ZOLL Application Service Provider and Business Associate Agreements

ZOLL Online Application Service Provider Agreement

IMPORTANT-READ CAREFULLY. This Application Service Agreement ("Agreement") is a legal Agreement between you ("Customer") and ZOLL Data Systems, Inc., at 11802 Ridge Parkway, Suite 400, Broomfield, CO 80021 ("ZOLL") for ASP Services, associated media, and Instructions. BY CLICKING THE "ACCEPT" BUTTON OR USING THE ASP SERVICES, CUSTOMER IS STATING THAT IT HAS READ AND UNDERSTANDS ALL OF THE TERMS AND CONDITIONS OF THIS ASP AGREEMENT AND AGREES TO BE BOUND BY ITS TERMS, WITHOUT LIMITATION OR QUALIFICATION. IF CUSTOMER DOES NOT AGREE TO THESE TERMS, CUSTOMER WILL NOT ACCESS OR USE THE SERVICES.

In addition, ZOLL may amend this Agreement (including the exhibits hereto) or any additional terms that apply to an ASP Service or the ZOLL Site at any time. Customer should review the most current form of this Agreement regularly. ZOLL will post the most current form at Terms of Use. ZOLL will endeavor to, but is not required to, notify Customer of any amendments. Amendments will not apply retroactively and will become effective no sooner than thirty (30) days after they are posted. However, changes addressing new functions for an ASP Service or changes made for legal reasons will be effective immediately. Customer understands and acknowledges that its continued use of the ASP Services constitutes its agreement to and acceptance of all such amendments and that absent such effective consent, use of the ASP Services is not authorized.

Terms and Conditions

1. Definitions.

1.1. "ASP Services" means the services described on the ZOLL Site that Customer has chosen to receive by following the procedures indicated on the ZOLL Site.

1.2. "BAA" means the Business Associate Addendum attached hereto as Exhibit A.

1.3. "Confidential Information" means all trade secrets, business and financial information, computer software, machine and operator instructions, business methods, procedures, know‑how, and other information that relates to the business or technology of either party and is marked or identified as confidential, or disclosed in circumstances that would lead a reasonable person to believe such information is confidential. The Software and Instructions shall be considered ZOLL's Confidential Information, notwithstanding any failure to mark or identify it as such.

1.4. "Fee Based Services" means the ASP Services for which ZOLL charges Customer a fee.

1.5. "Instructions" means the instructions for use of the ASP Services and the documentation and users manuals from time to time provided by ZOLL on the ZOLL Site.

1.6. "Intellectual Property Rights" means any and all existing or future copyrights, trademarks, service marks, trade secrets, patents, patent applications, know‑how, moral rights, contract rights, and other proprietary rights, and all registrations, applications, renewals, extensions, and combinations of the foregoing.

1.7. "Software" means the ZOLL software and the ZOLL licensors' and/or suppliers' software that underlies the ASP Services provided to Customer, as modified, updated, and enhanced.

1.8. "ZOLL Site" means the web site located at a unique URL to be provided by ZOLL to Customer where end users may download the Software and access and use the ASP Services.

2. ASP Services; Payment Obligation.

2.1. Provision of ASP Services by ZOLL. Subject to the terms and conditions of this Agreement, ZOLL will use commercially reasonable efforts to make the ASP Services available to Customer through the ZOLL Site over normal network connections, excepting downtime due to necessary maintenance and troubleshooting. Customer, not ZOLL, shall be responsible for controlling its users and protection of its passwords. The BAA shall apply to the ASP Services.

2.2. Support and Maintenance. ZOLL will provide telephone support services during ZOLL's regular business hours for ASP Services questions.

2.3. Payment Obligation.. Fee Based Services provided to Customer will require payment of a monthly fee. Customer will be notified of fees and terms of use and payment when Customer first accesses a Fee Based Service. Customer will be required to enter credit card information or other form of payment information before accessing any Fee Based Service.

3. License Grant; Restrictions; Ownership.

3.1. License Grant. Subject to the terms and conditions of this Agreement ZOLL grants to Customer, during the term of this Agreement, a non‑exclusive, non‑transferable, non‑sublicensable license to access and use the ASP Services using the Software, each as made available to Customer through the ZOLL Site, solely for Customer's internal business purposes and solely in accordance with the Instructions.

