The URL can be used to link to this page

Home My WebLink About2021-018SERVICE AGREEMENT (LUbIINARE SOFTWARE) A TRUE COPY CERTIFICATION ON LAST PAGE J.R. SMITH, CLERK This Service Agreement ("Agreement's, dated as of January 21t' 2021 ("Effective Date'l, is made by and between Luminare Inc., with a place of business at TMC Innovation Institute, 2450 Holcombe Blvd., Suite X, Houston, Texas 77021 ("Luminare'), and Indian River County Florida with a place of business at 180127th Street, Vero Beach 32960 ("Company'). The parties agree as follows: 1. Service. The parties intend for Company to use Luminare's software services identified in Exhibit B, which is attached hereto and incorporated herein by reference, which services are will be provided to Company as a hosted, software -as -a -service application (collectively, the "Service"). This agreement is specifically for the product and scope as described in Exhibit B. Subject to the terms and conditions of this Agreement, Luminare grants to Company a nonexclusive and nontransferable license to use the Service for the term of this Agreement. Company's use of the Service will be solely for its own internal purposes of the Company, by its employees and any healthcare providers, pharmacists or other .employees who are involved either in patient care or quality management related to patient care and who are authorized by the Company to use the Service at the Company's facility. Company and Luminare shall each comply with their respective obligations that are set forth on Exhibit A, which is attached hereto and incorporated herein by reference. 2. Payment. Company will pay to Luminare the fees and other amounts set forth on Exhibit B or as may be specified in any mutually agreed upon SOW that is signed by both parties and incorporated by reference into this Agreement. All fees and other amounts are exclusive of any sales use or other similar taxes or charges, and Company is responsible for all taxes or charges assessed by any governmental authority in connection with the provision and use of the Service under this Agreement, except for income taxes payable by Luminare. Fees shall be invoiced as set forth in Exhibit B or in the applicable SOW. Unless otherwise specified in Exhibit B or in the applicable SOW, any amount invoiced is due and payable no later than 30 days after the date of invoice. 3. Term; Termination. This Agreement commences on the Effective Date and will remain in effect for the term set forth on Exhibit A. The parties may extend this term by executing a signed modification to this Agreement. Either party may terminate this Agreement if the other Party materially breaches the terms and conditions set forth herein, provided however, that such breaching Party is provided no less than thirty (30) days in which to cure such alleged material breach following actual receipt of the written notice from the non -breaching Party describing the alleged breach in reasonable detail. This Agreement also may be terminated no more than seven days after the U.S. government revokes the employer's rights to collect their employee's Input Data. Sections 4 through 13 of this Agreement shall survive expiration or termination of this Agreement. Company may at any time and for any reason terminate Luminaire's services and work for Company's convenience. (This is a Federal requirement for any agreement over $10,000. Luminare certifies that it and those related entities of Luminare as defined by Florida law are not on the Scrutinized Companies that Boycott Israel List, created pursuant to s. 215.4725 of the Florida Statutes, and are not engaged in a boycott of Israel. Company may terminate this Contract if Luminare, including all wholly owned subsidiaries, majority- owned subsidiaries, and parent companies that exist for the purpose of making profit, is found to have been placed on the Scrutinized Companies that Boycott Israel List or is engaged in a boycott of Israel as set forth in section 215.4725, Florida Statutes. A TRUE COPY J CERTIFICATION ON LAST PAGF J.R. SMITH. CLERK 4. Ownership of Service IP. As between Company and Luminare, Company acknowledges and agrees that the software and other intellectual property underlying the Service, as well as any Service user materials, are the property of Luminare and are protected under U.S. and international intellectual property laws, including copyrights, trademarks, service marks, patents, trade secrets or other proprietary rights and laws. Luminare reserves all rights not expressly granted in this Agreement. Luminare has the right, but not the obligation, to monitor the Service, Input Data (as defined herein) and Service reports. 5. Ownership of Input Data; Permitted Use. "Input Data" means all information and data input into the Luminare Solution purchased in Exhibit B. As between Company and Luminare, Luminare acknowledges and agrees that any Input Data is proprietary to Company and/or third parties, and not proprietary to Luminare. Company represents and warrants that it has all necessary consents, or owns or otherwise controls all necessary rights, to supply Input Data in connection with the Service and that use of Input Data for such purpose will not violate any applicable law or infringe or violate the rights of any third party. Luminare will have no liability under this Agreement for any failure of the foregoing Company representation and warranty. In addition, Company grants Luminare a nonexclusive license to use de -identified and/or aggregated data uploaded to the Service and/or produced from Company's use of the Service, for the purposes of evaluating effectiveness of the Service, making improvements to the Service, and generating statistics regarding (i) any of the results of use of the Service or (ii) the general effectiveness of medications and other treatments, individually and in concert, on disease states. 