Important Agreements & Compliance Information

Terms of Use
Arrow

   Health Gorilla SaaS Terms of Use

User Agreement (Effective: May 15, 2017)

THIS IS A LEGALLY BINDING AGREEMENT between Health Gorilla, Inc., a Delaware Corporation (“We” or “Us”) and You, as a User of our internet enabled Services. BY CLICKING “SIGN UP” OR THROUGH THE CONTINUED USE OF THE SYSTEM, YOU ARE UNDERTAKING LEGAL OBLIGATIONS AND CONFERRING LEGAL RIGHTS.  Please read this Agreement carefully, and do not click “Sign up” or continue use of the Services unless You agree fully with its terms. You and We are collectively referred to as the “Parties.”

1. Definitions

For the purposes of this Agreement, the terms set forth in this section have the meanings assigned to them below. Terms not defined below (whether or not capitalized) have the definitions given them in HIPAA, unless the context requires otherwise:

“Authorized Workforce” means those participants who are individually authorized by You as per the terms of a valid SaaS contract and/ or Your Workforce and/ or a Participant, and Us to have access to the Services to assist You and to whom We have assigned a unique identifier for access to the Services. By granting access to the Services, You agree, represent, and warrant that these Participants: 1) are required to have confidentiality agreements in place; and 2) for which You assume, agree, represent, and warrant that You will be fully liable for any of their acts and/ or omissions to fully comply with this Agreement at all times as per Section 16 below.    

“Confidential Information” means any information in the Services concerning Our business, financial affairs, current or future products or technology, trade secrets, workforce, customers, or any other information that is treated or designated by Us as confidential or proprietary or would reasonably be viewed as confidential or as having value to Our competitors. Confidential Information shall not include information that We make publicly available or that becomes known to the general public other than as a result of a breach of an obligation by You. Confidential Information does not include individuals’ Health Information.

“Data” means any proprietary information that is the exclusive intellectual property of Us, that we provide You by virtue of the Services in any form, in any computer program in machine readable form, including machine code, object code, source code, open-source code, any open-source code, and any derivative thereof.

“De-identified Health Information” means personal information from which a User’s name and other unique identifiers have been removed pursuant to C.F.R. Section 164.514(b)(1) of the HIPAA Privacy Rule, and from which the User cannot reasonably be identified

“De-Identified Information” means De-Identified Health Information and De-Identified Personal Information.

“De-Identified Personal Information” means personal information from which a User’s name and other unique identifiers have been removed in accordance with applicable laws, rules, and regulations, and from which the User cannot reasonably be identified.

”Health Gorilla Clinical Network” means any organization or entity that exchanges with or provides Data in the Services to You and/ or Your Authorized Workforce.    

“Health Information” means Protected Health Information and Personal Information collectively.


“HIPAA” means the administrative simplification provisions of the Health Insurance Portability and Accountability Act of 1996, and the regulations promulgated thereunder, including the Privacy Rule and the Security Rule.

“HITECH Act” means the Technology for Economic and Clinical Health Act of 2009, and regulations promulgated thereunder.

 “Participant” means Your Site, and/or You, as it participates in the Health Gorilla Clinical Network within the Services. For the sake of clarity, this means any User that gains access to the System.

“Personal Information” means information that identifies You personally as a User of the Services, and all information concerning You and Your use of the Services that is not Protected Health Information.    

“Platform” means the Health Gorilla software environment and database that is available via the internet and includes any and all applicable APIs that Health Gorilla makes available to You and/ or your Authorized Workforce.

“Policies and Procedures” means our rules, regulations, policies and procedures for access to and use of the System, as changed from time to time and as posted electronically on our Internet web site.  You agree that any policies and procedures will be retroactively applicable to the date of first use by You and/ or Your Authorized Workforce on the Services.

“Privacy Rule” means the Standards for Privacy of Individually Identifiable Health Information at 45 CFR part 160 and part 164, subparts A and E.

“Protected Health Information” has the meaning given it in the Privacy Rule and includes all individually identifiable information concerning Your patients that You provide to the System.

“Record Share” means the feature of the Services through which We make Your Health Information available to other users of the Services with Your consent, or make Health Information of other users of the Services available to You with their consent.

“Security Rule” means the Security Standards for the Protection of Electronic Protected Health Information at 45 CFR part 160 and part 164,subparts A and C.

“Service(s)” means the services to which You have been granted access. Services may include, but not limited to: 1) all Data, including but not limited to, Health Information retrieval, lab ordering, managing Your Health Information, and analytics; 2) the Health Gorilla Clinical Network; 3) the Platform; and 4) the System.
‍    
“System” means the internet enabled and/ or other electronic communication, Platform and Services from time to time operated by Us, used or provided by Us, and all such hardware and software installed at or accessed from Your site, and all documentation provided by Us in connection with the System, paper or electronic.    

“Term” means the initial term and all renewal terms of this Agreement as provided in Section 15.1.

“Us” and/ or and/ or “Our” and/ or “We” means Health Gorilla Inc. and/ or Health Gorilla Latin America LLC.

“User” and/ or “You” means You and/ or your Authorized Workforce, and/ or the Workforce.

“User ID” means a unique User identification assigned to an individual User pursuant to Section 3.

“Workforce” means employees and/ or authorized third-party users and/ or independent contractors that have granted access to the Services that are: 1) are required to have confidentiality agreements in place;  and2) for which You assume, agree, represent, and warrant that you will be fully liable for any of their acts and/ or omissions to fully comply with this Agreement at all times as per Section 16 below.    

“Your Health Information” means Health Information that You or Your Authorized Workforce have contributed into via the Services.

“Your Site” means the location You provided Us upon registration, and such other location or locations as We may approve from time to time.

2. Grant of Right to Use Services

2.1 We grant to You and You accept an exclusive, personal, nontransferable, non-assignable, revocable, limited right to have access to and to use the Services, for the purpose of obtaining the Services during the Term, subject to Your full compliance with the terms and conditions set forth in this Agreement and with our Policies and Procedures. You will not: (a) use the Services for time-sharing, rental or service bureau purposes; (b) make the Services or any Data that is provided by the Services, in whole or in part, available to any other person, entity or business; (c) copy, reverse engineer, decompile or disassemble the Services, in whole or in part, or otherwise attempt to discover the source code, object code, any incorporate Open Source Software, any derivative, the output and any aggregated data as a result of executable or non-     executable formats used in the Services; or (d) modify the Services or the System or associated software or combine the Services or the Services with any other software or services not provided or approved by Us.  You will obtain no rights to the Services except for the limited rights to use the Services expressly granted by this Agreement.

2.2 The Services include certain third-party software and services, which may require that You enter into separate subscription or licensing agreements with third-party vendors. We may also make available optional Systems provided by third parties, such as billing, electronic ordering and clinical laboratory reporting services. You agree to comply with, and upon request to execute, such agreements as may be required for the use of such software or services, and to comply with the terms of any license or other agreement relating to third-party products included in the Services or made accessible to You through the Services. Your use of the Services or of such third-party products or services will constitute Your agreement to be bound by the terms of all licensing, subscription and similar agreements relating to such use.

2.3 This Section 2 will survive the termination or expiration of this Agreement for any reason.

3. Access to the System

3.1 Verification. You agree that Your use of the Services is subject to verification by Us of Your identity. You agree that We may use and disclose Your Health Information for such purposes, including (without limitation)making inquiry of third parties concerning Your identity and professional and practice credentials. You authorize such third parties to disclose to Us such information as We may request for such purposes, and You agree to hold them and Us harmless from any claim or liability arising from and/ or relating to the request for or disclosure of such information. You agree that We may terminate Your access to or use of the Services at any time if We are unable at any time to determine or verify Your identity, qualifications, or credentials.

3.2 Permitted Uses. Subject to the terms of this Agreement, and in accordance with Section 2 herein, You may use Your Health Information for any purpose expressly permitted by applicable law. If You are granted access rights to another users Protected Health Information, You may use such information for treatment and for obtaining payment for treatment; provided that, except as expressly authorized in our Policies and Procedures, or as by applicable Law, including but not limited to HIPAA and HITECH, (or if authorization is permitted by future applicable Laws, Regulations, and/ or Rules, including but not limited to TEFCA, should additional data access rights become available): (i) You may access only information pertaining to individuals with whom You have a treatment relationship or for whom a provider who has a treatment relationship with the individual has requested a professional consultation from You, or from whom You have received authorization to use their Health Information, for or if You have received or requested Y     our own patient health records(ONC 21st Century Cures Act); (ii) You may use only the minimum necessary information for payment purposes; and (iii) for any other necessary business purposes and/ or uses in accordance with current Laws. You agree that You will not access the System or use the Services for any other purposes. In particular:

3.2.1.1 You will not reproduce, publish, or distribute content in connection with the Services that infringes any third party’s trademark, copyright, patent, trade secret, publicity, privacy, or other personal or proprietary right;

3.2.1.2 You will comply with all applicable laws, including laws relating to maintenance of privacy, security, and confidentiality of patient and other Health Information and the prohibition on the use of telecommunications facilities to transmit illegal, obscene, threatening, libelous, harassing, or offensive messages, or otherwise unlawful material;

3.2.1.3 You will not: (a) abuse or misuse the Services, including gaining or attempting to gain unauthorized access to the Services, or altering or destroying information in the Services except in accordance with accepted practices; (b) using the Services in a manner that interferes with other Users’ use of the Services; or (c) using the Services in any manner that violates our Policies and Procedures; (d) or use any ad blocking mechanism, device, or tool to prevent the placement of advertisements in the System and/ or the Service.

3.3 Clinical Support Information. We may provide information to assist You in clinical decision-making. This may include information and reminders concerning lab test results, drug interactions, allergies, dosages, as well as general health-care related information and resources. We may also provide forums for our users to exchange information. The information and materials available through this site are for informational and educational purposes only and are not intended to constitute professional advice, diagnosis or treatment, or to substitute for Your professional judgment. Information maybe placed on our Internet site by Us and by third parties beyond our control. We are not responsible for the accuracy or completeness of information available from or through our site. While You are permitted to use Our Services for this information, We bear no liability in connection to any acts or omissions or liability in any form for how You choose to advise, diagnose, or otherwise treat Your patients or clients, or how You choose to pass along this information to third-parties.

