This Agreement is effective in conjunction with any associated Order Form, by and between Medbridge, Inc., a Washington corporation with its principal place of business at 10900 N.E. 4th Street, Suite 2300, Bellevue, WA 98004 (“Medbridge”), and the entity identified on the applicable Order Form (“Customer”, each a “Party” and together the “Parties”).
This Agreement governs Customer's access to and use of Medbridge's Subscription services under both its legacy pricing structure and the updated OneCare framework. It is effective as of the last signature date below (“Effective Date”) and, together with any applicable Order Form, Statement of Work, addendum, or exhibit executed by the Parties, forms the complete agreement between them. In the event of conflict, the terms of an Order Form or addendum will control as to the services it describes. This Agreement applies to all Subscriptions and services purchased during the Term.
1. DEFINITIONS. Terms defined above have their assigned meanings, and each of the following terms has the meaning assigned to it.
“Access Fees” means the fees owed by Customer for access to Subscription services, including per-Episode fees and any other applicable charges, as set forth in the applicable Order Form.
“Authorized User” means an individual designated by Customer to access the Subscription in accordance with this Agreement.
“Compliance Library” means the collection of non-CEU compliance courses available on the Medbridge platform, as may be updated by Medbridge from time to time.
“Confidential Information” has the meaning given in Section 5 of this Agreement.
“Continuing Education Library” means Medbridge's collection of CEU-eligible and related educational content, including preparation programs, certificates, breakouts, and webinars, excluding the Compliance Library.
“Episode” or “Episodes” means the creation or use of certain Medbridge programs, as defined below. Episodes are used to calculate Pooled Allotments and episodic billing. Unless otherwise stated in the applicable Order Form, each of the following constitutes a separate Episode, including repeated assignments to the same patient:
Essentials Episode: The creation of a Home Exercise Program (“HEP”) or Patient Reported Outcome (“PRO”) within the Medbridge platform.
Elite/Enterprise Episode: A patient's initiation or engagement of a Pathways or Remote Therapeutic Monitoring (“RTM”) program via invite code or direct access through the Medbridge platform.
“Initial Term” has the meaning set forth in Section 4 of this Agreement.
“Launch Date” means the first day on which a non-test Subscription is made available to Customer for use and billing begins under this Agreement.
“OneCare Platform” means the collection of HEP, Pathways, RTM, and related patient education content available on the Medbridge platform.
“Order Form” means any ordering document executed by the Parties that details Subscriptions, Access Fees, Episode allotments, or other service terms, including amendments, renewals, and addenda.
“Pooled Allotment” means the total number of included Episodes available across all active Subscriptions of a particular type, calculated according to the Subscription Tier. For Essentials Subscriptions, each active Subscription includes 100 Essentials Episodes per Subscription Term, which may be used across the Customer's Essential Subscriptions. Elite Subscriptions include unlimited Essentials Episodes. Elite Episodes will be billed in arrears unless otherwise agreed in the Order Form. The scope of Pooled Allotments for other tiers, if any, will be specified in the applicable Order Form.
“Prepaid Episode Package” means a bundle of Episodes purchased in advance by Customer, at a discounted rate, for use during the current Subscription Term. Prepaid Episode Packages expire at the end of the Term unless otherwise stated in the applicable Order Form.
“Renewal Term” means each successive one (1) year period following the Initial Term, unless otherwise specified in an Order Form.
“Subscription” means the limited, non-exclusive, non-transferable right granted to Customer and its Authorized Users to access the Medbridge platform and associated services, including the Compliance Library, Continuing Education Library, OneCare Platform, and other features as specified in the applicable Order Form.
“Subscription Tier” means the level of service purchased by Customer, such as Medbridge Classic, Essentials, Elite, or Enterprise, each with defined feature access and pricing terms as described in the applicable Order Form and/or Medbridge's then-current product catalog.
2. SUBSCRIPTION TERMS.
2.1 Grant of Rights. Subject to the terms of this Agreement and any applicable Order Form, Medbridge grants Customer a limited, non-exclusive, non-transferable right to access and use the Subscription during the applicable Subscription Term. This right includes access for Customer's Authorized Users and permits the use of Subscription content and tools in the provision of care to patients, including sharing exercises, educational materials, and related content directly with patients in the ordinary course of clinical practice.
