Terms of Service for Note Sync Plus

These Terms of Service (“Terms of Service” or “Agreement”) are a legal agreement between you and Note Sync Plus. These Terms of Service specify the terms under which you may access and use our proprietary AI transcription software (the “Platform”).

PLEASE READ THESE TERMS OF SERVICE CAREFULLY. BY SIGNING BELOW/CLICKING ‘AGREE’/ACCESSING AND/OR USING THE PLATFORM, YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTOOD, AND AGREE TO BE LEGALLY BOUND BY THESE TERMS OF SERVICE. IF YOU DO NOT AGREE TO ANY OF THE TERMS IN THESE TERMS OF SERVICE, THEN PLEASE DO NOT USE THE PLATFORM.

If you accept or agree to these Terms of Service on behalf of a company or other legal entity, you represent and warrant that you have the authority to bind that company or other legal entity to these Terms of Service and, in such event, “you” and “your” will refer and apply to that company or other legal entity.

We reserve the right, at our sole discretion, to modify, discontinue, or terminate the Platform, or to modify the Terms of Service, at any time and without prior notice. If we modify the Terms of Service, we will post the modification on the Platform. By continuing to access or use the Platform after we have posted a modification on the Platform, you are indicating that you agree to be bound by the modified Terms of Service. If the modified Terms of Service are not acceptable to you, your only recourse is to cease using the Platform.

• Right to Access and Authorized Users

Subject to these Terms of Service, Note Sync Plus grants you during the Term of this Agreement a limited, non-exclusive, non-transferable, non-sublicensable, revocable right, to access and use, and to authorize your Authorized Users to access and use, the Platform only for your internal business purposes.

You will not (and will not authorize, permit, or encourage any third party to): (i) reverse engineer, decompile, disassemble, or otherwise attempt to discern the source code or interface protocols of the Platform; (ii) modify, adapt, or translate the Platform, or any portion or component thereof; (iii) make any copies of the Platform, or any portion or component thereof; (iv) resell, distribute, or sublicense the Platform, or any portion or component thereof; (v) remove or modify any proprietary markings or restrictive legends placed on the Platform; (vi) use the Platform, or any portion or component thereof in violation of any applicable law, in order to build a competitive product or service, or for any purpose not specifically permitted in this Agreement; (vii) introduce, post, or upload to the Platform any virus, worm, “black door,” Trojan Horse, or similar harmful code; (viii) save, store, or archive any portion of the services (including, without limitation, any data contained therein) outside the Platform other than those outputs generated through the intended functionality of the Platform without the prior, written permission of Note Sync Plus in each instance; (ix) use the Platform in connection with service bureau, timeshare, service provider or like activity whereby you operate the Platform for the benefit of a third party; or (x) circumvent any processes, procedures, or technologies that we have put in place to safeguard the Platform.

If you violate this section, Note Sync Plus reserves the right in its sole discretion to immediately deny you access to the Platform, or any portion thereof, without notice. Note Sync Plus reserves the right to change the availability of any feature, function, or content relating to the Platform, at any time, without notice or liability to you.

Your employees and contractors who access and use the Platform on your behalf are referred to herein as “Authorized Users.” You agree to immediately notify us of any unauthorized use or suspected unauthorized use. You are fully responsible for all activities, and use or misuse of the Platform, that is associated with any Authorized User’s use. You are also responsible for ensuring that your Authorized Users comply with these Terms of Service. We have the right to disable any Platform account username or password at any time for any reason, including if in our sole discretion we believe that you have failed to comply with these Terms of Service.