We do not recommend or endorse any provider of health care or health-related products, items or services, and the appearance of materials on this site relating to any such products, items or services is not an endorsement or recommendation of them. You agree to review the definitions, functionality, and limitations of the Services, and to make an independent determination of their suitability for Your use. We and Our suppliers and licensors disclaim all warranties, whether expressed or implied, including any warranty as to the quality, accuracy, and suitability of the information provided by the System for any purpose.

3.4 Safeguards.

3.4.1 
You will implement and maintain appropriate and industry standard administrative, physical and technical safeguards to protect information within the Services from access, use or alteration from Your Site or using a User ID assigned to You. Such safeguards shall comply with federal, state, and local requirements, including the Privacy Rule and the Security Rule, whether or not You are otherwise subject to HIPAA. You will maintain appropriate security with regard to all personnel, systems, and administrative processes used by You to transmit, store and process electronic Health Information through the use of the Services.

3.4.2 
You will immediately notify Us of any breach or suspected breach of the security of the Services of which You become aware, or any unauthorized use or disclosure of information within or obtained from the Services, and You will take such action to mitigate the breach or suspected breach as We may direct, and will cooperate with Us in investigating and mitigating the breach.

3.5 Location of Access. You are authorized to access the Services solely from Your Site, and from other sites from which You have received express written and signed approval from Us to access the Services.

3.6 Compliance. You will comply with the terms of this Agreement, our Policies and Procedures, and all applicable laws and regulations. You will be solely responsible for the use of the Services by You and Your Authorized Workforce.

3.7 User Identification. We authorize You to use the User IDs assigned to You by Us. You acquire no ownership rights in any User ID, and User IDs may be revoked or changed at anytime in our sole discretion. You will adopt and maintain reasonable and appropriate security precautions as are standard in the industry for User IDs to prevent their disclosure to or use by unauthorized persons. Each member of Your Authorized Workforce shall have and use a unique identifier. You will use Your best efforts to ensure that no member of Your Authorized Workforce uses a User ID assigned to another person, or otherwise gains unlawful access to the Services.  In addition to the indemnification rights that We have in this Section 16, You also agree to full compensate Us from any lost revenue, business losses, or other monetary losses that We incur because You allowed unauthorized third- parties to access the System in this Section and in Section 3.8.

3.8 No Third-Party Access. Except as required by law, You will not permit any third-party (other than Your Authorized Workforce) to have access to the Services and/ or to use the Services without our prior express written agreement. You will promptly notify Us of any order or demand for compulsory disclosure of Health Information if the disclosure requires access to or use of the System. You will cooperate fully with Us in connection with any such demand.

 3.9 Your Authorized Workforce.

 3.9.1 You may permit Your Authorized Workforce to use the Services on Your behalf, subject to the terms of this Agreement. You will:

3.9.1.1 
obtain a unique User ID from Us for each member of Your Authorized Workforce;

3.9.1.2 
train all Participants of Your Authorized Workforce in the requirements of this Agreement and the Policies and Procedures relating to their access to and use of the Services, and ensure that they comply with such requirements;

3.9.1.3 
take appropriate disciplinary action against any member who violates the terms of this Agreement or the Policies and Procedures;

3.9.1.4 
ensure that only You and Your Authorized Workforce access the Service from Your Site;

3.9.1.5 
immediately notify Us of the termination of employment of any member of Your Authorized Workforce, or of Your withdrawal of authorization for any such person to access the Service.

3.10 Patient Portal.   If you are a provider in the System, You may make Health Information available to Your patients through our Patient Portal. You are solely responsible for the information that You make available through the Patient Portal, for granting access rights to Your patients, and for revoking access rights. You agree that You will not use the Patient portal to make available the Health Information of any person under the age of 18 years. You acknowledge and agree that, if a patient of Yours authorizes the disclosure of his or her Health Information to Health Gorilla Inc. for inclusion in his or her personal health record, Health Gorilla may, from time to time for as long as the authorization is in effect, transfer the patient’s Health Information from the health record Health Gorilla maintains for You to a personal health record maintained separately by Health Gorilla for the patient. Information in the separate personal health record is distinct from Your patient health record, and is not subject to this User Agreement, or to our obligations to You as Your business associate. Personal health record information of patients who do not authorize the disclosure of their Health Information to Health Gorilla for inclusion in a separate personal health record will be held as part of the health record that Health Gorilla maintains for You, and will be subject to the terms of this User Agreement and our business associate obligations.

3.11 Forums. We may offer forums for the exchange of information among our users. You agree to comply with all applicable forum rules. In particular, You understand that We do not assure the accuracy, reliability, confidentiality or security of information made available through the use of such forums. You acknowledge that any information You post in a forum or discussion group is available to the public and may result in Your receiving communications from others outside our site. You are responsible for safeguarding the privacy of Your and Your patients’ personal information when You participate in forums, discussion groups and the like. You agree not to disclose individually identifiable Health Information through such forums.

3.12 Compliance with Law. Subject to the provisions of Section 16, You are solely responsible for ensuring that Your use of the Services (including making Health Information available through the Services) complies with applicable law. You will not undertake or permit any unlawful use of the Services or take any action that would render the operation or use of the Services by Us or any other User unlawful. We offer no assurance that Your use of the Services under the terms of this Agreement will not violate any law or regulation applicable to You.

3.13 Professional Responsibility. You will be solely responsible for the professional and technical services You provide. We make no representations concerning the completeness, accuracy or utility of any information in the Services, or concerning the qualifications or competence of individuals who placed it there. We have no liability for the consequences to You or Your patients of Your use of the Services.

3.14 Cooperation. You will cooperate with Us in the administration of the Services, including providing reasonable assistance in evaluating the Services and collecting and reporting data requested by Us for purposes of administering the Services.

3.15 This Section 3 will survive the termination or expiration of this Agreement for any reason.

4. Use of Information

4.1 Purpose of Services. The purpose of the Services is to facilitate the ordering of lab tests or procedures and the viewing and analysis of the results, the analysis of data from other health monitoring and other devices and other data as integrated from time to time, and (i) to make it available to You; (ii) to facilitate the sharing of individuals’ Health Information among Users, and(iii) to make Health Information available to Your patients through the Patient Portal. You may make Your Health Information accessible to other Users and to Your patients through the Services for these purposes. If You are a patient using the Patient Portal, then you can request, view, and share Your medical records from providers or from the Health Gorilla Clinical Network. You authorize Us, as Your business associate, to use and disclose Your Health Information as follows, subject to the recipient's agreement to comply with our Policies and Procedures and with applicable laws and regulations relating to the use and disclosure of Health Information, and subject also to the provisions of section 9:

4.1.1 We will permit access to Your Health Information to You.

4.1.2 We will permit access to Your Health Information to Your patients to whom You have agreed to grant access through our Patient portal.

4.1.3 We will permit access to Your Health Information by health care providers and their business associates to whom You have consented to provide access for treatment and payment and/ or any other lawful purpose through the sharing/referral features of the Service. We will obtain Your consent before We make Your Health Information available to other providers. You acknowledge that once We have granted access rights to another provider, We have no control over the uses and disclosures that the provider makes of Your Health Information.

4.1.4 We may disclose or permit access to Your Health Information to health plans, health care clearinghouses, medical groups, independent practice associations and other parties responsible for payment and their business associates for the purpose of obtaining payment for services You provide, unless You advise Us in writing that the patient has paid out of pocket in full for the service to which the Health Information relates, and has requested that it not be disclosed to his or her health plan.

4.1.5 We may De-Identify Your Health Information, and use and disclose De-Identified Information as provided by Section 5 and Section 7.

4.1.6 We may create limited data sets from Your Health Information, and disclose them for any purpose for which You may disclose a limited data set; and You hereby authorize Us to enter into data use agreements on Your behalf for the use of limited data sets, in accordance with applicable law and regulation.

4.1.7 We may use Your Health Information in order to prepare analyses and reports, such as activity or quality-metrics reports, or any other reports the System makes available, in order to render these reports to You. Such reporting will be done in a manner that does not make any disclosure of Your Health Information that You would not be permitted to make.

4.1.8 We may use Your Health Information for the proper management and administration of the System and our business, and to carry out our legal responsibilities. We may also disclose Your Health Information for such purposes if the disclosure is required by law, or We obtain reasonable assurances from the recipient that it will be held confidentially and used or further disclosed only as required by law or for the purpose for which it was disclosed to the recipient, and the recipient notifies Us of any instances of which it is aware in which the confidentiality of the information has been breached. Without limiting the foregoing, We may permit access to the system by our contracted system developers under appropriate confidentiality agreements.

4.1.9 We may use Your Health Information to contact Your patients on Your behalf for any purpose for which You would be permitted to contact them, including, without limitation:
    (a) For treatment, including sending appointment and requisition reminders;
    (b) For case management and care coordination, or to direct or recommend alternative treatments, therapies, health care providers or settings of care;
    (c) To request authorization on Your behalf from Your patients to use or disclose their Health Information for any purpose for which use or disclosure may be made with an appropriate authorization, including marketing purposes. You agree that We may also use and disclose Your patient’s Health Information as permitted by any such authorization; and
    (d) To provide information about health-related products or services that You provide, or that We provide on Your behalf as Your business associate.

4.1.10 We may use or disclose Your Health Information for other purposes, as from time to time described in our Policies and Procedures; provided that We will not make or permit any such use or disclosure that would violate applicable law or regulation if made by You or Your business associate. Except as provided in subsection 4.1.7 and subsection 4.1.8, and notwithstanding any other provision of this section, We will not use or disclose Your Health Information in any manner that would violate the requirements of the Privacy Rule if done by You.

4.2 Responsibility for Misuse by Other Users. You acknowledge that in granting access to the System for the purposes set forth in Section 4.1, We will rely on the assurances of the recipients of the information as to (i)their identity and credentials, (ii) the purposes for which they are accessing the Services, and (iii) the nature and extent of the information to which they will have access. You acknowledge that, while the Services will contain certain technical safeguards against misuse of the Services, it will rely to a substantial extent on the representations and undertakings of Users. You agree that We will not be responsible for any unlawful access to or use of Your Health Information by any User resulting from the User’s misrepresentation to Us, or breach of the User’s User agreement or our Policies and Procedures.

