Customer Terms of Service

PLEASE RETAIN A COPY OF THIS AGREEMENT FOR YOUR RECORDS

The following Customer Terms of Service are entered into between the entity you represent (“Customer”) and Anatomy Financial, Inc. (“Anatomy”). These Customer Terms of Service , together with any Exhibit(s), are hereinafter referred to as the “Agreement.”

  1. General. The individual (“you”) providing information regarding Customer, providing an email address, and clicking “Accept,” and accessing the Services (defined below), represents and warrants that you are duly authorized to enter into and bind Customer to the terms of this Agreement. You acknowledge and agree that that you have read and understood this Agreement. By Clicking “Accept”, and accessing the Services, you acknowledge and agree that you are binding Customer to the terms of this Agreement, and that this Agreement, as modified from time to time by Anatomy (as provided below in Section 18), will remain in effect for the duration of Customer’s use or receipt of any Services. Do not click “Accept”, or download, or otherwise access the Services unless you are authorized by Customer to bind Customer to the terms of this Agreement. Anatomy reserves the right to request additional documentation regarding your authority to enter into this Agreement as Customer’s representative.
  2. Privacy Policy. By entering into this Agreement, Customer agrees to be bound by Anatomy’s Privacy Policy at www.anatomy.com/privacy-policy.
  3. Anatomy Services.
  1. 3.1. Anatomy provides a platform (the “Anatomy Platform”) through which Customer end users (“End Users”) can access Anatomy’s services offerings (the “Services”), including the ability to view certain financial data, convert Explanation of Benefit documents into standard EDI formats, reconcile payments related to Customer, the ability open accounts and process certain financial transactions through Anatomy’s partner bank (“Bank”) using the Anatomy Platform, and the ability to access other features and services that Anatomy may make available from time to time which are subject to additional terms such as those provided or supported by third party service providers including Lockbox Services and RDC Services.
  2. 3.2. Subject to the terms and conditions of this Agreement, Anatomy will provide Customer with access to the Services through the internet. The Services are subject to modification, alteration, substitution, or discontinuance at any time at Anatomy’s sole discretion (“Service Modifications”). Anatomy will generally endeavor to provide notification of any material Service Modification via a posting on the Anatomy Platform or written communication.
  3. 3.3. The Services are intended to generally be available twenty-four (24) hours a day, seven (7) days a week; however, that Anatomy does not guaranty availability or uninterrupted operation of the Services. For example, the Services may not be available for updates or scheduled or emergency maintenance. Subject to the terms hereof, Anatomy will provide reasonable support to Customer for the Services from Monday through Friday during Anatomy's normal business hours.
  1. 3.4. Anatomy reserves the right to suspend or terminate Customer’s access to the Services if Anatomy suspects or believes: (a) Customer is in breach of this Agreement, including failure to pay any amounts due to Anatomy, or (b) Customer is or Anatomy reasonably suspects Customer is engaging in unlawful conduct, willful misconduct, or fraud.
  2. 3.5. Anatomy provides access to Customer’s Bank Account(s) (defined below) and the ability to conduct certain transactions for such Bank Account(s) and to access to Bank’s products and services associated with such Bank Account(s) (such Accounts, products, and services, “Bank Services”). Anatomy is responsible for transactions or attempts to conduct transactions on the Anatomy Platform. Our partner Bank is responsible for transactions conducted on Bank Account(s) only after a transaction attempt has been successfully and accurately transmitted to the Partner Bank from the Anatomy Platform through Customer’s use of the Services.
  1. Identifying Information. Anatomy provides the opportunity for customers to open Bank account(s) at our partner Bank through the Services for which Anatomy collects certain identifying information about Customer and the individual authorized by Customer to open Bank accounts (both the individual and Customer information are collectively referred to as the “Account Information”) to allow Bank to comply with applicable laws and regulations. Account Information may include (a) for the Customer: Customer’s legal name, d/b/a, state of organization, employer identification number (EIN), physical address, beneficial owners, other contact information, and other information regarding the Customer and how account(s) will be utilized and (b) for the authorized individual opening the Bank account(s) for Customer:that individual’s name, social security number (SSN), date of birth, physical address, email address, phone number, ownership percentage (if applicable), and role with Customer. Customer hereby grants Anatomy an unrestricted, perpetual, irrevocable, non-exclusive, fully-paid, royalty-free right and license to use Account Information, and Customer authorizes Anatomy to provide the Account Information to (x) its partner Bank to provide Bank Account(s) and (y) to Anatomy’s other third party service providers as necessary to provide the Services. Anatomy may also obtain personal information from third parties in order to verify your identity or that of End Users or other Customer representatives, or to prevent fraud. Customer hereby authorizes Anatomy, Bank, and/or a third-party service provider that we designate, to take any measures that we consider necessary to confirm the personal information provided and to verify and authenticate such personal information, and take any action we deem necessary based on the results. This process may result in a delay in establishing Bank Account(s) or access to the Services, and Customer may not be authorized to access or use Bank Account(s) or the Services until information has been successfully verified. Each of you and Customer agree that the information you provide to Anatomy is accurate, complete, and not misleading, and that Customer will keep such information accurate and up to date at all times.
  2. Communications.
    5.1. Text Messaging, Phone Calls, & Other Messaging. Customer agrees that Anatomy, our partner Bank, and those acting on either Anatomy or partner Bank’s behalf (including third party service providers) may call, send Customer representatives text (SMS) messages at the phone number Customer provides us, and message such Customer representatives through other applications to which Customer may separately consent to through the Services. These calls and messages may include operational calls or messages about use of the Services, Bank Account(s), or that otherwise help us to provide the Services. Calls and text messages may be sent using an automatic telephone dialing system. Standard data and message rates may apply whenever Customer sends or receive such calls or messages, as specified by Customer’s carrier. Customer’s agreement to receive calls and texts pursuant to this paragraph is a condition of receiving the Services. Customer’s consent to receive calls and texts pursuant to this paragraph is not a consent to receive marketing calls and texts. Any such consent will be separately obtained by Anatomy and is not condition of any purchase of or use of the Services.
    5.2 Email. Anatomy may send Customer emails concerning our products and services, as well as those of third parties. Customer may opt out of promotional emails by following the unsubscribe instructions set forth in the promotional email.
  3. Third-Party Terms (Including Partner Bank Terms).
    6.1. Third-Party Services and Linked Websites. Anatomy may provide tools and interfaces through the Services that enable Customer to import or export information from or to third-party services or allow Customer to interact with our third party service providers. By using these tools or interfaces, Customer hereby authorizes Anatomy to transfer that information to the applicable third party service providers. If Customer uses these tools or services to link bank accounts to the Anatomy Platform, Customer will be asked to provide Customer’s separate log-in credentials to Anatomy’s service provider, and Customer grants Anatomy permission to access and display such non-Anatomy related account information. Access and display of non-Anatomy related account information is not a Banking Service provided by partner Bank. Third-party service providers are not under Anatomy’s control, and, to the fullest extent permitted by law, Anatomy is not responsible for any use of Customer’s exported information by third party service providers. The Services may also contain links to third-party websites. Linked websites are not under Anatomy’s control, and Anatomy is not responsible for their content. Customer should carefully review the terms of use and privacy policy of any third party service providers before Customer shares any information with such third party service providers. Once sharing of information occurs, Anatomy will have no control over the information that has been shared.