• Ownership

The Platform contains material, such as software, text, graphics, images, logos, marks, sound recordings, audiovisual works, and other material provided by or on behalf of Note Sync Plus (collectively referred to as the “Content”). For the avoidance of doubt, Content shall not include your data. The Content may be owned by us or by third parties. The Content is protected under both United States and foreign laws. Unauthorized use of the Content may violate copyright, trademark, and other laws. You have no rights in or to the Content, and you will not use the Content except as permitted under this Agreement. No other use is permitted without prior written consent from Note Sync Plus. You must retain all copyright and other proprietary notices contained in the original Content on any copy you make of the Content. You may not sell, transfer, assign, license, sublicense, or modify the Content or reproduce, display, publicly perform, make a derivative version of, distribute, or otherwise use the Content in any way for any public or commercial purpose. The use or posting of the Content on any other website or in a networked computer environment for any purpose is expressly prohibited.

If you violate any part of this Agreement, your permission to access and/or use the Content, and the Platform automatically terminates, and you must immediately destroy any copies you have made of the Content.

Elements of the Platform are protected by trade dress, trademark, unfair competition, and other state and federal laws and may not be copied or imitated in whole or in part, by any means, including, but not limited to, the use of framing or mirrors. None of the Content may be retransmitted without our express, written consent for each and every instance.

• Compliance with HIPAA

Note Sync Plus will comply with the terms and conditions of the Business Associate Agreement (“BAA”), attached hereto as Exhibit A, as it relates to your use of the Platform.

You will ensure that your use of the Platform complies with all applicable laws, including, without limitation, the Health Insurance Portability and Accountability Act (“HIPAA”) and other data privacy laws. You represent and warrant that you shall be solely responsible for obtaining and maintaining any and all consents, authorizations, or permissions that maybe required by the HIPAA Privacy Rule, 42 CFR Part 2, or other applicable federal or state data privacy laws and regulations before disclosing to Note Sync Plus any Protected Health Information (“PHI”) (as defined in the BAA). Without limiting the generality of the foregoing, you shall not request Note Sync Plus to use or disclose PHI in any manner that would not be permissible under HIPAA.

• Code Suggestions and RESPONSIBILITY FOR CODING/BILLING

Note Sync Plus may suggest ICD-10 and CPT codes based on the transcribed notes. These suggestions are based on the AI analysis of the generated transcription notes and cannot be considered definitive or relied upon in substitution for the you and your Authorized User's judgement.

NOTE SYNCPLUS IS NOT RESPONSIBLE FOR ANY LOSSES, LIABILITY, OR OTHER CONSEQUENCES ARISING OUT OF YOU OR YOUR AUTHORIZED USER’S USE OF CODES SUGGESTED BY THE PLATFORM. YOU ARE SOLELY RESPONSIBLE FOR ACCURATE CODING AND BILLING. YOU AGREE THAT YOU WILL VERIFY THE ACCURACY OF ANY CODES SUGGESTED BY THE PLATFORM, AND AGREE THAT ANY DECISIONS YOU MAKE IN REGARD TO CODING AND BILLING ARE MADE AT YOUR SOLE DISCRETION.

YOUR USE OF ANY CODES SUGGESTED BY THE PLATFORM IS SUBJECT TO THE LIMITATION OF LIABILITY AND INDEMNIFICATION PROVISIONS BELOW.

• Data Retention and Deletion

Note Sync Plus will automatically delete recordings and transcriptions 10 days after the completion of each session. It is your responsibility to download and securely store any necessary transcriptions within this time frame. Note Sync Plus will not be responsible for any consequences resulting from its deletion of recordings and transcriptions.

• User Consent

By using Note Sync Plus, users consent to the collection, use, and disclosure of their data as described in our Privacy Policy. Users must obtain the necessary consent from patients before recording and transcribing any medical information.

• Data Security

We prioritize the security of your data. Note Sync Plus employs advanced encryption and security protocols to protect data during transmission and storage. Despite these measures, we cannot guarantee absolute security, and users are encouraged to take additional steps to safeguard their data.

