MASTER TERMS AND CONDITIONS

Last Updated: August 29, 2024

These Master Terms and Conditions, including any URLs, documents and policies referenced herein, are collectively referred to as these “Terms and Conditions.” For clarity, the Trusted Exchange Terms and Conditions, and the Business Associate Addendum (“BAA”), are hereby incorporated by reference into these Terms and Conditions. These Terms and Conditions are an Attachment that is incorporated by reference into the Agreement by and between Credo Health Solutions Holdings, Inc., and all of its affiliated entities, including without limitation Credo Health Solutions Inc. and Medical Records Exchange LLC d/b/a Chartfast LLC (collectively, “Credo”) and the Customer identified in the Order Form (“Customer”). For clarity, these Terms and Conditions are part of the Agreement and govern the Agreement, Attachments and all Order Forms between Credo and Customer (collectively, the “Agreement”). Credo and Customer are each referred to as a “party” and collectively the “parties.” Capitalized terms used without definition will have the meanings set forth in Section 10 (Additional Definitions) or as otherwise defined in another Attachment or an applicable Order Form.(“BAA”), are hereby incorporated by reference into these Terms and Conditions. These Terms and Conditions are an Attachment that is incorporated by reference into the Agreement by and between Credo Health Solutions Holdings, Inc., and all of its affiliated entities, including without limitation Credo Health Solutions Inc. and Medical Records Exchange LLC d/b/a Chartfast LLC (collectively, “Credo”) and the Customer identified in the Order Form (“Customer”). For clarity, these Terms and Conditions are part of the Agreement and govern the Agreement, Attachments and all Order Forms between Credo and Customer (collectively, the “Agreement”). Credo and Customer are each referred to as a “party” and collectively the “parties.” Capitalized terms used without definition will have the meanings set forth in Section 10 (Additional Definitions) or as otherwise defined in another Attachment or an applicable Order Form.

1. ORDERS; SERVICE; GRANT OF RIGHTS

1.1       Introduction to Credo.

(a)        Using the Credo Platform and Participating in the Credo Network. The Credo Platform (defined below) enables Customer to use the Credo Services (defined below) to interact and share data with others connected via the Credo network.

(b)        Scope of Terms. These Terms and Conditions establish rules, conditions and requirements for Customer’s use of the Credo Services and also for how Customer must interact with, share data with, and access data from others connected via the Credo network.

(c)        Changes to these Terms and Conditions. Credo may make changes to these Terms and Conditions from time to time. Credo will provide Customer with email notification of any material changes to these Terms and Conditions. Unless Credo notes otherwise, changes to these Terms and Conditions become effective thirty (30) calendar days after email notification. Notwithstanding the foregoing, Credo may make changes to these Terms and Conditions effective immediately to comply with applicable law or as necessary to support new functionality. If Customer does not wish to accept changes to these Terms and Conditions, Customer must stop using the Credo Services (including without limitation the Credo Platform) and may terminate this Agreement upon thirty (30) calendar days’ written notice to Credo.

1.2       Account Terms.

(a)        Creation of Credo Account. Customer must create a Credo account to use the Credo Services. Registration for a Credo account will require Customer to participate in Credo’s verification process described in Section 1.2(b) below.

(b)        Verification Process. Prior to Customer’s use of the Credo Services and access to the Credo Platform, Customer must participate in Credo’s verification process. This verification process may include requests for information about Customer’s legal entity, Affiliates, and the services Customer provides (including but not limited to services provided to Customer’s Authorized Users). Customer authorizes Credo’s service providers and other third parties to disclose, and for Credo to retrieve, information about Customer, including but not limited to credit reporting agencies and information bureaus. Customer acknowledges that Credo’s information requests may include individuals’ name, address, and other data about an individual or the Customer’s representative. Customer acknowledges that that Credo may use this information to verify any other information provided by Customer, and that any information Credo collects may affect Credo’s assessment of Customer’s overall risk to Credo’s business or compliance with provisions of the Agreement. Credo may periodically update its requests for information from time to time as part of Credo’s verification process. Customer represents and warrants to Credo that its status as a HIPAA Regulated Entity and the other information provided by Customer to Credo during the verification process are true, complete, and accurate in all respects. Credo has no obligation to provide the Services until Credo completes the verification process and notifies Customer of acceptance. Credo has no obligation to complete the verification process within any specific timeframe. Credo may terminate the Agreement upon written notice to Customer in the event that Credo determines, in its sole discretion, that Customer has not successfully passed the verification process or if any of the information provided by Customer or obtained about Customer as part of the verification process is no longer true, complete or accurate.

(c)        Keeping Your Account Current. Customer shall keep the information in Customer’s Credo account current. Customer must promptly update its Credo account with any changes to Customer’s legal entity or provision of services, including information related to Customer’s HIPAA Regulated Entity status, Affiliates, or any other relevant information.

1.3       Orders; Affiliates; Authorized Users. From time to time, Customer and Credo may execute Order Forms pursuant to which Customer acquires on behalf of itself and each Affiliate (as defined below) listed therein the right to use the Credo Service. Customer and each such Affiliate are deemed to be the “Customer” hereunder. In the event that any such Affiliate uses the Credo Service, Customer and each such Affiliate hereby agree that: (i) such purchase will be subject to the terms of the Agreement (i.e., as if such Affiliate were “Customer” under the Agreement), including without limitation these Terms and Conditions and other Attachments to the Agreement (e.g., the BAA); and (ii) such Affiliate and Customer will be responsible for the compliance of such Affiliate with the Agreement. Customer further acknowledges and agrees that: (y) it is responsible for its (including its Affiliate’s) Authorized Users’ actions and omissions in connection with the Agreement and their access to and use of the Credo Services; and (z) Customer is responsible for ensuring its (including its Affiliate’s) Authorized Users comply with the relevant terms and conditions of the Agreement, including without limitation the Trusted Exchange Terms and Conditions.

1.4       Credo Services. Subject to the terms of the Agreement, Credo will provide its health information retrieval, care coordination, case management, population health, and other health care-related services and supports to Customer, which may include without limitation risk and quality data analytics (the “Credo Platform”). The Credo Platform, and any Additional Services identified in an Order Form are collectively referred to in these Terms and Conditions as the “Credo Service” or “Services.” Credo will use reasonable efforts to retrieve health information on Customer’s patients and considers the return of any new demographic information or health and health-related information on a patient to be a successful retrieval (each a “Successful Retrieval”). The Credo Services will include any updates to the features purchased by Customer that are made generally available by Credo to its customers at no additional charge but excludes any separate features or additional functionality or services that are made available by Credo for an additional charge.

(a)        Common Record Service. Subject to applicable law and the BAA, Credo may provide Customer and its other customers, which may include without limitation Health Care Providers and Health Plans, access to a Common Record. Customer acknowledges and agrees that, subject to applicable law and the BAA: (i) Customer may be required to agree to additional terms or conditions or give additional representations or attestations in order to have access to the Common Record of patients for which Customer has established a patient relationship; (ii) Customer Data may be included by Credo in the Common Record; (iii) Credo may make the Common Record accessible to its other customers and other third parties for purposes of Treatment, Payment, Limited Health Care Operations, Public Health Activities, and Research, to support individual access rights or authorization-based disclosures, or as otherwise permitted or required by applicable law; and (iv) Customer shall not impose any limitation or restriction on who may access the Common Record or how the Common Record may be used or accessed.