    6.2. Bank Services. When Customer accesses the Services, Customer may be presented with the opportunity to open bank account(s) (“Bank Account(s)”) with an Anatomy partner Bank. If Customer elects to establish Bank Account(s), Customer understands and agrees that such Bank Account(s) will be opened at the partner Bank and not at Anatomy. Anatomy is a financial technology services provider and not a bank. Customer understands and acknowledges that funds deposited to Bank Account(s) are deposits at the applicable partner Bank made through the Services by methods allowed by the applicable partner Bank, and that any such funds are deposited directly with the applicable Bank and are held in Customer’s Bank Account(s) established at that partner Bank. Customer acknowledges that other Bank Services may also be made available by Bank. 
    6.3. Bank Account Terms. Customer acknowledges that prior to establishing Bank Account(s) with a partner Bank Customer must review and agree to separate account and services terms with that Bank. The applicable terms for our current partner Banks and the respective demand deposit account types are linked below:
      6.3.1. Live Oak Banking Company (“Live Oak Bank”).
         6.3.1.1. Prior to opening a Bank Account, please review Live Oak Bank’s Live Oak Anatomy Business Deposit Account Terms and Conditions (available here). Live Oak Bank does not allow cash deposits. Customer must link an existing bank account at a third-party institution to an account verification service provided by a third-party provider, and once the account is verified, Customer may initiate a transfer to initially fund the account.
      6.3.2. If Customer obtains a product from Live Oak Bank that pays interest on Customer’s funds, information regarding the interest rates on the account type can be found here: https://anatomy.com/rates
    6.4. Lockbox Services.  As part of the Services, Customer may elect to obtain physical lockbox services (“Lockbox Services”) that are supported by Anatomy’s third party lockbox service provider (“Lockbox Provider”). Lockbox Services are provided in accordance with the standard processes and procedures of Lockbox Service Provider, as further described in an applicable order form or statement of work, and are subject to the terms set forth in this Agreement with respect to Services. Customer must be approved by partner Bank to utilize Lockbox Services in conjunction with an Anatomy-related bank account.
    6.5. RDC Services.  As part of the Services, Customer may elect to obtain remote deposit capture services (“RDC Services”) that are supported by Anatomy’s third party lockbox service provider (“RDC Provider”).  RDC Services are provided in accordance with the standard processes and procedures of RDC Service Provider, as further described in an applicable order form or statement of work, and are subject to the terms set forth in this Agreement with respect to Services. Customer must be approved by partner Bank to utilize RDC Services in conjunction with an Anatomy-related bank account.
    6.6. Third-Party Software. The Services may include or incorporate third-party software components that are generally available free of charge under licenses granting recipients broad rights to copy, modify, and distribute those components (“Third-Party Components”). Although the Services are provided to you subject to the terms of this Agreement, nothing in this Agreement prevents, restricts, or is intended to prevent or restrict Customer from obtaining Third-Party Components under the applicable third-party licenses or to limit Customer’s use of Third-Party Components as licensed under those third-party licenses.
  4. Restrictions and Responsibilities.
    7.1. Customer will not, and will not permit its End Users or any third party to: (i) reverse engineer, decompile, disassemble or otherwise attempt to discover or obtain the source code, object code or underlying structure, ideas or algorithms of the Services or any software, documentation or data related to or used in connection with provision of the Services by Anatomy or its third party service providers (“Software”) provided that reverse engineering is prohibited only to the extent such prohibition is not contrary to applicable law; (ii) modify, translate, or create derivative works based on the Services or Software; (iii) use the Services or Software for timesharing or service bureau purposes or for any purpose other than its own internal use for its own internal benefit; (iv) use the Software or Services in any infringing, defamatory, harmful, fraudulent, illegal, deceptive, threatening, harassing, or obscene way; (v) use the Services or Software and subsequently develop or sell software that bears similarity to our Software or Services; or (vi) use the Services or Software other than in accordance with this Agreement and in compliance with all applicable laws, regulations and rights (including but not limited to those related to privacy (including, without limitation, in Europe), intellectual property, consumer and child protection, SPAM, text messaging, obscenity, defamation and anti-money laundering regulation).  
    7.2. Customer will cooperate with Anatomy in connection with the performance of this Agreement by making available such personnel, materials and information as may be reasonably required, and taking such other actions as Anatomy may reasonably request. Customer will also cooperate with Anatomy in establishing a password or other procedures for verifying that only designated employees of Customer have access to any administrative functions of the Services and will cooperate with Anatomy and its third party service providers in connection with any investigation of fraudulent or unlawful activity.
    7.3. Customer will designate an employee who will be responsible for all matters relating to this Agreement (“Primary Contact”). Customer may change the individual designated as Primary Contact at any time by providing written notice to Anatomy.  
    7.4. Customer hereby agrees to indemnify and hold harmless Anatomy and its officers, directors, employees, agents, successor and assigns from and against any damages, losses, liabilities, settlements and expenses (including without limitation costs and attorneys' fees) in connection with any claim or action that arises from an alleged violation of Customer’s obligations under this Section 7 or under Section 19, or that otherwise arises from Customer’s acts or omissions or use of Services. In addition, Customer shall be responsible for and shall reimburse Anatomy for all losses and expenses directly suffered or incurred by Anatomy as a consequence of Customer’s breach of its obligations under this Section 7 or under Section 19 or which otherwise result from matters for which Customer is directly responsible, including breach of Customer systems and data.  Although Anatomy has no obligation to monitor the content provided by Customer or Customer’s use of the Services, Anatomy may do so and may remove any such content or prohibit any use of the Services it believes may be (or alleged to be) in violation of the restrictions set forth in Section 7 or Section 19 or applicable law.
    7.5. When Customer creates an Anatomy account, Customer will be asked to create a password and to provide additional contact information such as a cell phone number for multi-factor authentication (“MFA”). Customer is solely responsible for maintaining the confidentiality of Customer’s account, password, and any MFA information, and Customer accepts responsibility for all activities that occur under Customer’s Anatomy account and Customer’s Bank Account(s). If Customer believes that Customer’s Anatomy account is no longer secure, Customer must notify Anatomy at [insert email and phone number]. Without limiting the foregoing, Customer will be responsible for maintaining the security of Customer account, passwords (including but not limited to administrative and user passwords) and files, and for all uses of Customer’s account with or without Customer's knowledge or consent.  Anatomy and its third party service providers shall be entitled to rely on all instructions and data provided by Customer, including oral (including telephonic) instructions, and Customer shall be responsible for any losses or liabilities that result from erroneous instructions.  While Customer should provide written confirmation of oral instructions, Anatomy and its third party service providers may, but are not required to, act on such oral instructions in the absence of such written confirmation.
    7.6. Customer acknowledges and agrees that the Services operate on or with or using application programming interfaces (APIs) and/or other services operated or provided by third parties (“Third Party Services”). Anatomy is not responsible for the operation of any Third Party Services nor the availability or operation of the Services to the extent such availability and operation is dependent upon Third Party Services. Customer is solely responsible for procuring any and all rights necessary for it to access Third Party Services and for complying with any applicable terms or conditions thereof. Anatomy does not make any representations or warranties with respect to Third Party Services or any third party providers. Any exchange of data or other interaction between Customer and a third party provider is solely between Customer and such third party provider and is governed by such third party's terms and conditions.
