Technology Services Agreement
Effective starting: June 11, 2020
Welcome to Suki! We are excited you have chosen Suki to help lift the burden of medical documentation. You’ll see our products are continually updated with new features and capabilities, so give us your feedback along the way as we work hard to bring the joy back to medicine. This Technology Services Agreement (“Agreement” or “Terms”) describes your rights and responsibilities as a customer of our Suki Technology. If you are being invited or added to the Suki Technology by a Suki customer, the User Notice governs your access and use of the Suki Technology (and not these Terms). These Terms are between you and Suki AI, Inc. (“Suki”, “we”, “us” and/or “our”). “You” or “Customer” means the entity you represent in accepting these Terms or, if that does not apply, you individually. If you are accepting on behalf of your employer or another entity, you represent and warrant that: (i) you have full legal authority to bind your employer or such entity to these Terms; (ii) you have read and understand these Terms; and (iii) you agree to these Terms on behalf of the party that you represent. If you don’t have the legal authority to bind your employer or the applicable entity or you do not wish to accept the Terms, you must not click “I agree” (or similar button or checkbox) that is presented to you. Permission to access and use the Suki Technology is conditional upon you agreeing to these Terms. PLEASE NOTE THAT IF YOU SIGN UP FOR THE SUKI TECHNOLOGY USING AN EMAIL ADDRESS FROM YOUR EMPLOYER OR ANOTHER ENTITY, THEN (A) YOU WILL BE DEEMED TO REPRESENT SUCH PARTY, (B) YOUR CLICK TO ACCEPT WILL BIND YOUR EMPLOYER OR THAT ENTITY TO THESE TERMS, INCLUDING, THE BUSINESS ASSOCIATE AGREEMENT (“BAA”), AND (C) THE WORD “YOU” OR “CUSTOMER” IN THESE TERMS WILL REFER TO YOUR EMPLOYER OR THAT ENTITY.
These Terms are effective as of the date you first click “I agree” (or similar button or checkbox) or use or access the Suki Technology, whichever is earlier (the “Effective Date”). These Terms do not have to be signed in order to be binding. You indicate your assent to these Terms by clicking “I agree” (or similar button or checkbox) at the time you register for the Suki Technology, create a Suki account, or place an Order. For No-Charge Products, you also indicate your assent to these Terms by accessing or using the applicable No-Charge Product.
1. WHAT THESE TERMS COVER
These Terms govern the Suki Technology, related support, and any additional services. These Terms include the BAA, our Policies (including our Privacy Policy), and your Orders. Note that capitalized terms are defined in Section 15, and others are defined contextually in these Terms.
2. TRIAL
2.1 Subject to these Terms, Customer may access and use the Suki Technology for Customer’s internal evaluation purposes during the trial period and at the site set forth on the Order (the “Trial Term” and the “Site,” respectively), all in accordance with these Terms, the applicable Order and the Documentation. This includes the right, as part of your authorized use of the Suki Technology, to download and use the client software associated with the Suki Technology. The rights granted to you in these Terms are non-exclusive, non-sublicensable and non-transferable. Employees or contractors of Suki (“Suki Personnel”) may be present at the Site from time to time to assess the functionality and performance of the Suki Technology and facilitate Customer’s internal evaluation of the Suki Technology.
2.2 For purposes of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), Suki is a business associate to Customer, and, simultaneously with agreeing to these Terms, Customer and Suki are entering into a HIPAA-compliant BAA that, among other things, permits Customer to transmit certain protected health information (as defined under HIPAA, “Protected Health Information” or “PHI”) regarding Customer’s patients to Suki, and will permit Suki to use such information as set forth in this Agreement. The BAA (set forth below) is incorporated herein.
2.3 Suki reserves the right make changes to these Terms at any time. Suki agrees to provide prompt written notice of such changes to Customer either directly or by posting notice of such change on the Suki website and Customer may terminate should you wish to discontinue the Suki Technology at that time. Your continued use of the Suki Technology constitutes your acceptance of the latest Terms.
3. ACCESS TO THE SUKI TECHNOLOGY
3.1 Subject to these Terms, Suki will make the Suki AI software-as-a-service platform (the “Suki Platform”) available to Customer via the Internet during the Term and hereby grants to Authorized Users of Customer a non-exclusive, non-sublicensable and non-transferable right to access and use the Suki Platform during the Term solely for internal business purposes, all in accordance with these Terms, the applicable Order and the Documentation. The Suki Platform (including any software that is provided in connection with the Suki Platform) are referred to collectively in this Agreement as the “Suki Technology.” Suki Technology may include technology of third parties which Suki is authorized to include as part of the Suki Platform.
3.2 Suki may temporarily suspend Customer’s or any Authorized User’s access to any portion of the Suki Technology if Suki reasonably determines that: (i) Customer or any Authorized User has breached this Agreement, or (ii) an event has occurred, or is likely to occur, that may create a risk to the Suki Technology, Customer or any other customer of Suki.
3.3 Suki may monitor Customer’s and Authorized Users’ use of the Suki Technology and compile statistical and performance information related to the operation of and provision of access to the Suki Technology for Suki’s internal use and other purposes.