(b)        Trusted Exchange. Customer further authorizes Credo to use Trusted Exchange(s) in connection with the Services, at Credo’s discretion. Specifically, Customer authorizes Credo to request, receive, send, disclose and transmit electronic health information regarding Customer’s (including Affiliates’) patients through any Health Information Network/Health Information Exchange (HIN/HIE) in which Credo participates on behalf of Customer for the following purposes (each to the extent permitted by applicable law): (1) Treatment; and (2) any other purposes agreed to in writing by Customer and Credo. These services are subject to the Trusted Exchange Terms and Conditions of the Agreement. Credo may update and revise the Trusted Exchange Terms and Conditions from time to time if required or requested by a Trusted Exchange Connection. Credo will notify Customer of material changes to the Trusted Exchange Terms and Conditions by email notification. If Customer does not wish to accept changes to the Trusted Exchange Terms and Conditions, Customer may terminate this Agreement upon thirty (30) calendar days’ written notice to Credo. In the event of a conflict between the Trusted Exchange Terms and Conditions and these Terms and Conditions or other attachment to the Agreement, the Trusted Exchange Terms and Conditions shall govern with respect to Customer’s access to and use of the Trusted Exchange(s).

(c)        Hosting. Customer acknowledges and agrees that Credo may as part of its ordinary business operations host and maintain a copy of Customer Data in connection with the Credo Services. As between the parties, Customer is solely responsible for the archival maintenance and storage of records (including without limitation medical records) and documentation for any mandatory or regulatory record or documentation retention requirements and any other legal responsibilities associated with record maintenance, and Credo will have no responsibility therefor. Further, Customer is solely responsible for determining whether and what data is integrated into Customer’s system(s), medical records and other Designated Record Sets, as applicable. Customer acknowledges and agrees that it is solely responsible for following appropriate procedures, as required by applicable law and professional standards, for the creation, modification, maintenance, preservation, backup and storage of any records maintained by or for Customer.

(d)        Maintenance.Customer acknowledges and agrees that Credo may from time to time in its sole discretion temporarily suspend access to the Credo Services for maintenance, upgrades, security-related practices, unscheduled interruptions or other reasons.

(e)        Suspension. Credo may immediately suspend the Credo Services (including use by an Authorized User), with or without terminating the Agreement, if Credo in its sole discretion determines any of the following: (i) unauthorized access or use of the Credo Services; (ii) any violation of the Agreement by Customer; (iii) Customer uses or attempts to use the Credo Services for any fraudulent or illegal purpose, including if Customer or an Authorized User has engaged in suspicious activity or Credo determines that Customer’s continued use of the Credo Services would cause Credo to violate any applicable law or place Credo at material risk of suffering any sanction, penalty or liability; or (iv) Customer’s or its Authorized Users’ actions or omissions create an immediate threat or may cause material harm to any person or organization.

1.5       HIPAA. For the purposes of HIPAA, Credo is a Business Associate to Customer with respect to the Customer’s HIPAA covered functions and, as further described in Section 2.1, Customer and Credo are subject to the terms of the BAA to the Agreement that, among other things, permits Customer to create, use, process, maintain, request, receive, send, incorporate, aggregate, disclose and transmit certain protected health information (as defined under HIPAA, “Protected Health Information” or “PHI”) regarding patients on behalf of Customer. Customer further understands and agrees that Credo may obtain authorizations, consents and releases of information directly from patients and other individuals in accordance with any applicable HIPAA requirements (collectively, a “Credo ROI”). Customer further acknowledges and agrees that Credo will not maintain any Designated Record Set on behalf of Customer, unless Credo gives prior, written, express permission to Customer that Credo will do so.

1.6       Limitations. The following limitations and restrictions will apply to the use of the Credo Service:

(a)        Customer operates as a Health Care Provider entity or is the managed service organization (MSO) of an Affiliate that is or operates as a Health Care Provider entity. If Customer is a MSO, Customer represents, warrants and covenants that it at all relevant times: (i) has a HIPAA-compliant business associate agreement in place with each of its Affiliates that is or operates as a Health Care Provider entity, and (ii) has contractual terms in place to permit and authorize Customer to grant the data license(s) to Credo in the Agreement. Customer will provide Credo with its or its Affiliate’s organizational National Provider Identifier (NPI) and, upon request, any individual NPIs. Customer further represents, warrants and covenants that it and all its Authorized Users are licensed or certified, if required to be licensed or certified to perform their health care services.

(b)        Customer will only use the Credo Services for its internal business purposes and will limit access to and use of the Credo Services to itself (including, if applicable, its Affiliates) and its Authorized Users. Customer will not provide access to the Credo Services to any person who is not an employee, on the medical staff of, or contractor of Customer. Customer will not access or use the Credo Service, or transmit data that is PHI, outside the jurisdiction of the United States or its territories without Credo’s prior written and signed consent. Customer shall not, directly or indirectly, at any time export, re-export, divert, transfer or release an part of the Credo Services (including without limitation any technical data or technology) to, or make any part of the Credo Services accessible from, any jurisdiction, country, individual, company or other entity that is: (i) embargoed by the U.S. or that has been designated by the U.S. government as a “terrorist supporting” country, (ii) in violation of any U.S. export law or governmental regulation, or (iii) otherwise identified on a list of debarred, prohibited, sanctioned or denied parties (including without limitation the Specially Designated Nationals List or Foreign Sanctions Evaders List of the Office of Foreign Assets Control, U.S. Department of the Treasury, the State Department’s Debarred list or Nonproliferation List, or the U.S. Commerce Department’s Entity List and Denied Persons List). By accessing the Credo Service, Customer represents and warrants that neither Customer, nor any of its Authorized Users, are located in, under control of, or a national or resident of any such country or on any such list. In addition, Customer represents and warrants that it and its Authorized Users: (a) are not debarred, suspended, declared ineligible, or voluntarily excluded from participation in federal contracting or federal health care programs; (b) have not been placed on the sanctions list issued by the Office of the Inspector General of the Department of Health and Human Services pursuant to the provisions of 42 USC 1320a-7; and (c) have not been convicted of a felony or any crime relating to health care. Customer will immediately notify Credo if it becomes aware that any of the foregoing representations are incorrect. A breach of this provision shall be a material breach of the Agreement, and Credo, in addition to other available remedies, may immediately terminate the Agreement upon notice to Customer, in the event that Customer breaches this representation.

(c)        Except as expressly permitted hereunder, Customer will not and will not permit or authorize any third party to: (i) reverse engineer, view, edit, translate, decompile, disassemble, extract, derive or otherwise attempt to discover or access the source code, object code or underlying structure, ideas or algorithms of any of the Credo Services or attempt to identify or reconstruct any artificial intelligence training data or methods; (ii) modify, translate or create derivative works based on any of the Credo Services or alter or tamper in any way with the Credo Service, including without limitation any look and feel or functionality thereof; (iii) copy, rent, lease, distribute, pledge, assign or otherwise transfer or allow any lien, security interest or other encumbrance on any of the Credo Service; (iv) alter the configuration of, or hack, manipulate, interfere with or disrupt the integrity or performance of or otherwise attempt to gain unauthorized access to any of the Credo Services or its related systems, hardware or networks or any content or technology incorporated in any of the foregoing; (v) examine the Credo Services with debugging, memory inspection, or disk inspection tools; (vi) provide access to the Credo Services for the purpose of providing timeshare services, service bureau services, or outsourcing services; (vii) defeat, disable, circumvent, or attempt to defeat, disable or circumvent, the user authentication to, or security of, the Credo Services; (viii) mirror the site of the Credo Services, in whole or in part, on any server; (ix) use any application programming interface (API) or other technical means or methods (including without limitation any web scrapers, web crawlers, bots, etc.) to access the Credo Services other than those made available by Credo, unless approved in advance by Credo in writing; (x) remove, alter or obscure any proprietary notices or labels of Credo; or (xi) use the Credo Services (1) to send unsolicited messages (via fax, email or otherwise) in violation of applicable law, (2) to store, send, or provide access to obscene or otherwise illegal or inappropriate materials, (3) to store, send, or provide access to materials that would infringe any intellectual property right, or violate any privacy right, of any third party, (4) to impersonate, or attempt to impersonate, any third party or any fictitious individual, (5) in violation of the Agreement or any intellectual property or other proprietary right of Credo, or (6) in any manner that violates or does not comply with applicable law.

