1 APPLICATION OF TERMS

1.1 These Terms apply to your use of the Alimetryᵀᴹ app (App) and Alimetryᵀᴹ cloud services (Cloud Services). By accessing and using the App or Cloud Services:

a you agree to these Terms; and

b where your access and use is on behalf of another person (e.g. a company), you confirm that you are authorized to, and do in fact, agree to these Terms on that person’s behalf and that, by agreeing to these Terms on that person’s behalf, that person is bound by these Terms.

1.2 If you do not agree to these Terms, you are not authorized to access and use the App or Cloud Services, and you must immediately stop doing so.

2 CHANGES

2.1 We may change these Terms at any time by updating them on the App and Cloud Services. If we make changes, we will provide you with notice of such changes by any reasonable means, including by posting the updated Terms on the App or the Cloud Services or by sending an email to you at the most recent email address we have on file for you. Unless stated otherwise, any change takes effect immediately. You are responsible for ensuring you are familiar with the latest Terms. By continuing to access and use the App or Cloud Services, you agree to be bound by the changed Terms. Any changes to these Terms will not apply to any dispute between you and us arising prior to the date on which we (a) posted the updated Terms incorporating such changes or (b) otherwise notified you of such changes.

2.2 These Terms were last updated on 1st September 2021.

3 DEFINITIONS

3.1 In these Terms:

3.2 App has the meaning given to it in clause 1.1

3.3 Cloud Services has the meaning given to it in clause 1.1

3.4 Confidential Information means any information that is not public knowledge and that is obtained from the other party in the course of, or in connection with, the provision and use of the Cloud Services. Our Confidential Information includes Technology and all associated Intellectual Property Rights owned by us (or our licensors), including the App and Cloud Services. Your Confidential Information includes the Data

3.5 Data means all data, content, and information (including personal information) that is collected using a Gastric Alimetryᵀᴹ medical device and the App

3.6 Fees means the fees for the Cloud Services agreed in writing between you and us (if any), as may be updated from time to time in accordance with clause 7.3

3.7 Force Majeure means an event that is beyond the reasonable control of a party, excluding:

▲ an event to the extent that it could have been avoided by a party taking reasonable steps or reasonable care; or 157603173.1 SSLI-1958195893-699\1.0 2

▲ a lack of funds for any reason

3.8 including and similar words do not imply any limit

3.9 Intellectual Property Rights means all worldwide rights associated with (a) patents and patent applications, (b) copyrights, copyright registrations and moral rights, (c) trade names, trademarks, service marks, domain names, trade dress and goodwill to and registrations and/or applications for all of the foregoing, (d) trade secrets and know-how and (e) all other intellectual property rights and proprietary rights, whether arising under the laws of the United States of America or the laws of any other state, country or jurisdiction.

3.10 Loss includes loss of profits, savings, revenue or data, and any other claim, damage, loss, liability and cost, including legal costs on a solicitor and own client basis

3.11 Objectionable includes being objectionable, defamatory, obscene, harassing, threatening, harmful, or unlawful in any way

3.12 Payment Terms means the payment terms agreed in writing between you and us

3.13 Permitted Users means your personnel who are authorized by us to access and use the Cloud Services on your behalf in accordance with clause 5.6.

3.14 personal information means information about an identifiable, living person

3.15 personnel includes officers, employees, contractors and agents, but a reference to your personnel does not include us

3.16 Subscription Period means the subscription period you have selected for the Cloud Services (e.g. monthly, annual, multi-year)

3.17 Start Date means the date that you set up an account to use the Cloud Services or first access or use the Cloud Services, whichever is the earlier

3.18 Technology means all discoveries, inventions (whether or not protectable under patent laws), developments, improvements, works of authorship, software (in source code and object code format), information or data, knowhow, ideas, mask works, trademarks, service marks, trade names, trade dress or other technology, intellectual property or results, including, without limitation, the Underlying System.

3.19 Terms means these terms and conditions titled Alimetry App and Cloud Service Terms of Use

3.20 Underlying System means any network, system, software, data or material that underlies or is connected to the App or Cloud Services

3.21 User ID means a unique name and/or password allocated to you

3.22 We, us or our means Alimetry Limited, a New Zealand company, company number 7465336

3.23 You means you or, if clause 1.1b applies, both you and the other person on whose behalf you are acting.

4 PROVISION OF THE APP AND CLOUD SERVICES

4.1 We will use reasonable efforts to provide the Cloud Services:

a in accordance with these Terms and United States law;

b exercising reasonable care, skill and diligence; and

c using suitably skilled, experienced and qualified personnel.