4.3 Specially Protected Information. We apply the standards of the Privacy Rule in permitting access to the System. You acknowledge that other federal and state laws impose additional restrictions on the use and disclosure of certain types of Protected Health Information to certain classes of individuals. You agree that You are solely responsible for ensuring that Your Health Information may properly be disclosed for the purposes set forth in section 4.1, subject only to the restrictions of the Privacy Rule. In particular, You will:

4.3.1 not make available through the System any information subject to any restriction on use or disclosure (whether arising from Your agreement with the individual or under law), other than the general restrictions contained in the Privacy Rule;

4.3.2 obtain any necessary consents, authorizations or releases from individuals required for making their Health Information available through the System for the purpose set forth in section 4.1;

4.3.3 include such statements(if any) in Your notice of privacy practices as may be required in connection with Your use of the System;

4.3.4 not place in the System any information that the You know or have reason to believe is false or materially inaccurate.

4.4 Share as a Provider. With Your consent, We will make Your online      health record for any patient You designate accessible to any other User of the System whom You approve. You may revoke Your consent with respect to any other User at any time, which shall limit access from that time forward. While Your consent is in effect, an approved User, depending upon whether they were a Provider or a Patient, may view and/ or edit any health record.  You have designated for his or her use. If You revoke Your consent, the approved User will continue to have the ability to view to the health record in the form in which it existed at the time You revoked Your consent but will not be able to view changes made to the record thereafter and will not be able to edit the record. The same rules apply to Your use of another User’s record who approves access for You. You and Your Authorized Workforce are fully responsible for the information in any chart that You share. You and/or Your Authorized Workforce should not share patient information that violates any state and/or federal laws, such as a positive HIV test result. In the future, Health Gorilla may allow You to share only subsections of a patient chart or may allow a referee to share the patient chart with others, in either case, Health Gorilla will obtain Your consent before using allowing the use of such features. In any event, but especially in cases of potential fraud, misuse and/or abuse of the System, Health Gorilla reserves the right, in its sole judgment, to revoke, remove, cancel or deny continued access to any health record or any Share request.

4.5 This Section 4 will survive the termination or expiration of this Agreement for any reason.

5. Providing Physician Data to Payers

Without limiting the provisions of Section 7, You agree that We may provide De-Identified Health Information and other information (including Your Personal Information and information concerning Your practice to any medical group, independent practice association of physicians, health plan or other organization with which You have a contract to provide medical services, or to whose members or enrollees You provide medical services. Such information may identify You, but will not identify any individual to whom You provide services. Such information may include (without limitation) aggregate data concerning Your patients, diagnoses, procedures, orders and the like.

This Section 5 will survive the termination or expiration of this Agreement for any reason.

6. Product and Service Notifications.

As expressly permitted by this Agreement or by our Policies and Procedures, unless We obtain Your consent, We will not disclose to any third party any information that identifies You to enable the third party to market products or services to You directly.

7. Intellectual Property Rights

As expressly permitted by this Agreement or by our Policies and Procedures, unless We obtain Your consent, We will not disclose to any third party any information that identifies You to enable the third party to market products or services to You directly.

7.1  Identifiable Health Information. Except as provided in Section 7.2 (De-Identified Information), You retain all rights with regard to Your Protected Health Information.

7.2 De-Identified Information. In consideration of our provision of the Services, You hereby transfer and assign to Us all an irrevocable right, title and interest in and to all De-Identified Information that We make from Your Health Information pursuant to Section 4.1.5. or any other lawful source. You agree that We may use, disclose, market, license and sell De-Identified Information for any purpose without restriction, and that You have no have no further lawful or equitable interest in such information, or in the proceeds of any sale, license, or other commercialization thereof. You acknowledge that the rights conferred by this section are the principal consideration for the provision of the Services, without which We would not enter into this Agreement.

7.3 Other Works and Information. You agree that any information, material or work product You provide to this site, other than Protected Health Information and Personal Information which has not been De-Identified, is the exclusive intellectual property of Health Gorilla, and by submitting such content or material transfer You agree that We may use, disclose, market, license and sell this information and therefore assign to Us all an irrevocable right, title and interest in and to in such content or material for any purpose without restriction, and that You have no have no further lawful or equitable interest in such information, or in the proceeds of any sale, license, or other commercialization thereof.  You agree that We may use, disclose, market, license and sell such information and works, including derivative products, without restriction. This includes, for example, Data(other than Protected Health Information or Personal Information which has not been De-Identified) that You contribute to forums, discussion groups and the like. Furthermore, You agree that Health Gorilla may use, disclose, market, license and sell such material or content, and that You have no interest in the information, or in the proceeds of any sale, license, or other commercialization thereof. You warrant and agree that any material You provide will not infringe on the intellectual property or other rights of others, and will not be otherwise unlawful, infringing, threatening, libelous, defamatory, obscene, pornographic, or in violation of any law.

7.4 This Section 7 will survive the termination or expiration of this Agreement for any reason.

8. Individuals’ Rights

You shall be solely responsible for affording individuals their rights with respect to Your Health Information, such as the rights of access and amendment. You will not undertake to afford an individual any rights with respect to any information in the Services other than Your Health Information.

9. Business Associate Provisions

You shall be solely responsible for affording individuals their rights with respect to Your Health Information, such as the rights of access and amendment. You will not undertake to afford an individual any rights with respect to any information in the Services other than Your Health Information.

In maintaining, using and affording access to Your Health Information in accordance with this Agreement, We will:

9.1 Not use or further disclose the information except as permitted or required by this Agreement or as required by law;

9.2 Use appropriate safeguards to prevent use or disclosure of the information other than as provided for by this Agreement, including administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the information;

9.3 Report to You any use or disclosure of the information not provided for by this Agreement of which We become aware, or any security incident as a result of which We determine that unauthorized access has been obtained to Your Protected Health Information;

9.4 Ensure that any of our agents or subcontractors to whom We provide Your Health Information for purposes of assisting Us in providing the Services, agrees to the same restrictions and conditions that apply to Us with respect to such information, including the obligation to implement reasonable and appropriate safeguards to protect it (it being understood that other Users of the System are not our agents or subcontractors);

9.5 Make available Protected Health Information in accordance with § 164.524 of the Privacy Rule;

9.6 Make available Protected Health Information for amendment and incorporate any amendments to Protected Health Information in accordance with Sect 164.526 of the Privacy Rule;

9.7
 Make available the Protected Health Information required to provide an accounting of disclosures in accordance with Sect; 164.528 of the Privacy Rule;

9.8 Make our internal practices, books, and records relating to the use and disclosure of protected Personal Health Information received from, or created or received by Us on Your behalf available to the Secretary of the United States Department of Health and Human Services for purposes of determining Your compliance with the Privacy Rule; and

9.9 Upon termination You understand and agree that it is infeasible to return and to destroy all identifiable and/ or unidentifiable Health Information received from, or created or received by Us on Your behalf.  We still maintain such Health Information in any form, and retain copies of such information; notwithstanding the foregoing we will extend the protections of this Agreement to the information and limit further uses and disclosures to those purposes that are valid under current Law. You acknowledge that it will be infeasible to segregate Your Health Information for removal from the Services.  We will maintain a version of those records through the time You withdraw Your approval, and We will continue to make those records available to the approved(or formerly approved) User. You acknowledge that You may have to purchase proprietary software in order to access such information.

9.10 HITECH Act. As required by the HITECH Act:
    (a) We will comply with the provisions of the HIPAA Security Rule that are made applicable to business associates by section 13401(a) of the HITECH Act, with the additional provisions of the HITECH Act relating to security that are made applicable to business associates and incorporated into business associate contracts by section 13401(a) of the HITECH Act, and with the additional provisions of the HITECH Act relating to privacy that are made applicable to business associates and incorporated into business associate contracts by section 13404(a) of the HITECH Act.
    (b) We will report to You the discovery of any breach of unsecured Protected Health Information that We access, maintain, retain, modify, record, store      destroy or otherwise hold, use or disclose on Your behalf, in compliance with the requirements of Section 13402 of the HITECH Act and the regulations promulgated thereunder (45 CFR Parts 160 and 164, Subpart D), and We will cooperate reasonably with You to investigate and mitigate any such breach, and to provide You with information You need to make any legally required notification to individuals.  For the sake of clarity, You shall be fully responsible for both the total costs and the effort required for notification in the event of a breach of any applicable provision of HIPAA and HITECH.

9.11.  This Section 9 will survive the termination or expiration of this Agreement for any reason.

10. Computer Systems

10.1 Your Systems. You will acquire, install, configure and maintain all hardware, software and communications systems necessary to access the Services(Your “Implementation”). Your Implementation will comply with the specifications from time to time established by Us. You will ensure that Your Implementation is compatible with the Services. If We notify You that Your Implementation is incompatible with the Services, You will eliminate the incompatibility, and We may suspend Services to You until You do so.

10.2 Assistance. Upon request, We may provide goods or services in connection with Your Implementation. You will pay our then standard charges for such assistance, and our out-of-pocket costs.

11. Third-Party Sites and Service Providers

11.1 Third-Party Sites. The System may contain hyperlinks to Internet web sites operated by third parties, or to materials or information made available by third parties. Such third parties may offer goods or services for sale to You. Such links do not constitute or imply our endorsement of such third parties, or of the content of their sites, the quality or efficacy of their goods or services, or their information privacy or security practices, and We have no responsibility for information, goods or services offered or provided by such third parties, or for the manner in which they conduct their operations. You ruse of third-party sites and the materials, goods and services offered by them is entirely at Your own risk and is subject to the terms of use of the third parties operating or providing them. You should assume that any Internet page or other material that does not bear the Health Gorilla logo is provided by a third party.

11.2 Health Gorilla Miscellaneous.

11.2.1 Access and Uses. 
Health Gorilla facilitates the transmission of Health Information in the Services among Participants in the Health Gorilla Clinical Network in accordance with the Permitted Use. Transmission of information may include electronic ordering information between participants in the Health Gorilla Clinical Network, through which requisition benefit and history information, including eligibility, insurance coverage, and other information, is transmitted electronically between Participants in the Health Gorilla Clinical Network from Data (as defined above) to a practitioner at the point of ordering, and through which ordering messages are routed electronically from a practitioner to the vendor of a patient’s choice. Practitioner hereby agrees and acknowledges that Health Gorilla will use the Health Gorilla Clinical Network to facilitate various features in the Services. Furthermore, Practitioner agrees to access and utilize the Health Gorilla Clinical Network only in accordance with the terms and conditions of this Agreement as it pertains generally to Services and in addition to the terms and conditions set forth in this Section. Examples of Data herein include: (a) health benefit payor or ACO Group Administrator, or other similar entity which has entered into a written agreement with Health Gorilla to allow access through the Health Gorilla Clinical Network to information in its possession; and (b) a diagnostic laboratory, diagnostic laboratory chain, an entity that has contracted with Health Gorilla to become either a vendor or practitioner aggregator and is designated as such by Health Gorilla or other entity which has entered into a written agreement with Health Gorilla to allow access through the Services to information in its possession.

