Updated December 6, 2018
These Application Terms of Service (“TOS”) are incorporated by reference into the agreements between CD Newco, LLC dba Curve Dental (‘‘Curve’’), a Delaware limited liability company with its principal place of business at 424 West 800 North Suite 202, Orem, Utah, 84057, and the Client named on one or more Order Forms or Subscription and Service Agreements (“Order Form(s)”) between Client and Curve. The Order Form(s) and the underlying agreements that apply to the Order Form(s), together with this TOS, constitute the entire Agreement between the parties (hereinafter “Agreement”) and apply to each Hosted Program and to all Services provided by Curve under the Agreement. When executed by the parties, an Order Form shall evidence the Hosted Program Subscription Rights granted to the Client and the Services to be provided by Curve. The Effective Date of this Agreement shall be as set forth on page 4 of the Order Form and these TOS supersede any prior TOS as of the Effective Date.
1.1 “Activation Date” shall be the date on which the Client is delivered an office key account number, login name, and password from Curve to use the Hosted Programs.
1.2. “Client Data” means information entered into the Hosted Programs by Client in the course of its authorized access and use of the Hosted Programs, which are stored on the Host Server for access and retrieval by the Client.
1.3. “Host Server” shall mean one or more server(s) provided by Curve or its agent through which Client accesses the Hosted Programs, identified by a URL and one or more accounts and passwords to be established by Client.
1.4. “Hosted Programs” shall mean the computer software in object code form owned or provided by Curve for which Client has Subscription Rights granted pursuant to the Agreement, updates and upgrades to the Hosted Programs, and online documentation.
1.5. “Order Form(s)” shall mean the document(s) by which Client orders Hosted Program Subscriptions and Services, and which are agreed to by the parties.
1.6. “Provider” shall include: (1) each owner, employee, contractor or agent of Client that has a State Dental License; and (2) each owner, employee, contractor or agent of Client that has a State Hygiene License and can provide dental patient services unsupervised by a Provider with a State Dental License. It does not include a provider such as hygienists or assistants that provide care under the direction and billed under a unique Tax ID of a licensed Dentist. Other medical supporting staff are also not considered Providers, including the following staff types: billers, scheduling clerks, dental assistants, technicians (lab, radiology, etc.), and case managers. A Provider as defined above typically has a physician-level medical license, including, but not limited to, the following professional designations: DMD, DDS, MD, and Ph.D.
1.7. “Services” shall mean Hosting Services, Electronic Services, Customer Support Services or other services specifically identified in an Order Form, such as consulting services.
2.1. Subscription Rights Granted
A. Curve grants to Client a limited, non-exclusive, non-transferable right (“Subscription”) for the number of Providers defined in the Order Forms(s). Client shall be entitled to use the Hosted Programs as follows: (i) to assign access rights to the Hosted Programs on the Host Server solely for Client’s own internal business operations; and (ii) to use any documentation provided with the Hosted Programs (online or otherwise) in support of Client’s authorized use of the Hosted Programs. Client shall not modify or create derivative works of the Hosted Programs, remove any proprietary notices or access the Hosted Programs to build a competitive product or service or copy any of the Hosted Programs’ features, functions or graphics. Client shall not permit or facilitate any third party in being able to modify or create derivative works of the Hosted Programs, to remove any proprietary notices or to access the Hosted Programs to build a competitive product or service or copy any of the Hosted Programs’ features, functions or graphics. In addition to the foregoing, and except as specifically authorized in the Order Form(s), Client shall not allow third parties 1) to access or view the Hosted Programs, or 2) use the Hosted Programs for third-party training, commercial time-sharing, rental, service bureau use or for any other purpose.
B. Client shall not download the Hosted Programs or cause or permit the reverse engineering, disassembly, decompilation, or any other action on the Hosted Programs to discover or reproduce the source code or underlying algorithms of such Hosted Programs. Client shall not use the Hosted Programs in any manner not authorized under this Agreement.
C. Curve reserves and retains all title, copyright, and other common law or statutory proprietary rights in the Hosted Programs and Services delivered under this Agreement, including all related intellectual property rights (collectively, the “Curve Intellectual Property Rights”). Client acknowledges that it does not acquire any rights, express or implied, in the Hosted Programs, other than those specified in the Agreement, and shall take no action, nor permit or facilitate any third party in taking such actions, against Curve’s Intellectual Property Rights.
D. In addition to any other rights or remedies Curve may have under this Agreement to protect itself and the Curve Intellectual Property Rights, Client shall indemnify Curve for any and all losses, damages or expenses it incurs as a result of Client’s breach, or threatened breach, of any of its obligations under this Section 2.
2.2. Verification. Curve shall have the right to monitor use of the Hosted Programs by Client: (i) electronically at any time; or (ii) by on-site audit of Client’s use of the Hosted Programs not more than once per year upon reasonable advance, written notice to Client. Should Curve discover underpayments in the amounts owed it under the Agreement, Curve shall have the immediate right to invoice Client for such additional amounts owed it as appropriate.
3.1. Hosting Services. Curve will provide Client with access to the online Hosted Programs selected in the Order Form(s) and will provide for the storage and retrieval of Client Data in connection with use of the Hosted Programs. Client is responsible for obtaining access to the Internet using software and hardware that meet the minimum requirements, including security requirements, set forth in Curve’s published System Requirements document available at www.curvedental.com/terms.