6. Limitations of Liability. Except for any breaches of a party's obligations relating to confidentiality or Company's obligations concerning its use of Luminare's intellectual property, in no event will either party's aggregate liability hereunder to the other party exceed the total fees paid by Company to Luminare for the twelve-month period preceding the date on which the subject liability arose.. Nothing in this Agreement shall be deemed as a waiver of Company's sovereign immunity and any liability of Company under this Agreement shall be limited to and only to the extent set forth in section 768.28, Florida Statutes. EXCEPT FOR ANY BREACHES OF A PARTY'S OBLIGATIONS RELATING TO CONFIDENTIALITY OR COMPANY'S OBLIGATIONS CONCERNING ITS USE OF LUMINARE' S INTELLECTUAL PROPERTY HEREUNDER, IN NO EVENT SHALL EITHER PARTY BE LIABLE, UNDER ANY LEGAL OR EQUITABLE THEORY OF LIABILITY, WITH RESPECT TO THE SERVICE (EXCEPT TO THE EXTENT OTHERWISE REQUIRED BY APPLICABLE LAW OR BY ANOTHER AGREEMENT BETWEEN THE PARTIES HERETO) FOR ANY LOST DATA, LOST PROFITS, OR SPECIAL, INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES OF ANY KIND WHATSOEVER REGARDLESS OF WHETHER SUCH LOSS WAS FORESEEABLE OR THE PARTY SUFFERING THE LOSS OR DAMAGE WAS ADVISED OF THE POSSIBILITY OF SUCH LOSS OR DAMAGE. 7. Disclaimers. Company's access to and use of the Service is at Company's sole risk. Company understands and agrees that the Service is provided to you on an "AS IS" and "AS AVAILABLE" basis. Without limiting the foregoing, to the maximum extent permitted under applicable law, LUMINARE DISCLAIMS ALL WARRANTIES AND CONDITIONS OF ANY KIND WITH RESPECT TO THE SERVICE, WHETHER EXPRESS OR IMPLIED, INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON -INFRINGEMENT 8. USE WARNINGS. THE COMPANY DOES NOT OFFER MEDICAL ADVICE, DIAGNOSES OR OTHER HEALTH MANAGEMENT SERVICES OR ENGAGE IN THE PRACTICE OF MEDICINE. THE SERVICE IS NOT INTENDED TO BE, AND DOES NOT CONSTITUTE, H I nuc uur'T CERTIFICATION ON LAST PAGE J.R. SMITH, CLERK A SUBSTITUTE FOR PROFESSIONAL MEDICAL ADVICE BY PHYSICIANS OR LICENSED INDEPENDENT PRACTITIONERS, OR A SUBSTITUTE FOR DIAGNOSIS, TREATMENT OR HEALTH MANAGEMENT AND IS OFFERED FOR INFORMATIONAL PURPOSES ONLY. FURTHERMORE, THE INFORMATION PRODUCED BY THE SERVICE IS ONLY USEFUL TO THE EXTENT THAT THE INPUT DATA IS ACCURATE. END USERS SHOULD ALWAYS RELY ON THEIR CLINICAL JUDGMENT WHEN MAKING DECISIONS REGARDING PATIENT CARE. AT ALL TIMES, IT IS THE RESPONSIBILITY OF COMPANY AND ITS END USERS TO ACCESS, REVIEW AND RESPOND TO ALL RESULTS FROM USE OF THE SERVICE, INCLUDING WITHOUT LIMITATION ANY ALERTS MADE AVAILABLE BY THE SERVICE (COLLECTIVELY, SERVICE RESULTS), IN A TIMELY AND CLINICALLY APPROPRIATE MANNER, AND LUMINARE WILL HAVE NO LIABILITY TO COMPANY, ANY END USER OR ANY THIRD PARTY FOR ANY FAILURE OF COMPANY, ANY END USER OR ANY OTHER CLINICIAN TO APPROPRIATELY RESPOND TO ANY SERVICE RESULTS. 9. BUSINESS ASSOCIATE AGREEMENT: EXECUTION OF THIS CONTRACT WILL ALSO RESULT IN EXECUTION OF THE ATTACHED BUSINESS ASSOCIATE AGREEMENT AND THE TERMS INCLUDED THERE. 10. Company is a public agency subject to Chapter 119, Florida Statutes. Luminare shall comply with Florida's Public Records Law. Specifically, the Luminare shall: (1) Keep and maintain public records required by the Company to perform the service. (2) Upon request from the Company's Custodian of Public Records, provide the Company with a copy of the requested records or allow the records to be inspected or copied within a reasonable time at a cost that does not exceed the cost provided in Chapter 119 or as otherwise provided by law. (3) Ensure that public records that are exempt or confidential and exempt from public records disclosure requirements are not disclosed except as authorized by law for the duration of the contract term and following completion of the contract if Luminare does not transfer the records to the County. (4) Upon completion of the contract, transfer, at no cost, to the Company all public records in possession of Luminare or keep and maintain public records required by the Company to perform the service. If Luminare transfers all public records to the Company upon completion of the contract, the Luminare shall destroy any duplicate public records that are exempt or confidential and exempt from public records disclosure requirements. If Luminare keeps and maintains public records upon completion of the contract, Luminare shall meet all applicable requirements for retaining public records. All records stored electronically must be provided to the Company, upon request from the Custodian of Public Records, in a format that is compatible with the information technology systems of the Company. (5). IF THE LUMINARE HAS QUESTIONS REGARDING THE APPLICATION OF CHAPTER 119, FLORIDA STATUTES, TO LUMINARE'S DUTY TO PROVIDE PUBLIC RECORDS RELATING TO THIS CONTRACT, CONTACT THE CUSTODIAN OF PUBLIC RECORDS AT: (772) 226-1424 ATRUE COPY CERTIFICATION ON LAST PAGE J.R. SMITH, CLERK ublicrecordskirc 92vaconY Indian River County Office of the County Attorney 180127th Street Vero Beach, FL 32960 (6). Failure of Luminare to comply with these requirements shall be a material breach of this Agreement. 