1.7       Audit and Monitoring. Credo has the right to conduct audits to ensure compliance with the terms and conditions of the Agreement. These audits may include examining, inspecting, and making copies of Customer’s accounting and other records, books, documents, files, systems, and facilities as reasonably necessary. Customer agrees to cooperate with Credo (or its designee) during these audits and to provide reasonable access to the necessary information. To the extent reasonably possible, any such audit shall be conducted upon advance, written notice and in a manner that does not interfere with the normal business operations of Customer.

2. OWNERSHIP; RESERVATION OF RIGHTS

2.1       Customer Data.

(a)        Ownership and Use. As between Customer and Credo, Customer owns the Customer Data. Subject to the limitations of applicable law and the BAA, Customer grants to Credo a non-exclusive, non-transferable (except as set forth in Section 9.2), paid-up, royalty-free, worldwide and sublicensable, license to access, use, disclose, copy, distribute, display, process, aggregate, modify, and create derivative works of the Customer Data and Customer’s Confidential Information (defined below) for the following purposes: (i) to perform Credo’s obligations under the Agreement, including without limitation providing the Credo Services to Customer and other customers; (ii) evaluating, auditing, improving and developing the Credo Service, including, without limitation, compiling in the ordinary course of providing the Credo Services the Usage Data and training any artificial intelligence or machine learning engine or system, neural network or similar system of Credo; (iii) to create de-identified data sets; or (iv) as otherwise permitted by Customer in writing. To the extent Credo retains any Customer Data after termination of the Agreement, this license shall be perpetual and continue for as long as Credo is authorized to retain the Customer Data, subject to the limitations of applicable law and the BAA.

(b)        Protected Health Information. The parties acknowledge that the Customer Data may include Protected Health Information. The parties agree to comply with the BAA. In the event of a conflict between any term or condition set forth in these Terms and Conditions and any term or condition set forth in the BAA, the BAA will govern with respect to the subject matter thereof; provided, however, the Trusted Exchange Terms and Conditions may expressly amend the BAA with respect to Protected Health Information exchanged in connection with a Trusted Exchange Connection (as defined in the Trusted Exchange Terms and Conditions).

(c)        Other Sensitive Health Information. Customer shall inform Credo and obtain Credo’s prior written and signed approval prior to sending or allowing Credo to have access to Customer Data, or requesting that Credo perform Services on behalf Customer that would require Credo to receive, store, use, process, disclose, maintain, transmit or otherwise deal with information that: (i) is subject to any federal, state or local laws that are more restrictive than HIPAA (including but not limited to 42 C.F.R. Part 2); (ii) are Psychotherapy Notes; or (iii) Customer has voluntarily agreed to additional restrictions on otherwise legally permissible uses and disclosures of Customer Data.

(d)        Limited Data Sets. In addition to and without limiting the foregoing data license, Customer further grants Credo permission to use and disclose a Limited Data Set (LDS) pursuant to the following data use agreement: (i) Credo may use or disclose any LDS for Health Care Operations, Public Health and Research, or as otherwise required by applicable law; (ii) Credo must use appropriate safeguards to prevent the use or disclosure of the LDS other than as provided for in this paragraph; (iii) limit the use or receipt of the LDS to its personnel who need access to the LDS for the purpose of performing the Health Care Operations, Public Health or Research function, as applicable, and to third parties that use Credo for these purposes; (iv) report to Customer any uses or disclosures in violation of this paragraph of which the Credo becomes aware; (v) hold any agent (including subcontractors) to the standards, restrictions, and conditions stated in this paragraph with respect to the LDS; (vi) not use the LDS to identify or contact the individuals who are the data subjects; and (vii) not use or disclose the LDS in a way that, if done by the Customer would violate HIPAA. Credo will only disclose an LDS to a third party under a written data use agreement that complies with HIPAA at 45 CFR 164.514(e)(4) (“DUA”), and Customer authorizes Credo to enter into a DUA for the use of LDS in accordance with this paragraph and applicable law.

(e)        Reservation. Nothing in the Agreement shall be construed to prevent Credo from using or disclosing information, data or other materials that would fall under the definition of “Customer Data,” or is overlapping with Customer Data, which Credo has separately received from a third party, provided such use and disclosure by Credo is compliance with applicable law and Credo’s arrangement with such third party.

(f)         Return and Destruction.  Customer acknowledges that it is infeasible for Credo to return or destroy Customer Data or Customer’s Confidential Information after the end of the Term if such data and information is used to generate aggregated data sets or analyses (including without limitation the Common Record and Credo Reports, as defined below), used to train or improve Credo Services or the Credo Platform (including without limitation for artificial intelligence purposes), part of back up tapes or other storage systems used for business continuity and disaster management planning, or is necessary for Credo to maintain for audit and compliance purposes.

2.2       Credo Data. As between the parties, Credo shall own all right, title and interest in and to Credo Data, including any intellectual property rights therein, and Credo may use or disclose the Credo Data for any purpose permitted by applicable law. The transactions and other matters set forth in the Agreement are not intended to, and does not, convey to Customer any right of ownership in or related to Credo Data now or hereinafter owned by Credo. Subject to the limitations of applicable law, Customer may use Credo Data as expressly permitted in Section 2.3.

2.3       Credo Reports. In connection with Customer’s access and use of the Credo Service, Credo will make available to Customer reports, information, content and other materials (collectively, “Credo Reports”). Credo Reports may contain Credo Data and Customer Data. Customer may internally use such Credo Reports solely in accordance with the terms and conditions of the Agreement and applicable law.

2.4       Credo Services Ownership. Subject to the rights and licenses granted in Section 1, as between the parties, Credo retains all rights, title and interest in and to the Credo Service, any Credo Reports, all copies or parts thereof (by whomever produced), and all intellectual property rights therein; provided, however, nothing in this Section 2.4 or the Agreement shall be interpreted to convey ownership of original Customer Data to Credo or to limit or restrict what Customer’s rights over its original Customer Data. Other than the rights and licenses granted to Customer in the Agreement, Credo grants no, and reserves any and all, rights in the Credo Service.

2.5       Feedback. Customer may elect from time to time to provide suggestions or comments regarding enhancements or functionality or other feedback to Credo with respect to the Credo Services or other of Credo’s products or services (“Feedback”). Credo will have full discretion to determine whether or not to proceed with the development of the requested enhancements, new features or functionality. Customer hereby grants Credo a royalty-free, fully paid-up, worldwide, transferable, sublicensable (directly and indirectly through multiple tiers of distribution), perpetual, irrevocable license to (a) copy, distribute, transmit, display, perform, and modify and create derivative works of the Feedback, in whole or in part; and (b) use the Feedback or any subject matter thereof, in whole or in part, including the right to develop, manufacture, have manufactured, market, promote, sell, have sold, offer for sale, have offered for sale, import, have imported, rent, provide or lease products or services which incorporate, practice or embody, or are configured for use in practicing, the Feedback, in whole or in part.

2.6       Credo Security Responsibilities. Credo will implement and maintain commercially reasonable and appropriate administrative, physical and technical safeguards to protect against the unauthorized access, use, disclosure, modification, or theft of Customer Data.

