) incurred by the party as a result of the other party's (or any party acting by or through the party) gross <br />negligence or willful misconduct or failure to perform any of its duties or obligations under this Agreement. Notwithstanding <br />anything herein to the contrary, (i) in no event will either party be liable to the other party under contract, tort, or any other <br />legal theories for incidental, consequential, indirect, punitive, exemplary or special losses or damages of any kind, regardless <br />of the nature of the claim, including, without limitation, loss of revenue, loss of profits, loss of goodwill, and loss of data; <br />and. (ii) either party's total aggregate liability in connection with this Agreement shall be subject to any limitation of liability <br />provisions in the Underlying Agreement and in no event shall exceed the following amounts: (a) if the Company has less <br />than 1,500 Members as of this Agreement's Effective Date, the amount equal to the Transaction Fees and Program Fees <br />paid by the Company to the Business Associate in the most recently completed Plan year; (b) if the Company has between <br />1,500 and 5,000 Members as of this Agreement's Effective Date, the amount equal to two times the Transaction Fees and <br />Program Fees paid by the Company to the Business Associate in the most recently completed Plan year; or (c) if the <br />Company has more than 5,000 Members as of this Agreement's Effective Date, the amount equal to three times the <br />Transaction Fees and Program Fees paid by the Company to the Business Associate in the most recently completed Plan <br />year. This Section 16 shall survive termination or expiration of this Agreement. <br />17. Securily. The Business Associate shall: <br />(a) Implement administrative, physical, and technical safeguards that reasonably and appropriately protect <br />the confidentiality, integrity, and availability of the Electronic Protected Health Information that it creates, receives, <br />maintains, or transmits on behalf of the Company as required by the Regulations; <br />(b) Ensure that any agent, including any subcontractor, to whom the Business Associate provides such <br />Electronic Protected Health Information agrees in writing to implement reasonable and appropriate safeguards to protect it; <br />(c) Report to the Company any security incident of which the Business Associate becomes aware; provided <br />that the parties acknowledge that probes and reconnaissance scans are commonplace in electronic information systems and <br />the parties therefore acknowledge and agree that, to the extent such probes and reconnaissance scans constitute security <br />incidents under the Security Rule, this Section 17(c) constitutes notice to the Company of the ongoing existence and <br />occurrence of such security incidents for which no additional notice shall be required. Probes and reconnaissance scans <br />include, without limitation, pings and other broadcast attacks on the Business Associate's firewall, port scans, and <br />unsuccessful log -on attempts, as long as such probes and reconnaissance scans do not result in unauthorized Use or Disclosure <br />of PHI; <br />(d) Make its policies and procedures and documentation required by the Regulations relating to such <br />administrative, physical, and technical safeguards, available to the Secretary of HHS for purposes of determining the <br />Company's compliance with the Regulations; <br />(e) Acknowledge its obligation to comply with the Security Regulations in using and disclosing Electronic <br />Protected Health Information, including but not limited to 45 C.F.R. §§ 164.308 (Administrative safeguards), 164.310 <br />(Physical safeguards), 164.312 (Technical safeguards), and 164.316 (Policies and procedures and documentation <br />requirements) of the Security Regulations. <br />(f) Notify the Company in writing within fifteen (15) business days after discovery of a breach, as that term <br />is defined at 45 C.F.R. § 164.402, of which Business Associate becomes aware. Business Associate shall also promptly <br />provide Company such other information required to be provided to individuals under 45 C.F.R. § 164.404(c) as it becomes <br />available after such breach. <br />18. Offshore Access to PHI. Business Associate agrees that no PHI may be maintained, stored, or transmitted <br />outside of the United States by Business Associate or its subcontractors, but Business Associate and its subcontractors may <br />access PHI from locations outside of the United States. The provisions of this Agreement shall apply completely and without <br />exception to such accesses of PHI outside of the United States. <br />4 <br />NOT FOR DISTRIBUTION. THE INFORMATION CONTAINED HEREIN IS CONFIDENTIAL, PROPRIETARY AND <br />CONSTITUTES TRADE SECRETS OF ESI AND RXBENEFITS <br />