3.4 Customer understands and agrees that Customer’s access to and use of the Suki Technology is dependent, in part, on access to certain third party integrations, including data obtained from Customer’s electronic medical record (“EMR”) provider, and Company may, among other things, withdraw, suspend, or discontinue any functionality or feature of the Suki Technology based on the actions of Customer or its EMR. In addition, Customer understands and agrees that access to and use of the Suki Technology is dependent, in part, on access to the UMLS® Metathesaurus®. Customer is required to obtain a license to the UMLS® Metathesaurus® prior to use of the Suki Technology and any use of vocabulary sources accessible through the UMLS® Metathesaurus® is subject to and conditioned upon such license. Suki has no responsibility for assisting Customer in obtaining such license and shall have no liability for any failure by Customer to obtain (or retain) such license.
4. RESTRICTIONS ON USE OF SUKI TECHNOLOGY
Customer’s use of the Suki Technology and the access rights granted in Section 2.1 are subject to the following restrictions: (a) the Suki Technology will be accessed or used only by employees or contractors of Customer authorized by Customer to access and use the Suki Technology and, in the case of the Suki Platform, solely using a user identifier and password provided or registered to Customer by Suki (such employees and contractors collectively, “Authorized Users”); (b) Customer will not provide a user identifier or password to access the Suki Technology to any party or person other than Authorized Users; (c) Customer will not reverse engineer, decompile, disassemble or otherwise create, attempt to create, or permit or assist any third party to create a source code version of the software underlying the Suki Technology; (d) Customer will not transfer, distribute, sell, resell, lease, sublease, license, sub-license or assign the Suki Technology or otherwise offer any of the Suki Technology for use on a service bureau, outsourced, or value added basis; (e) Customer will not use the Suki Technology to store or transmit material in violation of third-party intellectual property or privacy rights; (f) Customer will not interfere with or disrupt the integrity or performance of the Suki Technology or third-party data contained therein, (g) Customer shall not permit direct or indirect access to, or use of, the Suki Technology in a way that circumvents a contractual usage limit or access or use any of our intellectual property except as permitted under this Agreement, (h) Customer shall not frame or mirror any part of the Suki Technology, other than framing on Customer’s own intranets or otherwise for its internal business purposes (i) Customer shall not access the Suki Technology in order to build a competitive product or service or to benchmark with any product or service of a third party and (j) Customer will not use the Suki Technology to store or transmit viruses or other harmful or malicious code, files, scripts, agents or programs.
5. CUSTOMER RESPONSIBILITIES
Customer will (a) be responsible for each Authorized User’s compliance with this Agreement and use of the Suki Technology; (b) be solely responsible for the accuracy, quality, integrity and legality of any data and other information supplied to Suki by or on behalf of Customer in the course of using the Suki Technology, including any Protected Health Information (collectively, “Customer Data”) and Customer will be solely responsible for confirming and verifying the accuracy of all data, reports and documents (including clinical notes, orders, diagnoses and other clinical documentation and/or transcripts) produced by the Suki Technology; (c) use commercially reasonable efforts to prevent unauthorized access to or use of the Suki Technology and notify Suki promptly of any such unauthorized access or use; (d) use the Suki Technology solely in accordance with these Terms, the Documentation and instructions supplied by Suki, including any instructions provided by Suki Personnel, and all applicable laws, rules and regulations; and (e) cooperate with Suki as reasonably necessary to resolve errors and, if applicable, interruptions, related to the Suki Technology, including by providing access to same at the Site. Customer understands and agrees that access to the Suki Technology may require Customer’s EMR provider username and password.
6. SUKI RESPONSIBILITIES
Without limiting Section 12 below, Suki will (a) permit Customer to access all enhancements, updates, revisions, error corrections and upgrades pertaining to the Suki Technology that it generally makes available to its customers at no additional cost and (b) use commercially reasonable efforts to repair malfunctioning Suki Technology or, at Suki’s election and sole discretion, replace such malfunctioning Suki Technology with equivalent functioning Suki Technology. Suki Personnel will observe and comply with any security and safety policies generally applicable to Customer’s vendors and suppliers and provided to Suki Personnel in advance while at the Site. Customer may direct any support or update questions to their designated Suki representative.