2.7       Customer Responsibilities.

‍(a)       Customer will (i) provide the Customer Data needed for Credo to perform the Credo Services; (ii) obtain all necessary permissions, authorizations and consents for Credo to provide the Credo Services to Customer (including without limitation access to, use and disclosure of the Customer Data for the purposes described in the Agreement); (iii) use commercially reasonable efforts to prevent unauthorized access to or use of the Credo Services and notify Credo promptly of any such unauthorized access or use; and (iv) use the Credo Services only in accordance with the documentation, applicable laws and the terms of the Agreement.

(b)       Without limiting the generality of the foregoing, Customer acknowledges and agrees that the use of the Credo Services or downstream use of Customer Data or Credo Data by Customer (or any provider affiliated or under contract with Customer) to assign diagnostic codes to a patient for the purposes of risk adjustment for such patient under any governmental or private payor program (including, without limitation, the CMS Hierarchical Conditions Category (“CMS-HCC”) methodology for the Medicare Advantage Part C program and the HHS Hierarchical Conditions Category (“HHS-HCC”) methodology under the Affordable Care Act) is solely and exclusively the responsibility of Customer and the providers affiliated or under contract with Customer, and that Credo assumes no liability for Customer’s and such providers’ use of patient health information provided or retrieved by Credo. Customer and such providers will comply with all applicable regulations, guidelines and standards for the use of health information provided by Credo to assign diagnostic codes to a patient for risk adjustment purposes. Customer further acknowledges that the Centers for Medicare & Medicaid Services requires that the assignment of diagnostic codes to patients for risk adjustment purposes under the CMS-HCC and HHS-HCC methodologies must be: (i) established by a qualified physician; (ii) based on a face-to-face medical visit between the patient and physician; (iii) documented in the medical record; and (iv) coded in compliance with ICD-10 Guidelines, including the requirement that the condition upon which the diagnostic code is based existed or coexisted at the time of the visit and required or affected patient care, treatment or management for the visit.

2.8       Additional Services. From time to time, the parties may agree pursuant to an Order Form on Additional Services that Credo will provide to Customer. Each Order Form will specify those Additional Services that are to be performed by Credo hereunder. Credo’s performance of the Additional Services is dependent in part on Customer’s actions. Accordingly, Customer will use reasonable efforts to provide Credo with the necessary items and assistance necessary for Credo to complete the Additional Services. Any dates or time periods relevant to performance by Credo hereunder will be appropriately and equitably extended to account for any delays or change in assumptions due to Customer.

3. FEES; PAYMENT TERMS

3.1       Fees; Payment Terms. Customer will pay Credo such fees as indicated on the Order Form. Annual fees will be paid on the first day of the Effective Date listed in the Order Form. Other fees, including without limitation transaction fees for Successful Retrievals, will be paid within thirty (30) calendar days of invoice. For clarity, Credo shall not invoice Customer transaction fees for attempted retrievals that do not result in a Successful Retrieval. For the avoidance of doubt, Customer acknowledges that all fees due and payable are reasonable and in exchange for Credo Services provided by Credo and are not royalties or compensation for the sale of PHI. If payment of any fees (including any reimbursement of expenses) is not made when due and payable, a late fee will accrue at the rate of the lesser of one and one-half percent (1.5%) per month or the highest legal rate permitted by law and Customer will pay all reasonable expenses of collection (including without limitation all court costs and reasonable attorneys’ fees). In addition, if any past due payment has not been received by Credo within thirty (30) calendar days from the time such payment is due, Credo may suspend access to the Credo Services until such payment is made. Unless otherwise specified on the Order Form, Credo may, at its discretion, increase the pricing stated on the Order Form for any Renewal Term (as defined below) upon giving Customer at least ninety (90) calendar days’ notice (which may be sent by email) prior to the end of the then-current Term.

3.2       Net of Taxes. All amounts payable by Customer to Credo hereunder are exclusive of any sales, use and other taxes or duties, however designated, including withholding taxes, royalties, know-how payments, customs, privilege, excise, sales, use, value-added and property taxes (collectively, “Taxes”). Customer will be solely responsible for payment of any Taxes, except for those taxes based on the income of Credo. Customer will not withhold any Taxes from any amounts due Credo.

4. TERM, TERMINATION

4.1       Term. Unless terminated earlier in accordance with the terms of the Agreement, the Initial Term of the Agreement will be as set forth on the Order Form. Thereafter, unless the Agreement terminates earlier in accordance with the terms of the Agreement, the Agreement will automatically renew for additional one (1) year term(s) (each, a “Renewal Term” and, together with the Initial Term, the “Term”) unless either party delivers to the other party written notice of the party’s intent not to renew at least sixty (60) calendar days prior to the end of the then-current Term.

4.2       Termination of Agreement for Breach. In addition to any other remedies it may have, either party may terminate the Agreement: (a) if the other party breaches any of the terms or conditions of the Agreement and fails to cure such breach within thirty (30) calendar days after receiving written notice thereof; (b) immediately upon notice to the other party if the other party is adjudicated bankrupt, files a voluntary petition of bankruptcy, makes a general assignment for the benefit of creditors, is unable to meet its obligations in the normal course of business, or if a receiver is appointed as a result of its insolvency; or (c) immediately upon notice to the other party if the terminating party determines in its sole discretion that continuation of this Agreement would cause it to violate applicable law. In addition, Credo may terminate the Agreement immediately upon written notice to Customer in the event of a material breach of any intellectual property or other proprietary right of Credo by Customer, in addition to any other remedies available to Credo. Customer will pay in full for the use of the Credo Services up to and including the effective date of the termination, as set forth in the terminating party’s notice of termination.

4.3       Effect of Expiration or Termination.

(a)        Upon any expiration or termination of the Agreement, upon written request of Customer delivered within thirty (30) calendar days of effective date of such expiration or termination, Credo will make the Customer Data available to Customer for download in Credo’s standard format for thirty (30) calendar days after such request (the “Transition Period”). After the Transition Period, Credo may, but is not obligated to, in its sole discretion and without delivery of any notice to Customer, delete any Customer Data stored or otherwise archived on the Credo Platform or on Credo’s network.

(b)        Except as expressly stated herein, upon expiration or termination of the Agreement: (i) all rights granted hereunder and all obligations of Credo to provide the Credo Services will immediately terminate; and (ii) Customer will immediately cease use of the Credo Service.

4.4       Survival. The parties’ respective obligations which expressly or by their nature would continue beyond the expiration or termination of the Agreement will survive the Agreement, including without limitation: Section 2.1 (Customer Data); Section 2.4 (Credo Services Ownership); Section 2.5 (Feedback); Section 3 (Fees; Payment Terms); Section 4.3 (Effect of Expiration or Termination); Section 4.4 (Survival); Section 5 (Confidentiality; Intellectual Property); Section 6 (Representations, Warranties and Disclaimer); Section 7 (Limitations of Liability); Section 8 (Indemnification); Section 9 (General); Section 10 (Additional Definitions); and all obligations of Customer to pay or reimburse Credo that are unpaid at the time of termination or expiration of the Agreement.

5. CONFIDENTIALITY; INTELLECTUAL PROPERTY

5.1       Definition of Confidential Information. As used herein, “Confidential Information” means, subject to the exceptions set forth in the following sentence, any information or data, regardless of whether it is in tangible form, disclosed by or on behalf of either party (the “Disclosing Party”) that the Disclosing Party has either marked as confidential or proprietary, or has identified in writing as confidential or proprietary within thirty (30) calendar days of disclosure to the other party (the “Receiving Party”); provided, however, that a Disclosing Party’s non-public business plans, strategies, technology, research and development, current and prospective customers, billing records, and products or services will be deemed Confidential Information of the Disclosing Party even if not so marked or identified. Credo’s Confidential Information includes, without limitation, the Credo Platform, the source code of the Credo Service, the terms of the Agreement and Credo Data. Information will not be deemed “Confidential Information” if such information: (a) is known to the Receiving Party prior to receipt from the Disclosing Party directly or indirectly from a source other than one having an obligation of confidentiality to the Disclosing Party; (b) becomes known (independently of disclosure by the Disclosing Party) to the Receiving Party directly or indirectly from a source other than one having an obligation of confidentiality to the Disclosing Party; (c) has been independently acquired or developed by the Receiving Party without violating any obligation to the Disclosing Party; or (d) becomes publicly known or otherwise ceases to be secret or confidential, except through a breach of the Agreement by the Receiving Party.