Except as expressly permitted herein, Customer shall not sublicense, resell, or otherwise distribute the Subscription or its content to third parties. Use is limited to the scope of access, features, and functionality defined in the applicable Subscription Tier. All rights not expressly granted by Medbridge are reserved.
2.2 Platform Access. Customer's access to Medbridge features and services is determined by the Subscription configuration(s) and entitlements specified in the applicable Order Form. Access may include educational, clinical, and patient-facing tools, subject to any applicable use limitations, usage pooling, or billing mechanisms.
2.3 Authorized Users. Access to the Medbridge platform is limited to those individuals designated by Customer as Authorized Users under an active Subscription. Authorized Users must be employees, contractors, or affiliated personnel of Customer and may not share credentials or otherwise sublicense access. Customer is responsible for ensuring that each Authorized User complies with the terms of this Agreement. The scope of an Authorized User's access is determined by the Subscription associated with that user, as outlined in the applicable Order Form. To the extent permitted by Customer's Subscription, Authorized Users may use platform features while delivering care, education, or engagement to third parties.
2.4 Episode Usage & Billing. Where included in Customer's Subscription, usage of Episodes, including HEP, PRO, Pathways, and RTM, is subject to the allocation, pooling, and billing terms associated with the Customer's Subscription Tier. Episodic billing is separate from, and in addition to, annual fees billed for access to Medbridge's Subscriptions.
(a) Pooled Allotments: Essentials Subscriptions include Pooled Allotments of Essentials Episodes, which may be used across Customer's Authorized Users. Unless otherwise specified in the Order Form or other legacy Agreement, each Essentials Subscription includes one hundred (100) Essentials Episodes per Subscription Term (pro-rated for mid-year purchases).
(b) Usage-Based Billing: Use of Episode content (HEP, PRO, RTM, Pathways) in excess of Pooled Allotments, or in Subscriptions where no allotment applies, will be accrued and billed at the applicable per-Episode rate:
(i) Essentials: HEP/PRO Episodes in excess of Pooled Allotments will be billed at $1.50 per Episode.
(ii) Elite: RTM and Pathways Episodes in excess of pre-purchased allotments will be billed at $10 per Episode.
(iii) Enterprise: Episodes will be billed as agreed in the individual pricing plans and Order Forms.
(c) Tracking and Reporting: Medbridge will track Episode usage, and Customer's usage may be viewed through Medbridge's admin portal. Customer is responsible for monitoring its own usage. Medbridge's records will be the authoritative source for billing purposes.
(d) Expiration: All included or prepaid Episodes expire at the end of the Customer's Subscription Term unless otherwise specified in the Order Form. Medbridge may, in its sole discretion, permit mid-cycle Episode package purchases, with expiration aligned to the Customer's renewal date.
3. PAYMENT TERMS.
3.1 Fees. Customer agrees to pay all Access Fees specified in the applicable Order Form(s), including any Subscription fees and applicable charges for Episodes or other usage-based services. Fees are based on the Subscription(s) and usage tiers purchased, as outlined in the Order Form and subject to any applicable Pooled Allotments, overage charges, or prepaid packages. All fees are non-cancelable and non-refundable except as expressly stated in this Agreement or required by law.
Medbridge reserves the right to adjust pricing upon renewal of the Subscription Term. Any such adjustment will be communicated in writing prior to the start of the Renewal Term and reflected in the applicable Order Form. Payment obligations are non-cancelable; fees paid are nonrefundable. Customer may not reduce the quantity of Subscriptions purchased during the relevant Term.
3.2 Billing and Payment Terms. Unless otherwise stated in the applicable Order Form, Medbridge will invoice Customer for applicable fees. Medbridge may, at its discretion, shift Customer to a quarterly billing cadence based on usage or other factors. Payments must be made in U.S. dollars and via a method approved by Medbridge. Customer is responsible for maintaining accurate billing and contact information throughout the Subscription Term.
3.3 Taxes and Late Payments. All fees under this Agreement are exclusive of taxes, levies, duties, or similar governmental assessments of any kind, including but not limited to value-added, sales, use, or withholding taxes (collectively, “Taxes”). Customer is responsible for paying all Taxes associated with its purchases under this Agreement, excluding any taxes based on Medbridge's net income, property, or employment.