3.2. Restrictions. Customer shall not, and shall not permit any third party to: (a) modify, adapt, alter, translate, or create derivative works from the ASP Services, the Software or the Instructions; (b) allow any third party access to or use of the ASP Services; (c) reverse engineer, decompile, disassemble, or otherwise attempt to alter or derive the source code for the Software; or (d) otherwise use or copy the Software or the Instructions or the ASP Services in any manner not expressly permitted.

3.3. Ownership. The Software, the Instructions, the ASP Services, all proprietary technology utilized by ZOLL to perform its obligations under this Agreement, and all Intellectual Property Rights in and to the foregoing, are the exclusive property of ZOLL(or as the case may be its licensors and suppliers). Any rights not expressly granted to Customer hereunder are reserved by ZOLL (or its licensors and suppliers, as the case may be).

4. Customer Content.

As between ZOLL and Customer, and without limiting the rights (if any) of any patient, Customer will retain all right, title and interest in and to all data, information or other content provided by Customer in its use of the ASP Services ("Customer Content"), provided, however, that ZOLL may de-identify and use Customer Content for any lawful purpose consistent with all applicable law.

5. Warranty Disclaimers.

THE ASP SERVICES ARE PROVIDED "AS IS", WITHOUT ANY WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, OR STATUTORY; ZOLL DOES NOT PROMISE THAT THE ASP SERVICES WILL BE AVAILABLE FOR ANY PERIOD AND ZOLL MAKES NO UP-TIME COMMITMENT. ZOLL SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, ALL WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON‑INFRINGEMENT, AND ANY WARRANTIES ARISING FROM COURSE OF DEALING OR COURSE OF PERFORMANCE. CUSTOMER ACKNOWLEDGES THAT IT HAS RELIED ON NO WARRANTIES OTHER THAN THE EXPRESS WARRANTIES IN THIS AGREEMENT AND THAT NO WARRANTIES ARE MADE BY ANY OF ZOLL'S LICENSORS OR SUPPLIERS.

5.1. CUSTOMER ACKNOWLEDGES AND AGREES THAT, IN ENTERING INTO THIS CONTRACT, IT HAS NOT RELIED UPON THE FUTURE AVAILABILITY OF ANY NEW OR ENHANCED FEATURE OR FUNCTIONALITY, OR ANY NEW OR ENHANCED PRODUCT OR SERVICE, INCLUDING WITHOUT LIMITATION, UPDATES TO ZOLL's EXISTING PRODUCTS AND SERVICES. ZOLL's PERFORMANCE OBLIGATIONS HEREUNDER ARE LIMITED TO THOSE EXPRESSLY ENUMERATED HEREIN, AND PAYMENT FOR ZOLL'S PERFORMANCE OBLIGATIONS SHALL BE DUE AS DESCRIBED HEREIN.

6. Limitation of Liability.

In no event will ZOLL be liable for any consequential, indirect, exemplary, special, or incidental damages, OR for any lost data, lost profits OR costs of procurement of substitute goods or services, arising from or relating to this Agreement, however caused and under any theory of liability (including negligence), even if ZOLL has been advised of the possibility of such damages. ZOLL's total cumulative liability in connection with this Agreement and the Software, whether in contract or tort or otherwise, will not exceed the amount paid TO ZOLL BY CUSTOMER FOR the ASP SERVICES provided UNDER THIS AGREEMENT IN THE PREVIOUS SIX (6) MONTH PERIOD. Customer acknowledges that these limitations reflect the allocation of risk set forth in this Agreement and that ZOLL would not enter into this Agreement without these limitations on its liability, and Customer agrees that these limitations shall apply notwithstanding any failure of essential purpose of any limited remedy. In addition, ZOLL disclaims all liability of any kind of ZOLL's licensors and suppliers.

7. Term and Termination.

7.1. Term. The term of this Agreement ("Term") will begin on the date these terms are accepted by Customer and continue until terminated.

