Compliancy Group LLC – THE GUARDTM: 

LICENSE, IMPLEMENTATION AND SERVICES AGREEMENT

THE PARTIES ACKNOWLEDGE THAT THEY HAVE READ THIS AGREEMENT, UNDERSTAND AND AGREE TO BE BOUND BY THE TERMS AND CONDITIONS STATED HEREIN. 

IN WITNESS WHEREOF, the parties hereto have duly executed this Agreement as of the day, month, and year first written below.

Compliancy Group, LLC (“Licensor”) and (“Licensee”, “You”) hereby enter into this License, Implementation and Services Agreement (“Agreement”), under which Licensor will provide one or more software licenses to its proprietary, SaaS compliance tracking solution, The GuardTM, on the following terms and conditions:

Purchase of the license for The GuardTM is on an annual, per-subscription basis. Purchase of a license entitles Licensee to a limited, nonexclusive, non-transferable right to access and use The GuardTM. 

This Agreement for a subscription(s) to The GuardTM will be executed under the following financial terms and conditions:

The Agreement will be effective for a period of one (1) year from the date of its execution (“Initial Year”). The Agreement will thereafter Auto-Renew on an annual basis, unless Licensee provides written notice of termination not less than thirty (30) days prior to the end of the then-current term. 

Schedule 1: Outline of Application Services

  1. The GuardTM – HIPAA Compliance Tracking Solution 
  • Self-Auditing, Gap Identification, and Remediation Plans
  • Administrative, Privacy, and Security Risk Assessments 
  • Incident Management (see “Definitions,” below)
  • Business Associate Management
  • Policy & Procedure, Training, and BAA Templates 
  • Document and Version Control 
  • Training and Attestations Tracking
  • Unlimited HIPAA Hotline support, including our Audit Response Program (see “Definitions,” below)
  • Seal of Compliance 

Our Compliance Coaches will work with you, through your Designated Representative, to achieve, illustrate, and maintain HIPAA compliance.  You will receive up to 4 (four) – one hour coaching sessions.  These sessions are for use within the first year of the initial sign-up for the service.  You are entitled to up to 2 (two) – one hour coaching sessions in each Auto-Renew year.  

If Licensee successfully completes all required HIPAA coaching and training for The GuardTM, Licensor will issue the Seal of Compliance to Licensee.

A Licensee who has been awarded the Seal of Compliance will have the right to display the Seal of Compliance on the Licensee’s website.  The Seal of Compliance is meant to Illustrate to auditors, patients, and partners that a licensee’s organization has taken the necessary steps toward achieving HIPAA compliance. 

Additional Application Services: Additional services are listed in the Invoice/Proposal (see Schedule 2).

Schedule 2: Pricing and Additional Services: See Proposal or Invoice 

This License, Implementation and Services Agreement (“Agreement”) is entered between you (“Licensee”) and Compliancy Group LLC (“Licensor”).

SECTION 1: LICENSE

A. The services provided (hereinafter referred to as “The GuardTM” or “Application Services”) are a Licensor proprietary Internet-based suite of software made available as a service, as described in Schedule 1 (above) and Schedule 2 (Invoice/Proposal). Upon payment of the license fees set forth in the Invoice or Proposal (attached as Schedule 2), Licensor hereby grants to Licensee a limited, nonexclusive, non-transferable right to access and use (and to permit Licensee’s Authorized Users (as defined below) to access and use) the Application Services for Licensee’s own internal business purposes and the internal business purposes of its Affiliates (as defined herein), each in accordance with the terms and conditions of this Agreement and any user documentation provided online. For the purposes of this Agreement, an “Affiliate” of an entity, is any entity controlled by, controlling, or under common control with such entity.

B. “Authorized Users” are those employees and contractors of Licensee and its Affiliates who are authorized to use the Application Services and have been assigned an individual user ID by Licensor.  Licensee shall require any contractors that are designated as Authorized Users to be bound by confidentiality and license provisions that are substantially as protective of Licensor’s Confidential Information and Application Services as those provisions are set forth in this Agreement.  Licensor agrees to provide Authorized Users with access to the Application Services via the URL https://www.compliancy-group.com and any successor site thereto or such other web sites as may be designated by Licensor (“Web Site”).  Licensee is responsible for providing Internet access, Web browsers, and appropriate hardware and software to all Authorized Users as necessary for access to the Application Services.