Medbridge reserves the right to suspend access to Subscription materials, withhold future renewals, decline new Order Forms, and/or turn off the ability to create new Episodes in the event of overdue, undisputed amounts.
4. TERM AND TERMINATION.
4.1 Term and Renewal. This Agreement will commence on the Effective Date and will continue through the Initial Term specified in the applicable Order Form. Thereafter, unless either Party provides written notice of non-renewal at least thirty (30) days prior to the end of the then-current term, the Agreement will automatically renew for successive one-year Renewal Terms. As part of Medbridge's platform update, renewals occurring after October 1, 2025, may involve updated product tiers or pricing structures under Medbridge's OneCare Platform, as reflected in the applicable Order Form.
4.2 Termination. Either Party may terminate this Agreement for cause if the other Party materially breaches any provision of the Agreement and fails to cure the breach within thirty (30) days after receiving written notice describing the breach in reasonable detail. Termination under this Section will become effective upon expiration of the applicable cure period, if the breach remains uncured. Customer acknowledges and agrees that if this Agreement is terminated, except for an uncured material breach by Medbridge, it (a) will not be entitled to a refund of any amounts previously paid and (b) it will be obligated to pay the balance of the Term in progress.
In addition, Medbridge may terminate this Agreement for any reason by providing at least thirty (30) days' written notice to Customer. In such event, Medbridge will refund any prepaid, unused Access Fees covering the portion of the Subscription Term remaining after the effective date of termination.
4.3 Effect of Termination. Upon termination or expiration of this Agreement for any reason:
(a) all rights and licenses granted to Customer under this Agreement will immediately terminate;
(b) Customer shall cease all access to and use of the Subscription;
(c) any amounts owed by Customer under this Agreement that remain unpaid will become immediately due and payable; and
(d) each party shall return or destroy any Confidential Information of the other Party in its possession, subject to any rights or obligations that survive termination under Section 4.4.
4.4 Survival. The following provisions will survive any termination or expiration of this Agreement: Sections 1 (Definitions), 3 (Payment Terms), 4.3 (Effect of Termination), 4.4 (Survival), 5 (Confidentiality), 6 (Intellectual Property, Data Use, and Branding), 7 (Indemnity), 8 (Disclaimers), 8.2 (Limitation of Liability), and 10 (Miscellaneous), along with any other provisions that by their nature are intended to survive.
5. CONFIDENTIALITY.
5.1 Generally. Each Party agrees that it will not use or disclose any Confidential Information received from the other Party other than (a) as expressly permitted under the terms of this Agreement, (b) as expressly authorized in writing by the other Party, or (c) as required by law. “Confidential Information” means any of a disclosing Party's information which is marked as “confidential” or with a similar indicator, or which should be reasonably understood by each Party to be confidential or proprietary, including but not limited to, the terms of this Agreement, any trade secrets or know-how, product plans, processes, designs, marketing, finances, or other business information disclosed to a Party, either directly or indirectly. Confidential Information does not include information that (a) is or becomes generally known or available through no act or failure of the receiving Party, (b) is lawfully obtained by the receiving Party without restrictions as to such use or disclosure; or (c) is independently developed without reference to the disclosing Party's Confidential Information.
6. Intellectual Property, Data Use, and Branding
6.1 Generally. Medbridge is the owner of the Medbridge website, the Subscription materials, the Medbridge trademarks, and any intellectual property created by Medbridge in connection with the services provided hereunder, (collectively, the “Medbridge IP”). Customer acknowledges and agrees that it receives no right, title, or ownership in or to any Medbridge IP other than those specifically granted in this Agreement. Without limiting the generality of the foregoing, Customer will not (a) reverse engineer, decompile, disassemble, modify, or otherwise attempt to derive any of Medbridge's software code, or create derivative works from any Medbridge IP; (b) put the Medbridge website, or a portion thereof, into an inline frame (i-frame) on Customer's website, unless authorized by Medbridge in writing; or (c) sell, resell, license, sublicense, rent, lease, or otherwise transfer rights or usage to any Medbridge IP, or use the Subscription materials for time-sharing purposes or in any other way allow third parties to exploit the Subscription materials. Customer is responsible for the actions or omissions of its Authorized Users. All usage and tracking information collected within the Medbridge website is and remains the property of Medbridge.
