Beacon HCI LumenEx Portal – Terms of Use

This Agreement is entered into between Beacon HCI, a division of Research Data Group, Inc. (“Beacon”), a Nevada corporation, and the user accessing the LumenEx® Portal software and services (“LumenEx® Services”). Said user on his or her own behalf and on behalf of any company or organization whose Access Credentials user has used to access the LumenEx® Services (said user and company or organization hereinafter collectively, “Client”) agrees to be bound by all of the covenants, terms and conditions below. Unless the context otherwise requires, all references herein to Agreement shall include this Agreement and that certain Claim Analysis Service Agreement entered into between BEACON and Client (as defined therein) (hereinafter, “Master Agreement”), which Master Agreement is hereby incorporated and made a part of this Agreement.

1. Authorization and Client Restrictions.

1.1. Authorization. BEACON hereby authorizes Client to access and use, on a non-exclusive basis, and during the Term, the LumenEx® Services and such BEACON Materials as BEACON may supply or make available to Client in accordance with the terms of this Agreement.

1.2. Reservation of Rights. Nothing in this Agreement grants any right, title or interest in or to (including any license under) any Intellectual Property Rights in or relating to the LumenEx® Services, the BEACON Materials or any Third Party Materials that are involved with the LumenEx® Services. All right, title and interest in and to the LumenEx® Services, any BEACON Materials and any Third Party Materials are and will remain with BEACON and the respective rights holders in the Third Party Materials.

1.3. Authorization Limitations and Restrictions.

1.3.1. Client shall not, and shall not permit any other Person, to access or use the LumenEx® Services or BEACON Materials except as expressly permitted by this Agreement. Without limiting the generality of the foregoing, neither Client nor any person acting on behalf of Client shall:

1.3.1.1. copy, modify or create derivative works or improvements of the LumenEx® Services or BEACON Materials;

1.3.1.2. rent, lease, lend, sell, sublicense, assign, distribute, publish, transfer or otherwise make available any LumenEx® Services or BEACON Materials to any Person, including on or in connection with the internet or any time-sharing, service bureau, software as a service, cloud or other technology or service;

1.3.1.3. reverse engineer, disassemble, decompile, decode, adapt or otherwise attempt to derive or gain access to the source code of the LumenEx® Services or BEACON Materials, in whole or in part;

1.3.1.4. bypass or breach any security device or protection used by BEACON Materials or access or use the LumenEx® Services or BEACON Materials other than by an Authorized User through the use of his or her own then valid Access Credentials;

1.3.1.5. input, upload, transmit or otherwise provide to or through the LumenEx® Services or BEACON Materials, any information or materials that are unlawful or injurious, or contain, transmit or activate any Harmful Code;

1.3.1.6. damage, destroy, disrupt, disable, impair, interfere with or otherwise impede or harm in any manner the LumenEx® Services, BEACON Systems or BEACON’s provision of services to any third party, in whole or in part;

1.3.1.7. remove, delete, alter or obscure any trademarks, warranties or disclaimers, or any copyright, trademark, patent or other intellectual property or proprietary rights notices from any LumenEx® Services or BEACON Materials, including any copy thereof;

1.3.1.8. access or use the LumenEx® Services or BEACON Materials in any manner or for any purpose that infringes, misappropriates or otherwise violates any Intellectual Property Right or other right of any third party (including by any unauthorized access to, misappropriation, use, alteration, destruction or disclosure of the data of any other BEACON client), or that violates any applicable law;

1.3.1.9. access or use the LumenEx® Services or BEACON Materials for purposes of competitive analysis of the LumenEx® Services or BEACON Materials, the development, provision or use of a competing software service or product or any other purpose that is to BEACON’s detriment or commercial disadvantage; or
1.3.1.10. otherwise access or use the LumenEx® Services or BEACON Materials beyond the scope of the authorization granted under this Agreement.

2. Service and System Control. Except as otherwise expressly provided in this Agreement, as between the Parties:

2.1. BEACON has and will retain sole control over the operation, provision, maintenance and management of the LumenEx® Services and any BEACON Materials, including the: (i) BEACON Systems and (ii) selection, deployment, modification and replacement of the LumenEx® Services Software; and

2.2. Client has and will retain sole control over the operation, maintenance and management of, and all access to and use of, the Client Systems, and sole responsibility for all access to and use of the LumenEx® Services and BEACON Materials by any Person by or through the Client Systems or any other means controlled by Client or any Authorized User, including any: (i) information, instructions or materials provided by any of them to the LumenEx® Services or BEACON; (ii) results obtained from any use of the LumenEx® Services or BEACON Materials; and (iii) conclusions, decisions or actions based on such use.