11. This Agreement shall be governed by and interpreted in accordance with the laws of the State of Texas exclusively, excluding its conflicts of laws principles. Both the Uniform Computer Information Transactions Act and the United Nations Convention on Contracts for the International Sale of Goods (1980) are excluded in their entirety from application to this Agreement. The parties consent to the exclusive jurisdiction of and venue in the federal and/or state courts for Austin, Texas, for all claims arising out of or relating to this Agreement or the Company's use of the Service. Notwithstanding any law, rule or regulation to the contrary, the Company agrees that any claim or cause of action it may have arising out of this Agreement or the Company's use of the Service must be filed within one (1) year after such claim or cause of action arose or be forever barred. 12. Clean Air Act: (1) Luminare agrees to comply with all applicable standards, orders or regulations issued pursuant to the Clean Air Act, as amended, 42 U.S.C. § 7401 et seq. (2) The contractor agrees to report each violation to the Company and understands and agrees that the Company will, in turn, report each violation as required to assure notification to the Federal Emergency Management Agency, and the appropriate Environmental Protection Agency Regional Office. (3) Luminare agrees to include these requirements in each subcontract exceeding $100,000 financed in whole or in part with Federal assistance provided by FEMA. 13. Federal Water Pollution Control Act: (1) Luminare agrees to comply with all applicable standards, orders or regulations issued pursuant to the Federal Water Pollution Control Act, as amended, 33 U.S.C. 1251 et seq. (2) Luminare agrees to report each violation to the Company and understands and agrees that the Company will, in turn, report each violation as required to assure notification to the Federal Emergency Management Agency, and the appropriate Environmental Protection Agency Regional Office. (3) Luminare agrees to include these requirements in each subcontract exceeding $100,000 financed in whole or in part with Federal assistance provided by FEMA. 14. Debarment and Suspension (1) This contract is a covered transaction for purposes of 2 C.F.R. pt. 180 and 2 C.F.R. pt. 3000. As such Luminare is required to verify that none of Luminare, its principals (defined at 2 C.F.R. § 180.995), or its affiliates (defined at 2 C.F.R. § 180.905) are excluded (defined at 2 C.F.R. § 180.940) or disqualified (defined at 2 C.F.R. § 180.935). (2) Luminare must comply with 2 C.F.R. pt. 180, subpart C and 2 C.F.R. pt. 3000, subpart C and must include a requirement to comply with these regulations in any lower tier covered transaction it enters into. (3) This certification is a material representation of fact relied upon by Company. If it is later determined that Luminare did not comply with 2 C.F.R. pt. 180, subpart C and 2 C.F.R. pt. 3000, subpart C, in addition to remedies available to Company, the Federal Government may pursue available remedies, including but not limited to suspension and/or debarment. H I NUL WHY CERTIFICATION ON LAST PAGE J.R. SMITH, CLERK (4) The bidder or proposer agrees to comply with the requirements of 2 C.F.R. pt. 180, subpart C and 2 C.F.R. pt. 3000, subpart C while this offer is valid and throughout the period of any contract that may arise from this offer. The bidder or proposer further agrees to include a provision requiring such compliance in its lower tier covered transactions. 15. Byrd Anti -Lobbying Amendment, 31 U.S.C. § 1352. (as amended) Contractors who apply or bid for an award of $100,000 or more shall file the required certification. Each tier certifies to the tier above that it will not and has not used Federal appropriated funds to pay any person or organization for influencing or attempting to influence an officer or employee of any agency, a member of Congress, officer or employee of Congress, or an employee of a member of Congress in connection with obtaining any Federal contract, grant, or any other award covered by 31 U.S.C. § 1352. Each tier shall also disclose any lobbying with non -Federal funds that takes place in connection with obtaining any Federal award. Such disclosures are forwarded from tier to tier up to the recipient who in turn will forward the certification(s) to the awarding agency. 16. Procurement of Recycled/Recovered Materials: (1) In the performance of this contract, Luminare shall make maximum use of products containing recovered materials that are EPA -designated items unless the product cannot be acquired— (i) Competitively within a timeframe providing for compliance with the contract performance schedule; (ii) Meeting contract performance requirements; or (iii) At a reasonable price. (2) Information about this requirement is available at EPA's Comprehensive Procurement Guidelines web site, https://www.ppa.gov/snun/coMprehensive-procurement-guideline gpg_yro ain. (3) Luminare also agrees to comply with all other applicable requirements of Section 6002 of the Solid Waste Disposal Act. 17. Access to Records: The following access to records requirements apply to this contract: (1) Luminare agrees to provide Company, the State of Florida, the FEMA Administrator, the Comptroller General of the United States, or any of their authorized representatives access to any books, documents, papers, and records of Luminare which are directly pertinent to this contract for the purposes of making audits, examinations, excerpts, and transcriptions. (2) Luminare agrees to permit any of the foregoing parties to reproduce by any means whatsoever or to copy excerpts and transcriptions as reasonably needed. (3) Luminare agrees to provide the FEMA Administrator or his authorized representatives access to construction or other work sites pertaining to the work being completed under the contract. (4) In compliance with the Disaster Recovery Act of 2018, the Company and Luminare acknowledge and agree that no language in this contract is intended to prohibit audits or internal reviews by the FEMA Administrator or the Comptroller General of the United States. 