• User Rules and Responsibilities

By accessing and/or using the Platform, you hereby agree to comply with the following guidelines:

• You will comply with all applicable laws and regulations, and will not use the Platform for any unlawful or unauthorized purpose;

• You are responsible for the accuracy and completeness of the information you and your Authorized Users provide;

• You will not circumvent, remove, alter, deactivate, degrade, or thwart any of the protections in the Platform; and

• You will not interfere with or attempt to interrupt the proper operation of the Platform through the use of any virus, device, information collection or transmission mechanism, software or routine, or access or attempt to gain access to any data, files, or passwords related to the Platform through hacking, password or data mining, or any other means.

Note Sync Plus reserves the right, in its sole and absolute discretion, to deny you (or any device) access to the Platform, or any portion thereof, without notice.

• NO WARRANTIES; LIMITATION OF LIABILITY

THE PLATFORM IS PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS, AND NOTE SYNCPLUS DOES NOT MAKE ANY WARRANTIES WITH RESPECT TO THE SAME OR OTHERWISE IN CONNECTION WITH THIS AGREEMENT, AND NOTE SYNCPLUS HEREBY DISCLAIMS ANY AND ALL EXPRESS, IMPLIED, OR STATUTORY WARRANTIES, INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AVAILABILITY, ACCURACY, COMPLETENESS, CURRENTNESS, ERROR-FREE OR UNINTERRUPTED OPERATION, AND ANY WARRANTIES ARISING FROM A COURSE OF DEALING, COURSE OF PERFORMANCE, OR USAGE OF TRADE. TO THE EXTENT THAT NOTE SYNCPLUS AND NOTE SYNCPLUS’S SUPPLIERS MAY NOT AS A MATTER OF APPLICABLE LAW DISCLAIM ANY IMPLIED WARRANTY, THE SCOPE AND DURATION OF SUCH WARRANTY WILL BE THE MINIMUM PERMITTED UNDER SUCH LAW.

THE PLATFORM IS NOT INTENDED TO DIAGNOSE, TREAT, CURE, OR PREVENT ANY DISEASE OR HEALTH CONDITION. YOU AND YOUR AUTHORIZED USERS ARE SOLELY RESPONSIBLE AND LIABLE FOR ANY MEDICAL CONCLUSIONS OR TREATMENT DECISIONS YOU MAKE BASED UPON ANY OUTPUT PROVIDED AND/OR MADE AVAILABLE THROUGH THE PLATFORM. THE PLATFORM, THE CONTENT AND THE OUTPUT IS NOT INTENDED TO BE A SUBSTITUTE FOR PROFESSIONAL MEDICAL ADVICE, DIAGNOSIS OR TREATMENT. NOTE SYNCPLUS DOES NOT WARRANT, GUARANTEE OR MAKE ANY REPRESENTATION TO YOU OR ANY AUTHORIZED USER REGARDING THE USE OR PERFORMANCE OF THE PLATFORM, OR ANY COMPONENT THEREOF OR ANY OUTPUT PRODUCED BY THE PLATFORM. NOTE SYNCPLUS WILL HAVE NO LIABILITY FOR ANY HARM OR DAMAGE ARISING OUT OF OR IN CONNECTION WITH ANY USE OF THE PLATFORM, AND/OR THE OUTPUT. NOTE SYNCPLUS IS NOT RESPONSIBLE FOR ANY DECISIONS TAKEN BY YOU OR ANY OF YOUR AUTHORIZED USERS BASED ON THE OUTPUT PRODUCED AND/OR MADE AVAILABLE THROUGH THE PLATFORM. YOU AND EACH OF YOUR AUTHORIZED USER AGREES THAT ITS USE OF THE PLATFORM, THE OUTPUT, OR ANY COMPONENT THEREOF IS ENTIRELY AT THEIR OWN RISK.