3.2. Access. Client shall designate user account names and passwords for the number of Providers stated in the Order Form(s) and for additional permitted non-Provider users associated with authorized Providers. In the event that Client designates user account names and passwords to Providers not stated in valid Order Form(s), Client agrees that by doing so, it shall incur additional subscription and Services fees at current Provider rates. Client is solely responsible for the confidentiality and use of account names and passwords. Curve will deem any communication, data transfer, or use of the Hosted Programs received under Client’s account names and passwords to be for Client’s benefit and use. Client agrees to notify Curve if account names or passwords are lost, stolen, or being used in an unauthorized manner, and to indemnify Curve for any losses, damages or expenses it incurs as a result of any unauthorized use of Client account names or passwords. Client represents and warrants that it has the rights to all Client Data, including the right to upload Client Data to the Host Server in connection with its authorized use of the Hosted Programs. Client agrees that the Client Data and its use do not infringe the rights of any third party and agrees to indemnify and holds Curve harmless from any third-party claims of infringement under the same terms and conditions set forth below for Curve’s infringement indemnity.
3.3. Data Security. Client agrees to access the Hosted Programs and to store and retrieve data using only Curve approved third party software. Should Client elect to use unapproved third party products or services, any exchange of data between Client and such third party provider is solely between Client and the applicable third party vendor or provider. Curve does not warrant third party products or services, whether or not they are designated by Curve as “approved” or otherwise. Curve will provide limited support for approved third party software. No purchase of third party products or services is required to use the Hosted Programs. Client acknowledges that its ordering of certain services will, by the nature of the service being provided, require the sharing by Curve of patient protected health information ("Patient PHI") with vendors to provide the service, and Client consents to the sharing of its Patient PHI if it orders that service.
Curve agrees to maintain the security of Client Data using industry-standard data security protocols, and other methods reasonably deemed to be adequate for secure business data and to comply with the provisions of Exhibit A the HIPAA Business Associate Agreement Addendum. Curve agrees to retain Client Data on a secure server and to maintain data recovery and data backup facilities in accordance with accepted industry practices.
3.4. Ownership of Data and Subscription. Client shall retain ownership of all Client Data stored or retrieved in connection with use of the Hosted Programs, which data shall be subject to the confidentiality provisions set forth below. Client agrees that storage or caching of Client Data is not an infringement of any intellectual property rights of Client. Client agrees that it will not store data on the Host Server that is subject to the rights of any third parties without first obtaining all required authorizations and rights in writing from such third parties, and shall indemnify Curve for any losses, damages or expenses it incurs as a result of Client’s failure to obtain such authorizations. Client agrees that Curve may utilize data that comes into the possession of Curve by virtue of its performance under this Agreement for the purpose of aggregating statistics that may be helpful for Client’s or Curve's benefit, for research and trend analysis, and for other lawful purposes, as determined by Curve. Provided that Curve implements appropriate de-identification criteria in accordance with the Standards for Privacy of Individually Identifiable Health Information set forth in 45 C.F.R. §164.514(b), Client acknowledges and agrees that de-identified information is not Protected Health Information as defined in the applicable regulations and that Curve may use such de-identified information for any lawful purpose.
3.5. Customer Support Services. Curve will provide Customer Support Services as described in the applicable Order Form(s) and in accordance with the Customer Service Policy available at www.curvehero.com/terms in effect on the date Customer Support Services are provided, so long as Client is currently entitled to use the Hosted Programs and Services.
3.6. Electronic Services. In connection with use of the Hosted Programs, Curve may provide certain Electronic Services to Client, as set forth in the applicable Order Form(s), in conjunction with one or more third-party partners, and Client hereby waives any and all liability and claims which Client may have against Curve or the partner in connection with the provision of Electronic Services except to the extent directly caused by the willful misconduct or gross negligence of Curve or the partner. Such Electronic Services are subject to availability. Independently levied submission charges from payors are not included in the pricing and will be charged separately. Approval for electronic submission to and remittance from most non-commercial payers can take 4-8 weeks from the date Client returns completed forms to Curve.
3.7. Data Import Limitations. Client is responsible to provide data exactly in the format specified by Curve documentation. The Curve database resulting from import of Client’s data will be a reflection of the quality of data provided by the Client. Curve is not responsible for delays in or inability to perform services due to improperly formatted or corrupt files, viruses on media provided, or incompatible backup media or software. Client acknowledges that transferring data is subject to the possibility of human and machine errors, omissions, and losses, including inadvertent loss of data or damage to media that may give rise to loss or damage. Curve shall not be liable for any such errors, omissions, or losses. Client is responsible to adopt reasonable measures to limit the impact of such problems, including backup of original data. Client is responsible for reviewing the accuracy of all imported data. Client is also responsible for complying with all local, state, and federal laws pertaining to the use and disclosure of any data.
3.8. Data Import Acceptance. Following a data import, Curve warrants the integrity of the supplied production database for a period of 5 business days from the delivery date, or until the database is altered in any way by the Client, whichever comes first. During the warranty period, Client may report any discrepancies or errors, and upon verification of the error, Curve may at its option correct the database or refund the amount paid for the data import service. If Curve is unable to replicate an error, it shall be under no obligation to take any further action under this Section.