    7.7. Customer is solely responsible for all data that it provides for processing in connection with the Services (“Input Data”), for the compliance of such Input Data with any requirements specified by Anatomy and its third party service providers and for the proper and safe transmission of such Input Data for processing.  Customer acknowledges that Anatomy and its third party service providers may destroy such Input Data after processing (which shall be no earlier than 15 days after receipt) and that Customer is responsible for maintaining back-up copies of its Input Data.  Anatomy may charge Customer for any amounts incurred by Anatomy due to the provision of Input Data by Customer that fails to comply with this Section 7.7.
  5. Confidentiality.
    8.1. Each party (the “Receiving Party”) understands that the other party (the “Disclosing Party”) has disclosed or may disclose information relating to the Disclosing Party’s technology or business (hereinafter referred to as “Proprietary Information” of the Disclosing Party).
    8.2. The Receiving Party agrees: (i) not to divulge to any third person any such Proprietary Information, (ii) to give access to such Proprietary Information solely to those employees with a need to have access thereto for purposes of this Agreement, and (iii) to take the same security precautions to protect against disclosure or unauthorized use of such Proprietary Information that the party takes with its own proprietary information, but in no event will a party apply less than reasonable precautions to protect such Proprietary Information. The Disclosing Party agrees that the foregoing will not apply with respect to any information that the Receiving Party can document (a) is or becomes generally available to the public without any action by, or involvement of, the Receiving Party, or (b) was in its possession or known by it without restriction prior to receipt from the Disclosing Party, or (c) was rightfully disclosed to it without restriction by a third party, or (d) was independently developed without use of any Proprietary Information of the Disclosing Party. Nothing in this Agreement will prevent the Receiving Party from disclosing the Proprietary Information pursuant to any judicial or governmental order, provided that the Receiving Party gives the Disclosing Party reasonable prior notice of such disclosure to contest such order. In any event, Anatomy may aggregate data and use such aggregated data to evaluate and improve the Services and otherwise for its business purposes.
    8.3. Customer acknowledges that Anatomy does not wish to receive any Proprietary Information from Customer that is not necessary for Anatomy to perform its obligations under this Agreement, and, unless the parties specifically agree otherwise, Anatomy may reasonably presume that any unrelated information received from Customer is not confidential or Proprietary Information.
    8.4. Both Parties will have the right to disclose the existence but not the terms and conditions of this Agreement, unless such disclosure is approved in writing by both Parties prior to such disclosure, or is included in a filing required to be made by a Party with a governmental authority (provided such party will use reasonable efforts to obtain confidential treatment or a protective order) or is made on a confidential basis as reasonably necessary to actual or potential investors, lenders or acquirors.
  6. Intellectual Property Rights.
    9.1. Except as expressly set forth herein, Anatomy alone (and its licensors and third party service providers, where applicable) will retain all intellectual property rights relating to the Services or the Software or any suggestions, ideas, enhancement requests, feedback, recommendations or other information provided by Customer or any third party relating to the Services and/or the Software, which are hereby assigned to Anatomy. Customer will not copy, distribute, reproduce or use any of the foregoing except as expressly permitted under this Agreement. Customer is hereby granted a non-exclusive, nontransferable, revocable right to use any resulting data generated from the Services for its internal analysis purposes only. This Agreement is not a sale and does not convey to Customer any rights of ownership in or related to the Services or Software, or any intellectual property rights. Partner Banks retain will retain all intellectual property rights relating to Bank Account(s) and their copyrights, trademarks, service marks, trade dress, trade secrets, and patents.  Third party service providers retain will retain all intellectual property rights relating to the services that they provide and their copyrights, trademarks, service marks, trade dress, trade secrets, and patents.
    9.2. Anatomy will obtain and process certain content/data provided by or on behalf of Customer (“Content”) only to perform its obligations under this Agreement and improve the Services. Customer and its licensors shall (and Customer hereby represents and warrants that they do) have and retain all right, title and interest (including, without limitation, sole ownership of) all Content distributed through the Services and the intellectual property rights with respect to that Content. If Anatomy receives any notice or claim that any Content, or activities hereunder with respect to any Content, may infringe or violate rights of a third party (a “Claim”), Anatomy may (but is not required to) suspend activity hereunder with respect to that Content and Customer will indemnify Anatomy from all liability, damages, settlements, attorney fees and other costs and expenses in connection with any such Claim, as incurred.
  7. Payment of Fees.
    10.1. Anatomy may charge a fee for using the Services. If the Customer is using a free version of the Services, Anatomy will notify the Customer before any Services the Customer is then using are subject to a fee. For paid Services, Customer will pay Anatomy the applicable fees as agreed (the “Fees”). To the extent applicable, Customer will pay Anatomy for additional services, including professional service fees or other consulting fees. All payments will be made in accordance with the Payment Schedule and the Method of Payment set forth in the applicable order form or statement of work. If not otherwise specified, payments will be due within thirty (30) days of the invoice date and are nonrefundable.
    10.2. Unpaid Fees are subject to a finance charge of one percent (1.0%) per month, or the maximum permitted by law, whichever is lower, plus all expenses of collection, including reasonable attorneys’ fees. Fees under this Agreement are exclusive of all taxes, including national, state or provincial and local use, sales, value-added, property and similar taxes, if any. Customer agrees to pay such taxes (excluding US taxes based on Anatomy's net income) unless Customer has provided Anatomy with a valid exemption certificate. In the case of any withholding requirements, Customer will pay any required withholding itself and will not reduce the amount paid to Anatomy on account thereof.
  8. Termination
    11.1. Subject to earlier termination as provided below, this Agreement is for an initial  Service Term of 1 year and automatically renews for a period of 1 year. Anatomy may terminate this agreement with 30 days’ notice or upon 10 days’ notice in the event Anatomy suspects that Customer is using the Services in an unlawful manner or for an unlawful purpose.
    11.2. In the event of any material breach of this Agreement (including any failure to pay), the non-breaching party may terminate this Agreement prior to the end of the Service Term by giving thirty (30) days (or ten (10) days in the case of nonpayment) prior written notice to the breaching party; provided, however, that this Agreement will not terminate if the breaching party has cured the breach prior to the expiration of such thirty-day or ten-day period. Either party may terminate this Agreement, without notice, (i) upon the institution by or against the other party of insolvency, receivership or bankruptcy proceedings, (ii) upon the other party's making a general assignment for the benefit of creditors, or (iii) upon the other party's dissolution or ceasing to do business.
    11.3. All sections of this Agreement which by their nature should survive termination will survive termination, including, without limitation, restrictions, accrued rights to payment, indemnification, confidentiality obligations, intellectual property rights, warranty disclaimers, and limitations of liability.
  9. Harmful Code.