18. DHS Seal, Logo, and Flags: Luminare shall not use the DHS seal(s), logos, crests, or reproductions of flags or likenesses of DHS agency officials without specific FEMA pre -approval. 19. Compliance with Federal Law, Regulations, and Executive Orders: This is an acknowledgement that FEMA financial assistance will be used to fund all or a portion of the contract. Luminare will comply will all applicable Federal law, regulations, executive orders, and FEMA policies, procedures, and directives. A TRUE COPY CERTIFICATION ON LAST PAGL J.R. SMITH, CLERK 20. No Obligation by Federal Government: The Federal Government is not a party to this contract and is not subject to any obligations or liabilities to the non -Federal entity, contractor, or any other party pertaining to any matter resulting from the contract. 21. Program Fraud and False or Fraudulent Statements or Related Acts: Luminare acknowledges that 31 U.S.C. Chap. 38 (Administrative Remedies for False Claims and Statements) applies to its actions pertaining to the contract. 22. AFFIRMATIVE STEPS: CONTRACTOR shall take the following affirmative steps to ensure minority business, women's business enterprises sarea urplus business are uses enterprises when bon (1) Placing qualified small and minority businesses andwomen solicitation lists. (2) Ensuring that small and minority businesses, and women's business enterprises are solicited whenever they are potential sources. (3) Dividing total requirements, when economically feasible, into smaller tasks or quantities to permit maximum participation by small and minority businesses, and women's business enterprises. (4) Establishing delivery schedules, where the requirement permits, which encourage participation by small and minority businesses, and women's business enterprises. (5) Using the services and assistance of the Small Business Administration and the Minority Business Development Agency of the Department of Commerce. 23. Luminare agrees to register with and will use the Department of Homeland Security's E -Verify system (www e -verify. goy) to confirm the employment eligibility of all newly hired employees for the duration of this agreement, as required by Section 448.095, F.S. Luminare is also responsible for obtaining proof of E -Verify registration and utilization for all subcontractors. 24. This Agreement, including all documents incorporated herein by reference, constitutes the complete and exclusive agreement between the parties with respect to the subject matter hereof, and supersedes and replaces any and all prior or contemporaneous discussions, negotiations, understandings and agreements, written and oral, regarding such subject matter. Any additional or different terms in any purchase order or other response by the Company shall be deemed objected to by Luminare without need of further notice of objection, and shall be of no effect or in any way binding upon Luminare. 25. This Agreement may be executed in two or more counterparts, each of which will be deemed an original, but all of which together shall constitute one and the same instrument. Once signed, any reproduction of this Agreement made by reliable means (e.g., photocopy, PDF) is considered an original. This Agreement may be changed only by a written document signed by authorized representatives of both parties. A TRUE COPY CERTIFICATION ON LAST PAGE J.R. SMITH, CLERK EXHIBIT A to Service Agreement Service Use Requirements; Service Specifications Part 1— Current Data Input and similar Technical Requirements Company shall provide or supply, as applicable, the following: Administrative oversight to ensure adequate overview of the use of the Luminare solution purchased in Exhibit B for the Company. Part 2 - Security Matters Concerning Use of Service Input Data will be supplied to Luminare either by Company or on Company's behalf. In addition, in order to access reports generated by the Service, Company will have access to certain Service web page(s). Company will be responsible for maintaining the security and confidentiality of all activity (i) to supply Input Data to the Service and (ii) to access reports generated for Company by the Service. Company will take reasonable steps, including no less than industry standard security measures, to prevent unauthorized use of the Service, and Company will immediately notify Luminare in writing of any unauthorized use of any of its users' login names or passwords of which such user, or other Company party, becomes aware. Luminare may suspend the Service (in whole or in part), including without limitation suspending access for certain previously authorized users, in the event of the potential or actual compromise or unauthorized use of the Service.. Part 3 — Compliance with Applicable Law Each party agrees to comply with all applicable federal, state and local laws, orders, regulations and regulatory standards with respect to its respective obligations and performance under this Agreement and, in the case of Company, with respect to Company's use of the Service. Part 4—Error, Reporting Company will follow ' Luininare's reasonable procedures and instructions to report any errors and difficulties it encounters with regard to the Service so as to permit Luminare to recreate and evaluate same. Part 5 - Additional Restrictions on Company's Use of Service Company will not (a) use the Service or any documentation, know-how or other information received from Luminare or its representatives or licensors (the "Evaluation Materials') to create any similar application or service, (b) decompile, disassemble