3.9. Onsite Training. Onsite training is billed at a day rate. A ‘day’ is defined as a standard business day of at most 8 hours (excluding a meal break). Hours beyond that definition will be billed additionally at current after-hours consulting rates. Airfare or equivalent travel for Onsite Training is billed separately, as incurred by Curve. Client is responsible for non-refundable airfare fees and one day of services fees for all Services cancelled or rescheduled less than 7 days prior to the start of the Services.
3.10. Deadlines. Curve’s ability to deliver the requested Services, at the scope and scale described, depend on Client’s meeting an indicated approval deadline as well as interim client deliverable dates that may apply to specific Services. Should approval be withheld past an approval deadline, or should Client Deliverable dates not be met in the course of delivering the Services, target delivery dates may require rescheduling by Curve staff based on availability.
3.11. Consulting Limitations. Curve warrants that all consulting Services are performed by trained personnel and that Services will be provided for the scope and time period indicated. However, Curve does not guarantee any specific results from training or other consulting Services. As with all consulting services, effectiveness depends largely upon Client’s ability and willingness to utilize and implement ideas, concepts, and practices presented by Curve consultants.
3.12 Expiration of Purchased Services. All purchased Service(s) must be utilized by Client within 90 days from purchase (the Effective Date of the Order Form). Services not delivered in that period will be considered rendered and non-refundable, except in the event that Curve is unable to deliver the Services within that period.
3.13 CLIENT ACKNOWLEDGES THAT THE PROVISION OF CARE TO ITS PATIENTS IS SOLELY AND EXCLUSIVELY ITS RESPONSIBILITY AND THAT THE HOSTED PROGRAMS ARE INTENDED TO BE USED AS A SUPPLEMENT ONLY TO CLIENT’S EXISTING PROCESSES AND PROCEDURES. CLIENT WILL NOT RELY ON THE HOSTED PROGRAMS FOR THE PROVISION OF PROPER CARE TO ITS PATIENTS. CLIENT’S PROCESSES AND PROCEDURES WILL BE SET UP TO ENSURE ITS PROPER FULFILLMENT OF ITS OBLIGATIONS TO ITS PATIENTS.
4.1. Term. The Agreement shall commence on the Effective Date and remain in effect for a period of 12 months from the receipt by Curve of its first subscription payment (the “Initial Term”). Thereafter, the Term shall automatically renew for additional one (1) year renewal terms (each, a “Renewal Term”, with the Initial Term and any Renewal Term together, the “Term”) at Curve’s then-current fees unless either party gives ninety (90) days advance written notice prior to the end of the then-current Term of its intention to terminate the Agreement, or until otherwise terminated as provided herein. If the Client cancels the Agreement before the end of a Term, the Client shall pay the remaining balance of its Term on the termination date.
4.2. Termination for Cause. Either party may terminate the Agreement at any time upon thirty (30) days prior written notice if the other party commits a material breach that remains uncured after thirty (30) days written notice specifying the nature of the breach and identifying the measures required to correct the breach. Notwithstanding the foregoing, Curve may terminate the Agreement and/or access to the Hosted Programs (i) immediately if it has reason to believe that or if Client has violated its obligations under Section 2 of the Agreement, and (ii) for non-payment of fees upon ten (10) days prior notice, at which time fees for the current Term shall be due and payable in full. Should Curve invoke this Section, it shall have the right to also terminate Client’s rights, or access, to any other Services then provided Client by Curve.
4.3. Effect of Termination. Termination of the Agreement shall terminate Client’s rights to continued use of, licenses to, and access to the Hosted Programs and to any further Services. Termination shall not affect the obligation of Client to pay all fees that have accrued or are otherwise owed by Client under any Order Form or under the Agreement, and shall not affect the right of any party to pursue a claim for breach of the Agreement which accrued prior to the date of termination. The following sections shall survive expiration or termination of the Agreement between the parties: Sections 2.1.B. and 2.1.C.; Section 5.1; Section 7.1; Section 7.3; Section 7.5; and any other indemnification, intellectual property or confidentiality rights or obligations provided in the TOS.
5.1. Infringement Indemnity. Curve will defend and indemnify Client against a claim that the Hosted Programs infringe a United States copyright or patent, provided that: (a) Client notifies Curve in writing within 2 days of the claim; (b) Curve has sole control of the defense and all related settlement negotiations; and (c) Client provides Curve with the assistance, information and authority necessary to perform Curve’s obligations under this Section. Reasonable out-of-pocket expenses incurred by Client in providing such assistance, which may be rendered by telephone or electronically, will be reimbursed by Curve.
In the event the Hosted Programs are held or are believed by Curve to infringe, Curve shall have the option, at its expense, to (a) modify the Hosted Programs to be non-infringing; (b) obtain for Client a subscription to continue using the Hosted Programs; or (c) terminate the subscription for the infringing Hosted Programs. This Section 5.1 states Curve’s entire liability and Client’s exclusive remedy for infringement.