    Anatomy will not knowingly include, in any Anatomy software used to provide Services to Customer hereunder, any computer code or other computer instructions, devices or techniques, including without limitation those known as disabling devices, trojans, or time bombs, that intentionally disrupt, disable, harm, infect, defraud, damage, or otherwise impede in any manner, the operation of a network, computer program or computer system or any component thereof, including its security or user data, and that may affect Customer’s systems or its use of the Services (“Harmful Code”). If Customer determines that Harmful Code is or may be present in such software, it will promptly notify Anatomy in writing. Anatomy will, within thirty (30) days of receipt of such written notification, either remove or remediate such Harmful Code or provide Customer with a plan for removal or remediation within a reasonable time. If such removal or remediation is not effected as provided above, Customer may terminate this Agreement as its sole and exclusive remedy.
  10. HIPAA Compliance.
    If any protected health information (as defined under the Health Insurance Portability and Accountability Act of 1996, “HIPAA”) is created, received, maintained or transmitted by or on behalf of Customer in connection with the Services, the parties may mutually agree that a HIPAA Business Associate Agreement (“BAA”) is appropriate, and will mutually execute a BAA in the form set forth in Exhibit A.
  11. WARRANTY DISCLAIMER
    EXCEPT FOR THE WARRANTIES EXPRESSLY PROVIDED HEREIN, THE SERVICES AND ANATOMY PROPRIETARY INFORMATION AND ANYTHING PROVIDED IN CONNECTION WITH THIS AGREEMENT ARE PROVIDED "AS-IS," WITHOUT ANY WARRANTIES OF ANY KIND. ANATOMY (AND ITS AGENTS, AFFILIATES, LICENSORS AND THIRD PARTY SERVICE PROVIDERS) HEREBY DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, WITHOUT LIMITATION, ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT.
  12. LIMITATION OF LIABILITY
    IN NO EVENT WILL ANATOMY (OR ANY OF ITS AGENTS, AFFILIATES, LICENSORS OR THIRD PARTY SERVICE PROVIDERS) BE LIABLE FOR ANY INDIRECT, PUNITIVE, INCIDENTAL, SPECIAL, OR CONSEQUENTIAL DAMAGES, OR COST OF PROCUREMENT OF SUBSTITUTE GOODS, SERVICES OR TECHNOLOGY, ARISING OUT OF OR IN ANY WAY CONNECTED WITH THE USE OF THE SERVICES OR ANYTHING PROVIDED IN CONNECTION WITH THIS AGREEMENT, THE DELAY OR INABILITY TO USE THE SERVICES OR ANYTHING PROVIDED IN CONNECTION WITH THIS AGREEMENT OR OTHERWISE ARISING FROM THIS AGREEMENT, INCLUDING WITHOUT LIMITATION, LOSS OF REVENUE OR ANTICIPATED PROFITS OR LOST BUSINESS OR LOST SALES, WHETHER BASED IN CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, OR OTHERWISE, EVEN IF ANATOMY HAS BEEN ADVISED OF THE POSSIBILITY OF DAMAGES. THE TOTAL LIABILITY OF ANATOMY, WHETHER BASED IN CONTRACT, TORT (INCLUDING NEGLIGENCE OR STRICT LIABILITY), OR OTHERWISE, WILL NOT EXCEED, IN THE AGGREGATE, THE LESSER OF (i) TEN THOUSAND DOLLARS, OR (ii) THE FEES PAID TO ANATOMY HEREUNDER IN THE THREE MONTH PERIOD ENDING ON THE DATE THAT A CLAIM OR DEMAND IS FIRST ASSERTED. THE FOREGOING LIMITATIONS WILL APPLY NOTWITHSTANDING ANY FAILURE OF ESSENTIAL PURPOSE OF ANY LIMITED REMEDY.
    EACH PROVISION OF THIS AGREEMENT THAT PROVIDES FOR A LIMITATION OF LIABILITY, DISCLAIMER OF WARRANTIES, OR EXCLUSION OF DAMAGES IS INTENDED TO AND DOES ALLOCATE THE RISKS BETWEEN THE PARTIES UNDER THESE TERMS. THIS ALLOCATION IS AN ESSENTIAL ELEMENT OF THE BASIS OF THE BARGAIN BETWEEN THE PARTIES. EACH OF THESE PROVISIONS IS SEVERABLE AND INDEPENDENT OF ALL OTHER PROVISIONS OF THESE TERMS. THE LIMITATIONS IN THIS SECTION 15 WILL APPLY EVEN IF ANY LIMITED REMEDY FAILS OF ITS ESSENTIAL PURPOSE.
    ADDITIONAL PROVISIONS REGARDING LIMITATIONS OF LIABILITY REGARDING OUR PARTNER BANKS AND OTHER THIRD-PARTY SERVICE PROVIDERS ARE SET FORTH IN THE THIRD-PARTY TERMS WHICH HAVE BEEN PROVIDED TO  CUSTOMER OR WHICH CUSTOMER MAY ACCESS ONLINE.
  13. Dispute Resolution and Arbitration.
    16.1. Generally. Except as described in Section 16.2, Customer and Anatomy agree pursuant to this arbitration provision (the “Arbitration Provision”) that any dispute arising in connection with this Agreement, the Services, or communications from Anatomy will be resolved through binding arbitration. Arbitration uses a neutral arbitrator instead of a judge or jury, is less formal than a court proceeding, may allow for more limited discovery than in court, and is subject to very limited review by courts. This agreement to arbitrate disputes includes all claims whether based in contract, tort, statute, fraud, misrepresentation, or any other legal theory, and regardless of whether a claim arises during or after the termination of this Agreement. Any dispute relating to the interpretation, applicability, or enforceability of this binding arbitration agreement will be resolved by the arbitrator.
    CUSTOMER UNDERSTANDS AND AGREES THAT, BY ENTERING INTO THIS AGREEMENT, CUSTOMER AND ANATOMY ARE EACH WAIVING THE RIGHT TO A TRIAL BY JURY OR TO PARTICIPATE IN A CLASS ACTION.
    16.2. Exceptions. Although Customer and Anatomy are agreeing to arbitrate most disputes between us, nothing in this Arbitration Provision will be deemed to waive, preclude, or otherwise limit the right of either party to: (a) bring an individual action in small claims court; (b) pursue an enforcement action through the applicable federal, state, or local agency if that action is available; (c) seek injunctive relief in a court of law in aid of arbitration; or (d) to file suit in a court of law to address an intellectual property infringement claim.
    16.3. Arbitrator. This Arbitration Provision, and any arbitration between Customer and Anatomy, is subject to the Federal Arbitration Act and will be administered by the American Arbitration Association (“AAA”) under its Consumer Arbitration Rules (collectively, “AAA Rules”) as modified by these Terms. The AAA Rules and filing forms are available online at www.adr.org or by calling the AAA at +1-800-778-7879.
    16.4. Commencing Arbitration. Before initiating arbitration, a party must first send a written notice of the dispute to the other party by certified U.S. Mail or by recognized overnight courier (e.g., Federal Express or DHL) (signature required) or, only if that other party has not provided a current physical address, then by electronic mail (“Notice of Arbitration”). Anatomy’s address for Notice of Arbitration is: [insert mailing address]. The Notice of Arbitration must: (a) identify the name or account number of the party making the claim; (b) describe the nature and basis of the claim or dispute; and (c) set forth the specific relief sought (“Demand”). The parties will make good faith efforts to resolve the claim directly, but if the parties do not reach an agreement to do so within 30 days after the Notice of Arbitration is received, Customer or Anatomy may commence an arbitration proceeding. If Customer commences arbitration in accordance with these Terms, Anatomy will reimburse Customer for its payment of the filing fee, unless Customer’s claim is for more than US$10,000 or if Anatomy has received 25 or more similar demands for arbitration, in which case the payment of any fees will be decided by the AAA Rules. If the arbitrator finds that either the substance of the claim or the relief sought in the Demand is frivolous or brought for an improper purpose (as measured by the standards set forth in Federal Rule of Civil Procedure 11(b)), then the payment of all fees will be governed by the AAA Rules and the other party may seek reimbursement for any fees paid to AAA.
    16.5. Arbitration Proceedings. Any arbitration hearing will take place in the county and state of Customer’s billing address unless we agree otherwise or, if the claim is for US$10,000 or less (and does not seek injunctive relief), Customer may choose whether the arbitration will be conducted: (a) solely on the basis of documents submitted to the arbitrator; (b) through a telephonic or video hearing; or (c) by an in-person hearing as established by the AAA Rules in the county (or parish) of Customer’s  billing address. During the arbitration, the amount of any settlement offer made by Customer or Anatomy must not be disclosed to the arbitrator until after the arbitrator makes a final decision and award, if any. Regardless of the manner in which the arbitration is conducted, the arbitrator must issue a reasoned written decision sufficient to explain the essential findings and conclusions on which the decision and award, if any, are based.
    16.6. Arbitration Relief. Except as provided in Section 16.7, the arbitrator can award any relief that would be available if the claims had been brought in a court of competent jurisdiction. If the arbitrator awards Customer an amount higher than the last written settlement amount offered by Anatomy before an arbitrator was selected, Anatomy will pay to Customer the higher of: (a) the amount awarded by the arbitrator and (b) US$10,000. The arbitrator's award shall be final and binding on all parties, except (1) for judicial review expressly permitted by law or (2) if the arbitrator's award includes an award of injunctive relief against a party, in which case that party shall have the right to seek judicial review of the injunctive relief in a court of competent jurisdiction that shall not be bound by the arbitrator's application or conclusions of law. Judgment on the award may be entered in any court having jurisdiction.