4.2 Our provision of the App and Cloud Services to you is non-exclusive. Nothing in these Terms prevents us from providing the App or Cloud Services to any other person.

4.3 It is possible that on occasion the Cloud Services may be unavailable to permit maintenance or other development activity to take place, or in the event of Force Majeure. We will use reasonable efforts to publish on the App or via the Cloud Services and/or notify you by email advance details of any unavailability.

4.4 Through the use of web services and APIs, the Cloud Services interoperate with a range of third party service features. We do not make any warranty or representation on the availability of those features. Without limiting the previous sentence, if a third party feature provider ceases to provide that feature or ceases to make that feature available on reasonable terms, we may cease to make available that feature to you. To avoid doubt, if we exercise our right to cease the availability of a third party feature, you are not entitled to any refund, discount or other compensation.

4.5 Your use of the App and/or Cloud Services may involve the exchange of information covered by the U.S. Health Insurance Portability and Accountability Act of 1996 (”HIPAA”), which may require the parties to enter into a Business Associate Agreement pursuant to 45 C.F.R. § 164.308(b). The parties agree to enter into comply with the Business Associate Agreement attached and incorporated herein as Appendix A.

5 YOUR OBLIGATIONS

5.1 You must provide true, current and complete information in your dealings with us (including when setting up an account) and must promptly update that information as required so that the information remains true, current and complete.

5.2 If you are given a User ID, you must keep your User ID secure and:

a not permit any other person to use your User ID, including not disclosing or providing it to any other person; and

b immediately notify us if you become aware of any disclosure or unauthorized use of your User ID, by sending an email to: privacy@alimetry.com

5.3 You must use the App and Cloud Services for lawful purposes only and must not copy, reproduce, translate, decompile, reverse-engineer, resell, modify, vary, sub-license, or otherwise deal in the App or Cloud Services except to the extent expressly permitted by applicable law.

5.4 You must not act in a way, or use or introduce anything (including any malware) that in any way compromises, or may compromise, the App, the Cloud Services or any Underlying System, or otherwise attempt to damage or interfere with the App, the Cloud Services or any Underlying System.

5.5 When accessing the Cloud Services, you and your personnel must:

a not impersonate another person or misrepresent authorization to act on behalf of others or us;

b correctly identify the sender of all electronic transmissions;

c not attempt to view, access or copy any material or data other than:

i that which you are authorized to access; and

ii to the extent necessary for you to use the Cloud Services in accordance with these Terms; and

d neither use the Cloud Services in a manner, nor transmit, input or store any Data, that reaches any third party right (including Intellectual Property Rights and privacy rights) or is Objectionable, incorrect or misleading. 5.6 Without limiting clause 5.5, no individual other than a Permitted User may access or use the Cloud Services. We may, at our discretion, authorize any member of your personnel to be a Permitted User, in which case you must provide us with the Permitted User’s name and other information that we reasonably require in relation to the Permitted User. You must procure each Permitted User’s compliance with clauses 5.3 to 5.5 and any other reasonable condition notified by us to you.

5.7 A breach of any of these Terms by your personnel (including, to avoid doubt, a Permitted User) is deemed to be a breach of these Terms by you.

5.8 You are responsible for procuring all licenses, authorizations and consents required for you and your personnel to use the Cloud Services, including to use, store and input Data into, and process and distribute Data through, the App and Cloud Services.

5.9 Without limiting any other obligations required of you, you understand the App and/or Cloud Services have been sold in accordance with regulatory approval in the jurisdiction being sold and you agree to use the App and/or Cloud Services in accordance with their authorized intended use and indications and these Terms.

5.10 You agree to take full responsibility for any use of the App and/or Cloud Services in any manner not in compliance with any applicable regulatory authorizations.

5.11 You indemnify us against all Loss we suffer or incur as a direct or indirect result of your failure to comply with these Terms, including any failure of a person who accesses and uses the App or Cloud Services by using your User ID.

6 DATA

6.1 You acknowledge that:

a we may require access to the Data to exercise our rights and perform our obligations under these Terms; and

b to the extent that this is necessary but subject to clause 11, we may authorize a member or members of our personnel to access the Data for this purpose.