5.2. Warranties and Disclaimers
A. Hosted Program Warranty. Curve warrants that the Hosted Programs will substantially perform in accordance with the documentation for a period of thirty (30) days after the Activation Date (the “Warranty Period”), provided that (i) Client has a current, paid-up right to use the Hosted Programs; and (ii) Client’s access to the Host Server will meet the minimum criteria set forth in Curve’s System Requirements document available at www.curvehero.com/terms This warranty shall not apply to issues arising from Client’s use of third-party software with the Hosted Programs, failure to comply with Curve’s instructions, including its documentation, additions or modifications to the Hosted Programs that are not approved by Curve or any other factors outside of Curve’s control. Client’s sole remedy during the Warranty Period is for Curve to repair or replace, at its sole option, the Hosted Programs upon Curve’s verification of any issues.
B. Services Warranty. Curve warrants that its Hosted Program Services, Customer Support Services, Electronic Services, and other Services described in an applicable Order Form will be performed consistent with generally accepted industry standards.
C. Disclaimers. THE WARRANTIES ABOVE ARE EXCLUSIVE AND IN LIEU OF ALL OTHER WARRANTIES, WHETHER EXPRESS OR IMPLIED, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. Curve does not warrant that the Hosted Programs will operate in the combinations that Client may select for use, that the operation of the Hosted Programs will be uninterrupted or error-free, or that all Hosted Program errors will be corrected.
5.3. Exclusive Remedies. For any breach of the warranties contained in Section 5.2, Client’s exclusive remedy, and Curve’s entire liability, shall be:
A. For Hosted Program Services and Electronic Services: During the Warranty Period, at Curve’s sole option, the correction of Hosted Program errors that cause breach of the warranty, provided Curve can replicate the errors. Any error not reported to Curve by Client within the Warranty Period will be deemed waived and accepted by Client. If Curve cannot reproduce the error, it will have no further obligation under this subsection.
B. For all other Services: At Curve’s sole option, the performance of the Services provided that Client notifies Curve in writing of any defects in the Services within thirty (30) days of their performance. Any error not reported to Curve by Client within thirty (30) days of its discovery will be deemed waived and accepted by Client. If Curve cannot reproduce the error, it will have no further obligation under this subsection.
6.1. Invoicing and Payment. Invoices for payment of Application Subscription and all Service Fees shall be in accordance with then-current prices. In the absence of specific provisions in the applicable Order Form(s), fees for one-time Services are due upon acceptance of any Order Form and prior to delivery of the Service, and are non-refundable. Curve reserves the right to refuse to commence performance of Services if one-time Services fees have not been paid. Application Subscription Fees shall be due 5 business days after an Order Form signature. Subsequent fees shall be payable monthly in advance on the first day of each succeeding month. All other Services that are variable and dependent on actual usage are billed monthly in arrears and due upon receipt of invoice (which may be submitted electronically), which will be sent within the first 5 business days of each calendar month. An administrative late charge of $35.00 per invoice per month will be charged for any invoice not paid by the due date and which remains unpaid each 30 days thereafter, including any electronic transaction that is declined and any returned checks. Additionally, any amounts payable by Client here-under which remain unpaid after the due date shall be subject to a finance charge equal to the lesser of 1.5% per month or the maximum amount permitted under applicable law, from the due date until such amount is paid.
6.2. Taxes. The fees listed in the Agreement do not include taxes; if Curve is required to pay sales, use, property, value-added, withholding, excise or other taxes, duties, or governmental charges based on the Subscription Rights Granted or Services provided under the Agreement or on Client’s use of Hosted Programs or Services, then such taxes, duties, or governmental charges shall be billed to and paid by Client.
6.3. If Curve is found to be responsible for the withholding and payment of taxes on behalf of Client, Client agrees to indemnify Curve with respect to the full amount of taxes due together with applicable interest and penalties. If Client is required to withhold any tax from any payment, then the amount of the payment will be automatically increased to totally offset such tax so that the amount remitted to Curve, net of all taxes, equals the amount invoiced or otherwise due. This Section shall not apply to taxes based on Curve’s net income.
6.4. Variable Use Service Fees. Variable use service fees are subject to external costs (such as postage rates, paper, etc.) and therefore are subject to change with 30-day written notice to Client.
7.1. Nondisclosure. By virtue of the Agreement, the parties may have access to information that is confidential to one another (“Confidential Information”).
A. Confidential Information shall mean all non-public information disclosed by a party to the other party, in writing, that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and the circumstances of disclosure, or that is of value to a party, including the existence of and the terms of this Agreement. Curve Intellectual Property shall be the exclusive proprietary information of Curve.
B. A party’s Confidential Information shall not include information that: (a) is or becomes a part of the public domain through no act or omission of the other party; (b) was in the other party’s lawful possession prior to the disclosure and had not been obtained by the other party either directly or indirectly from the disclosing party; (c) is lawfully disclosed to the other party by a third party without restriction on disclosure; or (d) is independently developed by the other party as evidenced by that party’s written records.
C. During the Term of the Agreement and for a period of two years after its termination or expiration, each party shall (i) use the same degree of care that it uses to protect the confidentiality of its own confidential information of like kind (but in no event less than reasonable care) not to disclose or use any Confidential Information of the other party for any purpose outside the scope of this Agreement, (ii) use any Confidential Information of the other party solely to perform this Agreement or exercise rights under it, and (iii) limit access to Confidential Information of the other party to those of its employees, contractors and agents who need such access for purposes consistent with this Agreement and who are bound by obligations to protect the confidentiality of information that are no less stringent than those in this Agreement.