    16.7. No Class Actions. CUSTOMER AND ANATOMY AGREE THAT EACH MAY BRING CLAIMS AGAINST THE OTHER ONLY IN THEIR RESPECTIVE INDIVIDUAL CAPACITY AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS OR REPRESENTATIVE PROCEEDING. Further, unless both Customer and Anatomy agree otherwise, the arbitrator may not consolidate more than one person's claims, and may not otherwise preside over any form of a representative or class proceeding.
    16.8. Modifications to this Arbitration Provision. If Anatomy makes any substantive change to this arbitration provision, including as provided in Section 18, Customer may reject the change by sending Anatomy written notice within 30 days of the change to Anatomy‘s address for Notice of Arbitration, in which case Customer’s account with Anatomy will be immediately terminated and this arbitration provision, as in effect immediately prior to the changes Customer rejected will survive.
    16.9. Enforceability. If Section 16.7 or the entirety of this Section 16 is found to be unenforceable, then the entirety of this Section 16 will be null and void and, in that case, the exclusive jurisdiction and venue described in Section 20 will govern any action arising out of or related to this Agreement.
  14. U.S. Government Matters.
    Notwithstanding anything else, Customer may not provide to any person or export or re-export or allow the export or re-export of the Services or any software or anything related thereto or any direct product thereof (collectively “Controlled Subject Matter”), in violation of any restrictions, laws or regulations of the United States Department of Commerce, the United States Department of Treasury Office of Foreign Assets Control, or any other United States or foreign agency or authority. Without limiting the foregoing Customer acknowledges and agrees that the Controlled Subject Matter will not be used or transferred or otherwise exported or re-exported to countries as to which the United States maintains an embargo (collectively, “Embargoed Countries”), or to or by a national or resident thereof, or any person or entity on the U.S. Department of Treasury’s List of specially Designated Nationals or the U.S. Department of Commerce’s Table of Denial Orders (collectively, “Designated Nationals”). The lists of Embargoed Countries and Designated Nationals are subject to change without notice. Use of the Services is representation and warranty that the user is not located in, under the control of, or a national or resident of an Embargoed Country or Designated National. The Controlled Subject Matter may use or include encryption technology that is subject to licensing requirements under the U.S. Export Administration Regulations. As defined in FAR section 2.101, any software and documentation provided by Anatomy are “commercial items” and according to DFAR section 252.227-7014(a)(1) and (5) are deemed to be “commercial computer software” and “commercial computer software documentation.” Consistent with DFAR section 227.7202 and FAR section 12.212, any use modification, reproduction, release, performance, display, or disclosure of such commercial software or commercial software documentation by the U.S. Government will be governed solely by the terms of this Agreement and will be prohibited except to the extent expressly permitted by the terms of this Agreement.
  15. Modification of Terms.
    Anatomy may, from time to time, modify the terms of this Agreement. All changes will be effective as of the effective date indicated on the most recent version of this Agreement published at [inset URL]. Please check for updates to this Agreement periodically. Revisions will be effective immediately except that, for existing Customers, material revisions (such as a material increase in fees or a material increase of liability for users) will be effective 30 days after the initial posting of the updated Agreement or notice of the revisions unless otherwise stated in the notice. Anatomy may require that Customer accept the modified Agreement in order to continue to use the Services. If Customer does not wish agree to the modified Agreement, then Customer and its End Users should discontinue use of the Services. Except as expressly permitted in this Section 19, this Agreement may be amended only by a written agreement signed by authorized representatives of Customer and Anatomy.
  16. Prohibited Activities.
    By using the Services, Customer and all users affiliated with Customer eg. Employees agree that they shall not:
    19.1. use or access the Services for any illegal purpose or in violation of any local, state, national, or international law;
    19.2. use or access the Services to violate, encourage others to violate, or provide instructions on how to violate, any right of a third party, including by infringing or misappropriating any third-party intellectual property right;
    19.3. use or access the Services through the use of any engine, software, tool, agent, device, or mechanism (including spiders, robots, crawlers, and data mining tools) other than the software or search agents provided by Anatomy;
    19.4. interfere with security-related features of the Services or Software, including by: (i) disabling or circumventing features that prevent or limit use, printing or copying of any content; or (ii) reverse engineering or otherwise attempting to discover the source code of any portion of the Services or Software except to the extent that the activity is expressly permitted by applicable law;
    19.5. interfere with the operation of the Services or any user's enjoyment of the Services, including by: (i) uploading or otherwise disseminating any virus, adware, spyware, worm, or other Harmful Code; (ii) collecting personal information about another user or third party without consent; or (iii) interfering with or disrupting any network, equipment, or server connected to or used to provide the Services and Software;
    19.6. use or access the Services to perform or attempt to perform any fraudulent activity including impersonating any person or entity, sharing login information, using somebody else’s login information, defrauding Anatomy, claiming a false affiliation or identity, accessing any other Services account without permission, or falsifying the age or date of birth of a Customer representative or other person;
    19.7. sell or otherwise transfer the access granted under this Agreement or any right or ability to view, access, or use the Services; or
    19.8. attempt to do any of the acts described in this Section 19 or assist or permit any person in engaging in any of the acts described in this Section 19.
  17. Miscellaneous.
    If any provision of this Agreement is found to be unenforceable or invalid, that provision will be limited or eliminated to the minimum extent necessary so that this Agreement will otherwise remain in full force and effect and enforceable. This Agreement is not assignable, transferable or sublicensable by Customer except with Anatomy’s prior written consent. Anatomy may transfer and assign any of its rights and obligations under this Agreement upon written notice to Customer. Both parties agree that this Agreement is the complete and exclusive statement of the mutual understanding of the parties and supersedes and cancels all previous written and oral agreements, communications and other understandings relating to the subject matter of this Agreement, and that all waivers and modifications must be in a writing signed by both parties, except as otherwise provided herein (including as provided in Section 18). No agency, partnership, joint venture, or employment is created as a result of this Agreement and Customer does not have any authority of any kind to bind Anatomy in any respect whatsoever. In any action or proceeding to enforce rights under this Agreement, the prevailing party will be entitled to recover costs and attorneys’ fees. All notices under this Agreement will be in writing and will be deemed to have been duly given when received, if personally delivered; when receipt is electronically confirmed, if transmitted by e-mail; and upon receipt, if sent by certified or registered mail (return receipt requested), postage prepaid or by recognized overnight courier (e.g. Federal Express or DHL). Anatomy will not be liable for any loss resulting from a cause over which it does not have direct control, including, but not limited to, failure of public utilities, telecommunications and the internet. This Agreement will be governed by the laws of the State of California, U.S.A. without regard to its conflict of laws provisions. The federal and state courts sitting in San Francisco County, California, U.S.A. will have proper and exclusive jurisdiction and venue with respect to any disputes arising from or related to the subject matter of this Agreement, provided that either party may seek injunctive relief in any court of competent jurisdiction. Customer agrees to participate in press announcements, case studies, trade shows, or other forms reasonably requested by Anatomy. Anatomy is permitted to disclose that Customer is one of its customers to any third-party, at its sole discretion, and to identify Customer as a customer on its website and in marketing materials.