11.2.2 Confidentiality. You agree to keep confidential any and all of Health Gorilla confidential information, as well as the confidential information of all entities that have contracted with Health Gorilla to become either a vendor or practitioner aggregator and is designated as such by Health Gorilla (certified aggregators),entities that have been designated by Health Gorilla as a value-added reseller of the Health Gorilla Services and connectivity to other entities that aggregate practitioners and/or vendors (certified VAR), Data Sources, practitioners, health care providers, or facilities, technology vendors, and other entities or individuals that have entered into a written agreement with Health Gorilla either directly or indirectly, in order to access, provide, or communicate through the Health Gorilla Clinical Network, whether explicitly marked confidential or reasonably believed to be confidential.

11.2.3 Compliance with Applicable Law. You are required to and must certify that You have obtained any and all necessary patient consents and authorizations required by applicable law including, without limitation, all federal, state, local, common law, rules, regulations, directives, and guidelines prior to using any of Services, including, without limitation, its electronic ordering service. You hereby agree and provide assurances that all messages transmitted via the Services originate from legally authorized locations. Health Gorilla reserves the right to terminate use of the Services for any reason with or without notice.

11.2.4 Disclaimer.  HEALTHGORILLA MAKES NO REPRESENTATION OR WARRANTY REGARDING THE AVAILABILITY THROUGH THE SERVICES ANY PARTICULAR DATA OR OTHER PARTICIPANT IN THE SERVICES AT ANY TIME, AND DATA AND OTHER PARTICIPANTS IN THESERVICES MAY BE ADDED OR DELETED WITHOUT PRIOR NOTICE. YOU ACKNOWLEDGE AND AGREE THAT AT ANY TIME ANDWITHOUT PRIOR NOTICE, CERTAIN SOURCES OF DATA MAY ELECT NOT TO RECEIVE REQUISITIONS AND/OR OTHER MESSAGES. YOU FURTHER AGREE THAT AS THE TREATING PHYSICIAN OR OTHER HEALTH CARE PROVIDER, YOU HAVE VERIFIED REQUISITION BENEFIT OR REQUISITION HISTORY INFORMATION WITH EACH PATIENT AND/OR THE PATIENT’S REPRESENTATIVES BEFORE SUCH INFORMATION IS RELIED UPON OR UTILIZED IN DIAGNOSING OR TREATING THE PATIENT. HEALTH GORILLA DOES NOT AND CANNOT INDEPENDENTLY VERIFY OR REVIEW THE INFORMATION TRANSMITTED THROUGH THE SERVICES FOR ACCURACY AND COMPLETENESS. THE SERVICES ARE NOT INTENDED TO SERVE AS A REPLACEMENT FOR A WRITTEN REQUISITION WHERE NOT APPROVED AS SUCH BY THE APPROPRIATE GOVERNMENTAL AUTHORITIES OR WHERE SUCH WRITTEN REQUISITION IS REQUIRED FOR RECORD KEEPING PURPOSES, OR APPLICABLE REQUISITION DOCUMENTATION. USE OF THE SERVICES IS NOT A SUBSTITUTE FOR A HEALTHCARE PROVIDER’S STANDARD PRACTICE OR PROFESSIONAL JUDGMENT. ANY DECISION WITH REGARD TO THE APPROPRIATENESS OF TREATMENT, OR THE VALIDITY OR RELIABILITY OF INFORMATION, IS SOLELY YOUR RESPONSIBILITY. HEALTH GORILLA IS NOT RESPONSIBLE FOR DATA ERRORS WITHIN THE SERVICES, REGARDLESS OF THEIR SOURCE.
   
11.2.5 No Warranty. THE SERVICESARE PROVIDED “AS IS” AND WITHOUT WARRANTIES, EXCEPT AS SET FORTH BELOW. ALLOTHER WARRANTIES AND REPRESENTATIONS OF ANY KIND WITH REGARD TO THE SERVICESARE HEREBY DISCLAIMED, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY,NON-INFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE. HEALTH GORILLA DOES NOTWARRANT THAT THE SERVICES WILL MEET ANY REQUIREMENTS OR THAT IT WILL OPERATE WITHOUT INTERRUPTION OR BE ERROR FREE.

Health Gorilla agrees to use commercially reasonable efforts at all times to provide prompt and efficient service and to maintain its own equipment, proprietary systems and programs; However, We make no warranties or representations regarding the Services except as expressly stated herein.  We shall use all due care in processing all work submitted to it by Health Gorilla. Health Gorilla shall not be responsible in any manner for errors or failures of proprietary systems and programs of third parties, nor shall Health Gorilla be liable for errors or failures of any Participant’s software or operational systems.

11.2.6 Force Majeure. Neither Party shall be liable nor deemed in default for failure to fulfill any obligation under this Agreement due to causes beyond its reasonable control. Such causes or conditions shall include, but shall not be limited to, acts of God or of the public enemy, acts of the Government in either its sovereign or contractual capacity, fires, floods, epidemics, quarantine restrictions, strikes, shortages of labor or materials, freight embargoes, unusually severe weather, electrical power failures, telecommunication or internet backbone outages, failure of an internet access provider or other similar causes beyond the Parties’ control, and neither Party shall be liable for losses, expenses or damages, ordinary, special or consequential, resulting directly or indirectly from such causes.

11.2.7 Audit. You authorize Health Gorilla to access, inspect, and/or audit Your records relating to the use of the Services and/ or Data and/ or other information provided by You.

11.2.8 Survey. By using Health Gorilla and/or consenting to its terms, You authorize Health Gorilla to contact You for survey and/or statistical purposes. You also agree that Health Gorilla shall be entitled to disclose information received from You for the purpose of(and only to the extent necessary for) operating Health Gorilla business and providing the Health Gorilla Services, including, without limitation, sharing Your information and/or data with other Data Sources to the extent necessary to fulfill the terms of this Agreement, but only in accordance with all applicable law, or pursuant to a valid order issued by a duly authorized court or Government authority.

11.2.9 HIPAA Compliance.  Health Gorilla may utilize, transfer, or disclose aggregated information, including, but not limited to, summary statistics, which has been de-identified in accordance with HIPAA at 45 CFR 164.514 such that it does not identify an individual and cannot be used to identify an individual for any purpose. Notwithstanding the foregoing, Health Gorilla’s use of de-identified data shall be in accordance with its Notice of Privacy Policy at www.healthgorilla.com.

11.3 This Section 11 will survive the termination or expiration of this Agreement for any reason.

12. Fees and Charges

12.1 Service Fees. You will pay Us a “Service Fee” for the use of the Service by You and or Your Authorized Workforce, which is defined as everything that is described in the Plans and Pricing section of Our website and/ or as set forth in Our express written agreement. You also agree to pay, at Our then current rates, for all goods or services that You incur by granted access to Your Authorized Workforce, to the extent that is differs from the express written permission that We have granted to You.

12.2 Payment. The Service Fee and any shall be paid by You on receipt or within twenty (20) days of date of invoice at the address set forth under our name below, or as otherwise agreed in a relevant express written contract for these Services, or such other address as may be set forth in our Policies and Procedures.

12.3 Late Charges. Failure to pay fees within ten (10) days of the due date may result in termination of access to the Services without notice. A reconnection fee equal to one (1)month’s Service Fee shall be assessed to re-establish connection after termination due to non-payment.

12.4 Taxes. All charges and fees shall be exclusive of all federal, state, municipal, or other government excise, sales, use, occupational, or like taxes now in force or enacted in the future, and You agree to pay any tax (excluding taxes on our net income) that We may be required to collect or pay now or at any time in the future and that are imposed upon the sale or delivery of items and services purchased under this Agreement.

12.5. This Section 12 will survive the termination or expiration of this Agreement for any reason.

13. Confidential Information

13.1 You may not disclose our Confidential Information to any other person, and You may not use any Confidential Information except for the purpose of this Agreement. Except as otherwise provided in this Agreement, You may not, without our prior written consent, at any time, during or after the Term of this Agreement, directly or indirectly, divulge or disclose Confidential Information for any purpose or use Confidential Information for its own benefit or for the purposes or benefit of any other person. You agree to hold all Confidential Information in strict confidence and to take all measures necessary to prevent unauthorized copying, use, or disclosure of Confidential Information, and to keep the Confidential Information from falling into the public domain or into the possession of persons not bound to maintain its confidentiality. You will disclose Confidential Information only to members of Your Authorized Workforce who have a need to use it for the purposes of this Agreement. You will inform all such recipients of the confidential nature of Confidential Information and will instruct them to deal with Confidential Information in accordance with the terms of this Agreement. You will promptly advise Us in writing of any improper disclosure, misappropriation, or misuse of the Confidential Information by any person, which may come to Your attention.

13.2 You agree that We will suffer irreparable harm if You fail to comply with its obligations set forth in this Section 13, and You further agree that monetary damages will be inadequate to compensate Us for any such breach. Accordingly, You agree that We will, in addition to any other remedies available to Us at law or in equity, be entitled to the issuance of injunctive relief to enforce the provisions hereof, immediately and without the necessity of posting a bond.