3. Changes.

BEACON reserves the right, in its sole discretion, to make any changes to the LumenEx® Services and BEACON Materials that it deems necessary or useful to: (a) maintain or enhance (i) the quality or delivery of the LumenEx® Services, (ii) the competitive strength of or market for the LumenEx® Services and (iii) the cost, efficiency or performance of the LumenEx® Services.

4. Suspension or Termination of LumenEx® Services.

BEACON may suspend, terminate or otherwise deny Client’s, any Authorized User’s or any other Person’s access to or use of all or any part of the LumenEx® Services or BEACON Materials, without incurring any resulting obligation or liability, if: (a) BEACON receives a judicial or other governmental demand or order, subpoena or law enforcement request that expressly or by reasonable implication requires BEACON to do so; or (b) BEACON believes, in its good faith and sole discretion, that: (i) Client or any Authorized User has failed to comply with any term of this Agreement, or has accessed or used the LumenEx® Services beyond the scope of the rights granted or for a purpose not authorized under this Agreement; (ii) Client or any Authorized User is, has been, or is likely to be involved in any fraudulent, misleading or unlawful activities relating to or in connection with any of the LumenEx® Services, the XBRL Services, the EDGAR Services or the Ancillary Services; or (iii) this Agreement expires or is terminated.

5. Client Obligations.

5.1. Client Systems and Cooperation. Client shall at all times during the Term maintain and operate in good repair all Client Systems on or through which the LumenEx® Services are accessed or used.

5.2. Effect of Client Failure or Delay: BEACON is not liable for any delay or failure of performance caused in whole or in part by Client’s delay in performing, or failure to perform, any of its obligations under this Agreement (each, a “Client Failure”).

6. Service Levels.

6.1. BEACON will use commercially reasonable efforts to make the LumenEx® Services available to Authorized Users over the internet and operating as it customarily operates at least ninety-nine and one half percent (99.5%) of the time. The foregoing covenant does not apply to: (a) any act or omission by Client or any Authorized User, or any use or access gained through Client’s or an Authorized User’s Access Credentials, that does not comply with this Agreement; (b) any Client Failure; (c) Client’s or its Authorized User’s Internet connectivity; (d) Force Majeure Event; (e) failure, interruption, outage or other problem with any software, hardware, system, network, facility or other matter not supplied by BEACON pursuant to this Agreement; (f) scheduled downtime; or (g) disabling, suspension or termination of the LumenEx® Services pursuant to Section 4.

6.2. Service Level Failures and Remedies. In the event that BEACON fails to maintain the covenanted service level set forth in Section 6.1, and such failure has a material adverse impact on Client’s ability to timely file as required by SEC regulations, BEACON shall issue a credit to Client calculated based on the ratio of the amount of time in minutes that the LumenEx® Services are not available relative to the amount of time in minutes that the Client used the LumenEx® Services during the Service Period multiplied by the fees due or paid for the quarter in which such material adverse impact occurred (each a “Service Credit”), subject to the following:

6.2.1. BEACON has no obligation to issue any Service Credit unless (i) Client reports the Service Failure to BEACON in writing immediately on becoming aware of it; and (ii) requests such Service Credit in writing within ten days of     the Service Failure; and

6.2.2. In no event will a Service Credit for any Service Period exceed twenty five percent (25%) of the total Fees that would be payable for that Service Period if no Service Failure had occurred.

Any Service Credit due to Client will be issued in the quarter following the quarter in which the material adverse impact occurred. This Section 6.2 sets forth BEACON’s sole obligation and liability and Client’s sole remedy for any such material adverse impact as a result of the LumenEx® Services not being available.

6.3. Scheduled Downtime. BEACON will use commercially reasonable efforts to schedule downtime for routine maintenance of the LumenEx® Services outside of regular business hours and to give Client at least 48 hours prior notice of all scheduled outages of the LumenEx® Services.