6.2 You must arrange all consents and approvals that are necessary for us to access the Data as described in clause 6.1 and you represent and warrant that you have obtained all such consents.

6.3 You acknowledge and agree that:

a we may:

i use Data and information about you and your Permitted Users’ use of the Cloud Services to generate anonymized and aggregated statistical and analytical data (Analytical Data);

ii use Analytical Data for our internal research and product development purposes and to conduct statistical analysis and identify trends and insights; and

iii supply Analytical Data to third parties;

b our rights under clauses 6.3aii and iii above will survive termination or expiry of these Terms; and

c title to, and all Intellectual Property Rights in, Analytical Data is and remains our property.

6.4 You acknowledge and agree that to the extent Data contains personal information, you must obtain all necessary consents from the relevant individual (or, where the relevant individual is a minor or not otherwise able to give consent on their own behalf, from the individual’s parent, legal guardian or such other person who is able to give consent on their behalf)to enable us to collect, use, hold and process that information in accordance with these Terms and you represent and warrant that you have obtained such consents.

6.5 You agree that we may store Data (including any personal information) in secure servers in the United States and may access that Data (including any personal information) in the United States and New Zealand from time to time.

7 FEES

7.1 You must pay the Fees in accordance with the Payment Terms.

7.2 Unless stated otherwise, the Fees exclude goods and services, value-added, sales or other similar tax, which you must pay where applicable.

7.3 We may increase the Fees with effect from the start of a Subscription Period by giving at least 30 days’ notice. If you do not wish to pay the increased Fees, you may terminate these Terms in accordance with clause 13.1b. If you do not terminate these Terms in accordance with clause 13.1b, you are deemed to have accepted the increased Fees.

8 INTELLECTUAL PROPERTY

8.1 Subject to clause 8.2, we (and our licensors) own all Intellectual Property Rights in the App and Cloud Services (including all information, data, text, graphics, artwork, photographs, logos, icons, sound recordings, videos and look and feel and any enhancement, modification or derivative work), and all Technology associated therewith, including the Underlying Systems. You must not contest or dispute that ownership, or the validity of those Intellectual Property Rights.

8.2 Title to, and all Intellectual Property Rights in, the Data (as between the parties) remains your property. You grant us a worldwide, non-exclusive, fully paid up, transferable, irrevocable license to use, store, copy, modify, make available and communicate the Data for any purpose in connection with the exercise of our rights and performanceof our obligations in accordance with these Terms.

8.3 If you provide us with ideas, comments or suggestions relating to the App, Cloud Services or Underlying Systems (together feedback):

a you hereby assign to us all right, title and interest (including all Intellectual Property Rights) in and to that feedback, and we will solely and exclusively own anything created as a result of that feedback (including new material, enhancements, modifications or derivative works); and

b we may use or disclose the feedback for any purpose.

9 iOS APPS

9.1 Where you download, install or use the iOS version of the App on an Apple mobile device this clause 8 applies.

9.2 We and you acknowledge that:

a these Terms are between us and you and not Apple Inc. (Apple);

b to the maximum extent permitted by law, Apple has no responsibility or liability in respect of any matter relating to the App or the content made available to you through using the App, including:

i your use or possession of the App or the contents made available to you through using the App; and

ii the provision of any maintenance or support services for the App;

c Apple has no warranty obligation whatsoever with respect to the App and no responsibility to address any claims you may have relating to the App or your possession and/or use of the App, including:

i product liability claims;

ii any claim that the App fails to conform to any applicable legal or regulatory requirement;

iii claims arising under consumer protection, privacy or similar legislation; or

iv any claim that the App, or your use of the App, infringes a third party’s intellectual property rights.

9.3 Without limiting clause 9.2, in the event of any failure of the App to conform to an applicable warranty, you may notify Apple, and Apple may refund the purchase price (if any) for the iOS version of the App. 9

.4 You must comply with applicable third party terms when using the App (e.g. your wireless data service agreement).

9.5 You acknowledge and warrant that you are not located in a country that is subject to a U.S. Government embargo, or that has been designated by the U.S. Government as a “terrorist supporting” country and you are not listed on any U.S. Government list of prohibited or restricted parties.

9.6 We and you agree that Apple, and any Apple subsidiary, are third party beneficiaries of these Terms and that Apple has the right to enforce these Terms against you as a third party beneficiary.