WITHOUT LIMITING THE FOREGOING, NOTE SYNCPLUS DOES NOT WARRANT, GUARANTEE OR MAKE ANY REPRESENTATION, NOR SHALL IT BE RESPONSIBLE FOR (A) THE CORRECTNESS, ACCURACY, RELIABILITY, COMPLETENESS OR CURRENCY OF THE PLATFORM OR ANY OF ITS OUTPUTS, INCLUDING CODE RECOMMENDATIONS; OR (B) ANY RESULTS ACHIEVED OR ACTION TAKEN BY YOU IN RELIANCE ON THE PLATFORM OR THE OUTPUT OF THE PLATFORM. ANY DECISION, ACT OR OMISSION OF YOURS THAT IS BASED ON THE PLATFORM OR OUTPUT OF THE PLATFORM IS AT YOUR OWN AND SOLE RISK. THE PLATFORM AND THE OUTPUT IS PROVIDED AS A CONVENIENCE ONLY AND DOES NOT REPLACE THE NEED TO REVIEW THE OUTPUT ACCURACY, COMPLETENESS AND CORRECTNESS.

IN CONNECTION WITH ANY WARRANTY, CONTRACT, OR COMMON LAW TORT CLAIMS: (I) WE SHALL NOT BE LIABLE FOR ANY INCIDENTAL OR CONSEQUENTIAL DAMAGES, LOST PROFITS, OR DAMAGES RESULTING FROM LOST DATA OR BUSINESS INTERRUPTION RESULTING FROM THE USE OR INABILITY TO ACCESS AND USE THE PLATFORM, THE CONTENT, THE OUTPUT, OR ANY RELATED SERVICES, EVEN IF NOTE SYNCPLUS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES; AND (II) ANY DIRECT DAMAGES THAT YOU AND YOUR AUTHORIZED USERS MAY SUFFER AS A RESULT OF YOUR USE OF THE PLATFORM, THE CONTENT, THE OUTPUT, OR ANY RELATED SERVICES SHALL BE LIMITED TO THE GREATER OF ONE HUNDRED DOLLARS ($100).

• Representations and Warranties; Patient Consent

You represent and warrant that: (i) you have all rights and permissions necessary to provide us with or grant us access to and use of your data, (ii) you have obtained all necessary and appropriate consents, permissions, and authorizations in accordance with all applicable laws and regulations with respect to your data provided hereunder, including but not limited to, consents from patients, their parents and/or legal guardians, including written consents to record patient visit sessions and authorization for the use, exchange and disclosure of any applicable protected health information (collectively, “Consents”); (iii) you will maintain records of such Consents for the time period required by applicable laws and regulations.

• INDEMNIFICATION

YOU WILL INDEMNIFY, DEFEND, AND HOLD NOTE SYNCPLUS, ITS AFFILIATES, AND ITS SHAREHOLDERS, MEMBERS, OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, AND REPRESENTATIVES (COLLECTIVELY, “NOTE SYNCPLUS INDEMNITEES”) HARMLESS FROM AND AGAINST ANY AND ALL DAMAGES, LIABILITIES, LOSSES, COSTS, AND EXPENSES, INCLUDING REASONABLE ATTORNEY’S FEES (COLLECTIVELY, “LOSSES”) INCURRED BY ANY NOTE SYNCPLUS INDEMNITEE IN CONNECTION WITH A THIRD-PARTY CLAIM, ACTION, OR PROCEEDING (EACH, A “CLAIM”) ARISING FROM YOUR OR YOUR AUTHORIZED USER’S (I) BREACH OF THIS AGREEMENT, INCLUDING BUT NOT LIMITED TO, ANY BREACH OF YOUR REPRESENTATIONS AND WARRANTIES; (II) MISUSE OF THE PLATFORM, THE OUTPUT, AND/OR THE CONTENT; (III) NEGLIGENCE, GROSS NEGLIGENCE, WILLFUL MISCONDUCT, FRAUD, MISREPRESENTATION OR VIOLATION OF LAW; OR (IV) VIOLATION OF ANY THIRD-PARTY RIGHT, INCLUDING WITHOUT LIMITATION ANY COPYRIGHT, TRADEMARK, PROPERTY, OR PRIVACY RIGHT.