    Customer acknowledges that Anatomy is not a bank or financial institution and is not itself insured by the Federal Deposit Insurance Corporation (FDIC) or the National Credit Union Share Insurance Fund (NCUSIF). Banking services are provided through our partner Bank and its third-party service providers. Any funds that Customer deposits through the Services are held in Customer Bank Account(s) at our partner Bank.  Additional banking terms are set forth above.

Exhibit A

HIPAA BUSINESS ASSOCIATE AGREEMENT

This Business Associate Agreement, effective as of the date of acceptance of terms (“BAA”), is between Customer (“Covered Entity”) and Anatomy (“Business Associate”).

WHEREAS, Business Associate and Covered Entity have entered into a Master Services Agreement. In connection with Business Associate's services, Business Associate and Covered Entity anticipate that Business Associate will create or receive Protected Health Information from and/or on behalf of Covered Entity, which information is subject to protection under the Federal Health Insurance Portability and Accountability Act of 1996, Pub. L. No. 104-191, as amended by the Health Information Technology for Economic and Clinical Health Act, Title XIII of the American Recovery and Reinvestment Act of 2009 (the “HITECH Act”), and related regulations promulgated by the Secretary (together “HIPAA”).

WHEREAS, in light of the foregoing and the requirements of HIPAA, Business Associate and Covered Entity agree to be bound by the following terms and conditions.

NOW, THEREFORE, for good and valuable consideration, the receipt and sufficiency of which is hereby acknowledged, the parties agree as follows:

1. Definitions.

  • (a) Capitalized terms used, but not otherwise defined, in this BAA shall have the same meaning given to those terms by HIPAA as in effect or as amended from time to time.
  • (b) “Services Agreement” shall mean any present or future agreements, either written or oral, between Covered Entity and Business Associate under which Business Associate provides services to Covered Entity which involve the use or disclosure of Protected Health Information.