D. In the event that either party is requested or required for the purposes of legal, administrative, or arbitration to disclose any Confidential Information, the party receiving such disclosure request may disclose such Confidential Information provided it provides the other party within 48 hours with written notice of any such request or requirement so that such party may seek an appropriate protective order or other relief.
7.2. Trademarks. Except for linking to Curve web sites, Client may not use any Curve logo or trademark, whether or not such mark(s) are registered, without prior written approval from Curve. This includes use on printed materials of any kind as well as electronic mediums such as internet web pages or email. Furthermore, the use of the Curve name (or any derivative thereof) in Client’s URL, Business Name, or the names of any add-on products or services Client may be offering independent of Curve is strictly prohibited. Additionally, using the Curve name in paid targeted keyword advertising campaigns on search engines is also prohibited. Curve may use the Client’s name as part of a general list of customers and may refer to Client as a user of the Hosted Programs in its advertising, marketing and promotional materials.
7.3. Governing Law and Dispute Resolution; Equitable Relief. The Agreement, and all matters arising out of or relating to the Agreement, shall be governed by the laws of the State of Georgia, without giving effect to principles regarding conflicts of laws. Any dispute, claim or controversy arising out of or relating to this Agreement, or the breach, termination, enforcement, interpretation or validity thereof, including the determination of the scope or applicability of this agreement to arbitrate, shall be determined by arbitration in Atlanta, Georgia before one arbitrator. The arbitration shall be administered by JAMS pursuant to its Comprehensive Arbitration Rules and Procedures. Judgment on the award may be entered in any court having jurisdiction. This clause shall not preclude the parties from seeking provisional remedies in aid of arbitration, or for injunctive or other equitable relief to restrain a breach or threat of breach, of intellectual property rights, confidentiality protection, or other breach or violation of rights for which injunctive or equitable relief is appropriate.
7.4. Notice. Client agrees to notify Curve of any changes to Client’s business address, business contact, and support contact within ten (10) days of any change thereto. All notices required or permitted hereunder shall be given in writing or as specifically set forth in the applicable section of the Agreement. To expedite order processing, Client agrees that Curve may treat documents emailed or faxed by Client to Curve as original documents; nevertheless, either party may require the other to exchange original signed documents to evidence an order for Hosted Programs or for Services. This Agreement may be executed in any number of counterparts, and each executed counterpart shall have the same force and effect as an original instrument.
7.5. LIMITATION OF LIABILITY. EXCEPT IN INSTANCES WHERE THE CLIENT VIOLATES ITS OBLIGATIONS UNDER SECTION 2 OR 7.1 OF THE AGREEMENT, IN WHICH CASE ITS LIABILITY TO CURVE SHALL NOT BE LIMITED, IN NO EVENT SHALL EITHER PARTY BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL OR CONSEQUENTIAL DAMAGES, COVER, PUNITIVE OR OTHER DAMAGES FOR LOSS OF PROFITS, REVENUE, DATA OR USE, INCURRED BY EITHER PARTY OR ANY THIRD PARTY, WHETHER IN AN ACTION IN CONTRACT OR TORT OR OTHER, EVEN IF THE OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES AND NOTWITHSTANDING ANY FAILURE OF THE ESSENTIAL PURPOSE OF THIS AGREEMENT OR ANY LIMITED REMEDY HERE-UNDER. CURVE’S MAXIMUM LIABILITY TO CLIENT UNDER THIS AGREEMENT SHALL IN NO EVENT EXCEED THE AMOUNT OF FEES PAID BY CLIENT DURING THE MOST RECENT THREE (3) MONTH PERIOD BEFORE THE EVENT GIVING RISE TO THE CLAIM.
The provisions of the Agreement allocate the risks between Curve and Client. The parties agree that Curve’s pricing and other terms and conditions of the Agreement reflect the allocation of risk and the limitation of liability specified herein.
7.6. U.S. Government and HIPAA. The Hosted Programs and accompanying documentation are commercial computer software and documentation developed exclusively at private expense and in all respects are proprietary data belonging to Curve. If the Hosted Programs and accompanying documentation are used under the terms of a Department of Defense or civilian agency contract, use, reproduction and disclosure of such software and documentation by the Government is subject to the restrictions set forth in the Agreement in accordance with 48 C.F.R. 227.7202 or 48 C.F.R. 12.212, respectively. The HIPAA Business Associate Agreement Addendum attached hereto as Exhibit A is incorporated into this TOS by reference.