6.2 Customer Content. The Knowledge Tracks® feature on the Medbridge website allows Customer and its Authorized Users to upload content (including documents, videos, sound, photographs, or other materials) (“Customer Content”) into the Medbridge website and share such Customer Content within Customer's organization. By uploading Customer Content into the Medbridge system, Customer is solely responsible for the accuracy, quality, integrity, legality, intellectual property ownership, use, and disclosure of such Customer Content by its Authorized Users. Customer maintains all ownership in Customer Content. Medbridge retains all ownership of Medbridge IP.
6.3 Marketing. Customer may choose to customize certain areas of the Medbridge website, including its patient portal and HEP printouts, using Customer's name and logo (“Customer's Trademarks”). Customer gives Medbridge permission to use and store Customer's Trademarks for these purposes. Customer agrees that Medbridge may identify Customer as a customer on the Medbridge website and in marketing materials. Upon mutual agreement by the Parties, Medbridge and Customer may issue a mutually agreed joint public announcement, and Customer will reasonably consider serving as a reference for Medbridge. Medbridge agrees to use Customer's name and logo solely in conjunction with the permitted forms of use under this Agreement. Use of Customer's Trademarks does not give Medbridge any right, title, or interest in Customer's Trademarks, other than the rights granted herein.
6.4 Use of Data for Product Development and Patient Support. Medbridge may use data provided by users as necessary to provide and improve the Subscription materials, including the development and deployment of AI-enabled features that support patient care, and for other business purposes. Such use will comply with applicable law and any Business Associate Agreement between the parties. Medbridge will implement administrative, technical, and physical safeguards to protect identifiable patient data as required under US law.
Customer may opt out of Medbridge's use of identifiable patient data for product development and AI training purposes (excluding use strictly necessary to deliver the Subscription materials) by submitting a request to [email protected]. Additionally, patients may opt out individually, where applicable, through available patient-facing settings or controls.
6.5 Third-Party Components. Customer acknowledges that Medbridge may incorporate or rely on third-party services, software, or infrastructure in delivering the Subscription materials. Medbridge makes no representations or warranties regarding such third-party components and disclaims any liability arising from their availability, performance, or conduct.
7. INDEMNITY.
Customer shall indemnify, protect, defend, and hold Medbridge, including its officers, directors, shareholders, agents, and employees, harmless from and against any and all costs, claims, suits, losses, damages, liabilities, and expenses (including reasonable attorney's fees) arising out of or resulting from (a) the breach by Customer of any representation, warranty, covenant, or obligation contained in this Agreement, (b) any negligent act, error, or omission of Customer, or anyone for whom Customer is legally responsible, or from (c) the failure of Customer, or anyone for whom Customer is legally responsible, to comply with any law, rule, or regulation related to the relevant area(s) of practice, including the applicable state practice act(s).
8. DISCLAIMERS; LIMITATION OF LIABILITY.
8.1 DISCLAIMERS. EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, THE SUBSCRIPTION MATERIALS AND ALL RELATED SERVICES ARE PROVIDED "AS IS" AND "AS AVAILABLE," WITHOUT WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE, INCLUDING ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, OR NON-INFRINGEMENT. MEDBRIDGE DOES NOT WARRANT THAT THE SUBSCRIPTION MATERIALS WILL BE ERROR-FREE OR UNINTERRUPTED, OR THAT THEY WILL MEET CUSTOMER'S SPECIFIC REQUIREMENTS.
MEDBRIDGE MAY UPDATE, MODIFY, OR DISCONTINUE COURSES, FEATURES, OR EXPIRATION DATES AT ANY TIME. THE SUBSCRIPTION MATERIALS ARE INTENDED AS SUPPLEMENTARY EDUCATIONAL RESOURCES ONLY. CLINICAL DECISIONS REMAIN THE SOLE RESPONSIBILITY OF THE TREATING PROVIDER, WHO MUST RELY ON THEIR PROFESSIONAL JUDGMENT AND KNOWLEDGE OF THE PATIENT.