C. Designated Representative for HIPAA Compliance Tracking Solution. Licensee shall appoint an individual to serve as Licensee’s Designated Representative. Licensee shall provide the name and contact information of this person to Licensor. This individual shall, in addition to performing any specific duties mentioned herein, attend all Guard Coaching and Training sessions. This person shall ensure that Licensee uses good-faith efforts in the process of learning The GuardTM, and during Licensor-provided training for The GuardTM. Licensee shall, at all times, use reasonable efforts to avoid changing the Designated Representative. In the event a change of Designated Representative is required, Licensee shall use reasonable efforts to provide Licensor with at least at least 10 days prior written notice of any change in the Designated Representative. If Licensee fails to use reasonable efforts to avoid changing the Designated Representative, or fails to provide the required written notice, Licensor reserves the right to charge for any additional (or next) session at the rate of $200 per session. Licensor reserves the right to reject Licensee’s choice of replacement Designated Representative, should Licensor determine the choice to be unsuitable. 

Failure to cancel a session within 24 hours will result in loss of that session. Licensor reserves the right to charge for additional sessions at the rate of $200 per new session.

D. Licensee acknowledges and agrees that it is possible to link to third party applications and services (“Third Party Services”).  Such Third Party Services are not part of the Application Services, and Licensor disclaims all responsibility, warranties and liability pertaining to same.  Any such Third Party Service shall be provided to Licensee pursuant to the terms and conditions offered (and if applicable, for the fees charged) by such Third-Party Services provider, and Licensor is not a party to any such agreement.

SECTION 2: CHARGES AND TAXES

A. License Fee.  The annual subscription fee entitles the Licensee’s Authorized Users to the following for a period of one year: (i) the use of the Application Services; (ii) technical support via email and support tickets; (iii) periodic Application Services updates; and (iv) access to the user documentation.

B. Additional Fees. Licensee shall be responsible for any charges for Application Services incurred or authorized through use of any USER ID assigned to Authorized Users even if beyond the terms set forth in a proposal or signed Order Form.

C. Consulting Services OUTSIDE THE SCOPE OF THE GUARDTM, if required. The GuardTM annual subscription fee entitles users to the use of services outlined in Schedule 1, and to the use of additional services as outlined in the Invoice (see Schedule 2).  The annual subscription fee does not cover fees for, or include, Consulting Services.  The scope of any Consulting Services shall be determined on an individual case basis, based upon the unique requirements involved, and are charged on a separate basis in accordance with a STATEMENT OF WORK order form (“SOW”). Licensee shall only be charged for said Consulting Services if the said services and costs/expenses are pre-approved and clearly set forth in a signed SOW Form. Licensee shall reimburse Licensor for all reasonable expenses incurred by Licensor in connection with Consulting Services, when applicable, including but not limited to, travel and lodging expenses, communications charges, and the cost of supplies.

D. Additional Subscriptions. Each additional subscription to an Application Service shall be charged at the rate outlined in Schedule 2. If Licensee purchases one or more additional subscriptions during an existing license term, the cost of the additional subscription or subscriptions will be pro-rated for that license term. 

E. Price Increase. Upon annual license renewal, Licensor reserves the right to implement a price increase, not to exceed 5% in a given contract year. This increase shall apply to all subscriptions and Application Services purchased by licensee. Additional subscriptions to an Application Service, purchased by Licensee after the Initial Term, shall be charged at the price in effect at the time of such purchase(s).  

F. Taxes.  Licensee shall be solely liable for payment of any state or local sales, use, excise, value-added or other taxes of a similar nature, if any, that may be due on account of Licensee’s and Authorized Users’ use of the Application Services, and if applicable, the Consulting Services.

G. Invoicing.  All payments hereunder shall be made in U.S. dollars.  Unless otherwise stated in the Order Form, all amounts invoiced hereunder shall be due and payable thirty (30) days after the date of the invoice.  Not more than once every twelve months during the term of the Agreement, Licensor reserves the right to institute new or additional fees, and to change its policies, methods, or procedures with respect to pricing and billing, upon not less than sixty (60) days’ notice to Licensee. During any such notice period, Licensee shall have the option to terminate access to the Application Services rather than pay the increased fees. 

H. Failure to Pay.  If Licensee fails to pay any outstanding balance for one (1) month following the date upon which such charge was due, Licensor reserves the right to suspend its performance of the Application Services (and, if applicable, the Consulting Services) without notice to Licensee and without any liability for any damages incurred as a result of such suspension.  If Licensor elects to suspend such performance, upon payment of the appropriate balance (and, if requested by Licensor, receipt of adequate assurances of future payment from Licensee) Licensor may, at its sole discretion, reinstate its performance within thirty (30) days of suspension.