• Term and Termination

Your right to access and use the Platform begins upon your acceptance of these Terms of Service and will continue for the duration of the subscription plan that you selected at registration/one year (the “Term”). Thereafter, the Term will automatically renew for consecutive terms equivalent to the duration of your subscription plan/subsequent one-year terms, unless either of us notifies the other at least thirty (30) days prior to the expiration of the then-current renewal term of its intention to not renew.

Note Sync Plus reserves the right to change, suspend, discontinue or terminate your access and use of all or any part of the Platform at any time without prior notice or liability. Sections 2, 4, 9, 10, and 11 shall survive termination of these Terms of Service.

• Contact Information

If you have any questions or concerns about these terms, please contact us at support@Note Syncplus.com.

EXHIBIT A
​ BUSINESS ASSOCIATE AGREEMENT

This Business Associate Agreement (“BAA”) is by and between Note Sync Plus (“Business Associate”), and Customer (“Covered Entity”), and is effective as of the Effective Date.

WHEREAS, the parties have entered into the Terms of Service pursuant to which the Business Associate will provide certain services to, for, or on behalf of Covered Entity involving the use or disclosure of Protected Health Information (“PHI”), and pursuant to such Terms of Service, Business Associate may be considered a “Business Associate” of Covered Entity; and

WHEREAS, Covered Entity and Business Associate intend to protect the privacy and provide for the security of PHI disclosed to Business Associate pursuant to the Terms of Service in compliance with the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191 (“HIPAA”) and the Standards for Privacy of Individually Identifiable Health Information promulgated thereunder by the U.S. Department of Health and Human Services at 45 CFR § 160 and § 164 (the “HIPAA Rules”), and the Health Information Technology for Economic and Clinical Health Act of 2009 (the “HITECH Act”), in each case as amended from time to time; and

WHEREAS, the purpose of this BAA is to satisfy certain standards and requirements of the HIPAA Rules and the HITECH Act, as the same may be amended from time to time.

NOW, THEREFORE, in consideration of the mutual promises below and the exchange of information pursuant to this BAA, the parties agree as follows:

• Definitions

Terms used but not otherwise defined in this BAA shall have the same meaning as set forth in 45 CFR Parts 160, 162 and 164, or the HITECH Act.

• Obligations of Business Associate

• Permitted Uses and Disclosures. Business Associate agrees to only Use or Disclose PHI as necessary in order to perform the services set forth in the Terms of Service, as permitted under this BAA, or as Required by Law. Business Associate shall have the right to de-identify any and all PHI, provided that Business Associate implements a de-identification process that conforms to the requirements of 45 C.F.R. 164.514(a)-(c) (“De-identified Data”). Business Associate may Use or Disclose such De-identified Data to third parties at its discretion, as such De-identified Data does not constitute PHI and is not subject to the terms of this BAA.

• Nondisclosure. Business Associate shall not Use or further Disclose PHI other than as permitted or required by this BAA.

• Safeguards. Business Associate shall use appropriate safeguards to prevent Use or Disclosure of PHI other than as provided for by this BAA. Business Associate shall maintain a comprehensive written information privacy and security program that includes administrative, technical and physical safeguards appropriate to the size and complexity of the Business Associate’s operations and the nature and scope of its activities.

• Reporting of Disclosures; Mitigation. Business Associate shall report to Covered Entity any use or disclosure of PHI not provided for by this BAA of which Business Associate becomes aware. Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of PHI by Business Associate in violation of the requirements of this BAA.

• Business Associate’s Agents. Business Associate shall ensure that any subcontractors, to whom it provides PHI received from (or created or received by Business Associate on behalf of) Covered Entity agree to the same restrictions and conditions that apply to Business Associate with respect to such PHI.