7. CONFIDENTIALITY; FEEDBACK; PROPRIETARY RIGHTS
7.1 In connection with Customer’s use of the Suki Technology as permitted under this Agreement and other activities of the parties contemplated by this Agreement, either Suki or Customer (the “Disclosing Party”) may disclose to the other party (the “Receiving Party”) information of a proprietary or confidential nature. Any such information that is identified in writing as confidential at the time of disclosure or within thirty (30) days thereafter is referred to as “Confidential Information” of the Disclosing Party, provided, however, that reports and/or information related to or regarding the Disclosing Party’s business plans, business methodologies, strategies, technology, specifications, development plans, customers, prospective customers, patients, partners and products or services will be deemed Confidential Information of the Disclosing Party even if not so identified. For the avoidance of doubt, the Suki Technology and Documentation are the Confidential Information of Suki, and Customer Data are the Confidential Information of Customer. Confidential Information will not include (a) any information that is generally known to the public or in the trade or becomes so generally known without breach of this Agreement by the Receiving Party, (b) any information that was known to the Receiving Party prior to its receipt from the Disclosing Party, (c) any information that is disclosed to the Receiving Party by a third party who is not in violation of an obligation of confidentiality to the Disclosing Party in making such disclosure, (d) any information that is independently developed by the Receiving Party without use of the Confidential Information of the Disclosing Party or (e) De-Identified Data. Each of Suki and Customer, as the Receiving Party, agrees to use the Confidential Information of the Disclosing Party solely for the purpose of exercising its rights or performing its obligations under this Agreement and not to use it or make it available to anyone for any other purpose. Each party, as the Receiving Party, further agrees to maintain the confidentiality of the Confidential Information of the Disclosing Party and not to disclose it to anyone without the consent of the Disclosing Party, except for disclosures to employees and contractors of the Receiving Party having a need to know such information in connection with the exercise of the Receiving Party’s rights or the performance of the Receiving Party’s obligations under this Agreement (it being understood that any such employees and contractors will be bound by written agreements containing confidentiality and non-use provisions as protective of the Disclosing Party’s Confidential Information as set forth in this Agreement), and disclosures which may be required by law. In the event that the Receiving Party is required by law to make any disclosure of any of the Confidential Information of the Disclosing Party, by subpoena, judicial or administrative order or otherwise, the Receiving Party will first give written notice of such requirement to the Disclosing Party, and will permit the Disclosing Party to intervene in any relevant proceedings to protect such Confidential Information, and provide cooperation and assistance to the Disclosing Party in seeking to obtain such protection.
7.2 Customer may provide suggestions, comments and other feedback (“Feedback”) to Suki with respect to the Suki Technology and complete surveys about Authorized Users’ experiences with the Suki Technology. Suki will be free to use, disclose, reproduce and otherwise exploit the Feedback it receives in its sole discretion, and may proceed with the development of improvements, enhancements, updates or modifications to the Suki Technology based on such Feedback in its sole discretion.
7.3 Suki exclusively owns all right, title and interest in and to the Suki Technology, and all improvements, enhancements, updates or modifications thereto, whether or not developed based on Customer’s Feedback, and all intellectual property rights related to any of the foregoing. Except for those rights expressly granted to Customer under this Agreement, Suki reserves all right, title and interest in and to the Suki Technology and other Suki Confidential Information.
7.4 Customer owns and retains all right, title and interest in and to Customer Data. Customer hereby grants to Suki a non-exclusive license to copy, store, process, modify, display and otherwise use Customer Data to facilitate Customer’s internal evaluation of the Suki Technology during the Term and for the purposes of improving and further developing the Suki Technology. Suki’s use of Customer Data shall be subject to the Suki Privacy Policy which may be accessed at sukidev.flywheelstaging.com. In addition, (i) Suki may access Authorized User account(s), including without limitation Customer Data, to respond to service or technical problems and for the purpose of using the Customer Data for system tuning, grammar tuning, training of acoustic models and other models, tools and algorithms, and (ii) during and after the Term, Suki may copy, store, process, modify, disclose and otherwise use for any purpose data or other information provided to Suki under this Agreement that has been aggregated, de-identified and/or anonymized such that Customer, Authorized Users and Customer’s patients are not identified (any such data or information, “De-Identified Data”). Except for those rights granted to Suki under this Agreement, Customer reserves all right, title and interest in and to Customer Data and other Customer Confidential Information. Suki may retain a copy of any Customer Data for such period of time as required by law or otherwise in accordance with Suki’s data retention policies.
8. PAYMENT OF FEES
Customer will pay Suki all Fees in accordance with each Order, by the due dates and in the currency specified in the applicable Order. Fees are payable monthly in advance and full payment for Fees under each invoice must be received by Suki within thirty (30) days, unless otherwise set forth on the applicable Order. Suki reserves the right to change the Fees or applicable charges and to institute new charges and Fees at any time, upon thirty (30) days prior notice to Customer (which may be sent by email). Any unpaid Fees are subject to a finance charge of 1.5% per month or the maximum permitted by law, whichever is lower. Customer is responsible for all taxes related to the parties’ performance under or otherwise associated with these Terms, other than taxes based on Suki’s net income.
9. TERM
9.1 Subject to earlier termination as provided below, the term of this Agreement will commence on the Effective Date and continue for the Trial Term, if applicable, followed by the Initial Term specified in the Order, and shall be automatically renewed for additional periods of the same duration as the Initial Term (collectively the “Term”), unless either party requests termination at least thirty (30) days prior to the end of the then-current term. In addition, Customer may terminate the Agreement in the event Suki makes any material change in these Terms by providing written notice to Suki within thirty (30) days of any such material change. Either party may terminate this Agreement immediately upon written notice if the other party materially breaches this Agreement and such breach is not cured within fifteen (15) days after receipt of written notice specifying the breach. Notwithstanding the foregoing, Suki may terminate this Agreement at any time during the Trial Term specified in the Order by providing Customer with ten (10) days’ written notice.
9.2 Upon receipt of a request for a change in the Term in writing from Customer, Suki will determine, in its reasonable discretion, whether Suki can accommodate the change in the Term.