MEDBRIDGE SHALL NOT BE LIABLE FOR ANY INJURY, LOSS, OR DAMAGE RESULTING FROM RELIANCE ON THE SUBSCRIPTION MATERIALS OR USE OF THE PLATFORM, INCLUDING ANY DELAYS, OMISSIONS, OR THIRD-PARTY SERVICE DISRUPTIONS. MEDBRIDGE ALSO DISCLAIMS ALL LIABILITY RELATED TO ACCREDITATION STATUS OR REGULATORY APPROVAL OF ITS CONTENT, INCLUDING ANY INACCURACIES IN STATE- OR DISCIPLINE-SPECIFIC GUIDANCE.
8.2 LIMITATION OF LIABILITY. TO THE MAXIMUM EXTENT PERMITTED BY LAW, IN NO EVENT SHALL MEDBRIDGE OR ITS AFFILIATES, OFFICERS, EMPLOYEES, AGENTS, LICENSORS, OR SERVICE PROVIDERS BE LIABLE TO CUSTOMER OR ANY THIRD PARTY FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES, INCLUDING LOST REVENUE, LOST DATA, OR OTHER ECONOMIC HARM, ARISING FROM OR RELATED TO THIS AGREEMENT, REGARDLESS OF THE THEORY OF LIABILITY AND EVEN IF MEDBRIDGE WAS ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
MEDBRIDGE'S TOTAL CUMULATIVE LIABILITY UNDER THIS AGREEMENT SHALL NOT EXCEED THE TOTAL FEES PAID BY CUSTOMER FOR ACCESS TO THE SUBSCRIPTION MATERIALS IN THE TWELVE (12) MONTHS PRECEDING THE CLAIM. ALL CLAIMS ARE SUBJECT TO WRITTEN NOTICE WITHIN THAT TWELVE-MONTH PERIOD. THESE LIMITATIONS APPLY IN THE AGGREGATE AND SHALL SURVIVE ANY FAILURE OF ESSENTIAL PURPOSE OR EXCLUSIVE REMEDY.
9. DISPUTES. The Parties will use commercially reasonable efforts to resolve any disputes arising under this Agreement through good-faith negotiations. If the Parties are unable to resolve a dispute within thirty (30) days after notice from one Party to the other, either Party may seek resolution in the state or federal courts located in King County, Washington, which shall have exclusive jurisdiction and venue for any such dispute. This Section will not limit either Party's right to seek immediate injunctive or equitable relief in any court of competent jurisdiction to prevent actual or threatened misuse of its intellectual property, Confidential Information, or other proprietary rights. Each Party hereby waives any right to a trial by jury or to participate in any class action, class arbitration, or similar group proceeding in any dispute related to this Agreement.
10. MISCELLANEOUS.
10.1 Assignment. This Agreement is binding upon and will inure to the benefit of the Parties and their permitted successors and assigns. Either Party may assign this Agreement in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of its assets, with written notice to the other Party.
10.2 Force Majeure. Neither Party will be liable for failure or delay in performing its obligations under this Agreement (other than payment obligations) if such failure or delay is due to causes beyond its reasonable control, including but not limited to acts of God, natural disasters, terrorism, war, pandemics, or governmental action.
10.3 Relationship. The Parties are independent contractors. This Agreement does not create any joint venture, partnership, agency, or employment relationship, and neither party has authority to bind the other.
10.4 Entire Agreement. This Agreement constitutes the entire agreement between the Parties with respect to its subject matter and supersedes all prior and contemporaneous agreements, proposals, or representations, whether written or oral.
10.5 Amendment. This Agreement may only be amended by a written instrument signed by both Parties. Notwithstanding the foregoing, Medbridge may update standard terms that do not materially reduce Customer rights or increase obligations by providing notice via email or through the platform.
10.6 Severability. If any provision of this Agreement is held to be invalid, illegal, or unenforceable by a court of competent jurisdiction, that provision will be enforced to the maximum extent permissible, and the remaining provisions will remain in full force and effect.
10.7 Notice. All notices must be in writing and delivered to the addresses provided in the Order Form or as otherwise designated in writing. Notices will be deemed delivered upon receipt or, if sent by email, when sent without bounce-back or other delivery failure.