or otherwise reverse engineer any technology employed by the Service, or use any similar means to discover the source code or trade secrets embodied in the Service, or otherwise circumvent any technical measure that controls access to the Service or (c) permit any third party use the Service to do any of the foregoing. Except for the limited rights and licenses expressly granted in this Agreement, no other license is granted, no other use is permitted and Luminare and its licensors will retain all right, title and interest (including patents, copyrights, trade secrets and trademarks) in and to the Service, Evaluation Materials and any underlying intellectual property (acknowledging that none of the foregoing includes any Input Data). Company will not take any action inconsistent with such ownership. IN WITNESS WHEREOF, the parties have caused their duly authorized Agreement. LUMINARE INC. C Name: Sarma N. Velamuri, M.D. Title: Chief Executive Officer ATRUE COPY CERTIFICATION ON LAST PAGE officers] 'f0,W&up s .�"�iTY�co ^. CLIENT: INDIAN RIVER COUNTY; 0" • •:�� s�, �{ Gv FL :: � '• �o �; By: . N e: osep E. esc e _,.,... Chairman Attachments: BUSINESS ASSOCIATE AGREEMENT Jr yy7 AS, 7,0 ?."�::nu�A yd A :'. t�P Attest: Jeffrey R. Smith, Clerk of Circuit Court and Comptroller B Deputy Clerk A TRUE COPY CERTIFICATION ON LAST PAGE J.R. SMITH, CLERK EXHIBIT B to Service Agreement Fee Schedule and Product Services Solution Purchased: Luminare's Innoculate Covid Vaccine Management Solution Contract term: There shall be an initial 60 day trial period. Company shall have 60 days from product go -live to make a retention determination and provide notification of that determination to Luminare. If Company does not provide notice within the first 60 days, the term shall be 12 months, inclusive -of the 60 day trial period. This service agreement will be auto renewed for 12 month terms unless cancelled with 15 days' notice prior to the end of each 12 month term. If this agreement is terminated for convenience of the customer no refunds will be issued.- Go -live shall be defined as production use. This will not be dependent on the interfaces stated below. Total amount invoiced at time of signing contract: $15,000 (integration API fee). Remainder $140,000 due in 60 days if county decides to retain system. Rates are for use for the citizens of Indian River County, FL (geographic) location unless otherwise specified Services Rate Notes License of for use to Innoculate Covid-19 Vaccine Management $140,000 Innoculate the citizens of Solution (Annual) Indian River County, FL Standard support during Support Included working hours by email Protocol Vetting and Compliance Checking Included Texts above 10,000 will be Pre -paid text bundle (10,000) .015 per text prebilled to company in $150.00 Included bundles of 10,000 Education Superuser training per session Included Web -based training is free. Set up fee Waived waived Complete integration with FL API Integration for State of Florida Shots - per current Vaccination Record System (Florida Shots) $10,000 specification Full integration with Everbridge Alert system to include voice, email and text API integration for Indian River County Alert notifications - per current System (Everbridge) $5,000 specification Special Fees and comments: • Customization and/or special project work beyond reasonable scope may be charged at an hourly rate through December 31, 2022, with estimates provided for approval prior to proceeding. • Client agrees to be on Luminare website and reference calls. A TRUE COPY CERTIFICATION ON LAST PAGE J.R. SMITH, CLERK BUSINESS ASSOCIATE AGREEMENT (FOR HIPAA) If a Customer is a Covered Entity or a Business Associate and includes Protected Health Information in Customer Data (as such terms are defined below), execution of a license agreement that includes Luminare's Terms of use ("Agreement") will incorporate the terms of this HIPAA Business Associate Agreement ("BAA") into that agreement. If there is any conflict between a provision in this BAA and a provision in the Agreement, this BAA will control. WHEREAS, Covered Entity and Business Associate have executed the Agreement pursuant to which Business Associate provides services (the "Agreement Services") for Covered Entity that may require Business Associate to access or create health information that is protected by state and/or federal law; WHEREAS, Business Associate and Covered Entity desire that Business Associate obtain access to such information in accordance with the terms specified herein; and NOW THEREFORE, in consideration of the mutual promises set forth in this BAA and other good and valuable consideration, the sufficiency and receipt of which are hereby severally acknowledged, the parties agree as follows: 1. Definitions. Unless otherwise specified in this BAA, all capitalized terms not otherwise defined shall have the meanings established in Title 45, Parts 160 and 164, of the United States Code of Federal Regulations, as amended from time to time, and/or in the American Recovery and Reinvestment Act of 2009 ("ARRA"). For purposes of clarification, the following terms shall have the definitions set forth below: 1.1 "Privacy Standards" shall mean the Standards for Privacy of Individually Identifiable Health Information as set forth in 45 C.F.R. Parts 160 and 164. 1.2 "Security Standards" shall mean the Security Standards for the Protection of Electronic Protected Health Information as set forth in 45 C.F.R. Parts 160 and 164. 