SECTION 3: TERM, AUTOMATIC RENEWAL & TERMINATION

A. Term.  The initial license term shall commence upon the date the Order Form for the Application Services is executed by the parties (“Initial License Year”). At the end of the Initial License Year, this Agreement will renew (“Auto-Renew”) for a period of one (1) year, and each year thereafter (“Auto Renew Term”), unless Licensee provides written notice of termination not less than thirty (30) days prior to end of the then-current term. Pricing is outlined in Schedule 2.  To terminate, please call 855.854.4722 option 4 Monday through Friday, 9:00 a.m. until 5:00 p.m. (EST) or email [email protected] 

B.  Mutual Termination Rights. In the event that either party is in breach of any material obligation set forth in this Agreement, that party shall notify the other party in writing. If the breaching party has not cured its breach within sixty (60) days following such notice, then the other party may elect to terminate this Agreement. In the event of termination by Licensor, Licensee shall be entitled to a pro rata refund.

C. Bankruptcy. If one of the parties is declared insolvent or bankrupt, either party may immediately terminate this Agreement. 

D. Licensor may terminate this Agreement for certain Licensee conduct or convenience. If Licensor determines that Licensee uses or seeks to use the Application Services in a manner that is unlawful, or that is inconsistent with Licensee’s rights, duties, and obligations hereunder, Licensor may immediately terminate this Agreement. 

E. 30-day Cancellation. If Licensee is not satisfied with the Application Services, Licensee may cancel for up to thirty (30) days from the date of execution of this agreement for no charge.  Upon such cancellation, Licensee may not use any of Licensor’s copyrighted material, policies, procedures, training, templates, agreements, or work product, from or through the use of The GuardTM.

F. Effect of Termination.  Upon termination of the Application Services, Licensee shall no longer be permitted access to the Application Services and each Authorized User ID shall be deactivated. Termination, for whatever reason, shall not affect Licensor’s entitlement to any sums due for Application Services or Consulting Services performed prior to such termination.

G. Transition Assistance.  Prior to and for a period not to exceed thirty (30) days following any termination or expiration of this Agreement, Licensor agrees to cooperate in good faith with Licensee at Licensee’s request in connection with transition matters, including the transfer to Licensee or an entity designated by Licensee of all Licensee Data that may be stored, housed, or hosted by Licensor or on the Application Services.  During the applicable transition period, Licensor will cooperate and work in consultation with Licensee to provide for the orderly transfer of the operations to the Designated Representative of Licensee. Notwithstanding the foregoing, in the event of any termination of this Agreement due to a breach by Licensee of its obligations to pay Licensor fees that are due and outstanding, Licensor will not be responsible to provide the transition assistance set forth in this Section until such time as Licensee has paid all undisputed fees that are due and outstanding in accordance with the terms of this Agreement.

SECTION 4: USER ID AND PASSWORD PROTECTION POLICIES

All Authorized Users of the Application Services and Web Site will be given unique USER IDs.  Authorized Users shall maintain as personal and confidential the assigned unique USER IDs and activating passwords for the Application Services. Authorized Users are prohibited from transferring or sharing the Licensee-assigned unique USER IDs and from revealing the activating passwords to any other person(s). Any violation of the foregoing may result in an immediate termination of Licensee’s access rights to the Application Services.  Licensee is responsible for all use or misuse of the Application Services by the Authorized Users of any third party using the USER ID and password of an Authorized User. Licensee and each Authorized User are responsible for maintaining the security and confidentiality of the USER IDs and passwords assigned to them for access to the Application Services.  Licensee shall be responsible for assigned account USER IDs, active passwords, and/or granting permissions, and authorizing vendor/client account associations in the Application Services.

SECTION 5: LICENSOR RESERVATION OF RIGHTS; RESTRICTIONS

A. Licensee acknowledges that the Application Services are, at all times, owned by Licensor, and constitute valuable intellectual property of Licensor. Licensor reserves all rights in the Application Services not expressly granted to Licensee or any Authorized Users hereunder. Neither Licensee nor any Authorized User may: (a) modify, translate, reverse engineer, decompile, disassemble, creative derivative works of, or otherwise attempt to derive any source code of the Application Services; (b) alter or copy, or permit a third party to alter or copy, any part of the Application Services; (c) use the Application Services to provide services to third parties; (d) incorporate the Application Services into other software; (e) use the Application Services except as described herein; or (f) sublicense, distribute, sell, assign (except as provided in Section 12, below), transfer, lease, loan, pledge, or rent the Application Services to any third party.