• Availability of Information to Covered Entity. Business Associate shall make available to Covered Entity (or, as directed by Covered Entity, to an Individual) such information as Covered Entity may request, and in the time and manner designated by Covered Entity, to fulfill Covered Entity’s obligations (if any) to provide access to, provide a copy of, and account for disclosures with respect to PHI pursuant to HIPAA and the HIPAA Rules, including, but not limited to, 45 CFR §§ 164.524 and 164.528.

• Amendment of PHI. Business Associate shall make any amendments to PHI in a Designated Record Set that the Covered Entity directs or agrees to at the request of Covered Entity or an Individual, and in the time and manner designated by Covered Entity, to fulfill Covered Entity’s obligations (if any) to amend PHI pursuant to HIPAA and the HIPAA Rules, including, but not limited to, 45 CFR § 164.526, and Business Associate shall, as directed by Covered Entity, incorporate any amendments to PHI into copies of such PHI maintained by Business Associate.

• Internal Practices. Business Associate shall make its internal practices, books and records relating to the use and disclosure of PHI received from Covered Entity (or created or received by Business Associate on behalf of Covered Entity) available to the Secretary, in a time and manner designated by Covered Entity or the Secretary, for purposes of the Secretary determining Covered Entity’s compliance with HIPAA and the HIPAA Rules.

• Documentation of Disclosures for Accounting. Business Associate agrees to document such disclosures of PHI and information related to such disclosures as would be required for Covered Entity to respond to a request by an Individual for an accounting of disclosures of PHI in accordance with 45 CFR § 164.528.

• Access to Documentation for Accounting. Business Associate agrees to provide to Covered Entity or an Individual, in a time and manner designated by Covered Entity, information documented in accordance with Section 2(i) of this BAA in a time and manner as to permit Covered Entity to respond to a request by an Individual for an accounting of disclosures of PHI in accordance with 45 CFR § 164.528.

• Notification of Breach. During the Term of this BAA, Business Associate shall notify Covered Entity within ten (10) business days of Discovery of any Breach of Unsecured PHI. Business Associate further agrees, consistent with Section 13402 of the HITECH Act, to provide Covered Entity with information necessary for Covered Entity to meet the requirements of said section, and in a manner and format to be specified by Covered Entity.

• Minimum Necessary. When using, disclosing, or requesting PHI from the Covered Entity, or in accordance with any provision of this BAA, Business Associate shall limit PHI to the minimum necessary to accomplish the intended purpose of the use, disclosure, or request.

• Obligations of Covered Entity

• Covered Entity shall be responsible for using appropriate safeguards to maintain and ensure the confidentiality, privacy and security of PHI transmitted to Business Associate pursuant to the BAA and this BAA, in accordance with the standards and requirements of HIPAA and the HIPAA Rules, until such PHI is received by Business Associate.

• Upon request, Covered Entity shall provide Business Associate with the notice of privacy practices that Covered Entity produces in accordance with 45 CFR § 164.520, as well as any changes to such notice.

• Covered Entity shall provide Business Associate with any changes in, or revocation of, permission by an Individual to use or disclose PHI, if such changes affect Business Associate’s permitted or required uses or disclosures.

• Covered Entity shall notify Business Associate of any restriction to the use or disclosure of PHI that Covered Entity has agreed to in accordance with 45 CFR § 164.522, if such restriction affects Business Associate’s permitted or required uses or disclosures.

• Term and Termination

• Term. The Term of this BAA shall become effective as of the Effective Date and shall terminate when all of the PHI provided by Covered Entity to Business Associate, or created or received by Business Associate on behalf of Covered Entity, is destroyed or returned to Covered Entity, or, if it is infeasible to return or destroy PHI, protections are extended to such information, in accordance with the termination provisions of this Section. The provisions of this BAA shall survive termination of the BAA to the extent necessary for compliance with HIPAA and the HIPAA Rules.

• Material Breach. A material breach by either party of any provision of this BAA shall constitute a material breach of the BAA, if such breach is not cured by the breaching party within thirty (30) days of receipt of notice describing the material breach.