2. Business Associate Obligations. Business Associate may receive from Covered Entity health information that is protected under applicable state and/or federal law, including without limitation, Protected Health Information ("PHI"). Business Associate agrees not to Use or Disclose (or permit the Use or Disclosure of) PHI in a manner that would violate the requirements of the Privacy Standards or the Security Standards if the PHI were used or disclosed by Covered Entity in the same manner. Business Associate shall use appropriate safeguards to prevent the Use or Disclosure of PHI other than as expressly permitted under this BAA. 3. Use of PHI. Business Associate may use PHI as necessary (i) for performing the Agreement Services, (ii) for the proper management and administration of the Business Associate, or (iii) for carrying out its legal responsibilities, provided in each case that such Uses are permitted under federal and state law. Covered Entity shall retain all rights in the PHI not granted herein. 4. Disclosure of PHI. Business Associate may Disclose PHI as necessary (i) to perform the Agreement Services, (ii) for the proper management and administration of the Business Associate, or (iii) to carry out its legal responsibilities, provided that either (a) the Disclosure is Required by Law or (b) the Business Associate obtains reasonable assurances from the person to whom the information is Disclosed that the information will be held confidential and further Used and Disclosed only as Required by Law or for the purpose for which it was Disclosed to the person, and such person agrees to immediately notify the Business Associate of any instances of which it is aware that the confidentiality of the information has been breached. 5. Reports. Business Associate agrees to report to Covered Entity: 5.1 Any Use or Disclosure of PHI not authorized by this BAA within five (5) days of the Business Associate becoming aware of such unauthorized Use or Disclosure; 5.2 Any Security Incident within five (5) days of the Business Associate becoming aware of the Security Incident; and 5.3 Each report of a Breach of Unsecured PHI Discovered by Business Associate, to the extent Business Associate accesses, maintains, retains, modifies, records, stores, destroys or otherwise holds, Uses or Discloses Unsecured calendar days unless delayed for law enforcement purposes, shall be made without delay and in no case later than thirty ( ) y after Discovery of the Breach, and shall include the identification of each Individual whose Unsecured PHI has been, or is reasonably believed by Business Associate to have been, accessed, acquired or Disclosed during such Breach. Notwithstanding A TRUE COPY CERTIFICATION ON LAST PAGE J.R. SMITH, CLERK anything herein to the contrary, the provisions of this Section 5.3 shall only be applicable to Breaches that are Discovered on or after the date that is thirty (30) days after the date of publication of interim final regulations promulgated by the Secretary that address notifications of Breaches of Unsecured PHI. 5.4 Business Associate agrees to indemnify and hold harmless, Covered Entity, its Officers, directors, shareholders, agents, and employees against all liability claims, damages, suits, demands, expenses, and civil monetary penalties (including but not limited to, court costs and reasonable attorneys' fees) of every kind arising out of the negligent errors and omissions or willful misconduct of Business Associate, its agents, servants, employees and independent contractors (excluding Covered Entity) in the performance of or conduct relating to this Section 5. 6. Agents and Subcontractors. If Business Associate discloses PHI received from Covered Entity, or created or received by Business Associate on behalf of Covered Entity, to agents, including a subcontractor (collectively, "Recipients"), Business Associate shall require Recipients to agree in writing to the same restrictions and conditions that apply to the Business Associate under this BAA. Individual Rights to Access and Amendment. 7.1 Access. If Business Associate maintains a Designated Record Set on behalf of Covered Entity, Business Associate shall permit an Individual to inspect or copy PHI contained in that set about the Individual in accordance with the Privacy Standards set forth in 45 C.F.R. § 164.524, as it may be amended from time to time, unless excepted or a basis for denial exists under 45 C.F.R. § 164.524, as determined by the Covered Entity. In the event a Business Associate uses or maintains an Electronic Health Record on behalf of Covered Entity, then, as of the date required by ARRA, an Individual's right of access under 45 C.F.R. § 164.524 shall include the right to obtain a copy of the PHI in an electronic format and, if the Individual chooses in a clear, conspicuous and specific manner, to direct the Business Associate to transmit such copy to any person designated by the Individual. Business Associate shall respond to any request from Covered Entity for access by an Individual within five (5) days of such request unless otherwise agreed to by Covered Entity. The information shall be provided in the form or format requested, if it is readily producible in such form or format, or in summary, if the Individual has agreed in advance to accept the information in summary form. A reasonable, cost based fee may be charged for copying PHI or providing a summary of PHI in accordance with 45 C.F.R. § 164.524(c)(4), provided that any such fee relating to a copy or summary of PHI provided in an electronic form may not be greater than the labor costs incurred in response to the request for the copy or summary. 