Effective Date: 06/23/2025
This Business Associate Agreement (“BAA”) is agreed to electronically in connection with customer's Master Subscription Agreement or License Agreement and is effective as of the date accepted electronically through Medbridge's website by and between Medbridge, Inc., a Washington State corporation, located at 10900 N.E. 4th Street, Suite 2300, Bellevue, WA 98004 (“Medbridge”) and the accepting party's organization (“Customer”, each a “Party” and collectively the “Parties”). This BAA is applicable to Medbridge's BAA Covered Services and only to the limited extent the Parties exchange Protected Health Information (“PHI”).
By agreeing to this BAA, you represent and warrant that you have read and understand this BAA and further, that you have full legal authority to bind Customer to this BAA.
The Parties agree as follows:
1. Definitions. For the purposes of this BAA, any capitalized terms not already defined herein will have the meaning given to them in the HIPAA Rules.
1.1. “Business Associate” shall generally have the same meaning as the term “business associate” at 45 C.F.R. § 160.103, and in reference to the party to this agreement, shall mean Medbridge.
1.2. “Covered Entity” shall generally have the same meaning as the term “covered entity” at 45 C.F.R. § 160.103, and in reference to the party to this agreement, shall mean Customer.
1.3. “Covered Services” means those services provided by Medbridge which are listed at https://www.medbridge.com/covered-services. PHI data included in Covered Services may originate from Medbridge's services, from the Customer, or from Customer's Electronic Medical Record system. Medbridge may, from time to time, increase its list of Covered Services, but will not restrict or reduce the Covered Services without providing prior written notice to Customer.
1.4. “HIPAA Rules” shall mean the Privacy, Security, Breach Notification, and Enforcement Rules at 45 C.F.R. §§ 160 and 164.
1.5. “Medbridge Website” means that online forum located at www.medbridge.com and other associated websites owned and operated by Medbridge.
1.6. “Underlying Agreement” means the agreement under which Medbridge has contracted to provide subscription services to Customer.
2. Applicability.
2.1. Parties. This BAA applies to the extent Customer acts as a Covered Entity or Business Associate and where Medbridge, as a result, is deemed under HIPAA to act as a Business Associate of Customer.
2.2. Scope of Services. This BAA applies to the Covered Services. Medbridge may add to the Covered Services at any time by updating the list of Covered Services but will not restrict or reduce Covered Services without providing prior written notice to Customer as stipulated in the Underlying Agreement.
3. Obligations and Activities of Medbridge. Medbridge agrees to:
3.1. not use or disclose PHI other than as permitted or required by this BAA, the Underlying Agreement, or as required by law;
3.2. use appropriate safeguards, and comply with Subpart C of 45 C.F.R. § 164 with respect to electronic PHI, to prevent use or disclosure of PHI other than as provided for by this BAA, the Underlying Agreement, or as required by law;
3.3. report to covered entity any use or disclosure of PHI not provided for by this BAA, the Underlying Agreement, or as required by law of which it becomes aware, including breaches of unsecured PHI as required at 45 C.F.R. § 164.410, and any security incident of which it becomes aware;
3.4. ensure that any subcontractors that create, receive, maintain, store, or transmit PHI on behalf of Medbridge agree to the same or substantially similar restrictions, conditions, and requirements that apply to Medbridge with respect to such information;
3.5. make available PHI in a designated record set to the Customer as necessary to satisfy covered entity's obligations under 45 C.F.R. § 164.524;
3.6. make any amendment(s) to PHI in a designated record set as directed or agreed to by the covered entity pursuant to 45 C.F.R. § 164.526;
3.7. maintain and make available the information required to provide an accounting of disclosures to Customer as necessary to satisfy covered entity's obligations under 45 C.F.R. § 164.528;
3.8. to the extent the business associate is to carry out one or more of Covered Entity's obligation(s) under Subpart E of 45 C.F.R. § 164, comply with the requirements of Subpart E that apply to the Covered Entity in the performance of such obligation(s); and
3.9. to the extent required by law, make its internal practices, books, and records available to the Secretary for purposes of determining compliance with the HIPAA Rules.