6.4. Service Support. BEACON shall provide Client with technical assistance and consultation service via telephone and e-mail during the hours of 8:00 a.m. to 7:00 p.m. Eastern Time, Monday through Friday (excepting federal holidays). BEACON shall respond to any Client request for technical assistance and consultation service within one (1) business day of Client request. In the event of an emergency not during Standard hours, Client may request technical support by calling the BEACON Filings Emergency Help Desk. An “emergency” shall be deemed to include (i) lack of availability of the LumenEx® Services (not including events which are the result of data transmission faults originating from Client equipment or Client’s local internet connectivity) or (ii) any event which poses a security risk to the BEACON Systems or the LumenEx® Services or (iii) a malfunction in the LumenEx® Services.

6.5. Limitation on Scope of Support Services: BEACON’s technical support is for issues related to functionality LumenEx® Services and limited only to documents generated by the LumenEx® Services and shall not include, for example, legal or compliance guidance, XBRL tagging consultation, accounting principles discussion, or issues relating the interpretation or application of US GAAP or other accounting principles or standards review services, interpretation of Securities & Exchange Commission Rules, or proofreading of work. BEACON is not responsible for technical support for documents created by any third parties or using any software platform or program other than the LumenEx® Services.

7. Security.

7.1. BEACON Systems and Security Obligations. BEACON will employ security measures in accordance with applicable industry practice.

7.2. Prohibited Data. Client acknowledges that the LumenEx® Services are not designed with security and access management for storage or processing of Personal Information. Client shall not, and shall not permit any Authorized User or other Person to, provide any Personal Information to, or process any Personal Information through, the LumenEx® Services, the BEACON Systems or any BEACON Personnel.

7.3. Client Control and Responsibility. Client has and will retain sole responsibility for: (a) all Client Data, including its content and use; (b) all information, instructions and materials provided by or on behalf of Client or any Authorized User in connection with the LumenEx® Services; (c) Client’s information technology infrastructure, including computers, software, databases, electronic systems (including database management systems) and networks, whether operated directly by Client or through the use of third-party services (”Client Systems”); (d) the security and use of Client’s and its Authorized Users’ Access Credentials; and (e) all access to and use of the LumenEx® Services and BEACON Materials directly or indirectly by or through the Client Systems or its or its Authorized Users’ Access Credentials, with or without Client’s knowledge or consent.

7.4. Access and Security. Client shall employ all security procedures and other safeguards necessary to (a) securely administer the distribution and use of all Access Credentials and protect against any unauthorized access to or use of the LumenEx® Services; and (b) control the content and use of Client Data, including the uploading or other provision of Client Data for Processing by the LumenEx® Services.

7.5. Data Backup The LumenEx® Services do not replace the need for Client to maintain regular backups and redundant data archives for all Client Data. BEACON performs hourly incremental backups and weekly full backups of its data systems but such backups may not be adequate to ensure that all Client Data would be accessible or retrievable in the event such Client Data is lost, damaged or destroyed.

8. Intellectual Property Rights.

8.1. LumenEx® Services and BEACON Materials. All right, title and interest in and to the LumenEx® Services and BEACON Materials, including all Intellectual Property Rights therein, are and will remain with BEACON. Client has no right, license or authorization with respect to any of the LumenEx® Services and BEACON Materials except as expressly set forth in Section 1. All other rights in and to the LumenEx® Services and BEACON Materials are expressly reserved by BEACON and any applicable third-party licensors.

8.2. Customer Data. As between Client and BEACON, Client is and will remain the sole and exclusive owner of all right, title and interest in and to all Client Data, including all Intellectual Property Rights relating thereto, subject to the rights and permissions granted in Section 8.3.

8.3. Consent to Use Client Data. Client hereby irrevocably grants to BEACON and any of its subcontractors all such rights and permissions in or relating to Client Data: (a) as are necessary or useful to provide the LumenEx® Services and any related or additional Services; and (b) as are necessary or useful to enforce this Agreement and exercise its rights and perform its obligations hereunder.