7.2 Amendment. Business Associate shall accommodate an Individual's right to amend PHI or a record about the Individual in a Designated Record Set in accordance with the Privacy Standards set forth at 45 C.F.R. § 164.526, as it may be amended from time to time, unless excepted or a basis for denial exists under 45 C.F.R. § 164.526, as determined by the Covered Entity. Covered Entity shall determine whether a denial to an amendment request is appropriate or an exception applies. Business Associate shall notify Covered Entity within five (5) days of receipt of any request for amendment by an Individual and shall make any amendment requested by Covered Entity within ten (10) days of such request. Business Associate shall have a process in place for requests for amendments and for appending such requests to the Designated Record Set. Accounting of Disclosures. 8.1 General Accounting Provisions. Business Associate shall make available to Covered Entity in response to a request from an Individual, information required for an accounting of Disclosures of PHI with respect to the Individual, in accordance with 45 C.F.R. § 164.528, as it may be amended from time to time, unless an exception to such Accounting exists under 45 C.F.R. § 164.528. Such Accounting is limited to Disclosures that were made in the six (6) years prior to the request and shall not include any Disclosures that were made prior to the compliance date of the Privacy Standards. Business Associate shall provide such information necessary to provide an accounting within thirty (30) days of Covered Entity's request. 8.2 Special Provisions for Disclosures made through an Electronic Health Record. As of the date required by ARRA, if Covered Entity uses or maintains an Electronic Health Record with respect to PHI and if Business Associate makes Disclosures of PHI for Treatment, Payment or Health Care Operations purposes through such Electronic Health Record, Business Associate will provide an accounting of Disclosures that Covered Entity has determined were for Covered Entity's Treatment, Payment and/or Health Care Operations purposes to Individuals who request an accounting directly from Business Associate. Any accounting made pursuant to this Section 8.2 shall be limited to Disclosures made in the three (3) years prior to the Individual's request for the accounting. The content of the accounting shall be in accordance with 45 C.F.R. § 164.528, as it may be amended from time to time. 8.3 Fees for an Accounting. Any accounting provided under Section 8.1 or Section 8.2 must be provided without cost to the Individual or to Covered Entity if it is the first accounting requested by an Individual within any twelve A TRUE COPY CERTIFICATION ON LAST PAGE J.R. SMITH, CLERK (12) month period; however, a reasonable, cost based fee may be charged for subsequent accountings if Business Associate informs the Covered Entity and the Covered Entity informs the Individual in advance of the fee, and the Individual is afforded an opportunity to withdraw or modify the request. 9. Withdrawal of Consent or Authorization. If the use or disclosure of PHI in this BAA is based upon an Individual's specific consent or authorization for the use of his or her PHI, and (i) the Individual revokes such consent or authorization in writing, (ii) the effective date of such authorization has expired, or (iii) the consent or authorization is found to be defective in any manner that renders it invalid, Business Associate agrees, if it has notice of such revocation or invalidity, to cease the Use and Disclosure of any such Individual's PHI except to the extent it has relied on such Use or Disclosure, or where an exception under the Privacy Standards expressly applies. 10. Records and Audit. Business Associate shall make available to Covered Entity and to the Secretary or her agents, its internal practices, books, and records relating to the Use and Disclosure of PHI received from, or created or received by, Business Associate on behalf of Covered Entity for the purpose of determining Covered Entity's compliance with the Privacy Standards and the Security Standards or any other health oversight agency, in a timely a manner designated by Covered Entity or the Secretary. Except to the extent prohibited by law, Business Associate agrees to notify Covered Entity immediately upon receipt by Business Associate of any and all requests served upon Business Associate by or on behalf of any and all government authorities relating to PHI received from, or created or received by, Business Associate on behalf of Covered Entity. 11. Notice of Privacy Practices. Covered Entity shall provide to Business Associate its Notice of Privacy Practices ("Notice"), including any amendments to the Notice. Business Associate agrees that it will abide by any limitations set forth in the Notice, as it may be amended from time to time, of which it has knowledge. An amended Notice shall not affect permitted Uses and Disclosures on which Business Associate has relied prior to receipt of such Notice. 12. Sec urit . Business Associate will (i) implement Administrative, Physical and Technical Safeguards that reasonably and appropriate protect the confidentiality, integrity and availability of the Electronic Protected Health Information that it creates, receives, maintains, or transmits on behalf of Covered Entity; and (ii) ensure that any agent, including a subcontractor, to whom it provides Electronic Protected Health Information agrees to implement reasonable and appropriate safeguards to protect such information. Further, as of the date required by ARRA, Business Associate shall comply with the standards and implementation specifications set forth in 45 C.F.R. §§ 164.308, 164.310, 164.312 and 164.316 with respect to such Administrative, Physical and Technical Safeguards. 13. Term and Termination. 