5.2       Use and Disclosure of Confidential Information. The Disclosing Party’s Confidential Information constitutes or contains valuable trade secrets and proprietary information of the Disclosing Party. Each Receiving Party will use the Confidential Information of the Disclosing Party solely in accordance with the provisions of the Agreement and will not disclose, or permit to be disclosed, the same directly or indirectly, to any third party without the Disclosing Party’s prior written consent, except as otherwise permitted hereunder. The Receiving Party may disclose the Disclosing Party’s Confidential Information, in whole or in part, to the Receiving Party’s employees, officers, directors, consultants, and contractors who have a need to know to the extent necessary and appropriate to the work function of the particular personnel and are legally bound by obligations of confidentiality and nonuse with respect to such Confidential Information no less restrictive than those set forth in this Section 5.

5.3       Other Confidentiality Obligations. Each Receiving Party will use reasonable measures to protect the confidentiality of the Disclosing Party’s Confidential Information. Either Receiving Party may disclose the Confidential Information of the Disclosing Party as reasonably deemed by the Receiving Party to be required by law (in which case such Receiving Party will provide the Disclosing Party with prior written notification thereof, will provide the Disclosing Party with the opportunity to contest such disclosure, and will use its reasonable efforts to minimize such disclosure, each to the extent permitted by applicable law). In the event of actual or threatened breach of the provisions of this Section 5, the non-breaching party will be entitled to seek immediate injunctive and other equitable relief, without waiving any other rights or remedies available to it. Except as otherwise authorized by the Agreement, any Confidential Information provided by the Disclosing Party to the Receiving Party pursuant to the Agreement must be returned or destroyed upon termination or expiration of the Agreement, except that the Receiving Party may retain one (or more if needed) archival copy in a secure location to demonstrate compliance with the Agreement or as required for legal and audit purposes, as long as such retained copy is not used or disclosed contrary to the terms and conditions of the Agreement.

5.4       Intellectual Property. Customer acknowledges and agrees that all right, title and interest in the intellectual property and other proprietary rights in the Credo Services, are owned by or under license to Credo. Nothing in the Agreement shall be construed as a work-for-hire agreement or joint development agreement. Further, as between the parties, all improvements to the Credo Services are and shall be the sole and exclusive property of Credo (or its licensor(s), as the case may be). Customer irrevocably and unconditionally assigns, and upon creation thereof automatically assigns, any such intellectual property rights that it may have in and to the improvements to Credo, at no additional cost. To the extent that any intellectual property rights to the improvements do not otherwise vest in Credo, Customer agrees to promptly assign, and ensure that any of its Authorized Users, employees, contractors, and agents assign, such intellectual property rights to Credo, and to perform all other acts reasonably necessary to perfect the ownership, proprietary rights or licenses of Credo, without additional consideration of any kind. The parties explicitly agree that no title or ownership of intellectual property of Credo may be considered transferred to Customer or any third parties. All rights not expressly granted to Customer in the Agreement are reserved by Credo. If Customer discovers or is notified of an actual or suspected infringement or misappropriation of the Credo’s intellectual property in the Credo Services or a violation of the confidentiality of Credo’s Confidential Information, Customer must immediately notify Credo and terminate such infringement, misappropriation or violation to the extent it is within the control of Customer, its Authorized Users, employees, contractors or agents. Customer will reasonably cooperate with and assist Credo in protecting, enforcing and defending Credo’s intellectual property. Customer acknowledges and agrees that Credo has no obligation to enforce such intellectual property rights (including any Improvements) regarding the Credo Services. 

6. REPRESENTATIONS, WARRANTIES AND DISCLAIMER

6.1       Representations and Warranties.

(a)        Each party represents and warrants to the other party that: (i) it is duly organized and validly existing and in good standing under the laws of the jurisdiction of its incorporation or formation, as applicable; (ii) such party has the required power and authority to enter into the Agreement and to perform its obligations hereunder; (iii) the execution of the Agreement and performance of its obligations thereunder do not and will not violate any other agreement to which it is a party or any judgment, order or decree by which it is bound; and (iv) the Agreement constitutes a legal, valid and binding obligation when signed by both parties. Further, Credo represents and warrants that it, and Customer represents and warrants that it (and its Authorized Users): (a) are not debarred, suspended, declared ineligible, or voluntarily excluded from participation in federal contracting or federal health care programs; (b) have not been placed on the sanctions list issued by the Office of the Inspector General of the Department of Health and Human Services pursuant to the provisions of 42 USC 1320a-7; and (c) have not been convicted of a felony or any crime relating to health care. Each party will immediately notify the other party if it becomes aware that any of the foregoing representations are incorrect. A breach of this provision shall be a material breach of this Agreement, and a party, in addition to other available remedies, may immediately terminate this Agreement upon notice to the other party, in the event that the party breaches this representation.

(b)        Credo warrants, for Customer’s benefit alone, that during the Term: (i) the Credo Services will be provided in a professional and workmanlike manner, in accordance with the standard and quality generally recognized and accepted within its industry; and (ii) Credo will use commercially reasonable measures to ensure that the Credo Services will not contain any security vulnerabilities. Customer’s sole and exclusive remedy for any failure of the Credo Services to conform to the limited warranties set forth in this Section 6.1(b), and as Credo’s entire liability for any breach of such warranties, Credo shall use commercially reasonable efforts to correct such failure or modify the Credo Services to achieve material functionality within a reasonable period of time. If the foregoing remedies are not commercially reasonable or practicable, Credo may, in its discretion, terminate the Agreement upon providing Customer with written notice thereof, and, in such event (and as Customer’s sole and exclusive remedy and Credo’s entire liability), refund to Customer, in the case of breach of the warranty set forth in this Section 6.1(b), any prepaid fees paid by Customer for any unused period. Notwithstanding the foregoing, Credo shall have no obligation with respect to a warranty claim under this Section 6.1(b) unless notified of such warranty claim within the 60-day notification period.

(c)        Customer represents, warrants, and covenants to Credo that it has and will have all rights necessary and full legal authority (including without limitation all necessary consents, authorizations, acknowledgements, or other permissions (collectively, “Consents”)) to input, import, upload, submit or otherwise provide Credo with access to and use of Customer Data for the Credo Service, and to grant the rights in and to Customer Data granted to Credo in the Agreement. Customer is solely responsible for maintaining such Consents and shall maintain them for at least six (6) years after their last use or expiration date, whichever occurs last. Customer agrees, as between the parties, that Customer bears all responsibility and liability for the accuracy, completeness, possession and use of Customer Data in connection with the Services. Customer represents, warrants and covenants that the Customer Data provided to Credo is an accurate representation of the Customer Data maintained in Customer systems. Customer further represents, warrants, and covenants to Credo that it will comply with all applicable laws.

(d)        Customer represents, warrants, and covenants to Credo that: (i) any entity that it lists on an Order Form as a Customer is an Affiliate; and (ii) it has the power and authority to enter into the Agreement on behalf of each such Affiliate and to bind each such Affiliate to the terms hereof.