13.3 This Section 13 will survive the termination or expiration of this Agreement for any reason.

14. Disclaimer, Exclusion of Warranties, and Limitation of Liability

14.1 Carrier Lines. YOU ACKNOWLEDGE THAT ACCESS TO THE SERVICES WILL BE PROVIDED OVER VARIOUS FACILITIES AND COMMUNICATIONS LINES, AND INFORMATION WILL BE TRANSMITTED OVER LOCAL EXCHANGE AND INTERNET BACKBONE CARRIER LINES AND THROUGH ROUTERS, SWITCHES, AND OTHER DEVICES (COLLECTIVELY, “CARRIER LINES”) OWNED, MAINTAINED, AND SERVICED BY THIRD-PARTY CARRIERS, UTILITIES, AND INTERNET SERVICE PROVIDERS, ALL OF WHICH ARE BEYOND OUR CONTROL. WE ASSUME NO LIABILITY FOR OR RELATING TO THE INTEGRITY, PRIVACY, SECURITY, CONFIDENTIALITY, OR USE OF ANY INFORMATION WHILE IT IS TRANSMITTED ON THE CARRIER LINES, OR ANY DELAY, FAILURE, INTERRUPTION, INTERCEPTION, LOSS, TRANSMISSION, OR CORRUPTION OF ANY DATA OR OTHER INFORMATION ATTRIBUTABLE TO TRANSMISSION ON THE CARRIER LINES. USE OF THE CARRIER LINES IS SOLELY AT YOUR RISK AND IS SUBJECT TO ALL APPLICABLE LOCAL, STATE, NATIONAL, AND INTERNATIONAL LAWS.

14.2 No Warranties. ACCESS TO THE SERVICES AND THE INFORMATION CONTAINED ON THE SERVICES IS PROVIDED “AS IS” AND “AS AVAILABLE” WITHOUT ANY WARRANTY OF ANY KIND, EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NONINFRINGEMENT. YOU ARE SOLELY RESPONSIBLE FOR ANY AND ALL ACTS OR OMISSIONS TAKEN OR MADE IN RELIANCE ON THE SERVICES OR THE INFORMATION IN THE SYSTEM, INCLUDING INACCURATE OR INCOMPLETE INFORMATION. IT IS EXPRESSLY AGREED THAT IN NO EVENT SHALL WE BE LIABLE FOR ANY SPECIAL, INDIRECT, CONSEQUENTIAL, OR EXEMPLARY DAMAGES, INCLUDING BUT NOT LIMITED TO, LOSS OF PROFITS OR REVENUES, LOSS OF USE, OR LOSS OF INFORMATION OR DATA, WHETHER A CLAIM FOR ANY SUCH LIABILITY OR DAMAGES IS PREMISED UPON BREACH OF CONTRACT, BREACH OF WARRANTY, NEGLIGENCE, STRICT LIABILITY, OR ANY OTHER THEORY OF LIABILITY, EVEN IF WE HAVE BEEN APPRISED OF THE POSSIBILITY OR LIKELIHOOD OF SUCH DAMAGES OCCURRING. WE DISCLAIM ANY AND ALL LIABILITY FOR ERRONEOUS TRANSMISSIONS AND LOSS OF SERVICE RESULTING FROM COMMUNICATION FAILURES BY TELECOMMUNICATION SERVICE PROVIDERS OR THE SERVICES.

14.3 Conditions for Breach. We will not be deemed to be in violation of this Agreement unless You have first given Us written notice specifying the nature of the default, and We have failed within thirty (30) days of receipt of the notice either to cure the default or, if cure within such period is not practicable, to be diligently proceeding to cure the default.

14.4 Other Users. YOU ACKNOWLEDGE THAT YOU AND/OR YOUR           AUTHORIZED USERS HAVE ACCESS TO THE SERVICES AND ARE RECEIVING OUR SERVICES. SUCH OTHER PARTICIPANTS HAVE COMMITTED TO COMPLY WITH OUR POLICIES AND PROCEDURES CONCERNING USE OF THE SYSTEM; HOWEVER, THE ACTIONS OF SUCH OTHER UNAUTHORIZED THIRD-PARTY USERS ARE BEYOND OUR CONTROL. ACCORDINGLY, WE DO NOT ASSUME ANY LIABILITY FOR OR RELATING TO ANY IMPAIRMENT OF THE PRIVACY, SECURITY, CONFIDENTIALITY, INTEGRITY, AVAILABILITY, OR RESTRICTED USE OF ANY INFORMATIONON SERVICES RESULTING FROM ANY PARTICIPANT’S ACTIONS OR FAILURES TO ACT.

14.5 Unauthorized Access; Lost or Corrupt Data. WE ARE NOT RESPONSIBLE FOR UNAUTHORIZED ACCESS TO YOUR DATA, FACILITIES OR EQUIPMENT BY INDIVIDUALS OR ENTITIES USING THE SYSTEM OR FOR UNAUTHORIZED ACCESS TO, ALTERATION, THEFT, CORRUPTION, LOSS OR DESTRUCTION OF YOUR DATA FILES, PROGRAMS, PROCEDURES, OR INFORMATION THROUGH THE SYSTEM, WHETHER BY ACCIDENT, FRAUDULENT MEANS OR DEVICES, OR ANY OTHER MEANS. YOU ARE SOLELY RESPONSIBLE FOR VALIDATING THE ACCURACY OF ALL OUTPUT AND REPORTS, AND FOR PROTECTING YOUR DATA AND PROGRAMS FROM LOSS BY IMPLEMENTING APPROPRIATE SECURITY MEASURES, INCLUDING ROUTINE BACKUP PROCEDURES. YOU HEREBY WAIVE ANY DAMAGES OCCASIONED BY LOST OR CORRUPT DATA, INCORRECT REPORTS, OR INCORRECT DATA FILES RESULTING FROM PROGRAMMING ERROR, OPERATOR ERROR, EQUIPMENT OR SOFTWARE MALFUNCTION, SECURITY VIOLATIONS, OR THE USE OF THIRD-PARTY SOFTWARE. WE ARE NOT RESPONSIBLE FOR THE CONTENT OF ANY DATA TRANSMITTED OR RECEIVED THROUGH OUR PROVISION OF THESERVICES.

14.6 Limitation of Liability. OUR AGGREGATE LIABILITY UNDER THIS AGREEMENT TO YOU, REGARDLESS OF THE LEGAL CLAIM, CAUSE, AND/OR THEORY OF LIABILITY, WHETHER AT LAW OR INEQUITY, SHALL BE LIMITED TO THE AGGREGATE FEES ACTUALLY PAID BY YOU UNDER THIS AGREEMENT FOR THE INITIAL SIX (6) MONTH PERIOD.

15. Term; Modification; Suspension; Termination

15.1 Term. The initial Term of this Agreement shall commence on the Effective Date and continue for as long You use the Services, unless continued as indicated above.

15.2 Modification. We may update or change the Services and/or the terms set forth in this Agreement from time to time and recommend that You review the Agreement on a regular basis. You understand and agree that Your continued use of the Services after the Agreement has been updated or changed constitutes Your acceptance of the revised Agreement.

15.3 Termination, Suspension or Amendment as a Result of Government Regulation. Notwithstanding anything to the contrary in this Agreement, We have the right, to immediately terminate, suspend, or amend this Agreement, without liability, to protect Our business interests.

15.4 Suspension of Access. We may suspend access to the Services by You or any member of Your Authorized Workforce immediately pending Your cure of any breach of this Agreement, or in the event We determine in our sole discretion that access to or use of the Services by You or the member of Your Authorized Workforce may jeopardize the Services or the confidentiality, privacy, security, integrity or availability of information within the Services, or that You or the member of Your Authorized Workforce has violated or may violate this Agreement or our Policies and Procedures, or has jeopardized or may jeopardize the rights of any third party, or that any Participant is or maybe making unauthorized use of the Services with any User ID assigned to You or a member of Your Authorized Workforce. Our election to suspend the Services shall not waive or affect our rights to terminate this Agreement as permitted under this Agreement, and it shall not waive your express written obligation, or other obligation as stated herein to pay for use of the Services.

16. Indemnity

You agree to indemnify, defend, and hold harmless Us and other Participants or affected individuals, and our and their affiliates, officers, directors, and agents, from any claim, cost, loss and/ or liability, including reasonable attorneys’ fees, arising from or relating to:(a) the use of Data or other information that You receive via the Services by You or Your Authorized Workforce; (b) any breach by You or Your Authorized Workforce of any representations, warranties or agreements contained in this Agreement, specifically any breach of Sections 2-4, 9 and 11, 13-14;(c) the actions of any person gaining access to the System under a User ID assigned to You or a member of Your Authorized Workforce; (d) the actions of anyone using a User ID, password or other unique identifier assigned to You or any member of Your Authorized Workforce that adversely affects the Services or any information accessed through the Services; and (e) Your negligent or willful misconduct, or that of any Participant, subcontractor, agent, or affiliate of Your Authorized Workforce.

17.  Applicable Law

The interpretation of this Agreement and the resolution of any disputes arising under this Agreement shall be governed by the laws of the State of Delaware. If any action or other proceeding is brought on or in connection with this Agreement, the venue of such action shall be exclusively in the City and County of San Francisco, California unless as set forth in Section 18.

18. Arbitration

ANY DISPUTE, CLAIM OR CONTROVERSY ARISING OUT OF OR RELATING TO THIS NOTICE OR THE BREACH, TERMINATION, ENFORCEMENT, INTERPRETATION OR VALIDITY THEREOF, INCLUDING THE DETERMINATION OF THE SCOPE OR APPLICABILITY OF THIS AGREEMENT TO ARBITRATE, OR TO YOUR USE OF THIS SITE OR THE SYSTEMS OR INFORMATION TO WHICH IT GIVES ACCESS, SHALL BE DETERMINED BY ARBITRATION AT A LOCATION THAT IS AT THE SOLE DISCRETION OF HEALTH GORILLA BEFORE A SINGLE ARBITRATOR. THE ARBITRATION SHALL BE ADMINISTERED BY JAMS PURSUANT TO ITS COMPREHENSIVE ARBITRATION RULES AND PROCEDURES. JUDGMENT ON THE AWARD MAY BE ENTERED IN ANY COURT HAVING JURISDICTION. THIS CLAUSE SHALL NOT PRECLUDE PARTIES FROM SEEKING PROVISIONAL REMEDIES OR ANY FORM OF INJUNCTIVE RELIEF AS NECESSARY FROM A COURT OF APPROPRIATE JURISDICTION.

19. Non-Assignability

This Agreement may not be assigned or transferred by You without our prior written consent.

20. Severability

Any provision of this Agreement that shall prove to be invalid, void, or illegal, shall in no way affect, impair, or invalidate any other provision of this Agreement, and such other provisions shall remain in full force and effect.

21. Notices

Any and all notices required or permitted under this Agreement shall be sent by United States mail or fax transmission to the address provided below or to such other and different addresses as the Parties may designate in writing. If You supply Us with an electronic mail address, We may give notice by email message addressed to such address; provided that if We receive notice that the email message was not delivered, We will give the notice by United States mail or fax.