7.7. Other Terms. In the event any provision of the Agreement is held to be invalid or unenforceable, the remaining provisions of the Agreement will remain in full force and effect. The waiver by either party of any default or breach of the Agreement shall not constitute a waiver of any other or subsequent default or breach. Except for actions for nonpayment or breach of Curve’s Intellectual Property Rights, no action, regardless of form, arising out of the Agreement may be brought by either party more than one year after the cause of action has accrued. The Agreement constitutes the complete agreement between the parties and supersedes all prior or contemporaneous agreements or representations, written or oral, concerning the subject matter of the Agreement. Curve may assign this Agreement or any rights or obligations under it. Client may not assign the Agreement or any rights or obligations hereunder without prior written consent of Curve, which consent shall not be unreasonably withheld or delayed (any such assignment without prior consent shall be void). Either party may assign this Agreement to an affiliate or to a successor entity pursuant to a corporate reorganization, merger, acquisition or sale of all or substantially all of its assets, business or ownership interests. Curve may modify the terms of the Agreement between the parties, including these Terms of Service and any incorporated Order Form(s) or Subscription and Services Agreements upon written notice, e-mail or otherwise, to Client, which may be in the form of an electronic posting on the Client’s Hosted Programs. Continuing use of Client’s Hosted Programs shall constitute assent to these terms. It is expressly agreed that the terms of the Agreement and any Order Form shall supersede the terms in any Client purchase order or other ordering document. In the case of conflict or inconsistency among the terms of the Order Form and TOS, the order of precedence for conflict resolution in descending order shall be as follows: (a) any amendment or change order to the Order Form and TOS; (b) the Order Form; (c) the TOS and (d) any Exhibits or ancillary documents to the Order Form and TOS.
7.8. Force Majeure. Except with respect to failure to pay any amount due under this Agreement, nonperformance of either Party will be excused to the extent that performance is rendered impossible by strike, fire, flood, governmental acts, orders or restrictions, failure of suppliers, or any other reason where failure to perform is beyond the control and not caused by the negligence of the non-performing Party (“Force Majeure Event”).
7.9. Regulatory Limitations. The Services are provided in accordance with applicable regulatory requirements in the United States of America. Client shall comply with all applicable United States, foreign and local laws and regulations, including, without limitation, export control laws and regulations of the U.S. Export Administration. Client further agrees to indemnify and hold Curve harmless from any and all governmental and/or regulatory claims made by governments including and other than the United States of America that may arise should Client use or access the Services outside of the United States of America.
7.10 No Agency. The Client and Curve are independent contractors and neither party is the legal representative, agent, joint venturer, partner, franchisor, franchisee or employee of the other party for any purpose whatsoever. Neither party has any right or authority to assume or create any obligations of any kind or to make any representation or warranty on behalf of the other party, whether express or implied, or to bind the other party in any respect whatsoever.
7.11 Exhibit B. Exhibit B, ADA CDT Addendum, attached hereto, applies only to the use of any Hosted Programs that include access to the master database of the American Dental Association (ADA) Code on Dental Procedures and Nomenclature Codes in electronic form (“CDT”) and is required by the ADA.
This HIPAA BUSINESS ASSOCIATE AGREEMENT ADDENDUM (the “BAA Addendum”), by and between Curve (hereinafter referred to as “Business Associate”) and the above-referenced Client (hereinafter referred to as “Covered Entity”), is hereby incorporated into the TOS, specifically by Section 7.6 thereof, and is effective as of the Effective Date of the Agreement.
A. Covered Entity and Business Associate are parties to one or more agreements (each such agreement, a “Covered Contract,” and collectively, the “Agreement”) pursuant to which Business Associate provides certain services to Covered Entity, and, in connection with those services, Covered Entity discloses to Business Associate certain health information (the “Protected Health Information” as defined in 45 CFR 160.103 that is subject to protection under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), as amended by the Health Information Technology for Economic and Clinical Health Act, and certain regulations promulgated by the U.S. Department of Health and Human Services to implement certain provisions of HIPAA (herein “HIPAA Regulations” found at 45 CFR Parts 160-164), all as may be amended from time to time.
B. Business Associate, as a recipient of Protected Health Information from Covered Entity, is a “Business Associate” as that term is defined in the HIPAA Regulations.
C. Pursuant to the HIPAA Regulations, all Business Associates of the Covered Entity must, as a condition of receiving Protected Health Information in the course of doing business with Covered Entity, agree in writing to certain mandatory provisions regarding, among other things, the use and disclosure of Protected Health Information.
D. The purpose of this Addendum is to satisfy the requirements of the HIPAA Regulations, including, but not limited to, 45 CFR §164.504(e), as the same may be amended from time to time.
Catch-all definition: The following terms used in this Agreement shall have the same meaning as those terms in the HIPAA Rules: Breach, Data Aggregation, Designed Record Set, Disclosure, Health Care Operations, Individual, Minimum Necessary, Notice of Privacy Practices, Protected Health Information, Required By Law, Secretary, Security Incident, Subcontractor, Unsecured Protected Health Information, and Use.
(a) Business Associate. “Business Associate” shall generally have the same meaning as the term “Business Associate” at 45 CFR 160.103, and in reference to the party to this agreement, shall mean Curve.
(b) Covered Entity. “Covered Entity” shall generally have the same meaning as the term “Covered Entity” at 45 CFR 160.103, and in reference to the party to this agreement, shall mean Client named on one or more Order Forms or Subscription and Service Agreements.
(c) HIPAA Rules. “HIPAA Rules” shall mean the Privacy, Security, Breach Notification, and Enforcement Rules at 45 CFR Part 160 and Part 164.
Business Associate agrees to:
(a) Not use or disclose protected health information other than as permitted or required by the Agreement or as required or permitted by law;
(b) Use appropriate safeguards, and comply with Subpart C of 45 CFR Part 164 with respect to electronic protected health information, to prevent use or disclosure of protected health information other than as provided for by the Agreement; Access to Business Associate’s computer networks and systems and the Protected Health Information will be controlled via a user ID and password. BUSINESS ASSOCIATE IS NOT RESPONSIBLE FOR ANY UNAUTHORIZED USE OR DISCLOSURE OF A USER ID OR PASSWORD, OR FOR ANY BREACH OF THIS BAA ADDENDUM ARISING AS A RESULT OF ANY SUCH UNAUTHORIZED USE OR DISCLOSURE BY COVERED ENTITY.