9. Mitigation for Potential Violation of Third-Party Intellectual Property Right.

If any of the LumenEx® Services or BEACON Materials are, or in BEACON’s opinion are likely to be, claimed to infringe, misappropriate or otherwise violate any third-party Intellectual Property Right, or if Client’s or any Authorized User’s use of the LumenEx® Services or BEACON Materials is enjoined or threatened to be enjoined, BEACON may, at its option and sole cost and expense:

9.1. Obtain the right for Client to continue to use the LumenEx® Services and BEACON Materials as contemplated by this Agreement;

9.2. modify or replace the LumenEx® Services and BEACON Materials, in whole or in part, to seek to make the LumenEx® Services and BEACON Materials (as so modified or replaced) non-infringing, while providing substantially equivalent features and functionality, in which case such modifications or replacements will constitute LumenEx® Services and BEACON Materials, as applicable, under this Agreement; or

9.3. by written notice to Client terminate this Agreement with respect to all or part of the LumenEx® Services and BEACON Materials, and require Client to immediately cease any use of the LumenEx® Services and BEACON Materials or any specified part or feature thereof without having any obligation to Client to refund any fees or expenses paid. THIS SECTION 9.3 AND SECTION 5.3 IN THE MASTER AGREEMENT SETS FORTH CLIENT’S SOLE REMEDIES AND BEACON’S SOLE LIABILITY AND OBLIGATION FOR ANY ACTUAL, THREATENED OR ALLEGED CLAIMS THAT THIS AGREEMENT OR ANY SUBJECT MATTER HEREOF (INCLUDING THE LUMENEX® SERVICES AND BEACON MATERIALS) INFRINGES, MISAPPROPRIATES OR OTHERWISE VIOLATES ANY THIRD PARTY INTELLECTUAL PROPERTY RIGHT.

10. Specific Client Use of the LumenEx Services

10.1  BEACON and Client agree that Beacon HCI is not engaged in the practice of medicine through the provision of the Services contemplated herein. Client shall take all reasonable precautions to ensure that the Application Services are utilized by its Authorized Users in a manner consistent with applicable ethical and legal requirements. BEACON SHALL HAVE NO OBLIGATION, RESPONSIBILITY OR LIABILITY FOR ANY PHYSICIAN’S PROVISION OF PROFESSIONAL SERVICES.

11. HIPAA & Applicable Laws

11.1 Client agrees not to use the Services to: (a) other than as permitted by HIPAA and HITECH rules as amended from time to time by the government; (b) violate any local, state, national or international law; (c) access any Services subscription account other than your own; or (d) impersonate any person or entity, or otherwise misrepresent your affiliation with a person or entity. You agree to only access, use, and/or disclose the minimum necessary information needed to perform your professional duties. You agree not to access any information or chat logs for any self-insured group, individual, third-part administrator or other entity that are not associated directly with your account. In the event we become aware of your use of the system other than for the purposes outlined in these Terms, we may in our sole and reasonable discretion terminate your account.

11.2 Client and all Users agree to the Business Associate Agreement provided below, unless you have a different Business Associate Agreement in place with Beacon HCI, in which case that specific Business Associate Agreement will govern. If you are a Web Based End User, you acknowledge and agree that the information being provided to you by BEACON, and being provided to BEACON by you, may be subject to stringent state and federal regulation including HIPAA and HITECH. As a Web Based End User, BEACON is not acting on your behalf, but facilitating communication to and/or with you on behalf of an End User or Subscriber, and you further agree that you will maintain strict privacy of the information you receive.

Business Associate Agreement

WHEREAS, Business Associate may maintain, transmit, create or receive data for or from Covered Entity that constitutes Protected Health Information (as defined at 45 CFR §160.103) to perform tasks on behalf of Covered Entity;

45 CFR Part 160 - GENERAL ADMINISTRATIVE REQUIREMENTS

45 CFR Part 162 - ADMINISTRATIVE REQUIREMENTS | CFR ...

45 CFR Part 164 - SECURITY AND PRIVACY

WHEREAS, Covered Entity is or may be subject to the requirements of 42 U.S.C. 1320d et seq. enacted by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), the Health Information Technology for Economic and Clinical Health Act (“HITECH”) and the implementing regulations set forth at 45 CFR Parts 160, 162 and 164 (“HIPAA Regulations”). As used herein, “PHI” refers to Protected Health Information maintained, transmitted, created or received by Business Associate for or from Covered Entity.

WHEREAS, to the extent required by the HIPAA Regulations and applicable state law, Business Associate is or may be directly subject to certain privacy and security obligations and penalty provisions of HIPAA, HITECH, the HIPAA Regulations and state law.