4. Permitted Uses and Disclosures.
4.1. By Medbridge. Pursuant to, and in compliance with, the HIPAA Rules, Medbridge may use and disclose PHI:
(a) as necessary to perform the services described in the Underlying Agreement;
(b) for the proper management and administration of Medbridge;
(c) to carry out the legal responsibilities of Medbridge;
(d) to provide data aggregation services;
(e) in de-identified form in compliance with 45.C.F.R. § 164.502 (d), provided that any such de-identification meets the standards and implementation standards required under 45 C.F.R. § 164.514(a) and (b) as they exist or may be amended; and
(f) to subcontractors and agents pursuant to any other permitted use, provided Medbridge obtains reasonable assurances from the party to whom the information is disclosed that (a) the information will remain protected pursuant to the HIPAA Rules, (b) the subcontractor will only use information for the purpose for which it was disclosed or as required by law, and (c) the third party agrees to terms substantially similar to, or more stringent than, the terms set out under this BAA;
(g) outside the territorial boundaries of the US to subcontractors such as Okta (for Pathways login credentials) and Typeform (for Pathways user assessments) provided that (a) such PHI is accessed or transferred in accordance with the HIPAA Rules, and (b) the subcontractor meets the requirements set forth in Section 3.4; and
(h) to develop and deploy AI-enabled features that support patient care provided that Medbridge (a) implements administrative, technical, and physical safeguards to protect identifiable PHI, (b) receives authorization from the patient to use PHI, and (c) provides a mechanism for both the Covered Entity and patient to opt out of the use of PHI and to revoke a prior authorization to use PHI.
4.2. By Customer. In connection with Customer's management and administration of the Medbridge Website, Customer will implement and enforce policies that support its HIPAA compliance requirements. Customer shall not request Medbridge to use or disclose PHI in any manner that would not be permissible under Subpart E of 45 C.F.R. § 164 if done by Customer.
5. Term and Termination.
5.1. Term. This BAA shall be effective from the date of execution and shall continue until terminated in accordance with Section 5.2 or as otherwise indicated herein.
5.2. Termination by Agreement. The Parties may terminate this BAA upon mutual written agreement that the services provided pursuant to the Underlying Agreement no longer require the protections outlined under this BAA.
5.3. Termination for Cause. Customer may terminate this BAA upon thirty (30) days written notice to Medbridge if Customer determines Medbridge has violated a material term of this BAA and Medbridge fails to cure the breach or ended the violation within the 30-day cure period. In the event Medbridge does not cure such breach during the cure period, this BAA will terminate on the day following the expiration of the cure period.
5.4. Retention, Return, and Destruction of PHI. Upon termination of this BAA for any reason, Medbridge, with respect to PHI received, maintained, or created from or on behalf of Customer, shall:
(a) retain only that PHI which is necessary for Medbridge to continue its proper management and administration or to carry out its legal responsibilities;
(b) return to Customer or destroy, upon Medbridge's discretion, any and all remaining PHI that Medbridge maintains pursuant to this BAA, and which is not necessary for Medbridge's management, administration, or to carry out its legal responsibilities;
(c) continue to use appropriate safeguards and comply with Subpart C of 45 C.F.R. § 164 with respect to electronic PHI to prevent use or disclosure of the PHI for as long as Medbridge retains any covered PHI;
(d) not use or disclose the PHI retained by the Medbridge other than for the purposes for which such PHI was retained and subject to the same conditions set out in this BAA which applied prior to termination; and
(e) return to Customer or destroy, upon Medbridge's discretion, the PHI retained by Medbridge when it is no longer needed for Medbridge's proper management and administration or to carry out its legal responsibilities.
6. Interpretation and Amendment. Any ambiguity in this BAA shall be interpreted and amended as necessary to permit compliance with the HIPAA Rules.
7. Assignment. This Agreement is binding upon, and will inure to the benefit of, the Parties hereof and their respective permitted successors and assigns. Without limiting the foregoing, either Party may assign this Agreement to any person, firm, or entity that acquires all or substantially all of the Party's assets or acquires the Party by stock acquisition or merger.
8. Effect of Agreement. This BAA supersedes in its entirety any pre-existing BAA executed by the Parties covering the same services. To the extent of any conflict or inconsistency between the terms of this BAA and the applicable Subscription Agreement or Terms of Use governing Customer's Medbridge Subscription, this BAA will govern.
Effective Date: 06/23/2025