7.2. Termination. Either party may terminate this Agreement with or without cause on 20 days' prior notice to the other.

7.3. Effects of Termination. Upon expiration or termination of this Agreement for any reason: (a) amounts, if any, owed to ZOLL under this Agreement before such termination or expiration will be immediately due and payable, (b) all licensed rights granted in this Agreement will immediately cease to exist; and (c) Customer must promptly discontinue all use of the ASP Services and return or destroy, all copies of the Instructions and/ Software in Customer's possession or control.

8. Confidentiality.

8.1. Protection. Subject to Section 4 hereof, the party receiving Confidential Information ("Receiving Party") from the other party ("Disclosing Party") will not use any Confidential Information of the Disclosing Party for any purpose not expressly permitted by this Agreement, and will disclose the Confidential Information of the Disclosing Party only to the employees or contractors of the Receiving Party who have a need to know such Confidential Information for purposes of this Agreement and who are under a duty of confidentiality no less restrictive than the Receiving Party's duty hereunder. The Receiving Party will protect the Disclosing Party's Confidential Information from unauthorized use, access, or disclosure in the same manner as the Receiving Party protects its own confidential or proprietary information of a similar nature and with no less than reasonable care.

8.2. Exceptions. The Receiving Party's obligations under Section 8.1 above with respect to any Confidential Information of the Disclosing Party will terminate if and when the Receiving Party can document that such information: (a) was already lawfully known to the Receiving Party at the time of disclosure by the Disclosing Party; (b) is disclosed to the Receiving Party by a third party who had the right to make such disclosure without any confidentiality restrictions; (c) is, or through no fault of the Receiving Party has become, generally available to the public; or (d) is independently developed by the Receiving Party without access to, or use of, the Disclosing Party's Confidential Information. In addition, the Receiving Party may disclose Confidential Information of the Disclosing Party to the extent that such disclosure is: (i) approved in writing by the Disclosing Party, (ii) necessary for the Receiving Party to enforce its rights under this Agreement in connection with a legal proceeding; or (iii) required by law or by the order of a court or similar judicial or administrative body, provided that the Receiving Party notifies the Disclosing Party of such required disclosure in writing prior to making such disclosure and cooperates with the Disclosing Party, at the Disclosing Party's reasonable request and expense, in any lawful action to contest or limit the scope of such required disclosure.

9. Indemnification.

Customer shall indemnify, defend and hold ZOLL harmless of, from and against any and all liabilities, losses, expenses, damages and claims that arise out of Customer's use of the ASP Services or Customer's breach of this Agreement, except to the extent same are due to ZOLL's breach hereof or ZOLL's negligence.

10. General Provisions.

10.1. Compliance with Laws and Export Regulations. Customer shall comply with all applicable laws and regulations concerning its use of the ASP Services, including without limitation if applicable all export and import control laws and regulations. Customer will not use the ASP Services for any purpose in violation of any applicable laws. Customer agrees to defend, indemnify, and hold harmless ZOLL from and against any violation of any applicable laws or regulations by Customer or any of its agents, officers, directors, or employees.

10.2. Compliance Certificate. Upon written request from ZOLL, Customer shall furnish ZOLL with a certificate signed by an officer of Customer stating that the ASP Services are being used in accordance with the terms and conditions of this Agreement.

10.3. Assignment. Customer may not assign or transfer, by operation of law or otherwise, any of its rights under this Agreement to any third party without ZOLL's prior written consent. Any attempted assignment or transfer in violation of the foregoing will be null and void. ZOLL shall have the right to assign this Agreement to any successor to its business or assets to which this Agreement relates, whether by merger, sale of assets, sale of stock, reorganization or otherwise.

10.4. U.S. Government End Users. If Customer is a branch or agency of the United States Government, the following provision applies. The Software and Instructions are comprised of "commercial computer software" and "commercial computer software documentation" as such terms are used in 48 C.F.R. 12.212 (SEPT 1995) and if provided hereunder are (i) for acquisition by or on behalf of civilian agencies, consistent with the policy set forth in 48 C.F.R. 12.212; or (ii) for acquisition by or on behalf of units of the Department of Defense, consistent with the policies set forth in 48 C.F.R. 227.7202‑1 (JUN 1995) and 227.7202‑3 (JUN 1995).