• Reasonable Steps to Cure Breach. If either party learns of an activity or practice of the other party that constitutes a material breach or violation of the other party’s obligations under the provisions of this BAA, then the non-breaching party shall notify the breaching party of the breach and the breaching party shall take reasonable steps to cure such breach or violation, as applicable, within a period of time which shall in no event exceed thirty (30) days. If the breaching party’s efforts to cure such breach or violation are unsuccessful, the non-breaching party shall either terminate the BAA, if feasible, or if termination of the BAA is not feasible and the breaching party has violated the HIPAA Rules, the non-breaching party may report the breaching party’s breach or violation to the Secretary.

• Judicial or Administrative Proceedings. Either party may terminate the BAA, effective immediately, if the other party is named as a defendant in a criminal proceeding for an alleged violation of HIPAA, or a finding or stipulation that the other party has violated any standard or requirement of HIPAA or other security or privacy laws is made in any administrative or civil proceeding in which the party has been joined.

• Effect of Termination.

• Subject to the Terms of Service, except as provided in paragraph (e)(ii) of this Section or if required by law or regulation to be maintained by Business Associate, upon termination of the BAA for any reason, Business Associate shall return at Covered Entity’s expense, or destroy all PHI received from Covered Entity (or created or received by Business Associate on behalf of Covered Entity) that Business Associate still maintains in any form, and shall retain no copies of such PHI. This provision shall apply to PHI that is in the possession of subcontractors or agents of Business Associate.

• In the event that Business Associate determines that returning or destroying the PHI is infeasible, Business Associate shall provide to Covered Entity notification of the conditions that make return or destruction infeasible. Upon mutual agreement of the parties that return or destruction of PHI is infeasible, Business Associate shall extend the protections of this BAA to such PHI and limit further uses and disclosures of such PHI to those purposes that make the return or destruction infeasible, for so long as Business Associate maintains such PHI. The obligations of Business Associate under this Section shall survive the termination of the BAA.

• Amendment to Comply with Law

The parties acknowledge that state and federal laws relating to electronic data security and privacy are rapidly evolving and that amendment of the BAA may be required to provide for procedures to ensure compliance with such developments. The parties specifically agree to take such action as is necessary to implement the standards and requirements of HIPAA, the HIPAA Rules, the HITECH Act, and other applicable laws relating to the security or confidentiality of PHI. Upon the request of either party, the parties shall promptly enter into negotiations concerning the terms of an amendment to the BAA embodying written assurances consistent with the standards and requirements of HIPAA, the HIPAA Rules, the HITECH Act, or other applicable laws relating to security and privacy of PHI. Either party may terminate the BAA upon thirty (30) days’ written notice in the event the other party does not promptly enter into negotiations to amend the BAA when requested pursuant to this Section, or does not enter into an amendment to the BAA providing assurances regarding the safeguarding of PHI that satisfy the standards and requirements of HIPAA, the HIPAA Rules, the HITECH Act, or any other applicable laws relating to security and privacy of PHI.

• No Third-Party Beneficiaries

Nothing in this BAA is intended to confer, nor shall anything herein confer, upon any person other than Covered Entity, Business Associate and their respective successors and assigns, any rights, remedies, obligations or liabilities whatsoever and no other person or entity shall be a third-party beneficiary of this BAA.

• Effect on BAA

Except as specifically required to implement the purposes of this BAA, or to the extent inconsistent with this BAA, all other terms of the BAA shall remain in full force and effect.

• Interpretation

This BAA shall be interpreted as broadly as necessary to implement and comply with HIPAA, the HIPAA Rules and any other applicable law relating to security and privacy of PHI. Any ambiguity in this BAA shall be resolved in favor of a meaning that permits Covered Entity to comply with the HIPAA Rules.

• Regulatory References

A reference in this BAA to a section in the HIPAA Rules or the HITECH Act means the section as in effect or as amended, and for which compliance is required.