To Us: Health Gorilla, Inc., 228 Hamilton Ave, Palo Alto, CA 94301

22. Waiver

No term of this Agreement shall be deemed waived, and no breach excused, unless such waiver or consent shall be in writing and by Health Gorilla.

23. No Third-Party Beneficiaries

Nothing expressed or implied in this Agreement is intended to confer, nor shall confer, upon You, other You, any ability to assign any rights, remedies, obligations, or liabilities whatsoever herein.

24. Authority

You represent and warrant that You and Your Authorized Workforce are competent and capable of entering into a binding contract, and that they are authorized to enter into this Agreement on behalf of Health Gorilla.

Social Determinants of Health
Terms of Use

1. RESTRICTED LICENSE.  Heath Gorilla hereby grants to Customer a restricted license to use the Heath Gorilla Services and any data contained therein, subject to the restrictions and limitations set forth below:

(i) Generally.  Heath Gorilla hereby grants to Customer a restricted license to use the Heath Gorilla Services solely for Customer’s own internal business purposes.  Customer represents and warrants that all of Customer’s use of the Heath Gorilla Services shall be for only legitimate business purposes, including those specified by Customer in connection with a specific information request, relating to its business and as otherwise governed by the Agreement.  Except as expressly permitted otherwise under this Agreement, Customer shall not use the Heath Gorilla Services for marketing purposes or resell or broker the Heath Gorilla Services to any third party and shall not use the Heath Gorilla Services for personal (non-business) purposes. Customer shall not use the Heath Gorilla Services to provide data processing services to third-parties or evaluate the data of or for third-parties. Customer agrees that if Heath Gorilla determines or reasonably suspects that continued provision of Heath Gorilla Services  to Customer entails a potential security risk, or that Customer is engaging in marketing activities, reselling, brokering or processing or evaluating the data of or for third-parties, or using the Heath Gorilla Services for personal (non-business) purposes or using the Heath Gorilla Services' information, programs, computer applications, or data, or is otherwise violating any provision of this Agreement, or any of the laws, regulations, or rules described herein, Heath Gorilla may take immediate action, including, without limitation, terminating the delivery of, and the license to use, the Heath Gorilla Services.  Customer shall not access the Heath Gorilla Services from Internet Protocol addresses located outside of the United States and its territories without Heath Gorilla’s prior written approval. Customer may not use the Heath Gorilla Services to create a competing product.  Customer shall comply with all laws, regulations and rules which govern the use of the Heath Gorilla Services and information provided therein. Heath Gorilla may at any time mask or cease to provide Customer access to any Heath Gorilla Services or portions thereof which Heath Gorilla may deem, in Heath Gorilla’s sole discretion, to be sensitive or restricted information.

(ii) GLBA Data.  Some of the information contained in the Heath Gorilla Services is “nonpublic personal information,” as defined in the Gramm-Leach-Bliley Act (15 U.S.C. § 6801, et seq.) and related state laws, (collectively, the “GLBA”), and is regulated by the GLBA (“GLBA Data”).  Customer shall not obtain and/or use GLBA Data through the Heath Gorilla Services, in any manner that would violate the GLBA, or any similar state or local laws, regulations and rules.  Customer acknowledges and agrees that it may be required to certify its permissible use of GLBA Data falling within an exception set forth in the GLBA at the time it requests information in connection with certain Heath Gorilla Services and will recertify upon request by Heath Gorilla. Customer certifies with respect to GLBA Data received through the Heath Gorilla Services that it complies with the Interagency Standards for Safeguarding Customer Information issued pursuant to the GLBA.

(iii) DPPA Data.  Some of the information contained in the Heath Gorilla Services is “personal information,” as defined in the Drivers Privacy Protection Act (18 U.S.C. § 2721, et seq.) and related state laws, (collectively, the “DPPA”), and is regulated by the DPPA (“DPPA Data”).  Customer shall not obtain and/or use DPPA Data through the Heath Gorilla Services in any manner that would violate the DPPA.  Customer acknowledges and agrees that it may be required to certify its permissible use of DPPA Data at the time it requests information in connection with certain Heath Gorilla Services and will recertify upon request by Heath Gorilla.

(v) Copyrighted and Trademarked Materials.  Customer shall not remove or obscure any trademarks, copyright notices or other notices contained on materials accessed through the Heath Gorilla Services.

(vi) Customer agrees to complete, execute and submit to Heath Gorilla the NCOA Processing Acknowledgement Form.

(vii)  Additional Terms.  Certain materials contained within the Heath Gorilla Services are subject to additional obligations and restrictions.  Without limitation, these services include news, business information (e.g., Dun & Bradstreet reports), and federal legislative and regulatory materials.  To the extent that Customer receives such materials through the Heath Gorilla Services, Customer agrees to comply with the General Terms and Conditions for Use of Heath Gorilla Services contained at the following website: www.lexisnexis.com/terms/general (the “General Terms”).  The General Terms are hereby incorporated into this Agreement by reference.  

(viii) Fair Credit Reporting Act.    The Heath Gorilla Services provided pursuant to this Agreement are not provided by “consumer reporting agencies,” as that term is defined in the Fair Credit Reporting Act, (15 U.S.C. §1681, et seq.), (the “FCRA”), and do not constitute “consumer reports” as that term is defined in the FCRA.  Accordingly, the Heath Gorilla Services may not be used in whole or in part as a factor in determining eligibility for credit, insurance, employment or another purpose in connection with which a consumer report may be used under the FCRA.  Further, (A) Customer certifies that it will not use any of the information it receives through the Heath Gorilla Services to determine, in whole or in part an individual’s eligibility for any of the following  products, services or transactions: (1) credit or insurance to be used primarily for personal, family or household purposes; (2) employment purposes; (3) a license or other benefit granted by a government agency; or (4) any other product, service or transaction in connection with which a consumer report may be used under the FCRA or any similar state statute, including without limitation apartment rental, check-cashing, or the opening of a deposit or transaction account; (B) by way of clarification, without limiting the foregoing, Customer may use, except as otherwise prohibited or limited by this Agreement, information received through the Heath Gorilla Services for the following purposes: (1) to verify or authenticate an individual’s identity; (2) to prevent or detect fraud or other unlawful activity; (3) to locate an individual; (4) to review the status of a legal proceeding; (5) to collect a debt, provided that such debt collection does not constitute in whole or in part, a determination of an individual consumer’s eligibility for credit or insurance to be used primarily for personal, family or household purposes; or (6) to determine whether to buy or sell consumer debt or a portfolio of consumer debt in a commercial secondary market transaction, provided that such determination does not constitute in whole or in part, a determination of an individual consumer’s eligibility for credit or insurance to be used primarily for personal, family or household purposes; (C) specifically, if Customer is using the Heath Gorilla Services in connection with collection of a consumer debt on its own behalf, or on behalf of a third-party, Customer shall not use the Heath Gorilla Services: (1) to revoke consumer credit; (2) to accelerate, set or change repayment terms; or (3) for the purpose of determining a consumer’s eligibility for any repayment plan; provided, however, that Customer may, consistent with the certification and limitations set forth in this section (viii), use the Heath Gorilla Services for identifying, locating, or contacting a consumer in connection with the collection of a consumer’s debt or for prioritizing collection activities; and (D) Customer shall not use any of the information it receives through the Heath Gorilla Services to take any “adverse action,” as that term is defined in the FCRA.  

(xii) Retention of Records.  For uses of GLB Data, DPPA Data and MVR Data, as described in Sections 1(ii), 1(iii) and 1(ix), Customer shall maintain for a period of five (5) years a complete and accurate record (including consumer identity, purpose and, if applicable, consumer authorization) pertaining to every access to such data.

(xiii) Economic Sanctions Laws. Customer acknowledges that Heath Gorilla is subject to economic sanctions laws, including but not limited to those enforced by the U.S. Department of the Treasury’s Office of Foreign Assets Control (“OFAC”), the European Union, and the United Kingdom.  Accordingly, Customer shall comply with all economic sanctions laws of the United States, the European Union, and the United Kingdom.  Customer shall not provide access to Heath Gorilla Services to any individuals identified on OFAC’s list of Specially Designated Nationals (“SDN List”), the UK’s HM Treasury’s Consolidated List of Sanctions Targets, or the EU’s Consolidated List of Persons, Groups, and Entities Subject to EU Financial Sanctions.  Customer shall not take any action which would place Heath Gorilla in a position of non-compliance with any such economic sanctions laws.

(xiv) Customer Restrictions.  Customer agrees that neither Customer, nor its respective employees, representatives and/or agents shall: (a) in any way alter, change, modify, adapt, translate or make derivative works of the Heath Gorilla Services except with respect to permitted use of the Data for the Authorized Purpose as set forth in this  Agreement; (b) use any of the Heath Gorilla Services or Data in a manner that violates any foreign, federal, state or local law or regulation; (c) sublicense or operate the Heath Gorilla Services for timesharing, rental, outsourcing, or service bureau operations; (d) resell or redistribute the Data in whole or in part,; (e) disclose, license or otherwise distribute the [RESELLER data vendor’s] proprietary unique provider identification (“Vendor ID”), or any alias identification system that relies on the Vendor ID,; (f) decompile, reverse engineer, disassemble the Vendor ID system or other [RESELLER or its data vendor’s] technology; (G) allow the Data to be transferred, stored or access outside the United States without the prior written authorization of Heath Gorilla; or (j) publish externally or disclose to others the performance benchmark results for the Heath Gorilla Services without [RESELLER’s] prior written consent. Customer also agrees not to permit or enable any other person or third party to do any of the foregoing. “Data” means (i) any and all data provided by RESELLER through the Heath Gorilla Services including any meta data provided therewith; (ii) any update or supplement of such data issued by Heath Gorilla; (iii) the proprietary [RESELLER data vendor’s] ID; (iv) any proprietary log-in information; and (v) any data of a like or similar nature as the Data which is derived or updated from the use of Data.