10.5. Notices. All notices, consents, and approvals under this Agreement must be delivered in writing by electronic mail, courier, electronic facsimile (fax), or certified or registered mail (postage prepaid and return receipt requested) to the other party at the address set forth above or in the contact information provided by Customer in connection with accepting the terms of this Agreement, and will be effective upon receipt or three (3) business days after being deposited in the mail as required above, whichever occurs sooner; provided, however, that ZOLL's amendments of this Agreement shall be deemed delivered to Customer and Customer shall be deemed notified thereof by ZOLL posting the most current form of this Agreement on the website set forth at the beginning of this Agreement as more particularly provided at the beginning of this Agreement.

10.6. Governing Law and Venue. This Agreement will be governed by and interpreted in accordance with the laws of the State of Colorado without reference to its choice of law rules. The United Nations Convention on Contracts for the International Sale of Goods does not apply to this Agreement. Any action or proceeding arising from or relating to this Agreement shall be brought in a federal or state court in Denver, Colorado, and each party irrevocably submits to the jurisdiction and venue of any such court in any such action or proceeding.

10.7. Remedies. Except as otherwise expressly provided in this Agreement, the parties' rights and remedies under this Agreement are cumulative. Customer acknowledges that the ASP Services are built on valuable trade secrets and proprietary information of ZOLL, that any actual or threatened breach hereof may constitute immediate, irreparable harm to ZOLL for which monetary damages would be an inadequate remedy, and that injunctive relief is an appropriate remedy for such breach. If any legal action is brought to enforce this Agreement, the prevailing party will be entitled to receive its attorneys' fees, court costs, and other collection expenses, in addition to any other relief it may receive.

10.8. Waivers. Any waiver or failure to enforce any provision of this Agreement on one occasion will not be deemed a waiver of any other provision or of such provision on any other occasion.

10.9. Severability. If any provision of this Agreement is held by a court of competent jurisdiction to be unenforceable, such provision will be changed and interpreted to accomplish the objectives of such provision to the greatest extent possible under applicable law and the remaining provisions of this Agreement will continue in full force and effect.

10.10. Counterparts. This Agreement may be executed in counterparts, each of which will be considered an original, but all of which together will constitute the same instrument.

10.11. Entire Agreement. This Agreement, including the cover page (if any) and any exhibits hereto, constitute the entire agreement between the parties regarding the subject hereof and supersedes all prior or contemporaneous agreements, understandings, and communication, whether written or oral.

10.12. Third Party Access to ZOLL Site on behalf of Customer. If Customer engages a third-party provider approved by ZOLL ("Third-Party Provider") to provide Customer with data management services using Third-Party Provider's product(s) that are integrated with software products (including Software) and/or equipment of ZOLL and/or ZOLL affiliates (the "Third-Party Services"), Customer agrees to promptly notify ZOLL thereof and Customer hereby consents to ZOLL sharing of Customer Content with such Third-Party Provider for the sole purpose of Third-Party Provider's provision of the Third-Party Services. Customer agrees that if Customer wishes to grant such Third-Party Provider access to the ZOLL Site and/or the ASP Services for the purpose of the provision of the Third-Party Services, Customer shall require Third-Party Provider to comply with the terms of this Agreement and Customer agrees to indemnify, defend and hold harmless ZOLL from and against any liabilities, losses, expenses, damages and claims arising from Third-Party Provider's access and use of the ZOLL Site and the ASP Services. Upon termination of Customer's agreement with Third-Party Provider for any reason, Customer agrees to immediately terminate Third-Party Provider's access to the ZOLL Site and the ASP Services and notify ZOLL thereof. Customer represents that Customer has a valid Business Associate Agreement with Third-Party Provider in place for the provision of the Third-Party Services and that the sharing by ZOLL of the Customer Content with Third-Party Provider does not violate any agreement, law, regulation, or other legal standard applicable to Customer. In addition, Customer agrees that the provision of the Third-Party Services by Third-Party Provider to Customer does not make Third-Party Provider a subcontractor business associate of ZOLL.