10 DISCLAIMERS

THE APP AND CLOUD SERVICES ARE PROVIDED "AS IS" AND WE EXPRESSLY DISCLAIM ANY AND ALL CONDITIONS AND WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, WITHOUT LIMITATION, ANY WARRANTY AS TO MERCHANTABLE MERCHANTABILITY, QUALITY, TITLE, NONINFRINGEMENT, OR FITNESS FOR A PARTICULAR PURPOSE. WITHOUT LIMITING THE FOREGOING, (A) WE MAKE NO REPRESENTATION OR WARRANTY CONCERNING THE QUALITY OF THE APP OR CLOUD SERVICES, AND WE DO NOTPROMISE THAT THE APP OR CLOUD SERVICES WILL BE ERROR-FREE, BUG-FREE, OR WILL OPERATE WITHOUT INTERRUPTION AND (B) WE MAKE NO REPRESENTATION OR WARRANTY THAT THE APP OR CLOUD 157603173.1 SSLI-1958195893-699\1.0 6 SERVICES ARE APPROPRIATE OR AVAILABLE FOR USE IN ALLCOUNTRIES OR THAT THE CONTENT ACCESSIBLE THROUGH THE APP OR CLOUD SERVICES SATISFIES THE LAWS OF ALL COUNTRIES. YOU ARE RESPONSIBLE FOR ENSURING THAT YOUR ACCESS TO AND USE OF THE APP OR CLOUD SERVICES IS NOT ILLEGAL OR PROHIBITED, AND FOR YOUR OWN COMPLIANCE WITH APPLICABLE LOCAL LAWS. YOU ACCESS AND USE THE APP AND CLOUD SERVICES AT YOUR OWN RISK.

11 CONFIDENTIALITY

11.1 Each party must, unless it has the prior written consent of the other party:

a keep confidential at all times the Confidential Information of the other party;

b effect and maintain adequate security measures to safeguard the other party’s Confidential Information from unauthorized access or use; and

c disclose the other party’s Confidential Information to its personnel or professional advisors on a need to know basis only and, in that case, ensure that any personnel or professional advisor to whom it discloses the other party’s Confidential Information is aware of, and complies with, clauses 11.1a and 11.1b.

11.2 The obligation of confidentiality in clause 11.1 does not apply to any disclosure or use of Confidential Information:

a for the purpose of performing a party’s obligations, or exercising a party’s rights, under these Terms;

b required by law (including under the rules of any stock exchange);

c which is publicly available through no fault of the recipient of the Confidential Information or its personnel;

d which was rightfully received by a party from a third party without restriction and without breach of any obligation of confidentiality; or

e by us in connection with an actual or proposed merger, acquisition, financing or similar transaction.

12 LIABILITY

OUR MAXIMUM AGGREGATE LIABILITY TO YOU IN CONNECTION WITH THE APP AND CLOUD SERVICES WILL NOT EXCEED THE AMOUNT PAID BY YOU TO USE THE APP AND CLOUD SERVICES OR $1000, WHICHEVER IS GREATER. WE ARE NOT LIABLE TO YOU FOR ANY LOSS OF PROFIT, REVENUE, SAVINGS, BUSINESS, DATA, GOODWILL, OR ANY CONSEQUENTIAL, INDIRECT, INCIDENTAL, EXEMPLARY, PUNITIVE, OR SPECIAL DAMAGE OR LOSS OF ANY KIND.

13 TERM, TERMINATION AND SUSPENSION

13.1 Unless terminated under this clause 13, these Terms and your right to access and use the Cloud Services:

a starts on the Start Date; and

b continues for successive Subscription Periods until a party gives at least 10 days’ notice that these Terms and your access to and use of the Cloud Services will terminate at the end of the then-current Subscription Period.

13.2 Subject to clause 7.3, if the subscription option you have selected includes a minimum initial term, the earliest date for termination under clause 13.1 will be the expiry of that initial term.

13.3 Without prejudice to any other right or remedy available to us, if we consider that you have breached these Terms or we otherwise consider it appropriate, we may immediately, and without notice, suspend or terminate your use of the App or Cloud Services (or any part of it).