(xv) Merge and Appending of Data. Unless expressly permitted in this Agreement, Customer shall not Merge the Data with any Non-Heath Gorilla data or Merge any Non-Heath Gorilla data with the Data, though Customer may Append commercial Non-LN data to the Data as permitted by the Authorized Purpose as set forth in this Agreement. Customer will keep the Data separate and identifiable from other databases at all times.  “Append" means the use and maintenance of Non-Heath Gorilla data in separate and distinct data fields from the Data, where the Data is maintained by Customer as a separate and distinct portion of Customer’s database system. “Merge” means the incorporation of Non-Heath Gorilla data into or with Data in the same data field or the incorporation of Data or any portion thereof into or with Non-Heath Gorilla data, in either case to an extent that Data is not identifiable as Data and it is impracticable to extricate Data or any portion thereof from the Non-Heath Gorilla data at any time. “Non-Heath Gorilla data” means any data which does not comprise the Data. 

(xvi) Third Party Access.  Reseller shall not disclose, license, provide access to or otherwise distribute any Data to any person or entity (“Third Party”), without the prior written consent of Heath Gorilla which may be approved or denied in Health Gorilla’s sole discretion. Any such consent if given by Heath Gorilla will require such Third Party to enter into a Third Party Data Access Agreement with Heath Gorilla prior to Customer disclosing or releasing Data to the Third Party. Heath Gorilla may charge a supplemental fee for providing access to the Data to a Third Party. Further, Customer shall not, in any event, disclose, license, provide access to or otherwise distribute any Data to its other Third Party data source suppliers or use the Data in any way that would result in the Third Party data vendor acquiring any license, right or interest in the Data.

(xvii) Credentialing.  Certain of Heath Gorilla Services require Reseller and the Customer to complete a credentialing application as a pre-condition to Reseller and Customer receiving such Heath Gorilla Services.  In order to receive such Heath Gorilla Services, Customer shall submit to Heath Gorilla’s credentialing procedures by completing the application (“Application”).  Customer acknowledges and agrees that, notwithstanding anything to the contrary set forth herein, Heath Gorilla shall not be obligated to perform any Heath Gorilla Services until it verifies Customer’s credentials pursuant to Customer’s executed Application.  Verification of credentials shall be in Heath Gorilla ‘s sole discretion.    

2. SECURITY.  Customer acknowledges that the information available through the Heath Gorilla Services may include personally identifiable information and it is Customer’s obligation to keep all such accessed information confidential and secure.  Accordingly, Customer shall (a) restrict access to Heath Gorilla Services to those employees who have a need to know as part of their official duties; (b) ensure that none of its employees shall (i) obtain and/or use any information from the Heath Gorilla Services for personal reasons, or (ii) transfer any information received through the Heath Gorilla Services to any party except as permitted hereunder; (c) keep all user identification numbers, and related passwords, or other security measures (collectively, “User IDs”) confidential and prohibit the sharing of User IDs; (d) immediately deactivate the User ID of any employee who no longer has a need to know, or for terminated employees on or prior to the date of termination; (e) in addition to any obligations under Paragraph 1, take all commercially reasonable measures to prevent unauthorized access to, or use of, the Heath Gorilla Services or data received therefrom, whether the same is in electronic form or hard copy, by any person or entity; (f) maintain and enforce data destruction procedures to protect the security and confidentiality of all information obtained through Heath Gorilla Services as it is being disposed; (g) unless otherwise required by law, purge all information received through the Heath Gorilla Services and stored electronically or on hard copy by Customer within ninety (90) days of initial receipt; (h) be capable of receiving the Heath Gorilla Services where the same are provided utilizing “secure socket layer,” or such other means of secure transmission as is deemed reasonable by Heath Gorilla; (i) not access and/or use the Heath Gorilla Services via mechanical, programmatic, robotic, scripted or other automated search means, other than through batch or machine-to-machine applications approved by Heath Gorilla; and (j) take all steps to protect their networks and computer environments, or those used to access the Heath Gorilla Services, from compromise. Customer agrees that on at least a quarterly basis it will review searches performed by its User IDs to ensure that such searches were performed for a legitimate business purpose and in compliance with all terms and conditions herein.  Customer will implement policies and procedures to prevent unauthorized use of User IDs and the Heath Gorilla Services and will immediately notify Heath Gorilla, in writing to the Heath Gorilla if Customer suspects, has reason to believe or confirms that a User ID or the Heath Gorilla Services (or data derived directly or indirectly therefrom) is or has been lost, stolen, compromised, misused or used, accessed or acquired in an unauthorized manner or by any unauthorized person, or for any purpose other than legitimate business reasons.  Customer shall remain solely liable for all costs associated therewith and shall further reimburse Heath Gorilla for any expenses it incurs due to Customer’s failure to prevent such impermissible use or access of User IDs and/or the Heath Gorilla Services, or any actions required as a result thereof.  Furthermore, in the event that the Heath Gorilla Services provided to the Customer include personally identifiable information (including, but not limited to, social security numbers, driver’s license numbers or dates of birth), the following shall apply: Customer acknowledges that, upon unauthorized acquisition or access of or to such personally identifiable information, including but not limited to that which is due to use by an unauthorized person or due to unauthorized use (a "Security Event"), Customer shall, in compliance with law, notify the individuals whose information was potentially accessed or acquired that a Security Event has occurred, and shall also notify any other parties (including but not limited to regulatory entities and credit reporting agencies) as may be required in Heath Gorilla’s reasonable discretion.  Customer agrees that such notification shall not reference Heath Gorilla or the product through which the data was provided, nor shall Heath Gorilla be otherwise identified or referenced in connection with the Security Event, without Heath Gorilla’s express written consent. Customer shall be solely responsible for any other legal or regulatory obligations which may arise under applicable law in connection with such a Security Event and shall bear all costs associated with complying with legal and regulatory obligations in connection therewith.  Customer shall remain solely liable for claims that may arise from a Security Event, including, but not limited to, costs for litigation (including attorneys’ fees), and reimbursement sought by individuals, including but not limited to, costs for credit monitoring or allegations of loss in connection with the Security Event, and to the extent that any claims are brought against Heath Gorilla, shall indemnify Heath Gorilla from such claims.  Customer shall provide samples of all proposed materials to notify consumers and any third-parties, including regulatory entities, to Heath Gorilla for review and approval prior to distribution. In the event of a Security Event, Heath Gorilla may, in its sole discretion, take immediate action, including suspension or termination of Customer’s account, without further obligation or liability of any kind.  

3. PERFORMANCE. Heath Gorilla will use commercially reasonable efforts to deliver the Heath Gorilla Services requested by Customer and to compile information gathered from selected public records and other sources used in the provision of the Heath Gorilla Services; provided, however, that Customer accepts all information "AS IS." Customer acknowledges and agrees that Heath Gorilla obtains its data from third-party sources, which may or may not be completely thorough and accurate, and that Customer shall not rely on Heath Gorilla for the accuracy or completeness of information supplied through the Heath Gorilla Services.  Without limiting the foregoing, the criminal record data that may be provided as part of the Heath Gorilla Services may include records that have been expunged, sealed, or otherwise have become inaccessible to the public since the date on which the data was last updated or collected.  Customer understands that Customer may be restricted from accessing certain Heath Gorilla Services which may be otherwise available.  Heath Gorilla reserves the right to add materials and features to, and to discontinue offering any of the materials and features that are currently a part of, the Heath Gorilla Services.  In the event that Heath Gorilla discontinues a material portion of the materials and features that Customer regularly uses in the ordinary course of its business, and such materials and features are part of a flat fee subscription plan to which Customer has subscribed, Heath Gorilla will, at Customer’s option, issue a prorated credit to Customer’s account.     

4.         INTELLECTUAL PROPERTY; CONFIDENTIALITY. Customer agrees that Customer shall not reproduce, retransmit, republish, or otherwise transfer for any commercial purposes the Heath Gorilla Services' information, programs or computer applications. Customer acknowledges that Heath Gorilla (and/or its third party data providers) shall retain all right, title, and interest under applicable contractual, copyright, patent, trademark, Trade Secret and related laws in and to the Heath Gorilla Services and the data and information that they provide. Customer shall use such materials in a manner consistent with Heath Gorilla's interests and the terms and conditions herein, and shall notify Heath Gorilla of any threatened or actual infringement of Heath Gorilla's rights. Notwithstanding anything in this Agreement to the contrary, Heath Gorilla shall own Customer’s search inquiry data used to access the Heath Gorilla Services (in the past or future) and may use such data for any purpose consistent with applicable federal, state and local laws, rules and regulations. Customer and Heath Gorilla acknowledge that they each may have access to confidential information of the disclosing party (“Disclosing Party”) relating to the Disclosing Party’s business including, without limitation, technical, financial, strategies and related information, computer programs, algorithms, know-how, processes, ideas, inventions (whether patentable or not), schematics, Trade Secrets (as defined below) and other information (whether written or oral), and in the case of Heath Gorilla’s information, product information, pricing information, product development plans, forecasts, data contained in Heath Gorilla Services, and other business information (“Confidential Information”).  Confidential Information shall not include information that: (i) is or becomes (through no improper action or inaction by the Receiving Party (as defined below)) generally known to the public; (ii) was in the Receiving Party’s possession or known by it prior to receipt from the Disclosing Party; (iii) was lawfully disclosed to Receiving Party by a third-party and received in good faith and without any duty of confidentiality by the Receiving Party or the third-party; or (iv) was independently developed without use of any Confidential Information of the Disclosing Party by employees of the Receiving Party who have had no access to such Confidential Information. “Trade Secret” shall be deemed to include any information which gives the Disclosing Party an advantage over competitors who do not have access to such information as well as all information that fits the definition of “trade secret” set forth in the Official Code of Georgia Annotated § 10-1-761(4).  Each receiving party (“Receiving Party”) agrees not to divulge any Confidential Information or information derived therefrom to any third-party and shall protect the confidentiality of the Confidential Information with the same degree of care it uses to protect the confidentiality of its own confidential information and trade secrets, but in no event less than a reasonable degree of care.  Notwithstanding the foregoing, the Receiving Party may disclose Confidential Information solely to the extent required by subpoena, court order or other governmental authority, provided that the Receiving Party shall give the Disclosing party prompt written notice of such subpoena, court order or other governmental authority so as to allow the Disclosing party to have an opportunity to obtain a protective order to prohibit or restrict such disclosure at its sole cost and expense.  Confidential Information disclosed pursuant to subpoena, court order or other governmental authority shall otherwise remain subject to the terms applicable to Confidential Information. Each party’s obligations with respect to Confidential Information shall continue for the term of this Agreement and for a period of five (5) years thereafter, provided however, that with respect Trade Secrets, each party’s obligations shall continue for so long as such Confidential Information continues to constitute a Trade Secret.  