2. Obligations and Activities of Business Associate.

  • (a) Use and Disclosure. If Protected Health Information is created by or disclosed to Business Associate, Business Associate agrees not to use or disclose Protected Health Information other than as permitted or required by the Services Agreement, this BAA or as Required by Law. Business Associate shall comply with the provisions of this BAA relating to privacy and security of Protected Health Information and all present and future provisions of HIPAA that relate to the privacy and security of Protected Health Information and that are applicable to “business associates,” as that term is defined in HIPAA.
  • (b) Appropriate Safeguards. Business Associate agrees to use appropriate safeguards to prevent the use or disclosure of the Protected Health Information other than as provided for by this BAA. Without limiting the generality of the foregoing sentence, Business Associate will:
    • Implement administrative, organizational, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity and availability of Electronic Protected Health Information that it creates, receives, maintains or transmits on behalf of the Covered Entity as required by the Security Rule.
    • Report to Covered Entity any Security Incident involving Electronic Protected Health Information of which Business Associate becomes aware. Any actual, successful Security Incident will be reported to Covered Entity in writing without unreasonable delay. Any attempted, unsuccessful Security Incident of which Business Associate becomes aware will be reported to Covered Entity orally or in writing on a reasonable basis, as requested by Covered Entity. If HIPAA is amended to remove the requirement to report unsuccessful attempts at unauthorized access, the requirement hereunder to report such unsuccessful attempts will no longer apply as of the effective date of the amendment.
    • Notify Covered Entity following the discovery of a Breach of Unsecured Protected Health Information in accordance with 45 C.F.R. § 164.410 without unreasonable delay and in no case later than 60 days (or within any shorter deadline imposed by applicable State law) after discovery of the Breach. A Breach is considered “discovered” as of the first day on which the Breach is known, or reasonably should have been known, to Business Associate or any employee, officer or agent of Business Associate, other than the individual committing the Breach. Any notice of a Security Incident or Breach of Unsecured Protected Health Information shall include the identification of each Individual whose Protected Health Information has been, or is reasonably believed by Business Associate to have been, accessed, acquired, or disclosed during such Security Incident or Breach as well as any other relevant information regarding the Security Incident or Breach.
  • (c) Reporting. Business Associate agrees to report, without unreasonable delay, to Covered Entity any use or disclosure of Protected Health Information by Business Associate or a third party to which Business Associate disclosed Protected Health Information not permitted by this BAA of which Business Associate becomes aware.
    (d) Minimum Necessary Standard. To the extent required by the “minimum necessary” requirements of HIPAA, Business Associate shall only request, use and disclose the minimum amount of Protected Health Information necessary to accomplish the purpose of the request, use or disclosure.
  • (e) Mitigation. Business Associate agrees to take reasonable steps to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of Protected Health Information by Business Associate in violation of the requirements of this BAA (including, without limitation, any Security Incident or Breach of Unsecured Protected Health Information). Business Associate agrees to reasonably cooperate and coordinate with Covered Entity in the investigation of any violation of the requirements of this BAA and/or any Security Incident or Breach. Business Associate shall also reasonably cooperate and coordinate with Covered Entity in the preparation of any reports or notices required to be made under HIPAA or any other Federal or State laws, rules or regulations, to any Individual (entitled to notice in connection with a Breach), regulatory body, or any third party, provided that any such reports or notices shall be subject to the prior written approval of Covered Entity.
  • (f) Subcontractors. Business Associate shall enter into a written agreement meeting the requirements of 45 C.F.R. §§ 164.504(e) and 164.314(a)(2) with each Subcontractor (including, without limitation, a Subcontractor that is an agent under applicable law) that creates, receives, maintains or transmits Protected Health Information on behalf of Business Associate. Business Associate shall ensure that the written agreement with each Subcontractor obligates the Subcontractor to comply with restrictions and conditions that are at least as restrictive as the restrictions and conditions that apply to Business Associate through this BAA.
  • (g) Access to Designated Record Sets. To the extent that Business Associate maintains Protected Health Information in a Designated Record Set, Business Associate agrees to provide access, at the request of Covered Entity, and in the time and manner designated by the Covered Entity, to Protected Health Information in a Designated Record Set created or received by Business Associate solely on behalf of Covered Entity only, to Covered Entity or, as directed by Covered Entity, to an Individual in order to meet the requirements under HIPAA Regulations. If an Individual makes a request for access to Protected Health Information directly to Business Associate, Business Associate shall notify Covered Entity of the request within ten (10) business days of such request. Covered Entity shall have the sole responsibility to make decisions regarding whether to approve a request for access to Protected Health Information.
  • (h) Amendments to Designated Record Sets. To the extent that Business Associate maintains Protected Health Information in a Designated Record Set, within thirty (30) days of a receipt of a request from Covered Entity for the amendment of an Individual’s Protected Health Information contained in such Designated Record Set, Business Associate agrees to provide such Protected Health Information to Covered Entity for amendment and to incorporate any such amendment(s) to Protected Health Information in the Designated Record Set maintained by the Business Associate pursuant to HIPAA Regulations and in the time and manner designated by the Covered Entity. If an Individual makes a request for an amendment to Protected Health Information directly to Business Associate, Business Associate shall notify Covered Entity of the request within ten (10) business days of such request. Covered Entity will have the sole responsibility to make decisions regarding whether to approve a request for amendment to Protected Health Information.
  • (i) Access to Books and Records. Business Associate agrees to make its internal practices, books, and records relating to the use and disclosure of Protected Health Information received from, or created or received by Business Associate on behalf of, Covered Entity available to the Secretary for purposes of the Secretary determining Covered Entity's and Business Associate's compliance with the Privacy Rule.
  • (j) Accountings. Business Associate agrees to, within thirty (30) days of request for an accounting of disclosures of Protected Health Information from Covered Entity, make available to Covered Entity such information as is in Business Associate’s possession and as would be required for Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with HIPAA. If Business Associate receives a request for an accounting directly from an Individual, Business Associate shall forward such request to Covered Entity within ten (10) business days. Covered Entity shall have the sole responsibility to provide an accounting of disclosures.

3. Permitted Uses and Disclosures by Business Associate.

  • (a) Services Agreement. Except as otherwise limited in this BAA, Business Associate may use or disclose Protected Health Information to perform functions, activities, or services for, or on behalf of, Covered Entity as specified in the Services Agreement, provided that such use or disclosure would not violate HIPAA if done by Covered Entity or the minimum necessary policies and procedures of the Covered Entity.
  • (b) Use for Administration of Business Associate. Except as otherwise limited in this BAA, Business Associate may use Protected Health Information for the proper management and administration of the Business Associate or to carry out the legal responsibilities of the Business Associate. Covered Entity acknowledges and agrees that proper management and administration of Business Associate includes, without limitation, modifications or upgrades to its software or services, and development of new features or functionality thereof, or new related product or services.
  • (c) Disclosure for Administration of Business Associate. Except as otherwise limited in this BAA, Business Associate may disclose Protected Health Information for the proper management and administration of the Business Associate, provided that (i) disclosures are Required by Law, or (ii) Business Associate obtains reasonable assurances from the third party to whom the information is disclosed that the third party will
    • protect the confidentiality of the Protected Health Information, and
    • use or further disclose the Protected Health Information only as Required by Law or for the purpose for which it was disclosed to the third party.
  • (d) Data Aggregation. Business Associate may use Protected Health Information to provide Data Aggregation services relating to the Health Care Operations of Covered Entity if required or permitted under this Agreement or the Service Agreement.
  • (e) De-Identified Information. Business Associate may use Protected Health Information to create de-identified health information in accordance with the HIPAA de-identification requirements. Business Associate may disclose de-identified health information for any purpose permitted by law.