13.4 On suspension or termination, you must immediately cease using the App and Cloud Services and must not attempt to gain further access. 13.5 No compensation is payable by us to you as a result of termination of these Terms for whatever reason, and you will not be entitled to a refund of any Fees that you have already paid. 157603173.1 SSLI-1958195893-699\1.0 7

14 GENERAL

14.1 We are not liable to you for any failure to perform our obligations under these Terms to the extent caused by Force Majeure.

14.2 If we need to contact you, we may do so by email, via the Cloud Services or by posting a notification through the App. You agree that this satisfies all legal requirements in relation to written communications.

14.3 These Terms, and any dispute relating to these Terms, the App or Cloud Services, are governed by and must be interpreted in accordance with the laws of Delaware. Each party Each party irrevocably submits to the exclusive personal jurisdiction and venue of any Delaware state or United States federal court sitting in Wilmington, Delaware (a "Court") in any dispute arising out of or in connection with these Terms, the App or Cloud Services and further irrevocably waives any claim of inconvenient forum or other challenge to venue in any Court.

14.4 For us to waive a right under these Terms, the waiver must be in writing.

14.5 Clauses which, by their nature, are intended to survive termination of these Terms, including clauses 5.9, 8, 9, 10, 11,12 and 14, continue in force.

14.6 If any part or provision of these Terms is or becomes illegal, unenforceable, or invalid, that part or provision is deemed to be modified to the extent required to remedy the illegality, unenforceability, or invalidity. If a modification is not possible, the part or provision must be treated for all purposes as severed from these Terms. The remainder of these Terms will be binding on you.

14.7 These Terms set out everything agreed by the parties relating to your use of the App and Cloud Services and supersede and cancel anything discussed, exchanged or agreed prior to you agreeing to these Terms. The parties have not relied on any representation, warranty or agreement relating to the App or Cloud Services that is not expressly set out in the Terms, and no such representation, warranty or agreement has any effect from the date you agreed to these Terms.

15 CONTACT US

If you have any questions, complaints or claims in relation to these Terms, the App, the Cloud Services and your possession or use of the App please contact: App-support@alimetry.com

Appendix A

Business Associate Agreement

This HIPAA Business Associate Agreement (the “Addendum”) is entered into by and between the parties pursuant to Section 4.5 of the Alimetry App and the Cloud Services Terms of Use (the “Agreement”). 

WHEREAS, the parties have entered into the Agreement whereby Alimetry Ltd. (the “Business Associate”) provides to you (the “Covered Entity”) an electrogastrography system, which includes the App and Cloud Services, as defined in the Agreement, involving the use or disclosure of Protected Health Information (“PHI”), as defined below;

WHEREAS, by rendering such services, Alimetry Ltd. may be considered a “Business Associate” to you as the “Covered Entity,” as defined below;  

WHEREAS, Covered Entity and Business Associate intend to protect the privacy and provide for the security of PHI disclosed to Business Associate pursuant to the Agreement in compliance with the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191 (“HIPAA”), the Standards for Privacy of Individually Identifiable Health Information promulgated thereunder by the U.S. Department of Health and Human Services at 45 CFR Part 160 and Part 164 (the “Privacy Rule”), the Standards for the Security of Electronic Protected Health Information promulgated thereunder by the U.S. Department of Health and Human Services at 45 CFR Part 160, Part 162 and Part 164 (the “Security Rule”), and other applicable laws;

WHEREAS, the purpose of this Addendum is to satisfy certain standards and requirements of HIPAA, the Privacy Rule, and the Security Rule, including, but not limited to, Title 45, Sections 164.504(e) and 164.308(b) of the Code of Federal Regulations (“CFR”), as the same may be amended from time to time;

NOW, THEREFORE, in consideration of the mutual promises below and the exchange of information pursuant to this Addendum, the parties agree as follows:

1.  Definitions.

a.  “Business Associate”, in addition to identifying one of the parties to this Addendum as set forth above, shall have the meaning given to such term under 45 CFR § 160.103.

b.  “Covered Entity”, in addition to identifying one of the parties to this Addendum as set forth above, shall have the meaning given to such term under 45 CFR § 160.103.

c.  “Protected Health Information” or “PHI” means any information, whether oral or recorded in any form or medium, including paper record, audio recording, or electronic format:

(i) that relates to the past, present or future physical or mental condition of an individual; the provision of health care (which includes care, services, or supplies related to the health of an individual) to an individual; or the past, present or future payment for the provision of health care to an individual; and