6.2       Disclaimer. EXCEPT FOR THE WARRANTIES EXPLICITLY SET FORTH IN SECTION 6.1, AND TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, CREDO PROVIDES THE SERVICES AND DATA ON AN “AS IS” AND “AS AVAILABLE” BASIS AND “WITH ALL FAULTS,” AND CREDO HEREBY DISCLAIMS ALL PROMISES, REPRESENTATIONS AND WARRANTIES, WHETHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT, TITLE AND NONINFRINGEMENT OR WARRANTIES ARISING OUT OF ANY COURSE OF DEALING, TRADE USAGE OR TRADE PRACTICE. CREDO DOES NOT WARRANT THAT THE SERVICES OR THE DATA WILL MEET CUSTOMER’S REQUIREMENTS OR BE UNINTERRUPTED, TIMELY, ACCURATE, COMPLETE, FREE FROM FALSE MATCHES, SECURE, FREE FROM HARMFUL CODE, RELIABLE, INTEROPERABLE, COMPATIBLE WITH ANY PARTICULAR HARDWARE OR SOFTWARE OR DATA, OR ERROR FREE, OR THAT ALL ERRORS WILL BE CORRECTED. FOR THE AVOIDANCE OF DOUBT, CUSTOMER ACKNOWLEDGES AND AGREES THAT PATIENT IDENTITY RESOLUTION ACROSS DISPARATE RECORD SOURCES IS INHERENTLY PRONE TO MISMATCHING AND CREDO DOES NOT WARRANT THE ACCURACY OF THE RESULTS THAT MAY BE OBTAINED FROM USE OF THE SERVICES; THUS, CUSTOMER AGREES THAT CUSTOMER IS RESPONSIBLE FOR VERIFYING THE VERACITY OF ANY DATA PROVIDED TO CUSTOMER TO ENSURE IT INDEED IS MATCHING THE PARTICULAR PATIENT AND DOES NOT CONTAIN ERRORS. CREDO AND ITS LICENSORS AND SUPPLIERS ARE NOT RESPONSIBLE FOR ANY ACTIONS TAKEN (INCLUDING CONFIGURATION OF THE CREDO SERVICE) BASED ON INFORMATION PROVIDED BY OR ON BEHALF OF A PATIENT. NO ORAL OR WRITTEN INFORMATION GIVEN BY CREDO, OR ITS EMPLOYEES, SUBCONTRACTORS OR THIRD-PARTY SERVICE PROVIDERS, WILL CREATE A WARRANTY. CUSTOMER DOES NOT HAVE THE RIGHT TO MAKE OR PASS ON ANY REPRESENTATION OR WARRANTY ON BEHALF OF CREDO TO ANY THIRD PARTY.

6.3       Not a Medical Service. CREDO IS NOT ENGAGED IN THE PRACTICE OF MEDICINE OR THE PROVISION OF HEALTHCARE SERVICES OR PROFESSIONAL, LEGAL OR MEDICAL ADVICE. CREDO DOES NOT WARRANT THAT THE ASSIGNMENT OF ANY DIAGNOSIS CODE TO A PATIENT FOR PURPOSES OF RISK ADJUSTMENT BASED UPON INFORMATION PROVIDED BY CREDO WILL COMPLY WITH APPLICABLE LAWS, RULES, REGULATIONS, AND GUIDELINES, AS SUCH ASSIGNMENT IS THE SOLE RESPONSIBILITY OF CUSTOMER AND PROVIDERS AFFILIATED OR UNDER CONTRACT WITH CUSTOMER. The Service(s) and data, information and other materials made available by the Service, including without limitation any Credo Data, Credo Reports or data from the Common Record, is not a medical, behavioral health, emergency, social, legal or other professional service that requires the use of licensed or certified professionals and is not a substitute for professional judgment applied by Customer or its Authorized Users. Without limiting any other provision of the Agreement, Customer and its Authorized Users shall be solely responsible for their actions or omissions involving their Treatment, Payment, Health Care Operations and other activities arising out of or relating to their access or use of the Services or the Data, including without limitation any unavailability or degradation of the Services.

6.4       Carrier Lines. The parties acknowledge that access to the Services is provided over various facilities, communications lines, routers, switches, and other devices owned, maintained, and serviced by third-party carriers, utilities, Internet service providers, and other service providers (“Carrier Lines”), all of which are beyond the parties’ control. Credo is not liable for any delay, failure, interruption, interception, loss, transmission, or corruption of any data or other information transmitted on the Carrier Lines that are beyond Credo’s control. Use of the Carrier Lines is solely at the parties’ risk and is subject to all applicable law.

7. LIMITATIONS OF LIABILITY

7.1       Limitation of Liability; Exclusion of Consequential Damages. IN ADDITION TO ANY OTHER LIMITATIONS OR RELEASES OF LIABILITY IN THIS AGREEMENT, (I) IN NO EVENT WILL CREDO OR ITS LICENSORS OR SERVICE PROVIDERS BE LIABLE TO CUSTOMER, OR CUSTOMER BE LIABLE TO CREDO, FOR ANY SPECIAL, INDIRECT, RELIANCE, INCIDENTAL, PUNITIVE, EXEMPLARY, OR CONSEQUENTIAL DAMAGES, FINES OR PENALTIES OF ANY KIND ARISING OUT OF THIS AGREEMENT, INCLUDING WITHOUT LIMITATION LOST OR DAMAGED DATA, DISCLOSURE OF DATA, COSTS OF RE-CREATING DATA, COSTS OF DELAY, COSTS OF ANY SUBSTITUTE SERVICES OR DATA, BUSINESS INTERRUPTION, LIABILITIES TO THIRD PARTIES, GOODWILL, LOST PROFITS OR LOST REVENUE, WHETHER ARISING IN CONTRACT, TORT (INCLUDING NEGLIGENCE), OR OTHERWISE, EVEN IF THE PARTY HAS BEEN NOTIFIED OF THE POSSIBILITY THEREOF AND WHETHER OR NOT SUCH LOSS, DAMAGES OR PENALTIES WERE FORESEEABLE; AND (II) UNDER NO CIRCUMSTANCES WILL THE LIABILITY OF EITHER PARTY FOR ALL CLAIMS ARISING UNDER OR RELATING TO THIS AGREEMENT (INCLUDING WARRANTY CLAIMS), REGARDLESS OF THE FORUM AND REGARDLESS OF WHETHER ANY ACTION OR CLAIM IS BASED ON CONTRACT, TORT, OR OTHERWISE, EXCEED THE AGGREGATE FEES PAID AND PAYABLE BY CUSTOMER TO CREDO UNDER THIS AGREEMENT DURING THE TWELVE (12) MONTH PERIOD PRECEDING THE EVENT OR CIRCUMSTANCES GIVING RISE TO SUCH LIABILITY. THIS SECTION SHALL NOT APPLY TO, OR LIMIT, LIABILITY ARISING FROM (A) CUSTOMER’S INDEMNIFICATION OBLIGATIONS IN THIS AGREEMENT, (B) CUSTOMER’S USE OF ANY CREDO SERVICE OTHER THAN AS EXPRESSLY PERMITTED HEREUNDER, OR (C) CUSTOMER’S BREACH OF WARRANTY AS TO CONSENTS IN SECTION 6.1(c). AS AN EXCEPTION TO THE FOREGOING, THE TOTAL CUMULATIVE LIABILITY OF A PARTY ARISING FROM (A) EITHER PARTY’S BREACH OF SECTION 5 (CONFIDENTIALITY; INTELLECTUAL PROPERTY), (B) CREDO’S INDEMNIFICATION OBLIGATIONS IN THIS AGREEMENT, OR (C) CREDO’S OBLIGATION TO REIMBURSE CUSTOMER FOR BREACH NOTIFICATION COSTS UNDER THE BAA, SHALL NOT EXCEED ONE MILLION DOLLARS ($1,000,000).