B. Seal of Compliance:  The Seal of Compliance Illustrates to auditors, patients, and partners that your organization has taken the necessary steps toward achieving HIPAA compliance, and has documentation to support its good-faith efforts to achieve HIPAA compliance. Licensor reserves the right to not issue the Seal if the Licensee fails to satisfy the requirements of The GuardTM methodology and process. Licensor may refuse to issue the Seal of Compliance if, in the exercise of its reasonable discretion, Licensor determines that Licensee is not making good-faith efforts in its use of The GuardTM to achieve compliance.

SECTION 6: DATA RETENTION AND OWNERSHIP OF LICENSEE INFORMATION

Licensor shall maintain all transaction and customer data throughout the lifetime of a Licensee’s subscription.  Licensor does not own, nor will Licensor use or disclose to any third party, any data, information, or material (“Licensee Data”) that Authorized Users submit to the Application Services. The GuardTM does not require input of protected health information (PHI) by a Licensee. Licensee is responsible for not storing any protected health information (PHI) on the Application Services. 

The Licensee has sole responsibility for the accuracy, quality, integrity, lawfulness, reliability, and appropriateness of all Licensee Data.  Licensee hereby grants to Licensor a limited, non-exclusive, non-transferable license to access, host, copy, format, display, distribute, store and use (and to permit Licensor’s subcontractors to do the same) Licensee Data for the sole and exclusive purpose of providing the Application Services (and, if applicable, the Consulting Services) for the benefit of Licensee in accordance with this Agreement. Licensee hereby grants Licensor access to Licensee’s business associate and vendor contact information.

Licensor will within ninety (90) days and at no additional charge provide Licensee with all Licensee Data in Licensor’s possession in the native format of such data within the Application Services. If Licensee requires such Licensee Data to be provided in a different format, or as a subset of Licensee Data (as opposed to all Licensee Data), such work shall be performed for additional charges at Licensor’s then-current fee for such services.  In such event, the Licensee Data shall be provided to Licensee within sixty (60) days after request and payment of the additional fees for such services.

SECTION 7: CONFIDENTIALITY; SECURITY

A. Definition.  “Confidential Information” shall mean any information, whether provided or retained in writing, verbally, by electronic or other data transmission, or in any other form or media whatsoever or obtained through on-site visits and whether furnished or made available before or after the date of this Agreement, that is confidential, proprietary, or otherwise not generally available to the public, including without limitation, trade secrets, marketing and sales information, product information, technical information and technology, personally identifiable information, supplier information, information about trade techniques and other processes and procedures, financial information and business information, compliance information, and/or plans and prospects.

B. Protection of Confidential Information.  Neither party shall disclose to any third party during the term or after the termination or expiration of this Agreement, and each party shall keep confidential, all Confidential Information of the other, protecting the confidentiality thereof with the same level of efforts that it employs to protect the confidentiality of its own proprietary and confidential information of like importance to it, and in any event, by reasonable means.  Each party may, however, disclose the Confidential Information of the other to those of such party’s personnel engaged in a use permitted by this Agreement and with a need to know, provided that such personnel (i) are directed to treat such Confidential Information confidentially and not to use it other than as permitted by herein, or (ii) are subject to any legal duty to maintain the confidentiality thereof.  Neither party shall use the Confidential Information of the other party except as necessary in and during the performance of this Agreement, or as expressly permitted hereunder.  Each party shall be responsible and liable for any improper use or disclosure of any Confidential Information of the other by such party’s officers, partners, principals, employees, agents or independent contractors (including individuals who hereafter become former partners, principals, employee agents or independent contractors).  Licensee acknowledges that elements of the Confidential Information of Licensor, including, without limitation, the Application Services, and the terms, conditions and fees under this Agreement, are trade secrets of Licensor.

C. Confidentiality Exceptions.  The obligations of this Section shall not apply (i) to any Confidential Information for a period longer than it is legally permissible to restrict disclosure of that item of Confidential Information, or (ii) to any Confidential Information that a party can demonstrate was: (a) at the time of disclosure to such party, in the public domain or commonly known in either party’s industry; (b) after disclosure to such party, published or otherwise entered the public domain through no fault of such party; (c) in the possession of such party at the time of disclosure to it, if such party was not then under an obligation of confidentiality with respect thereto; (d) received after disclosure to such party from a third-party who had a lawful right to disclose such Confidential Information to it; (e) independently developed by such party without reference to Confidential Information of the other party; or (f) disclosed with the prior written approval of the other party.