(ii) that identifies the individual or with respect to which there is a reasonable basis to believe the information can be used to identify the individual, and 

(iii) that shall have the meaning given to such term under 45 CFR § 160.103, limited to the information created or received by Business Associate from or on behalf of Covered Entity.

d.  “Electronic Protected Health Information” or “EPHI” means PHI transmitted by, or maintained in, electronic media, as defined in 45 CFR § 160.103.

e.  “Individual” shall have the same meaning as the term “individual” in 45 CFR § 160.103 and shall include a person who qualifies as a personal representative in accordance with 45 CFR § 164.502 (g).

f.  “Required by Law” shall have the same meaning as the term “required by law” in 45 CFR § 164.103.

g.  “Secretary” shall mean the Secretary of the Department of Health and Human Services or his designee.

h.  “Security Incident” means the attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or interference with system operations in an information system, as defined in 45 CFR § 164.304.

2.  Rights and Obligations of Business Associate.

a.  Permitted Uses and Disclosures. Except as otherwise limited in this Addendum or federal or state law, Business Associate may use or disclose PHI to perform functions, activities, or services to, for, or on behalf of, Covered Entity as specified in the Agreement, provided that such use or disclosure would not violate the Privacy Rule if made by Covered Entity.  In addition, Business Associate may use PHI to report violations of law to appropriate Federal and State authorities, consistent with 45 CFR § 164.502 (j)(1).

b. Use for Management and Administration.  Except as otherwise limited in this Addendum or the Agreement, Business Associate may use PHI received by Business Associate in its capacity as a Business Associate of Covered Entity for the proper management and administration of Business Associate, if such use is necessary for the proper management and administration of Business Associate or to carry out the legal responsibilities of Business Associate.

c.  Disclosure for Management and Administration.  Except as otherwise limited in this Addendum or the Agreement, Business Associate may disclose PHI received by Business Associate in its capacity as a Business Associate of Covered Entity for the proper management and administration of Business Associate if:

(i) the disclosure is Required by Law; or

(ii) Business Associate obtains reasonable assurances from the person to whom the PHI is disclosed that it will be held confidentially and used or further disclosed only as Required by Law or for the purpose for which it was disclosed to the person, and

(iii) the person notifies Business Associate of any instances of which it becomes aware in which the confidentiality of the PHI has been breached.

d.  Nondisclosure.  Business Associate shall not use or further disclose PHI other than as permitted or required by this Addendum or as Required by Law.

e.  Safeguards.  Business Associate shall use appropriate safeguards to prevent use or disclosure of PHI other than as provided for by this Addendum.  In addition, Business Associate shall implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the EPHI that it creates, receives, maintains, or transmits on behalf of Covered Entity.  

f.  Reporting of Disclosures.  Business Associate shall report to Covered Entity any use or disclosure of PHI not provided for by this Addendum of which Business Associate becomes aware.  In addition, Business Associate shall report to Covered Entity any Security Incident of which it becomes aware, in the form and manner required by 45 CFR § 164.410.

g.  Business Associate’s Agents.  Business Associate shall ensure that any agents,

including subcontractors, to whom it provides PHI received from (or created or received by Business Associate on behalf of) Covered Entity agree to the same restrictions and conditions that apply to Business Associate with respect to such PHI.  In addition, Business Associate shall ensure that any agent, including a subcontractor, to whom it provides EPHI agrees to implement reasonable and appropriate safeguards to protect it.

h.  Access to PHI.  At the request of Covered Entity, and in a reasonable manner designated by Covered Entity, Business Associate agrees to provide access to EPHI to Covered Entity for Covered Entity to meet the requirements under 45 CFR § 164.524. 

i.  Amendment of PHI.  Business Associate shall make PHI available for amendment and shall incorporate any amendments to PHI as directed by Covered Entity in writing, in accordance with 45 CFR § 164.526, no later than 60 days from the time Covered Entity requested such amendment to PHI.

j.  Access to Documentation for Accounting.  Business Associate shall make available the information required to provide an accounting of disclosures of PHI in accordance with 45 CFR § 164.528.

k.  Internal Practices.  Subject to any applicable legal privilege, and to the extent consistent with professional ethical obligations, Business Associate shall make its internal practices, books and records relating to the use and disclosure of PHI received from Covered Entity (or created or received by Business Associate on behalf of Covered Entity) available to the Secretary, for purposes of the Secretary determining Covered Entity’s compliance with HIPAA and the Privacy Rule.