4. Obligations of the Covered Entity.

  • (a) Permissible Requests by Covered Entity. Except as set forth in Section 3 of this BAA, Covered Entity shall not request Business Associate to use or disclose Protected Health Information in any manner that would not be permissible under the Privacy Rule if done by Covered Entity.
  • (b) Minimum Necessary PHI. When Covered Entity discloses Protected Health Information to Business Associate, Covered Entity shall provide the minimum amount of Protected Health Information necessary for the accomplishment of Business Associate's purpose.
  • (c) Permissions; Restrictions. Covered Entity warrants that it has obtained and will obtain any consents, authorizations and/or other legal permissions required under HIPAA and other applicable law for the disclosure of Protected Health Information to Business Associate. Covered Entity shall notify Business Associate of any changes in, or revocation of, the permission by an Individual to use or disclose his or her Protected Health Information, to the extent that such changes may affect Business Associate’s use or disclosure of Protected Health Information. Covered Entity shall not agree to any restriction on the use or disclosure of Protected Health Information under 45 C.F.R. § 164.522 that restricts Business Associate’s use or disclosure of Protected Health Information under this BAA unless Business Associate grants its written consent.
  • (c) Notice of Privacy Practices. Except as required under HIPAA or other applicable law, with Business Associate’s consent or as set forth in the Services Agreement, Covered Entity shall not include any limitation in the Covered Entity’s notice of privacy practices that limits Business Associate's use or disclosure of Protected Health Information under this BAA.

5. Term and Termination.

  • (a) Term. This BAA shall be effective as of the date of this BAA and shall terminate when all of the Protected Health Information provided by Covered Entity to Business Associate, or created or received by Business Associate on behalf of Covered Entity, is destroyed or returned to Covered Entity, or, if it is infeasible to return or destroy Protected Health Information, protections are extended to such information, in accordance with the termination provisions in this Section.
  • (b) Termination Upon Breach. Any other provision of this BAA notwithstanding, either party (the “Non-Breaching Party”), upon knowledge of a material breach by the other party (the “Breaching Party”), shall provide an opportunity for the Breaching Party to cure the breach or end the violation. If Breaching Party does not cure the breach or end the violation within thirty (30) calendar days, the Non-Breaching Party may terminate: (A) this BAA; and (B) all of the provisions of the Services Agreement that involve the use or disclosure of Protected Health Information In the event that termination of this BAA is not feasible, in the Non-Breaching Party's sole discretion, the Non-Breaching Party has the right to report the breach to the Secretary.
  • (c) Effect of Termination.
    • Except as provided in Section 5(c)(ii), upon termination of this BAA, for any reason, Business Associate shall return or destroy all Protected Health Information received from Covered Entity, or created or received by Business Associate on behalf of Covered Entity. This provision shall apply to Protected Health Information that is in the possession of subcontractors or agents of Business Associate. Business Associate shall retain no copies of the Protected Health Information.
    • In the event that Business Associate reasonably determines that returning or destroying the Protected Health Information is infeasible, Business Associate shall extend the protections of this BAA to such Protected Health Information and limit further uses and disclosures of such Protected Health Information to those purposes that make the return or destruction infeasible, for so long as Business Associate maintains such Protected Health Information. Covered Entity acknowledges and agrees that (i) it is infeasible for Business Associate to delete Protected Health Information from its backup tapes or other backup systems and (ii) it is infeasible for Business Associate to delete all Protected Health Information during an ongoing investigation in connection with a Security Incident or Breach of Unsecured Protected Health Information, and that temporarily retaining certain Protected Health Information may be necessary for such investigation.

6. Compliance with HIPAA Transaction Standards.

When providing its services and/or products, Business Associate shall comply with all applicable HIPAA standards and requirements (including, without limitation, those specified in 45 CFR Part 162) with respect to the transmission of health information in electronic form in connection with any transaction for which the Secretary has adopted a standard under HIPAA (“Covered Transactions”). Business Associate will make its services and/or products compliant with HIPAA’s standards and requirements no less than thirty (30) days prior to the applicable compliance dates under HIPAA. Business Associate represents and warrants that it is aware of all current HIPAA standards and requirements regarding Covered Transactions, and Business Associate shall comply with any modifications to HIPAA standards and requirements which become effective from time to time. Business Associate shall require all of its agents and subcontractors (if any) who assist Business Associate in providing its services and/or products to comply with the terms of this Section 6.

7. Miscellaneous.

  • (a) Regulatory References. A reference in this BAA to a section in HIPAA, means the section as in effect or as amended or modified from time to time, including any corresponding provisions of subsequent superseding laws or regulations.
  • (b) Amendment. The Parties agree to take such action as is necessary to amend Services Agreement from time to time as is necessary for the parties to comply with the requirements of HIPAA.
  • (c) Survival. The respective rights and obligations of Business Associate under Section 5(c) of this BAA shall survive the termination of the Services Agreement or this BAA.
  • (d) Interpretation. Any ambiguity in this Agreement shall be resolved to permit the parties to comply with HIPAA.
  • (e) Miscellaneous. The terms of this BAA are hereby incorporated into the Services Agreement. To the extent that Business Associate receives Protected Health Information from or on behalf of Covered Entity and except as otherwise set forth in Section 7(d) of this BAA, in the event of a conflict between the terms of this BAA and the terms of the Services Agreement, the terms of this BAA shall prevail. The terms of the Services Agreement which are not modified by this BAA shall remain in full force and effect in accordance with the terms thereof. This BAA shall be governed by, and construed in accordance with, the laws of the State of New York, exclusive of conflict of law rules. Each party to this BAA hereby agrees and consents that any legal action or proceeding with respect to this BAA shall only be brought in the courts of the state where the Covered Entity is located in the county where the Covered Entity is located. The Services Agreement together with this BAA constitutes the entire agreement between the parties with respect to the subject matter contained herein, and this BAA supersedes and replaces any former business associate agreement or addendum entered into by the parties. This BAA may be executed in counterparts, each of which when taken together shall constitute one original. Any PDF or facsimile signatures to this BAA shall be deemed original signatures to this BAA. No amendments or modifications to the BAA shall be effected unless executed by both parties in writing.