9.3 Upon termination or expiration of this Agreement, (a) each party (as the Receiving Party) will return to the Disclosing Party or destroy all written Confidential Information of the Disclosing Party in the possession of the Receiving Party and any other written material in the possession of the Receiving Party which embodies any Confidential Information of the Disclosing Party, and will not retain any copies, extracts or other reproductions in whole or in part of such written material; and (b) Suki will return or destroy Protected Health Information in its possession (unless such return or destruction is infeasible) in accordance with the terms of the BAA. Customer understands that once Suki Technology-processed Customer Data is submitted to Customer (including within its EMR system), Suki has no obligation to provide Customer any additional copies or files of such data. Sections 7, 8, 9.3 and 11 through 15 will survive the termination or expiration of this Agreement for any reason whatsoever. Suki may retain any De-Identified Data created by Suki.
10. REPRESENTATIONS AND WARRANTIES
10.1 Each party represents and warrants to the other party as of the Effective Date that (a) it is incorporated or organized and existing under the laws of its jurisdiction of incorporation or organization with full power and authority to enter into and perform this Agreement; (b) this Agreement has been duly authorized by all necessary corporate action and constitutes the binding obligation of such party enforceable in accordance with its terms, except as such enforceability may be limited by bankruptcy laws or other laws affecting the rights of creditors generally; (c) the person executing this Agreement on its behalf has actual authority to bind it to this Agreement; and (d) such party’s execution and performance of this Agreement does not and will not violate or conflict with any provision of such party’s governing corporate instruments or of any commitment, agreement or understanding that such party has or will have to or with any person or entity.
10.2 Customer represents, warrants and covenants that it has and will have all rights necessary and full legal authority to (a) submit Customer Data to the Suki Technology or otherwise provide Customer Data to Suki (including but not limited to all necessary patient consents (e.g., the patient notification that audio data may be recorded)), and (b) grant the rights in and to Customer Data as set forth in Section 7.4 of this Agreement.
11. INDEMNITY
11.1 Suki will defend Customer against any claim, demand, suit or proceeding made or brought against Customer by a third party alleging that any of the Suki Technology infringes any United States patent, any copyright or constitutes a misappropriation of such third party’s trade secret rights (a “Claim Against You”). Suki will indemnify Customer from any damages, attorney fees and costs finally awarded as a result of, or for amounts paid by Customer under a settlement approved by Suki in writing of, a Claim Against You, provided Customer shall; (a) promptly give Suki written notice of the Claim Against You, (b) give Suki sole control of the defense and settlement of the Claim Against You (except that we may not settle any Claim Against you unless it unconditionally releases you of all liability), and (c) give Suki all reasonable assistance, at our expense. Suki, at its option, may (i) modify the Suki Technology so that it no longer infringes, (ii) obtain a license for your continued use of the Suki Technology in accordance with this Agreement, or (iii) terminate your access to the Suki Technology and refund you any prepaid Fees covering the remainder of the Term of the terminated subscriptions. The above defense and indemnification obligations do not apply to the extent a Claim Against You arises from Customer Data or use of the Suki Technology in violation of this Agreement or applicable Orders.
11.2 Customer will defend Suki against any claim, demand, suit or proceeding made or brought by a third party: (i) alleging that any Customer Data infringes or misappropriates third party’s rights, including intellectual property rights, (ii) arising from use of the Suki Technology in violation of these Terms, an Order or applicable law (each a “Claim Against Us”), or (iii) based on a claim that Customer improperly disclosed PHI to Suki. In addition, Customer will indemnify Suki from any damages, attorney fees and costs finally awarded against Suki as a result of, or for any amounts paid by Suki under a settlement approved by Customer in writing of, a Claim Against Us, provided we; (a) promptly give you written notice of the Claim Against Us, (b) give you sole control of the defense and settlement of the Claim Against Us (except that you may not settle any Claim Against Us unless it unconditionally releases us of all liability), and (c) give you all reasonable assistance, at Your expense.
11.3 This Section 11 states the indemnifying party’s sole liability to, and the indemnified party’s exclusive remedy against, the other party for any type of claim described in this Section 11.
12. DISCLAIMER
CUSTOMER EXPRESSLY AGREES THAT ITS USE OF THE SUKI TECHNOLOGY IS AT ITS SOLE RISK AND THAT THE SUKI TECHNOLOGY IS PROVIDED “AS IS” AND “AS AVAILABLE” WITHOUT WARRANTY OF ANY KIND FROM SUKI. SUKI, ON BEHALF OF ITSELF AND ANY THIRD PARTY LICENSORS, (I) HEREBY DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT AND TITLE (II) DOES NOT GUARANTEE THAT THE SUKI TECHNOLOGY WILL MEET ANY OR ALL OF CUSTOMER’S REQUIREMENTS OR OPERATE IN AN UNINTERRUPTED OR ERROR-FREE FASHION OR WITHOUT LOSS OF DATA, AND (III) DISCLAIMS ANY AND ALL LIABILITY RESULTING FROM OR RELATED TO ANY SUCH INTERRUPTION, LOSS OR ERROR.