7.2       Independent Allocations of Risk. EACH PROVISION OF THIS AGREEMENT THAT PROVIDES FOR A LIMITATION OF LIABILITY, DISCLAIMER OF WARRANTIES, OR EXCLUSION OF DAMAGES IS TO ALLOCATE THE RISKS OF THIS AGREEMENT BETWEEN THE PARTIES. EACH OF THESE PROVISIONS WILL APPLY EVEN IF THEY HAVE FAILED OF THEIR ESSENTIAL PURPOSE. If applicable law does not allow for any disclaimer, limitation of liability, release, or waiver (or any portion thereof) as set forth in the Agreement, the disclaimer, limitation of liability, release, or waiver will be deemed modified solely to the extent necessary to comply with applicable law.

7.3       Releases of Liability. Without limiting the foregoing, and notwithstanding Section 8.1 (Infringement) of these Terms and Conditions, Customer releases Credo, Credo Parties (as defined below), and Credo’s data suppliers from and against that portion of any and all demands, claims, actions, suits, proceedings, judgments, liabilities, losses, damages, penalties, fines, costs and expenses (including without limitation attorneys’ fees and expert witness fees) (collectively, “Claims”) arising out of or relating to any inaccuracy, incompleteness, mismatching, or timeliness of the data; provided, however, this release shall not apply to that portion of any Claims directly caused, respectively, by Credo’s or its data supplier’s gross negligence or intentional misconduct. Customer further releases Credo, Credo Parties, and Credo’s data suppliers from that portion of any and all Claims arising out of or relating to: (a) any clinical, medical, legal, professional or other decisions related to the treatment, care or social support services provided to an individual, including without limitation those Claims associated with the unavailability or degradation of the Services; (b) individual identity matching or record locating; (c) Customer’s breach of the Agreement or applicable law; (d) Customer’s negligence or willful misconduct; and (e) Credo’s contractually proper and lawful use and disclosure of Customer Data or Customer Confidential Information pursuant to the permissions in the Agreement; provided, however, that the releases in (a) and (b) of this Section shall not apply to that portion of any Claims directly caused by Credo’s gross negligence or intentional misconduct. Further, in no event shall Credo be liable for, and Customer hereby releases Credo and Credo Parties from any liability for, the use or subsequent release of data by third parties who are not Credo Parties after receipt by such third party from Credo.

7.4       Insurance. During the Term, each party agrees to maintain in force, at its sole cost and expense, liability insurance coverage in amounts commercially reasonable and appropriate to cover its obligations and liabilities under this Agreement. The insurance coverage required under this Agreement may be provided through one or more reputable commercial insurance policies, through a reasonably acceptable self-insurance program, or through a combination of commercial and self-insurance programs. Upon request, each party agrees to furnish the other party with a certificate of insurance indicating the required coverage.

‍

8. INDEMNIFICATION

8.1       Infringement. Credo will indemnify, defend, and hold harmless Customer or any officer, director, agent, or employee of Customer (“Customer Parties”) from and against that portion of any Claims by third parties that the use of the Credo Services as permitted under the Agreement infringes any copyright or misappropriates any trade secret (except for claims for which Credo is entitled to indemnification under Section 8.2, in which case Credo will have no obligations with respect to such Claim). Credo will have no liability or obligation under this Section 8.1 if the applicable Claim arises in whole or in part from: (a) modification of the Credo Services by any party other than Credo without Credo’s express consent; (b) the combination, operation, or use of the Credo Services with other product(s), data or services where the Credo Services would not by itself be infringing; (c) unauthorized or improper use of the Credo Service; (d) Customer’s continuing allegedly infringing activity after being notified by Credo; or (e) any breach of any agreement by, or any negligent or wrongful act or omission of, any third party or Customer. If the use of the Credo Services by Customer has become, or in Credo’s opinion is likely to become, the subject of any Claim of infringement, Credo may at its option and expense: (i) procure for Customer the right to continue using the Credo Services as set forth hereunder; (ii) replace or modify the Credo Services to make it non-infringing so long as the Credo Services has at least equivalent functionality; (iii) substitute an equivalent for the Credo Services; or (iv) if options (i)-(iii) are not reasonably practicable, terminate the Agreement with immediate effect upon notice to Customer and refund any prepaid amounts for unused periods. THIS SECTION 8.1 STATES CREDO’S ENTIRE OBLIGATION AND CUSTOMER’S SOLE REMEDIES IN CONNECTION WITH ANY CLAIM REGARDING THE INTELLECTUAL PROPERTY RIGHTS OF ANY THIRD PARTY.

8.2       Indemnification by Customer. To the maximum extent permitted by law, Customer will indemnify, defend and hold harmless Credo and its officers, directors, principals, agents, employees, and subcontractors (collectively, “Credo Parties”) from and against any Claims arising out of or relating to: (a) any material breach of the Agreement by Customer; (b) Customer’s violation of applicable law, fraud, willful misconduct or negligence; or (c) any patient harm (including without limitation physical or emotional harm, including injury or death) arising out of or relating to Customer’s use of the Credo Services or data provided through the Credo Services except for that portion of the patient harm directly caused by Credo’s willful misconduct or gross negligence. For clarity, the term Customer as used in this Section includes without limitation Customer’s Authorized Users.

8.3       Procedure. If a Customer Party or a Credo Party becomes aware of any Claim for which it believes falls under this Section 8, as applicable, such Customer Party or Credo Party will: (a) promptly notify the other party in writing of such Claim (provided, however, that failure by the notifying party to provide prompt notice shall not relieve the other party of its obligations hereunder except to the extent that such party is prejudiced by such failure); and (b) give assistance and full cooperation for the defense of the Claim. The indemnifying party shall have no right to agree to a settlement that requires any indemnified party to admit wrongdoing or culpability or places an affirmative obligation or any ongoing material liability on any indemnified party (other than the payment of money for which indemnified party is indemnified hereunder). However, the indemnified party reserves the right, at its option and expense, to participate in the defense of any suit or proceeding through counsel of its own choosing.

9. GENERAL

9.1       Severability. If any provision of the Agreement is found to be unenforceable or invalid, that provision will be limited or eliminated to the minimum extent necessary so that the Agreement will otherwise remain in full force and effect and enforceable.

9.2       Assignment. Neither party may assign, transfer, delegate or pledge the Agreement or any of its obligations hereunder to any third party without the prior written consent of the other party, which will not be unreasonably delayed, conditioned, or withheld; provided, however, that Credo may (with prompt notice to the other party) assign its rights and obligations hereunder to: (a) a parent or subsidiary of an affiliate that has agreed to be bound by the terms and conditions of this Agreement; or (b) a third party as part of a sale or exchange of all or substantially all of the assets of a Credo as long as such third party agrees to be bound by the terms and conditions of this Agreement. Any assignment or attempted assignment by a party otherwise than in accordance with this Section 9.2 will be null and void. This Agreement is binding on, will inure to the benefit of, and is enforceable against the parties and their respective successors and assigns.

9.3       Subcontractors. Credo may use subcontractors in delivering the Credo Service.

9.4       Entire Agreement. The Agreement is the complete and exclusive statement of the mutual understanding of the parties and supersedes and cancels all previous written and oral agreements, communications and other understandings relating to the subject matter of the Agreement. Any purchase order terms, or terms included in Customer’s registration form or registration portal, are void and will be non-binding against Credo even if accepted or signed by Credo after the Effective Date.