ZOLL Online Business Associate Agreement

Exhibit A

Business Associate Addendum

This Business Associate Addendum (this "Addendum") is entered into by and between you ("Covered Entity") and ZOLL Data Systems, ("Business Associate") in order to comply with 45 C.F.R. §164.502(e) and §164.504(e), governing protected health information ("PHI") and business associates under the Health Insurance Portability and Accountability Act of 1996 (P.L. 104‑191), 42 U.S.C. Section 1320d, et. seq., and regulations promulgated thereunder, as amended from time to time (statute and regulations collectively referred to as "HIPAA") This Addendum amends the terms and conditions of and is hereby incorporated as part of that certain agreement between Covered Entity and Business Associate entitled Application Service Provider Agreement (the "Services Agreement") and attached hereto.

STATEMENT OF AGREEMENT

§1. Definitions. Terms used, but not otherwise defined, in this Addendum shall have the same meaning as those terms in HIPAA; provided that PHI shall refer only to protected health information of Covered Entity unless otherwise stated.

§2. Compliance and Agents. Business Associate agrees that to the extent it has access to PHI, Business Associate will fully comply with the requirements of this Addendum with respect to such PHI. Business Associate will ensure that every agent, including a subcontractor, of Business Associate to whom it provides PHI received from, or created or received by Business Associate on behalf of, Covered Entity will comply with the same restrictions and conditions as set forth in this Addendum. If Covered Entity is required by HIPAA to maintain a Notice of Privacy Practices, Covered Entity shall notify Business Associate of any limitations in such notice to the extent that such limitation may affect Business Associate's use or disclosure of PHI.

§3. Use and Disclosure; Rights. Business Associate agrees that it shall not use or disclose PHI except as permitted under this Addendum, including Section 16 hereof, and in compliance with each applicable requirement of 45 CFR Section 164.504(e). Business Associate may use or disclose the PHI received or created by it, (a) to perform its obligations under this Addendum, (b) to perform functions, activities, or services for, or on behalf of, Covered Entity as specified in the Services Agreement, or (c) to provide data aggregation functions to Covered Entity as permitted by HIPAA. Further, Business associate may use the PHI received by it in its capacity as Business Associate, if necessary, to properly manage and administer its business or to carry out its legal responsibilities. Business Associate may disclose the PHI received by it in its capacity as Business Associate to properly manage and administer its business or to carry out its legal responsibilities if: (a) the disclosure is required by law, or (b) the Business Associate obtains reasonable assurances from the person to whom the information is disclosed that it will be held confidentially and used or further disclosed only as required by law or for the purpose for which it is disclosed to the person and the person notifies Business Associate of any instances of which it is aware that the confidentiality of the information has been breached. Covered Entity shall not request Business Associate to use or disclose PHI in any manner that would not be permissible under HIPAA if done by Covered Entity.

§4. Safeguards. Business Associate agrees to develop, document, use, and keep current appropriate procedural, physical, and electronic safeguards, as required in 45 C.F.R. §§164.308 - 164.312, sufficient to prevent any use or disclosure of electronic PHI other than as permitted or required by this Addendum.

§5. Minimum Necessary. Business Associate will limit any use, disclosure, or request for use or disclosure to the minimum amount necessary to accomplish the intended purpose of the use, disclosure, or request.

§6. Report of Improper Use or Disclosure. Business Associate shall report to Covered Entity any information of which it becomes aware concerning any use or disclosure of PHI that is not permitted by this Addendum and any security incident of which it becomes aware. Business Associate will, following the discovery of a breach of "unsecured protected health information," as defined in 45 C.F.R. § 164.402, notify Covered Entity of such breach within 15 days. The notice shall include the identification of each individual whose unsecured protected health information has been, or is reasonably believed by Business Associate to have been, accessed, acquired, or disclosed during such breach. Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of PHI by Business Associate in violation of this Addendum.

§7. Individual Access. In accordance with an individual's right to access to their own PHI in a designated record set under 45 CFR §164.524 and the individual's right to copy or amend such records under 45 CFR §164.524 and §164.526, Business Associate shall make available all PHI in a designated record set to Covered Entity to enable the Covered Entity to provide access to the individual to whom that information pertains or such individual's representative.

§8. Amendment of and Access to PHI. Business Associate shall make available for amendment PHI in a designated record set and shall incorporate any amendments to PHI in a designated record set in accordance with 45 CFR §164.526 and in accordance with any process mutually agreed to by the parties.