NOW, THEREFORE, the parties agree as follows:

PHI – Protected Health Information

1. Business Associate may use and disclose PHI only as expressly permitted or required by this Agreement or as required by law. Business Associate may use or disclose PHI as required to perform its obligations under any underlying service agreements (collectively, “Service Agreement”) between the parties to perform certain services as described in the Service Agreement (“Services”), provided that Business Associate shall not use or disclose PHI in any manner that would constitute a violation of the HIPAA Regulations if done by Covered Entity. Without limiting the generality of the foregoing, Business Associate shall not sell PHI or use or disclose PHI for purposes of marketing or fundraising, as defined and proscribed in the HIPAA Regulations, HITECH and applicable state law. Business Associate shall limit its uses and disclosures of, and requests for, PHI (i) when practical, to the information making up a limited data set (as set forth at 45 CFR § 164.514); and (ii) in all other cases subject to the requirements of 45 CFR §164.502(b), to the minimum amount of PHI necessary to accomplish the intended purpose of the use, disclosure or request. To the extent Covered Entity notifies Business Associate of a restriction request granted by Covered Entity that would limit Business Associate’s use or disclosure of PHI, Business Associate will comply with the restriction. To the extent Business Associate is to carry out an obligation of Covered Entity under the HIPAA Regulations, Business Associate shall comply with the requirements of the HIPAA Regulations that apply to Covered Entity in the performance of such obligation.

2. Business Associate agrees to use and maintain reasonable and appropriate administrative, technical and physical safeguards to protect PHI from uses or disclosures not permitted by this Agreement, including, but not limited to, maintaining policies and procedures to detect, prevent or mitigate identity theft based on PHI or information derived from PHI. In addition, Business Associate agrees to comply with the applicable requirements of 45 CFR Part 164, subpart C of the HIPAA Regulations with respect to electronic PHI and any guidance issued by the Secretary of the Department of Health and Human Services (“HHS”). Business Associate specifically agrees to employ multiple security mechanisms to ensure the confidentiality, integrity and availability of all electronic PHI, including, but not limited to, authentication controls, authorization controls, audit controls and encryption.

3. To the extent Business Associate becomes aware of or discovers any use or disclosure of PHI in violation of this Agreement, any Security Incident (as defined at 45 CFR §164.304) any Red Flag (as defined at 16 CFR §681.2(b)) related to any individual who is the subject of PHI, and any Breach of Unsecured Protected Health Information (both as defined at 45 CFR §164.402), Business Associate shall promptly report such use, disclosure, incident, Red Flag or breach to Covered Entity. All reports of Breaches shall be made within ten (10) business days of Business Associate discovering the Breach and shall include the information specified at 45 CFR §164.410. Business Associate shall mitigate, to the extent practicable, any harmful effect known to it of a use or disclosure of PHI by Business Associate not permitted by this Agreement. Business Associate shall promptly reimburse Covered Entity all reasonable costs incurred by Covered Entity with respect to providing notification of and mitigating a Breach involving Business Associate, including but not limited to printing, postage costs and toll-free hotline costs.

4. In accordance with 45 CFR §§ 164.308(b)(2) and 164.502(e)(1)(i), Business Associate shall ensure that each subcontractor or agent that creates, receives, maintains, or transmits PHI on behalf of Business Associate agrees in writing to be bound by the same restrictions, terms and conditions that apply to Business Associate pursuant to this Agreement.

5. In accordance with 45 CFR §164.524 and within fifteen (15) days of a request by Covered Entity for access to PHI about an individual contained in a Designated Record Set (as defined at 45 CFR §164.501), Business Associate shall make available to Covered Entity such PHI in the form requested by Covered Entity. If the requested PHI is maintained electronically, Business Associate shall provide a copy of the PHI in the electronic form and format requested by the individual, if it is readily producible, or, if not, in a readable electronic form and format as agreed to by Covered Entity and the individual. In the event that any individual requests access to PHI directly from Business Associate, Business Associate shall within ten (10) days forward such request to Covered Entity. Any denials of access to the PHI requested shall be the responsibility of Covered Entity.

6. In accordance with 45 CFR §164.526 and within fifteen (15) days of receipt of a request from Covered Entity for the amendment of an individual’s PHI contained in a Designated Record Set (for so long as the PHI is maintained in the Designated Record Set), Business Associate shall provide such information to Covered Entity for amendment and incorporate any such amendments in the PHI as required by 45 CFR §164.526. In the event a request for an amendment is delivered directly to Business Associate, Business Associate shall within ten (10) days of receiving such request forward the request to Covered Entity.