CUSTOMER FURTHER UNDERSTANDS AND AGREES THAT (A) CUSTOMER IS RESPONSIBLE FOR FINAL REVIEW OF SUKI TECHNOLOGY-PROCESSED CUSTOMER DATA INCLUDING ANY CLINICAL NOTES, ORDERS, DIAGNOSES AND OTHER CLINICAL DOCUMENTATION AND/OR TRANSCRIPTS GENERATED BY THE SUKI TECHNOLOGY PRIOR TO INPUTTING THE SAME IN CUSTOMER’S EMR AND/OR RELYING THEREON, (B) SUKI SHALL NOT HAVE ANY LIABILITY WHATSOEVER FOR THE ACCURACY OR COMPLETENESS OF SUKI TECHNOLOGY-PROCESSED CUSTOMER DATA OR FOR ANY DECISION MADE OR ACTION TAKEN BY CUSTOMER (OR ANY AUTHORIZED USER) IN RELIANCE UPON ANY SUKI TECHNOLOGY-PROCESSED CUSTOMER DATA AND (C) SUKI IS NOT AN EMR PROVIDER AND THE SUKI TECHNOLOGY AND SUKI PLATFORM ARE NOT EMR SYSTEMS.
13. LIMITATION OF LIABILITY
UNDER NO CIRCUMSTANCES AND UNDER NO LEGAL THEORY (WHETHER BASED IN CONTRACT, TORT, STRICT LIABILITY OR OTHERWISE) WILL SUKI (INCLUDING ANY THIRD PARTY LICENSORS ) BE LIABLE FOR (A) ANY INDIRECT, PUNITIVE, INCIDENTAL, SPECIAL OR CONSEQUENTIAL DAMAGES (INCLUDING LOST PROFITS) OR (B) ANY OTHER DAMAGES IN EXCESS OF THE AGGREGATE FEES PAID TO SUKI UNDER THIS AGREEMENT OR $100, WHICHEVER IS GREATER, EVEN IF SUKI HAS BEEN ADVISED OF THE POSSIBILITY OF DAMAGES.
14. MISCELLANEOUS
The terms and conditions of this Agreement (including the Order, BAA included herein) supersede and replace all prior or contemporaneous understandings or agreements, written or oral, regarding such subject matter between the parties and apply to the exclusion of any other terms or conditions that either party seeks to impose or incorporate or that are implied by course of dealing.
14.1 Suki may assign or transfer this Agreement or its rights or obligations hereunder. Customer may not assign this Agreement or its rights or obligations hereunder without the prior written consent of Suki. Any attempted assignment, delegation or transfer of this Agreement in violation of the foregoing will be null and void. Subject to the foregoing, this Agreement will be binding on the parties and their permitted successors and assigns.
14.2 If any provision of this Agreement is found to be unenforceable or invalid, that provision will be limited or eliminated to the minimum extent necessary so that this Agreement will otherwise remain in full force and effect and enforceable. Failure by either party to enforce any provision of this Agreement will not be deemed a waiver of future enforcement of that or any other provision.
14.3 This Agreement and any dispute arising hereunder will be governed by the laws of the State of California, without regard to the conflicts of law provisions thereof. For all purposes under this Agreement each party will be and act as an independent contractor and will not bind nor attempt to bind the other to any contract. Any notices in connection with this Agreement will be in writing and sent to the address specified in this Agreement (with notices to Suki being sent to the attention of “Legal”) or such other address as may be properly specified by written notice hereunder.
14.4 Neither party will originate any publicity, issue any news release or make any other public announcement, written or oral, relating to this Agreement or the existence of an arrangement between the parties, without the prior written consent of the other party, except that (i) each party (after consultation with the other party and counsel) may make such announcements and disclosures as may be required by law and (ii) Suki may publicly refer to Customer by name and use Customer’s trademark and logo as part of Suki’s customer lists, provided, however, that customer may withdraw this consent at any time and in its sole discretion.
14.5 Certain Third-Party Products (as identified in the Third-Party Terms) are subject to alternative terms and conditions that can be viewed at sukidev.flywheelstaging.com/legal (“Third Party Terms”), which are incorporated by reference. Such Third-Party Terms apply only to those Third-Party Products with which they are expressly identified. EXCEPT AS OTHERWISE EXPRESSLY SET FORTH IN THE THIRD-PARTY TERMS, ALL THIRD-PARTY PRODUCTS ARE PROVIDED “AS IS” AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT ARE DISCLAIMED.
15. DEFINITIONS. Certain capitalized terms are defined in this Section 15, and others are defined contextually in these Terms.
“Documentation” means the printed and digital instructions, on-line help files, technical documentation and user manuals made available by Suki for the Suki Technology.
“Fees” means the fees set forth on the Order, including any shipping or other delivery costs associated with the Suki Technology.
“Initial Term” means your initial paid subscription period for the Suki Technology, as set forth in the applicable Order.
“Order” means Suki’s applicable online order page(s), Trial Term communications, flows, in-product screens or other Suki-approved ordering document or process describing the products and services you are ordering from us and, as applicable, their permitted scope of use. As applicable, the Order will identify: (i) the Suki products and services, (ii) the number of Authorized Users, the Term and (iii) (for paid Orders) the amount or rate you will be charged, the billing and renewal terms, applicable currency, and form of payment. Orders may also include No-Charge Products.