5.          WARRANTIES/LIMITATION OF LIABILITY. Neither Heath Gorilla, nor its subsidiaries and affiliates, nor any third-party data provider (for purposes of indemnification, warranties, and limitations on liability, Heath Gorilla, its subsidiaries and affiliates, and its data providers are hereby collectively referred to as “Heath Gorilla”) shall be liable to Customer (or to any person claiming through Customer to whom Customer may have provided data from the Heath GorillaServices) for any loss or injury arising out of or caused in whole or in part by Heath Gorilla ‘s acts or omissions in procuring, compiling, collecting, interpreting, reporting, communicating, or delivering the Heath Gorilla Services. If, notwithstanding the foregoing, liability can be imposed on Heath Gorilla, then Customer agrees that Heath Gorilla’s aggregate liability for any and all losses or injuries arising out of any act or omission of Heath Gorilla in connection with anything to be done or furnished under this Agreement, regardless of the cause of the loss or injury, and regardless of the nature of the legal or equitable right claimed to have been violated, shall never exceed One Hundred Dollars ($100.00); and Customer covenants and promises that it will not sue Heath Gorilla for an amount greater than such sum even if Customer and/or third parties were advised of the possibility of such damages and that it will not seek punitive damages in any suit against Heath Gorilla. Heath Gorilla does not make and hereby disclaims any warranty, express or implied with respect to the Heath Gorilla Services.  Heath Gorilla does not guarantee or warrant the correctness, completeness, merchantability, or fitness for a particular purpose of the Heath Gorilla Services or information provided therein. In no event shall Heath Gorilla be liable for any indirect, incidental, or consequential damages, however arising, incurred by Customer from receipt or use of information delivered hereunder or the unavailability thereof. Due to the nature of public record information, the public records and commercially available data sources used in Heath Gorilla Services may contain errors. Source data is sometimes reported or entered inaccurately, processed poorly or incorrectly, and is generally not free from defect. Heath Gorilla Services are not the source of data, nor are they a comprehensive compilation of the data. Before relying on any data, it should be independently verified.

6. INFORMATIONAL TOOL.  Health Gorilla’s are intended solely for informational purposes.  Customer shall not use the [Reseller Services] to perform medical diagnostic functions, set medical treatment procedures or as a substitute for the medical judgment of a physician or qualified health care provider.  Customer acknowledges that the [Reseller Services] may include or incorporate third party information which is not subject to evaluation by Reseller, and is intended as a supplement to, and not a substitute for, the knowledge, expertise, skill, and judgment of Customer’s or its users’ healthcare professionals.  Customer further acknowledges that the professional duty to the patient lies solely with the healthcare professionals providing patient care services.  Reseller or its data suppliers do not assume any responsibility for action of Customer which may result in any liability or damages due to malpractice, failure to warn, negligence or any other basis. Due to the nature of public record information, the public records and commercially available data sources used in the [Reseller Services] may contain errors.  Source data is sometimes reported or entered inaccurately, processed poorly or incorrectly, and is generally not free from defect.  Without limiting the foregoing, the criminal record data that may be provided as part of the [Reseller Data] may include records that have been expunged, sealed, or otherwise have become inaccessible to the public since the date on which the [Reseller Data] was last updated or collected.  The [Reseller Services] are not the source of data, nor are they a comprehensive compilation of the data.  Before relying on any data, it should be independently verified. 

7. INDEMNIFICATION. Customer hereby agrees to protect, indemnify, defend, and hold harmless Heath Gorilla from and against any and all costs, claims, demands, damages, losses, and liabilities (including attorneys' fees and costs) arising from or in any way related to (a) use of information received by Customer (or any third party receiving such information from or through Customer) furnished by or through Heath Gorilla; (b) breach of any terms, conditions, representations or certifications in this Agreement; and (c) any Security Event.  Heath Gorilla hereby agrees to protect, indemnify, defend, and hold harmless Customer from and against any and all costs, claims, demands, damages, losses, and liabilities (including attorneys' fees and costs) arising from or in connection with any third-party claim that the Heath Gorilla Services or data contained therein, when used in accordance with this Agreement, infringe a United States patent or United States registered copyright, subject to the following: (i) Customer must promptly give written notice of any claim to Heath Gorilla; (ii) Customer must provide any assistance which Heath Gorilla may reasonably request for the defense of the claim (with reasonable out of pocket expenses paid by Heath Gorilla); and (iii) Heath Gorilla has the right to control the defense or settlement of the claim; provided, however, that the Customer shall have the right to participate in, but not control, any litigation for which indemnification is sought with counsel of its own choosing, at its own expense.  Notwithstanding the foregoing, Heath Gorilla will not have any duty to indemnify, defend or hold harmless Customer with respect to any claim of infringement resulting from (1) Customer’s misuse of the Heath Gorilla Services; (2) Customer’s failure to use any corrections made available by Heath Gorilla; (3) Customer’s use of the Heath Gorilla Services in combination with any product or information not provided or authorized in writing by Heath Gorilla; or (4) any information, direction, specification or materials provided by Customer or any third-party.  If an injunction or order is issued restricting the use or distribution of any part of the Heath Gorilla Services, or if Heath Gorilla determines that any part of the Heath Gorilla Services is likely to become the subject of a claim of infringement or violation of any proprietary right of any third-party, Heath Gorilla may in its sole discretion and at its option (A) procure for Customer the right to continue using the Heath Gorilla Services; (B) replace or modify the Heath Gorilla Services so that they become non-infringing, provided such modification or replacement does not materially alter or affect the use or operation of the Heath Gorilla Services; or (C) terminate this Agreement and refund any fees relating to the future use of the Heath Gorilla Services. The foregoing remedies constitute Customer’s sole and exclusive remedies and Heath Gorilla’s entire liability with respect to infringement claims or actions. 

8. AUDIT.  Customer understands and agrees that, in order to ensure compliance with the FCRA, GLBA, DPPA, other similar state or federal laws, regulations or rules, regulatory agency requirements, this Agreement, and Heath Gorilla’s obligations under its contracts with its data providers and Heath Gorilla’s internal policies, Heath Gorilla may conduct periodic reviews of Customer’s use of the Heath Gorilla Services and may, upon reasonable notice, audit Customer’s records, processes and  procedures related to Customer’s use, storage and disposal of Heath Gorilla Services and information received therefrom. Customer agrees to cooperate fully with any and all audits and to respond to any such audit inquiry within ten (10) business days, unless an expedited response is required. Violations discovered in any review and/or audit by Heath Gorilla will be subject to immediate action including, but not limited to, suspension or termination of the license to use the Heath Gorilla Services, reactivation fees, legal action, and/or referral to federal or state regulatory agencies.

9. EMPLOYEE TRAINING. Customer shall train new employees prior to allowing access to Heath Gorilla Services on Customer’s obligations under this Agreement, including, but not limited to, the licensing requirements and restrictions under Paragraph 1 and the security requirements of Paragraph 2.  Customer shall conduct a similar review of its obligations under this Agreement with existing employees who have access to Heath Gorilla Services no less than annually.  Customer shall keep records of such training.  

10. CUSTOMER CHANGES/CREDIT REPORT.  Customer acknowledges and understands that Heath Gorilla will only allow Customer access to the Heath Gorilla Services if Customer’s credentials can be verified in accordance with [RESELLER’s] internal credentialing procedures.  Customer shall notify Heath Gorilla immediately of any changes to the information on Customer's Application for the Heath Gorilla Services, and, if at any time Customer no longer meets [RESELLER’s] criteria for providing such service, Heath Gorilla may terminate this Agreement.  Customer is required to promptly notify Heath Gorilla of a change in ownership of Customer’s company, any change in the name of Customer’s company, and/or any change in the physical address of Customer’s company. 

11. SURVIVAL OF AGREEMENT. Provisions hereof related to release of claims; indemnification; use and protection of information, data and Heath Gorilla Services; payment for the Heath Gorilla Services; audit; Heath Gorilla’s use and ownership of Customer’s search inquiry data; disclaimer of warranties; security; customer data and governing law shall survive any termination of the license to use the Heath Gorilla Services.

12. CHANGE IN AGREEMENT. By receipt of the Heath Gorilla Services, Customer agrees to, and shall comply with, changes to the Restricted License granted Customer in Paragraph 1 herein, changes in pricing, and changes to other provisions of this Agreement as Heath Gorilla shall make from time to time by notice to Customer via e-mail, online “click wrap” amendments, facsimile, mail, invoice announcements, or other written notification.  All e-mail notifications shall be sent to the individual named in the Customer Administrator Contact Information section, unless stated otherwise in this Agreement.  Heath Gorilla may, at any time, impose restrictions and/or prohibitions on the Customer’s use of the Heath Gorilla Services or certain data.  Customer understands that such restrictions or changes in access may be the result of a modification in Heath Gorilla policy, a modification of third-party agreements, a modification in industry standards, a Security Event or a change in law or regulation, or the interpretation thereof.  Upon written notification by Heath Gorilla of such restrictions, Customer agrees to comply with such restrictions.

14. PRIVACY PRINCIPLES.  With respect to personally identifiable information regarding consumers, the parties further agree as follows:  Heath Gorilla  has adopted the "Heath Gorilla  Data Privacy Principles" ("Principles"), which may be modified from time to time, recognizing the importance of appropriate privacy protections for consumer data, and Customer agrees that Customer (including its directors, officers, employees or agents) will comply with the Principles or Customer’s own comparable privacy principles, policies, or practices.  The Principles are available at:  http: [RESELLER WEB PAGE or LN’s page at http://www.lexisnexis.com/privacy/data-privacy-principles.aspx].

15.  FORCE MAJEURE. The parties will not incur any liability to each other or to any other party on account of any loss or damage resulting from any delay or failure to perform all or any part of this Agreement (except for payment obligations) to the extent such delay or failure is caused, in whole or in part, by events, occurrences, or causes beyond the control, and without the negligence of, the parties. Such events, occurrences, or causes include, without limitation, acts of God, telecommunications outages, Internet outages, power outages, any irregularity in the announcing or posting of updated data files by the applicable agency, strikes, lockouts, riots, acts of war, floods, earthquakes, fires, and explosions.