(c) Report to Covered Entity any use or disclosure of protected health information not provided for by the Agreement of which it becomes aware, including breaches of unsecured protected health information, and any security incident of which it becomes aware, as required by 45 CFR 164.400-414. Notifications from Curve to Covered Entity shall be in writing and will include the information required under 45 CFR 164.404(c). Covered Entity shall take all further actions under this subsection at its sole cost;
(d) As timely as reasonably possible, and in accordance with 45 CFR 164.502(e)(1)(ii) and 164.308(b)(2), if applicable, ensure that any subcontractors that create, receive, maintain, or transmit protected health information on behalf of the Business Associate agree to the same restrictions, conditions, and requirements that apply to the Business Associate with respect to such information;
(e) To the extent Business Associate maintains any protected health information in a designated record set, make available protected health information in a designated record set to the Covered Entity as necessary to enable Covered Entity to meet its obligations under 45 CFR 164.524;
(f) To the extent Business Associate maintains any protected health information in a designated record set, make any amendment(s) to protected health information in a designated record set as directed or agreed to by the Covered Entity pursuant to 45 CFR 164.526, or take other measures as necessary to enable Covered Entity to meet its obligations under 45 CFR 164.526;
(g) Maintain and make available the information required to provide an accounting of disclosures to the Covered Entity as necessary to enable Covered Entity to satisfy its obligations under 45 CFR 164.528;
(h) To the extent the Business Associate is to carry out one or more of Covered Entity’s obligation(s) under Subpart E of 45 CFR Part 164, comply with the requirements of Subpart E that apply to the Covered Entity in the performance of such obligation(s); and
(i) Make its internal practices, books, and records available to the Secretary of HHS for purposes of determining compliance with the HIPAA Rules.
(a) Covered Entity and Business Associate agree that Business Associate may disclose protected health information to other business associates of Covered Entity for Business Associate’s performance of services contemplated in the Agreements at Covered Entity’s direction, provided that such other business associates have entered into agreements imposing the same restrictions, conditions, and requirements that apply to the Business Associate with respect to such information. In addition, Business Associate may use de-identified information as set forth in Section 3.4 of the Agreement.
(b) Business Associate may use or disclose protected health information as required or permitted by law.
(c) Business Associate agrees to make uses and disclosures consistent with Covered Entity’s minimum necessary policies and procedures. Business Associate will refer any requests for protected health information directly to Covered Entity for processing and resolution in accordance with this BAA Addendum Section IV.(d).
(d) Business Associate may not use or disclose protected health information in a manner that would violate Subpart E of 45 CFR Part 164 if done by Covered Entity. However, Business Associate may use or disclose protected health information for its own management and administration and legal responsibilities as set forth in paragraphs (e), (f), or (g) below.
(e) Business Associate may use protected health information for the proper management and administration of the Business Associate or to carry out the legal responsibilities of the Business Associate.
(f) Business Associate may disclose protected health information for the proper management and administration of Business Associate or to carry out the legal responsibilities of the Business Associate, provided the disclosures are required by law, or Business Associate obtains reasonable assurances from the person to whom the information is disclosed that the information will remain confidential and used or further disclosed only as required or permitted by law or for the purposes for which it was disclosed to the person, and the person notifies Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached.
(g) In addition to its rights under Agreement Section 3.4, Business Associate may provide data aggregation services relating to the health care operations of the Covered Entity.
(a) Covered Entity shall notify Business Associate of any limitation(s) in the notice of privacy practices of Covered Entity under 45 CFR 164.520, to the extent that such limitation may affect Business Associate’s use or disclosure of protected health information.
(b) Covered Entity shall notify Business Associate of any changes in, or revocation of, the permission by an individual to use or disclose his or her protected health information, to the extent that such changes may affect Business Associate’s use or disclosure of protected health information.
(c) Covered Entity shall notify Business Associate of any restriction on the use or disclosure of protected health information that Covered Entity has agreed to or is required to abide by under 45 CFR 164.522, to the extent that such restriction may affect Business Associate’s use or disclosure of protected health information.
(d) Covered Entity will be solely responsible for obtaining from its customers/patients all authorizations relating to the disclosure of Protected Health Information that are required under HIPAA to enable Business Associate and/or its subcontractors to facilitate communication between Covered Entity and its customers/patients and their family members and for Business Associate to otherwise perform its obligations under the Agreement. Covered Entity hereby represents and warrants to Business Associate that it will have received the necessary authorization from a customer/patient prior to the disclosure of such customer/patient’s Protected Health Information to Business Associate. Business Associate will forward to Covered Entity for processing and resolution any and all requests for information it may receive. Covered Entity will be solely responsible for responding to these requests.
(e) Covered Entity shall promptly notify Business Associate of any breach of any HIPAA obligations that may affect Business Associate’s use or disclosure of protected health information.