“Our Policies” means our Terms of Use, Privacy Policy, Acceptable Use Policy, Third Party Terms for certain third party code in the Suki Technology, and any other policies or terms referenced in these Terms.
“No-Charge Products” means free accounts, evaluations, trial use, beta versions and any other offers for access to any portion of the Suki Technology at no charge.
Business Associate Agreement
This Business Associate Agreement (this “BAA”) is entered into as of the Effective Date, by and between Customer (the “Covered Entity”) and Suki (“Business Associate,” and Covered Entity and Business Associate collectively, the “Parties” and individually, a “Party”).
BACKGROUND
WHEREAS, the Parties are entering into a Technology Services Agreement (the “Services Agreement”), pursuant to which Business Associate will provide certain services (“Services”) to Covered Entity;
WHEREAS, as a result of providing the Services, Business Associate may have access to certain Protected Health Information and Business Associate may be considered a “business associate” of Covered Entity as defined in the HIPAA Rules (defined below); and
WHEREAS, the Parties wish to address the requirements of the HIPAA Rules and ensure that Business Associate will establish appropriate safeguards, including without limitation certain administrative requirements, with respect to such Protected Health Information.
NOW, THEREFORE, in consideration of the foregoing and the covenants and promises contained in this BAA and the Services Agreement, the Parties agree as follows.
1. DEFINITIONS
a. Terms Defined in the HIPAA Rules. The following terms used in this BAA shall have the same meaning as those terms in the HIPAA Rules: Breach, Data Aggregation, Designated Record Set, Disclosure, Health Care Operations, Individual, Notice of Privacy Practices, Protected Health Information, Required By Law, Secretary, Security Incident, Subcontractor, Unsecured Protected Health Information and Use.
b. Business Associate. “Business Associate” shall generally have the same meaning as the term “business associate” at 45 CFR 160.103, and in reference to a Party to this BAA shall mean SUKI AI, Inc.
c. Covered Entity. “Covered Entity” shall generally have the same meaning as the term “covered entity” at 45 CFR 160.103, and in reference to a Party to this BAA shall mean the entity identified above as “Covered Entity.”
d. HIPAA Rules. “HIPAA Rules” shall mean the Privacy, Security, Breach Notification and Enforcement Rules at 45 CFR Part 160 and Part 164.
e. Unsuccessful Security Incidents. “Unsuccessful Security Incidents” shall mean, without limitation, pings and other broadcast attacks on Business Associate’s firewall, port scans, unsuccessful log-on attempts, denial of service attacks, and any combination of the foregoing, as long as no such incident results in unauthorized access, acquisition, Use or Disclosure of Protected Health Information.
2. OBLIGATIONS AND ACTIVITIES OF BUSINESS ASSOCIATE
Business Associate agrees to:
a. Not use or disclose Protected Health Information other than as permitted or required by this BAA or the Services Agreement or as Required By Law;
b. Use appropriate safeguards, and comply with Subpart C of 45 CFR Part 164 with respect to electronic Protected Health Information, to prevent Use or Disclosure of Protected Health Information other than as provided for by this BAA;
c. Report to Covered Entity any Use or Disclosure of Protected Health Information not provided for by this BAA of which it becomes aware, including Breaches of Unsecured Protected Health Information as required at 45 CFR 164.410, and any Security Incident of which it becomes aware, provided that notice is hereby deemed given for Unsuccessful Security Incidents and no further notice of such Unsuccessful Security Incidents shall be given;
d. In accordance with 45 CFR 164.502(e)(1)(ii) and 164.308(b)(2), if applicable, ensure that any Subcontractors that create, receive, maintain or transmit Protected Health Information on behalf of Business Associate agree to the same restrictions, conditions and requirements that apply to Business Associate with respect to such information;
e. Make available Protected Health Information in a Designated Record Set to Covered Entity as necessary to satisfy Covered Entity’s obligations under 45 CFR 164.524;
f. Make any amendment(s) to Protected Health Information in a Designated Record Set as directed or agreed to by Covered Entity pursuant to 45 CFR 164.526, or take other measures as necessary to satisfy Covered Entity’s obligations under 45 CFR 164.526;
g. Maintain and make available the information required to provide an accounting of Disclosures to Covered Entity as necessary to satisfy Covered Entity’s obligations under 45 CFR 164.528;
h. To the extent Business Associate is to carry out one or more of Covered Entity’s obligation(s) under Subpart E of 45 CFR Part 164, comply with the requirements of Subpart E that apply to Covered Entity in the performance of such obligation(s); and
i. Make its internal practices, books and records available to the Secretary for purposes of determining compliance with the HIPAA Rules.