9.5       Waiver; Modifications. All waivers and modifications must be in a writing signed by both parties, except as otherwise provided herein. For clarity, Customer’s additional agreement, approval or acknowledgement is not required for a revision or change to a provision of the Agreement where Credo has an express right to revise or change such a provision, and such revision or change shall be immediately binding on Customer (unless some other timeframe is specified in such provision).

9.6       Cumulative Remedies. Except as otherwise provided in the Agreement, any and all remedies will be deemed cumulative with and not exclusive of any other remedy, and the exercise by a party of any one remedy will not preclude the exercise of any other remedy.

9.7       Relationship of the Parties. No agency, partnership, joint venture, or employment is created as a result of the Agreement, and a party does not have any authority of any kind to bind the other party in any respect whatsoever.

9.8       No Third-Party Beneficiaries. Except as expressly stated in the Agreement, nothing in the Agreement intended to confer, nor shall anything herein confer, upon any person other than the parties and the respective successors or assigns of the parties, any rights, remedies, obligations, or liabilities whatsoever.

9.9       Notice. Except as otherwise provided for in the Agreement, all notices under the Agreement will be in writing and sent to the recipient’s address set forth in the Order Form and will be deemed to have been duly given when received, if personally delivered; upon receipt, if transmitted by email; the day after it is sent, if sent for next day delivery by recognized overnight delivery service; and upon receipt, if sent by certified or registered mail, return receipt requested. In the case of a notice by Customer, Customer will send an additional copy of the notice to the “Attention of Chief Executive Officer” to Credo’s physical address and email as set forth in the Order Form. A party may change its contact information for legal notice by giving the other party notice as provided under this section.

9.10     Marks and Publicity. Neither party may use the other party’s trademarks, service marks, logos or brands (“Marks”) without prior written consent, except that: (a) Credo may disclose Customer as user of the Credo Service, including without limitation in Credo’s marketing collateral, website, and other promotional and marketing materials and in communications with Credo’s stakeholders and potential investors; and (b) Credo may use Customer’s Marks, if applicable, to configure the Credo Services for Customer. Accordingly, Customer grants to Credo a non-exclusive, non-transferable (except as set forth in Section 9.2), paid-up, royalty-free, sublicensable license to copy, use, display, distribute and modify and create derivative works of Customer’s Marks to brand and make available the Credo Services to Customer under the Agreement. Neither party will, without prior written consent of the other party, issue a press release regarding their business relationship.

9.11     Force Majeure. Each party will be excused from performance for any period during which, and to the extent that, it is prevented from performing any obligation or service, in whole or in part, as a result of a cause beyond its reasonable control and without its fault or negligence, including acts of God, acts of war, epidemics, pandemics, fire, communication line failures, power failures, earthquakes, floods, blizzard, or other natural disasters (but excluding failure caused by a party’s financial condition or any internal labor problems (including strikes, lockouts, work stoppages or slowdowns, or the threat thereof)) (a “Force Majeure Event”). Delays in performing obligations due to a Force Majeure Event will automatically extend the deadline for performing such obligations for a period equal to the duration of such Force Majeure Event. Except as otherwise agreed upon by the parties in writing, in the event such non-performance continues for a period of thirty (30) calendar days or more, either party may terminate the Agreement by giving written notice thereof to the other party. Upon the occurrence of any Force Majeure Event, the affected party will give the other party written notice thereof as soon as reasonably practicable of its failure of performance, describing the cause and effect of such failure, and the anticipated duration of its inability to perform.

9.12     Governing Law. The Agreement will be governed by the laws of the State of Delaware without regard to its conflict of law provisions.

9.13     Interpretation. Any headings, page footers, page headers, watermarks and captions used in these Terms and Conditions are used for convenience only and are not to be considered in construing or interpreting the Agreement. All uses in the Agreement of “including” and similar terms will be interpreted to mean “including without limitation.” The parties expressly waive any common law or statutory rule of construction that favors the non-writing party, and the parties expressly agree that the Agreement must be construed without regard to which party wrote that term, condition, or provision.

10. ADDITIONAL DEFINITIONS

For purposes of the Agreement the following terms have the following meanings:

“Additional Services” means the implementation, activation, technical support, promotional, consulting and other services described in the applicable Order Form.

“Affiliate” will mean an entity that directly, or indirectly, through one or more intermediaries, controls or is controlled by or is under common control with Customer. For purposes of this definition, control of an entity means the power, direct or indirect, to direct or cause the direction of the management and policies of such individual or entity whether by contract or otherwise and, in any event and without limitation of the previous sentence, any individual or entity owning more than fifty percent (50%) of the outstanding voting shares of a second entity shall be deemed to control that second entity.

“Authorized User” means a natural person (not a corporation, limited liability company, partnership, association, or other entity) who is either employed by, on the medical staff of, or otherwise a legal representative of Customer (including its Affiliates) and who Customer identified and authorized as having permission to access or use the Credo Services.

“Business Associate” and “Subcontractor Business Associate” are as defined at 45 C.F.R. § 160.103. 

“Common Record” means the individually identifiable health information and other personally identifiable information about patients maintained by Credo. The Common Record may include Customer Data and Credo Data.  

“Credo Data” means (a) all de-identified data created, generated or derived in connection with the Credo Service, including without limitation any Usage Data; (b) all data, information or other materials provided to or collected by Credo not on behalf of Customer, including but not limited to data from other Credo customers, business partners, or Credo’s direct-to-consumer services; and (iii) all data, information or other materials released by a patient or the patient’s personal representative pursuant to Credo ROI.

“Customer Data” means the data, information or other materials provided to Credo by Customer or collected by Credo on behalf of Customer as part of the Credo Service. Customer Data does not include Credo Data.

“Designated Record Set” is as defined at 45 C.F.R. § 164.501.

“Health Care Operations” is as defined at 45 C.F.R. § 164.501.

“Health Care Provider” is as defined at 45 C.F.R. § 160.103.

“Health Information Network/Health Information Exchange” has the meaning assigned to the term at 45 CFR 171.102.

“Health Plan” is as defined at 45 C.F.R. § 160.103. 

“HIPAA” refers to the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations, each as amended from time to time. 

“HIPAA Regulated Entity” refers to a Covered Entity or Business Associate, each as defined by HIPAA. 

“Initial Term” means the initial term of the Agreement as described in the Order Form. 

“Limited Data Set” is as defined at 45 C.F.R. § 164.514(e)(2).

“Limited Health Care Operations” means the activities listed in paragraphs (1) and (2) of the definition Health Care Operations.

“Order Form” means any form for one or more Credo Services that is signed by Credo and Customer and that expressly references these Terms and Conditions.

“Payment” is as defined at 45 C.F.R. § 164.501. 

“Public Health” is as defined at 45 C.F.R. § 160.103.

“Psychotherapy Notes” are as defined at 45 C.F.R. § 164.501.

“Public Health Activities” are as described at 45 C.F.R. § 164.512(b)(1).  

“Research” is as defined at 45 C.F.R. § 164.501.

“Treatment” is as defined at 45 C.F.R. § 164.501. For clarity, Health Plans, Business Associates of Health Plans, and Subcontractor Business Associates of Business Associates of Health Plans do not perform Treatment functions under HIPAA.

“Trusted Exchange” or “Trusted Exchange Connection” refers to one or more network(s) of networks operated by one or more HIN/HIE(s) that support the access, exchange and use of electronic health information for legally permitted purposes under a common agreement framework. For illustration purposes only, Trusted Exchange Connections include but are not limited to the eHealth Information Exchange (eHX) Data Use and Reciprocal Support Agreement (DURSA), Carequality, CommonWell Health Alliance (CommonWell), and the Trusted Exchange Framework and Common Agreement (TEFCA).  

“Usage Data” refers to de-identified technical, statistical or analytical data that is compiled in the ordinary course of providing the Credo Service.

‍