13.1 This BAA shall commence on the effective date of the Agreement and shall remain in effect until terminated in accordance with the terms of this Section 13, provided, however, that any termination shall not affect the respective obligations or rights of the parties arising under this BAA prior to the effective date of termination, all of which shall continue in accordance with their terms. 13.2 Covered Entity shall have the right to terminate this BAA for any reason upon thirty (30) days written notice to Business Associate. 13.3 Covered Entity, at its sole discretion, may immediately terminate this BAA and shall have no further obligations to Business Associate hereunder if any of the following events shall have occurred and be continuing: (i) Business Associate shall fail to observe or perform any material covenant or agreement contained in this BAA for ten (10) days after written notice thereof has been given to Business Associate by Covered Entity; or (ii) A violation by Business Associate of any provision of the Privacy Standards, Security Standards, or other applicable federal or state privacy law. 13.4 Upon the termination of the Agreement, this BAA shall terminate simultaneously without additional notice. 13.5 Upon termination of this BAA for any reason, Business Associate agrees either to return to Covered Entity or to destroy all PHI received from Covered Entity or otherwise created through the performance of the Agreement Services for Covered Entity, that is in the possession or control of Business Associate or its agents. In the case of information for which it is not feasible to "return or destroy," Business Associate shall continue to comply with the covenants in this BAA with respect to such PHI and shall comply with other applicable state or federal law, which may require a specific period of retention, redaction, or other treatment. Termination of this BAA shall be cause for Covered Entity to terminate the Agreement. 14. Compliance with Red Flag Policies. Covered Entity shall provide to Business Associate any policies and procedures adopted by the Covered Entity to detect, prevent and mitigate the risk of identity theft in accordance with the "Red Flag A TRUE COPY CERTIFICATION ON LAST PAGE J.R. SMITH, CLERK Rules" promulgated by the Federal Trade Commission, as well as any amendments to such policies and procedures. Business Associate agrees that it will abide by such policies and procedures, and any amendments to such policies and procedures of which it is aware, in rendering the Agreement Services to Covered Entity. 15. Miscellaneous. 15.1 Notice. Customer hereby agrees that any reports, notification or other notice by Luminare .pursuant to this BAA may be made electronically. Customer shall provide contact information to support@luminaremed.com or such other location or method of updating contact information as Microsoft may specify from time to time and shall ensure that Customer's contact information remains up to date during the term of this BAA. Contact information must include name of individual(s) to be contacted, title of individual(s) to be contacted, em -mail address of individual(s) to be contacted, name of Customer organization and if available, either contract number or customer identification number. 15.2 Waiver. No provision of this BAA or any breach thereof shall be deemed waived unless such waiver is in writing and signed by the party claimed to have waived such provision or breach. No waiver of a breach shall constitute a waiver of or excuse any different or subsequent breach. 15.3 Assignment. Neither party may assign (whether by operation or law or otherwise) any of its rights or delegate or subcontract any of its obligations under this BAA without the prior written consent of the other party. Notwithstanding the foregoing, Covered Entity shall have the right to assign its rights and obligations hereunder to any entity that is an affiliate or successor of Covered Entity, without the prior approval of Business Associate. 15.4 Compliance with ARRA; Agreement to Amend BAA. The parties agree that it is their intention (i) to comply with the privacy and security provisions contained in Title XIII of ARRA and (ii) to incorporate those provisions into this BAA to the extent required by ARRA. The parties further agree to amend this BAA to the extent necessary to comply with state and federal laws, including without limitation, the Health Insurance Portability and Accountability Act of 1996 ("HIPAA") and ARRA, and any regulations promulgated or other guidance issued pursuant to HIPAA and ARRA. 15.5 Entire Agreement. This BAA constitutes the complete agreement between Business Associate and Covered Entity relating to the matters specified in this BAA, and supersedes all prior representations or agreements, whether oral or written, with respect to such matters. In the event of any conflict between the terms of this BAA and the terms of the Agreement or any such later agreement(s), the terms of this BAA shall control unless the terms of such Agreement or later agreement comply with the Privacy Standards and the Security Standards. No oral modification or waiver of any of the provisions of this BAA shall be binding on either party. This BAA is for the benefit of, and shall be binding upon the parties, their affiliates and respective successors and assigns. No third party shall be considered a third party beneficiary under this BAA, nor shall any third party have any rights as a result of this BAA. 15.6 Governing Law. This BAA shall be governed by and interpreted in accordance with the laws of the State of Texas. 7 L I 4A RIVER COUNTY i'tiS IS TO CERTIFY THAT THIS 1, ra. _i. -SUE AND CORRECT COPY OF E ORIGINAL ON FILE IN THIS �F!=I,E. JEfiF Y R SMITH ERK J j ao al ,