3. OBLIGATIONS AND RESPONSIBILITIES OF COVERED ENTITY
Covered Entity agrees to:
a. Comply fully with all of its obligations under the HIPAA Rules;
b. Notify Business Associate of any limitation(s) in Covered Entity’s Notice of Privacy Practices under 45 CFR 164.520, to the extent that such limitation(s) may affect Business Associate’s Use or Disclosure of Protected Health Information;
c. Notify Business Associate of any changes in, or revocation of, the permission by an Individual to use or disclose his or her Protected Health Information, to the extent that such changes may affect Business Associate’s Use or Disclosure of Protected Health Information;
d. Notify Business Associate in writing of any restriction on the Use or Disclosure of Protected Health Information that Covered Entity has agreed to or is required to abide by under 45 CFR 164.522, to the extent that such restriction may affect Business Associate’s Use or Disclosure of Protected Health Information; and
e. Not request Business Associate to use or disclose Protected Health Information in any manner that would not be permissible under Subpart E of 45 CFR Part 164 if done by Covered Entity, provided, however, that this provision shall not be interpreted to restrict Business Associate from using Protected Health Information for Data Aggregation or management and administration and legal responsibilities of Business Associate, as permitted by this BAA.
4. PERMITTED USES AND DISCLOSURES BY BUSINESS ASSOCIATE
a. Business Associate may only use or disclose Protected Health Information as necessary to perform the Services pursuant to the Services Agreement.
b. Business Associate may use or disclose Protected Health Information as (1) Required By Law and/or (2) if Business Associate obtains reasonable assurances from the person to whom the information is disclosed that it will remain confidential and used or further disclosed only as Required by Law or for the purpose or which it was disclosed to the person, and the person notifies Business Associate of any instances of which it is aware in which the confidentiality of such information has been breached.
c. Business Associate may not use or disclose Protected Health Information in a manner that would violate Subpart E of 45 CFR Part 164 if done by Covered Entity, except for the specific Uses and Disclosures set forth below in Sections 0 d, e and f.
d. Business Associate may use Protected Health Information for the proper management and administration of Business Associate, as set forth in the Services Agreement, or to carry out the legal responsibilities of Business Associate.
e. Business Associate may provide Data Aggregation services relating to the Health Care Operations of Covered Entity.
f. Business Associate may de-identify the Protected Health Information in accordance with section 164.502(d) of the HIPAA Rules and use, modify and disclose such de-identified data for any legal purpose.
g. Business Associate may engage Subcontractors located outside the United States in connection with the Services.
5. TERM AND TERMINATION
a. Term. The term of this BAA shall be effective as of the Effective Date and shall terminate upon the earlier of (i) termination or expiration of the Service Agreement or (ii) termination of this BAA under Section b or c below.
b. Termination for Cause by Covered Entity. Notwithstanding any provision in the Service Agreement to the contrary, a breach by Business Associate of any provision of this BAA, as reasonably determined by Covered Entity, shall constitute a material breach of this BAA and the applicable Sections of any Service Agreement. Upon Covered Entity’s knowledge of a breach or violation of this BAA by Business Associate, Covered Entity shall provide notice to Business Associate thereof and require Business Associate to cure the breach or end the violation. If Business Associate does not cure the breach or end the violation within the reasonable period of time specified by Covered Entity in the notice, or if no cure or end of violation is possible, Covered Entity shall either (i) immediately terminate this BAA (and applicable Sections of any Service Agreement) upon written notice to Business Associate or (ii) if termination is not feasible, Covered Entity shall report the violation to the Secretary.
c. Termination for Cause by Business Associate. Upon Business Associate’s knowledge of a pattern of activity or practice of Covered Entity that constitutes a material breach or violation of Covered Entity’s obligations under this BAA or other arrangement and provision of notice thereof to Covered Entity, Covered Entity must take reasonable steps to cure the breach or end the violation. If Covered Entity does not cure the breach or end the violation, Business Associate shall either (i) immediately terminate this BAA (and applicable Sections of any Service Agreement) upon written notice to Business Associate or (ii) if termination is not feasible, Business Associate shall report the violation to the Secretary.
d. Obligations Upon Termination.
i. Except as provided in subsection (ii) and (iii) below, upon termination of this BAA for any reason, Business Associate shall return or destroy or cause to be returned or destroyed all Protected Health Information in its possession or in the possession of Subcontractors or agents of Business Associate. For clarity, Business Associate shall retain no copies of the Protected Health Information subject to Section 5(d)(ii).
ii. In the event that Business Associate determines that returning or destroying the Protected Health Information is infeasible, Business Associate shall extend the protections of this BAA to such Protected Health Information and limit further Uses and Disclosures of such Protected Health Information to those purposes that make the return or destruction infeasible. The obligations of this subsection (ii) only last as long as Business Associate maintains or retains any Protected Health Information.
iii. For the avoidance of doubt, Business Associate’s obligations to return and/or destroy the Protected Health Information as set forth in Section a.i shall not apply to any Protected Health Information which has been de-identified in accordance with the requirements of the HIPAA Rules, and Covered Entity acknowledges and agrees that Business Associate shall be free to continue to use de-identified data without restriction after the termination or expiration of this BAA.
e. Survival. Sections 5 and 6 of this BAA shall survive any termination of this BAA.