D. Required Disclosure.  Either party may disclose Confidential Information (including, as applicable, Licensee Data) to the extent required by law or by order of a court or governmental agency, provided, however, that the recipient of such Confidential Information shall give the owner of such Confidential Information prompt notice, and shall provide reasonable cooperation to the owner of such Confidential Information if the owner wishes to obtain a protective order or otherwise protect the confidentiality of such Confidential Information. The owner of such Confidential Information reserves the right to obtain, and shall be solely responsible for obtaining, a protective order, order to quash, or other similar form of protection for the confidentiality of such Confidential Information.

E. Notification; Survival.  In the event of any unauthorized disclosure or loss of Confidential Information, the receiving party shall immediately notify the disclosing party.  Notwithstanding anything in this Agreement to the contrary, the obligations of the parties set forth in Section 7(A)-(E) with respect to Confidential Information will remain in effect during the term of this Agreement, and (i) with respect to Confidential Information that does not qualify as a trade secret under applicable law, for a period of three (3) years following the expiration or termination of this Agreement, and (ii) with respect to trade secrets, for so long as such Confidential Information remains a trade secret.

F. Security. Licensor will use all commercially reasonable (i.e., standard in the industry) efforts, to implement and maintain website security features and standards to protect the confidentiality and integrity of Licensee’s Confidential Information.  In addition, Licensor will implement the following policies and practices.

(1) All physical access to the Web Site and Application Services where nonpublic personal and Licensee information is maintained, shall be controlled and monitored by security systems.

(2) The security systems will offer a high degree of resistance to tampering and circumvention.  These systems will limit data access to Licensor staff and contract staff on a “need-to-know” basis for maintaining The GuardTM system and will control an individual Authorized User’s ability to access and alter records within the Web Site and Application Services.

(3) Licensor will record interactions by individual users with the Application Services and Web Site. Said identifiers will be deleted sixty (60) days after the end of the applicable Term or Auto Renewal Term.

SECTION 8: WARRANTIES AND INDEMNITIES BY LICENSOR

A. Licensor represents and warrants that it has the legal right to enter into this Agreement and to perform its obligations hereunder.

B. Licensor warrants that the hardware, software, and the latest federal standards utilized by Licensor in providing the Application Services are adequate to allow Licensor to provide the Application Services in accordance with this agreement.

C. Licensor will not be held responsible in any way for limitations, if any, in Licensee’s hardware or software. Licensor is not responsible for loss of data in transmission, improper transmission by Licensee, or failure by Licensee or any third party to act on any communication transmission to or by Licensee through the Application Services.

D. Indemnification.

(1) Licensor shall defend, indemnify, and hold harmless Licensee  from and against any and all damages, losses, fines, penalties, costs, and other amounts (including reasonable attorney’s fees and expenses) (collectively, “Losses”) arising from or in connection with third party claims based on or arising from any allegations that the Application Services as delivered by Licensor hereunder and used by Licensee in accordance with the terms and conditions of this Agreement, infringes upon or misappropriates the United States patent, copyright, trademark, trade secret, or other intellectual property rights of such third party.

(2) Licensor shall not indemnify or defend Licensee under this provision or any other indemnity provision hereunder or be liable for any claim or Losses under this Section if the finding of infringement is based on (i) the use of a superseded or altered release of the Application Services, if the infringement would have been avoided by the use of a current unaltered release of the Application Services which Licensor made available to Licensee; (ii) the modification of the Application Services by Licensee or any third party not authorized in writing by Licensor to do so; (iii) the use of the Application Services other than in accordance with its documentation and this Agreement or in combination with any intellectual property, hardware, software, data or technology not supplied by Licensor or approved by Licensor in writing; or (iv) any intellectual property supplied by Licensee (including, but not limited to, the Licensee Data).

(3) If Licensee is enjoined or otherwise prohibited, or is reasonably likely in the opinion of Licensor to be enjoined or prohibited, from using the Application Services or any part thereof, due to a claim covered by Licensor’s indemnification obligations under this Section, then Licensor shall, at its sole expense and option: (i) attempt to procure for Licensee the right to continue using the infringing portion of the Application Services; (ii) modify the infringing portion of the Application Services so as to render it non-infringing while maintaining substantially similar functionality; or (iii) replace the infringing portion of the Application Services with a functionally substantially similar non-infringing item.  If Licensor is unable to procure any of the f