§9. Accounting. Business Associate agrees to document such disclosures of PHI and information related to such disclosures as would be required for Covered Entity to respond to an individual's request for an accounting of disclosures of their PHI in accordance with 45 CFR §164.528. Business Associate agrees to make available to Covered Entity the information needed to enable Covered Entity to provide the individual with an accounting of disclosures as set forth in 45 CFR §164.528.

§10. DHHS Access to Books, Records, and Other Information. Business Associate shall make available to the U.S. Department of Health and Human Services ("DHHS"), its internal practices, books, and records relating to the use and disclosure of PHI received from, or created or received by Business Associate on behalf of, Covered Entity for purposes of determining the Covered Entity's compliance with HIPAA.

§11. Individual Authorizations; Restrictions. Covered Entity will notify Business Associate of any limitation in its notice of privacy practices, any restriction to the use or disclosure of PHI that Covered Entity has agreed to with an individual and of any changes in or revocation of an authorization or other permission by an individual, to the extent that such limitation, restriction, change, or revocation may affect Business Associate's use or disclosure of PHI.

§12. Compliance with ARRA. Covered Entity and Business Associate agree to comply with the amendments to HIPAA included in the American Recovery and Reinvestment Act of 2009 ("ARRA") (P.L. 111‑5), including all privacy and security regulations issued under ARRA that apply to Business Associate as and when those regulations are effective.

§13. Term. This Addendum shall take effect on the effective date of the Services Agreement, and shall continue in effect unless and until either party terminates this Addendum or the Services Agreement.

§14. Breach; Termination; Mitigation. If Covered Entity knows of a pattern of activity or practice of Business Associate that constitutes a material breach or violation of Business Associate's obligations under this Addendum, Covered Entity and Business Associate shall take any steps reasonably necessary to cure such breach and make Business Associate comply, and, if such steps are unsuccessful, Covered Entity may terminate this Addendum. Business Associate shall take reasonable actions available to it to mitigate any detrimental effects of such violation or failure to comply.

§15. Return of PHI. Business Associate agrees that upon termination of this Addendum, and if feasible, Business Associate shall (a) return or destroy all PHI received from Covered Entity, or created or received by Business Associate on behalf of Covered Entity, that Business Associate maintains in any form or manner and retain no copies of such information or, (b) if such return or destruction is not feasible, immediately notify Covered Entity of the reasons return or destruction are not feasible, and extend indefinitely the protection of this Addendum to such PHI and limit further uses and disclosures to those purposes that make the return or destruction of the PHI not feasible.

§16. De-identified Health Information. Business Associate may de-identify any and all PHI and may create a "Limited Data Set" in accordance with 45 C.F.R. § 164.514(b)&(e). Customer acknowledges and agrees that deidentified information is not PHI and that Business Associate may use such de-identified information for any lawful purpose. Use or disclosure of a Limited Data Set must comply with 45 CFR 164.514(e).

§17. Survival. All representations, covenants, and agreements in or under this Addendum or any other documents executed in connection with the transactions contemplated by this Addendum, shall survive the execution, delivery, and performance of this Addendum and such other documents. The respective rights and obligations of Business Associate under Section 14 of this Addendum shall survive termination or expiration of this Addendum.

§18. Further Assurances; Conflicts. Each party shall in good faith execute, acknowledge or verify, and deliver any and all documents which may from time to time be reasonably requested by the other party to carry out the purpose and intent of this Addendum. The terms and conditions of this Addendum will override and control any conflicting term or condition of the Services Agreement. All non‑conflicting terms and conditions of the Service Agreement shall remain in full force and effect. Any ambiguity in this Addendum with respect to the Services Agreement shall be resolved in a manner that will permit Covered Entity to comply with HIPAA.

§19. Applicable Law. The parties acknowledge and agree that HIPAA may be amended and additional guidance or regulations implementing HIPAA may be issued after the date of the execution of this Addendum and may affect the parties' obligations under this Addendum. The parties agree to take such action as is necessary to amend this Addendum from time in order as is necessary for Covered Entity to comply with HIPAA.

§20. Previously Executed BAAs. For avoidance of doubt, with respect to PHI shared under the Services Agreement, this Addendum supersedes and replaces any business associate agreements or addenda previously executed by the parties, notwithstanding any provisions in such previously-executed business associated agreements or addenda to the contrary.