7. Except for disclosures of PHI by Business Associate that are excluded from the accounting obligation as set forth at 45 CFR §164.528 or regulations issued pursuant to HITECH, Business Associate shall record for each disclosure the information required to be recorded by covered entities pursuant to 45 CFR §164.528. Within twenty (20) days of notice by Covered Entity to Business Associate that it has received a request for an accounting of disclosures of PHI, Business Associate shall make available to Covered Entity, or if requested by Covered Entity, to the individual, the information required to be maintained pursuant to this Section VII. In the event the request for an accounting is delivered directly to Business Associate, Business Associate shall within ten (10) days forward such request to Covered Entity.

8. At Covered Entity’s or HHS’ request, Business Associate shall make its internal practices, books and records relating to the use and disclosure of PHI available to HHS for purposes of determining compliance with the HIPAA Regulations.

9. Business Associate is not authorized to use or disclose PHI in a manner that would violate the HIPAA Regulations if done by Covered Entity, provided that Business Associate may:

1. use the PHI for its proper management and administration and to carry out its legal responsibilities.

2. disclose PHI for its proper management and administration and to carry out its legal responsibilities, provided that disclosures are required by law, or Business Associate obtains reasonable assurances from the recipient that the PHI will remain confidential and used or further disclosed only as required by law or for the purpose for which it was disclosed to the recipient, and the recipient notifies Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached.

3. use and disclose PHI to report violations of law to appropriate Federal and State authorities, consistent with 45 CFR § 164.502(j)(1).

4. aggregate the PHI in its possession with the Protected Health Information of other covered entities that Business Associate has in its possession through its capacity as a business associate to other covered entities, provided that the purpose of such aggregation is to provide Covered Entity with data analysis relating to the health care operations of Covered Entity.

5. use PHI to create de-identified information, provided that the de-identification conforms to the requirements of 45 CFR § 164.514(b).

10. If Business Associate conducts standard transactions (as defined in 45 CFR Part 160) for or on behalf of Covered Entity, Business Associate will comply and will require by written contract each agent or contractor (including any subcontractor) involved with the conduct of such standard transactions to comply, with each applicable requirement of the HIPAA Regulations (as set forth at 45 CFR Parts 160 and 162). Business Associate will not enter into, or permit its agents or contractors (including subcontractors) to enter into, any trading partner agreement in connection with the conduct of standard transactions for or on behalf of Covered Entity that: (i) changes the definition, data condition, or use of a data element or segment in a standard transaction; (ii) adds any data elements or segments to the maximum defined data set; (iii) uses any code or data element that is marked “not used” in the standard transaction’s implementation specification or is not in the standard transaction’s implementation specification; or (iv) changes the meaning or intent of the standard transaction’s implementation specification. Business Associate agrees to participate in any test modification conducted by Covered Entity in accordance with the HIPAA Regulations.

11. This Agreement shall be effective as the Effective Date and shall remain in effect until the Service Agreement is terminated or expires. Either party may terminate this Agreement and the Service Agreement effective immediately if it determines that the other party has breached a material provision of this Agreement and failed to cure such breach within thirty (30) days of being notified by the other party of the breach. If the non-breaching party determines that cure is not possible, such party may terminate this Agreement and the Service Agreement effective immediately upon written notice to other party. If termination is not feasible, the non-breaching party shall report the breach to HHS. The parties understand and agree that termination of this Agreement shall constitute a default by Business Associate under the Service Agreement.

12. Upon termination of this Agreement, Business Associate shall either return or destroy, at no cost to Covered Entity, all PHI that Business Associate still maintains in any form. Business Associate shall not retain any copies of such PHI. Notwithstanding the foregoing, to the extent that it is not feasible to return or destroy such PHI, the terms and provisions of this Agreement shall survive termination of this Agreement, and Business Associate shall only use or disclose such PHI solely for such purpose or purposes which prevented the return or destruction of such PHI.

13. Nothing in this Agreement shall be construed to create any rights or remedies in any third parties or any agency relationship between the parties. To the extent Business Associate is acting as a business associate under the HIPAA Regulations, Business Associate shall be subject to the penalty provisions specified in HITECH. Upon the effective date of any final regulation or amendment to final regulations promulgated by HHS with respect to PHI, this Agreement will be deemed to be automatically amended such that the obligations imposed on the parties remain in compliance with such regulations. The terms and conditions of this Agreement shall override and control any conflicting term or condition of any agreement between the parties with respect to the Services, and all non-conflicting terms and conditions shall remain in full force and effect.