Covered Entity shall not request Business Associate to use or disclose protected health information in any manner that would not be permissible under Subpart E of 45 CFR Part 164 if done by Covered Entity. Provided, however, that the Business Associate may use or disclose protected health information for, data aggregation or management and administration and legal responsibilities of the Business Associate as may be set forth in the Agreement or as permitted by law.
(a) Term. The Term of this BAA Addendum shall be effective as of the Effective Date of the Agreement, and shall terminate as set forth in the Agreement.
(b) Termination for Cause. Business Associate authorizes termination of this BAA Addendum according to terms and conditions set forth in the Agreement.
(c) Obligations of Business Associate Upon Termination.
Upon termination of this Agreement for any reason, Business Associate, with respect to protected health information received from Covered Entity, or created, maintained, or received by Business Associate on behalf of
Covered Entity, shall:
1) Retain only that protected health information which is necessary for Business Associate to continue its proper management and administration or to carry out its legal responsibilities;
2) Return to Covered Entity or, if agreed to by Covered Entity, destroy the remaining protected health information that the Business Associate still maintains in any form;
3) Continue to use appropriate safeguards and comply with Subpart C of 45 CFR Part 164 with respect to electronic protected health information to prevent use or disclosure of the protected health information, other than as provided for in this Section, for as long as Business Associate retains the protected health information;
4) Not use or disclose the protected health information retained by Business Associate other than for the purposes for which such protected health information was retained and subject to the same conditions set out at paragraphs (e) and (f) above under “Permitted Uses and Disclosures by Business Associate” which apply prior to termination; and
5) Return to Covered Entity or, if agreed to by Covered Entity, destroy the protected health information retained by Business Associate when it is no longer needed by Business Associate for its proper management and administration or to carry out its legal responsibilities.
(d) Survival. The obligations of Business Associate under this Section VI shall survive the termination of the BAA Addendum and the Agreement.
(a) Regulatory References. A reference in this Agreement to a section in the HIPAA Rules means the section as in effect or as amended.
(b) Amendment. The Parties agree that Business Associate may amend this BAA Addendum as is necessary from time to time in its discretion for compliance with requirements of the HIPAA Rules and any other applicable law.
(c) Relationship of the Parties. Covered Entity and Business Associate agree that Business Associate’s services here-under are being carried out as an independent contractor and not as an employee or agent of the Covered Entity.
(d) Any ambiguity in this BAA Addendum shall be resolved to comply with the HIPAA Regulations. There are no third-party beneficiaries to this BAA Addendum.
This ADA CDT ADDENDUM (the “CDT Addendum”), by and between Curve and the above-referenced Client, is hereby incorporated into the above Application Terms of Service and is effective as of the Effective Date of the Agreement. This CDT Addendum applies only to use of any Hosted Programs that include access to the master database of American Dental Association (ADA) Code on Dental Procedures and Nomenclature Codes in electronic form (“CDT”) and is required by the ADA.
Client hereby acknowledges that:
1. Curve’s provision of updated versions of CDT is dependent upon Curve’s continuing contractual relations with the ADA;
2. Client’s use of CDT is non-transferable, non-exclusive, and for the sole purpose of internal use in the territory and language as designated in Client’s Agreement with Curve;
3. Client is prohibited from using CDT or information contained therein in any public computer based information system or public electronic bulletin board (including the Internet and World Wide Web) unless subject to the provisions of this CDT Addendum;
4. Client is prohibited from publishing, translating, or transferring possession of the CDT or a copy or portion of it;
5. Client is prohibited from creating derivative works based on CDT and selling, leasing or licensing it or otherwise making the CDT or any portion thereof available to any unauthorized party;
6. Client shall ensure that anyone who has authorized access to the Hosted Programs complies with the provisions of this CDT Addendum;
7. This product includes CDT which is commercial technical data and/or computer databases and/or commercial computer software and/or commercial computer software documentation, as applicable, which were developed exclusively at private expense by the American Dental Association, 21 East Chicago Ave., Chicago, IL 60611. U.S. Government rights to use, modify, reproduce, release, perform, display, or disclose these technical data and/or computer databases and/or computer software and/or computer software documentation are subject to the limited rights restrictions of DFARS 252.227-7015(b)(2) (June 1995) and/or subject to the restrictions of DFARS 227.7202-1(a) (June 1995) and DFARS 227.7202-3(a) (June 1995), as applicable for U.S. Department of Defense procurements and the limited rights restrictions of FAR 52.227-14 (June 1987) and/or subject to the restricted rights provisions of FAR 52.227-14 (June 1987) and FAR 52.227-19 (June 1987), as applicable, and any applicable agency FAR Supplements, for non-Department of Defense Federal procurements.
8. CDT is provided “as is” without any liability to Curve or the ADA, including, without limitation, no liability for consequential or special damages or lost profits for sequence, accuracy or completeness of data, or that it will meet Client’s requirements, and that Curve’s and ADA’s sole responsibility is to use reasonable efforts to obtain replacement CDT for Client in the event of defects; ADA disclaims any liability for any consequences due to use, misuse or interpretation of information contained or not contained in CDT.
9. This CDT Addendum shall terminate in the event of default under this CDT Addendum; and
10. In the event that a provision of this CDT Addendum is determined to violate any law or is unenforceable, the remainder of the CDT Addendum shall remain in full force and effect.