6. MISCELLANEOUS
a. Regulatory References. A reference in this BAA to a section in the HIPAA Rules means the section in effect or as amended.
b. Amendment. The Parties agree to take such action as is necessary to amend this BAA from time to time as is necessary for Covered Entity to comply with the requirements of the HIPAA Rules.
c. Interpretation. Any ambiguity in this BAA shall be resolved in favor of a meaning that permits compliance with the HIPAA Rules.
d. Complete Integration. This BAA, along with the applicable provisions in the Services Agreement, constitute the entire agreement between the Parties and supersedes all prior negotiations, discussions, representations or proposals, whether oral or written, unless expressly incorporated herein, related to the subject matter of this BAA. Unless expressly provided otherwise herein, this BAA may not be modified unless in writing signed by the duly authorized representatives of both Parties. If any provision or part thereof is found to be invalid, the remaining provisions shall remain in full force and effect.
e. No Third Party Beneficiaries. Except as expressly provided for in the Privacy Rule, there are no third-party beneficiaries to this BAA. Business Associate’s obligations are to Covered Entity only.
f. Successors and Assigns. Neither Party may assign, delegate or otherwise transfer, in whole or in part, by operation of law or otherwise, this BAA without the prior written consent of the non-assigning Party, which approval shall not be unreasonably withheld. Notwithstanding the preceding, Covered Entity or Business Associate may assign this BAA to a successor entity whether by merger, consolidation, sale of substantially all of its assets, license, operation of law or otherwise without the other Party’s consent. In the case of any permitted assignment or transfer, this BAA will inure to the benefit of and be binding upon the successors, executors, heirs, representatives, administrators and assigns of the Parties hereto. Any attempted assignment, delegation or transfer in violation of the foregoing will be null and void.
g. Mediation. Any dispute, claim, or controversy between the Parties arising under or related to this BAA or the breach, termination, enforcement, interpretation or validity thereof, shall be resolved according to the laws of California and through the following procedures:
i. The Parties shall first attempt in good faith to resolve any dispute arising out of or relating to this BAA promptly by negotiation between executives who have authority to settle the controversy and who are at a higher level of management than the persons with direct responsibility for administration of this BAA. Any Party may give the other Party written notice of any dispute not resolved in the normal course of business. Within 15 days after delivery of such notice, the receiving Party shall submit to the other Party a written response. The notice and response shall include with reasonable particularity (A) a statement of each Party’s position and a summary of arguments supporting that position, and (B) the name and title of the executive who will represent that Party and of any other person who will accompany the executive. Within 30 days after delivery of the notice, the executives of both Parties shall meet at a mutually acceptable time and place; if no such place can be agreed upon, the Parties shall meet via video-conference.
ii. The above-described negotiation shall end at the close of the second meeting of executives described above. Such closure shall not preclude continuing or later negotiations, if desired.
iii. All offers, promises, conduct and statements, whether oral or written, made in the course of the negotiation by any of the Parties, their agents, employees, experts and attorneys are confidential, privileged and inadmissible for any purpose, including impeachment, in arbitration or other proceeding involving the Parties, provided that evidence that is otherwise admissible or discoverable shall not be rendered inadmissible or non-discoverable as a result of its use in the negotiation.
iv. If the matter is not resolved by negotiation pursuant to the above paragraphs, only then will the matter proceed to non-binding mediation as set forth in this subsection (ii).
v. The Parties agree that any and all disputes, claims or controversies arising out of or relating to this BAA shall be submitted to JAMS or its successor for mediation. Either Party may commence non-binding mediation by providing to JAMS and the other Party a written request for mediation, setting forth the subject of the dispute and the relief requested.
vi. The Parties will cooperate with JAMS and with one another in selecting a mediator from the JAMS panel of neutrals and in scheduling the mediation proceedings. The Parties agree that they will participate in the mediation in good faith and that they will share equally in its costs.
vii. All offers, promises, conduct and statements, whether oral or written, made in the course of the mediation by any of the Parties, their agents, employees, experts and attorneys, and by the mediator or any JAMS employees, are confidential, privileged and inadmissible for any purpose, including impeachment, in any arbitration or other proceeding involving the Parties, provided that evidence that is otherwise admissible or discoverable shall not be rendered inadmissible or non-discoverable as a result of its use in the mediation.
viii. All applicable statutes of limitation and defenses based upon the passage of time shall be tolled until 15 days after the earliest initiation date. The Parties will take such action, if any, required to effectuate such tolling.
ix. If the matter is not resolved by negotiation or non-binding mediation pursuant to the above paragraphs, only then will the matter proceed to litigation.
Governing Law and Venue. This BAA and the rights of the Parties shall be governed by and construed in accordance with Federal law as it pertains to the subject matter and shall be governed by and construed in accordance with the laws of California as it pertains to contract formation and interpretation, without giving effect to its conflict of laws. The Parties agree that any appropriate state court sitting in San Mateo County, California or any Federal Court sitting in the United States District Court for the Northern District of California shall have exclusive jurisdiction of any case or controversy arising under or in connection with this BAA that is not subject to the procedures set forth in Section 6(g) above and shall be a proper forum in which to adjudicate such case or controversy. Each Party irrevocably consents to the jurisdiction of such courts, and irrevocably waives, to the fullest extent permitted by law, the defense of an inconvenient forum to the maintenance of such suit, action or proceeding in any such court and further waives the right to object, with respect to such suit, action or proceeding, that such court does not have jurisdiction over such Party.