3.  Obligations of Covered Entity.  

a.  Upon request, Covered Entity shall provide Business Associate with the notice of privacy practices that Covered Entity produces in accordance with 45 CFR § 164.520, as well as any changes to such notice.

b.  Covered Entity shall provide Business Associate with any changes in, or revocation of, permission by an Individual to use or disclose PHI, if such changes affect Business Associate’s permitted or required uses or disclosures.

c.  Covered Entity shall notify Business Associate of any restriction to the use or disclosure of PHI that Covered Entity has agreed to in accordance with 45 CFR § 164.522, if such restriction affects Business Associate’s permitted or required uses or disclosures.

d.  Covered Entity shall not request Business Associate to use or disclose PHI in any manner that would not be permissible under HIPAA and the Privacy Rule if done by Covered Entity.

4.  Term and Termination.

a.  Term.  The Term of this Addendum shall become effective as of the effective date of the Agreement and shall terminate when all of the PHI provided by Covered Entity to Business Associate, or created or received by Business Associate on behalf of Covered Entity, is destroyed or returned to Covered Entity, or, if it is infeasible to return or destroy PHI, protections are extended to such information, in accordance with the termination provisions of this Section.  The provisions of this Addendum shall survive termination of the Agreement to the extent necessary for compliance with HIPAA and the Privacy Rule.  

b.  Reasonable Steps to Cure Breach; Termination.  If Covered Entity learns of a pattern of activity or practice of Business Associate that constitutes a material breach or violation of the Business Associate’s obligations under the provisions of this Addendum, then Covered Entity shall notify Business Associate of the breach and Business Associate shall take reasonable steps to cure such breach or end such violation, as applicable, within a period of time which shall in no event exceed thirty (30) days.  If Business Associate’s efforts to cure such breach or end such violation are unsuccessful, Covered Entity may terminate this Addendum.

c.  Effect of Termination.  

(i)  Except as provided in Section 4(c)(ii), upon termination of the Agreement for any reason, Business Associate shall return or destroy all PHI received from Covered Entity (or created or received by Business Associate on behalf of Covered Entity) that Business Associate still maintains in any form, and shall retain no copies of such PHI.  This provision shall also apply to PHI that is in the possession of subcontractors or agents of Business Associate.(

ii)  In the event that Business Associate determines that returning or destroying the PHI is infeasible, Business Associate shall provide to Covered Entity notification of the conditions that make return or destruction infeasible, and shall extend the protections of this Addendum to such PHI and limit further uses and disclosures of such PHI to those purposes that make the return or destruction infeasible, for so long as Business Associate maintains such PHI.  The obligations of Business Associate under this Section 4(c)(ii) shall survive the termination of the Agreement.

5.  Amendment to Comply with Law.  The parties acknowledge that amendment of the Addendum may be required to ensure compliance with any new standards and requirements of HIPAA, the Privacy Rule, the Security Rule, and other applicable laws relating to the security or confidentiality of PHI. Upon Covered Entity’s request, Business Associate agrees to promptly enter into negotiations with Covered Entity concerning the terms of an amendment to the Addendum embodying written assurances consistent with the standards and requirements of HIPAA, the Privacy Rule, the Security Rule or other applicable laws relating to security and privacy of PHI.  

6.  No Third Party Beneficiaries.  Nothing in this Addendum is intended to confer, nor shall anything herein confer, upon any person other than Covered Entity, Business Associate and their respective successors and assigns, any rights, remedies, obligations or liabilities whatsoever.

7.  Effect on Agreement.  Except as specifically required to implement the purposes of this Addendum, or to the extent inconsistent with this Addendum, all other terms of the Agreement shall remain in full force and effect.

8.  Interpretation.  This Addendum and the Agreement shall be interpreted as broadly as necessary to implement and comply with HIPAA, the Privacy Rule, the Security Rule, and any other applicable law relating to security and privacy of PHI.  Any ambiguity in this Addendum shall be resolved in favor of a meaning that permits Covered Entity to comply with the Privacy Rule and the Security Rule.

9.  Regulatory References.  A reference in this Addendum to a section in the Privacy Rule or Security Rule means the section as in effect or as amended, and for which compliance is required.