Chronic Care Management, LLC Software Master Subscription Agreement
- Getting Started:
This Master Subscription Agreement covers the Services provided by Chronic Care Management, LLC (“CCM”) to ________________________________ (“Client”). If You are entering into this Agreement on behalf of a corporation, partnership, or other legal entity, You represent that You have the authority to bind that legal entity and its affiliates (defined below, with the entity and its affiliates referred to as “Client,” “You” or “Your”) to the terms and conditions contained in this Agreement. If You do not agree with these terms and conditions, or You do not have the authority to bind the entity and its affiliates, then You may not use the Services.
Without CCM’s specific, written consent, You may not access the Services:
- If You are doing so only to monitor and/or evaluate the functionality and availability of the Services; and/or
- You sell competitive products or services and are accessing the Services only for competitive purposes.
As used in this Agreement, these words have the following meanings:
Affiliate – means an entity that controls, is controlled by, or under common control with the subject entity.
Agreement – means this Subscription Agreement.
Content – means information that We generate ourselves or obtain from others that is presented to You as part of the Services excluding Your Data.
Malicious Code – means computer code, scripts, programs or infected files that are intended to do harm to the systems hosting the Services and include computer viruses, worms, and Trojan horses.
Order Form – means the document We prepare for Your acceptance of the particular Services, pricing and other details. By signing an Order Form, You agree that Your Affiliates are also bound by the terms of the Order Form and this Agreement.
Other Software – means software (in-house or online) this is not developed by CCM, but with which CCM’s Services may interact (for example, electronic medical record software that will provide data to the Services).
Services – means the CCM/CPO Suite products and services that You purchase from Us as indicated on Your Order Form, which are made available to You online according to the terms of the Order Form and this Agreement.
User – means an individual who is designated by You to use one or more of the Services on behalf of Your entity, and been provided by Us with login credentials to access the Services.
We, Us or Our – means Chronic Care Management, LLC, an Ohio limited liability company, with offices at 30575 Bainbridge Rd., Suite 180, Solon, OH 44139, (440) 248-6500, info@ChronicCareManagement.com.
You or Your – means ____________________. (Client) and its affiliates and its or their officers, directors, employees, agents, contractors, successors, and assigns; or other legal entity accepting this Agreement and its Affiliates.
Your Data – means data and any other information submitted by You to Us to be utilized in providing the Services, including data/information directly input to the Services, but does not include Content and Other Software or any other information about You disclosed to or learned by Us or otherwise incorporated into Our Content.
- Our Duties
Pursuant to this Agreement and the Order Form, We will:
- Provide You with the Services and Content that You have purchased as listed on the Order Form.
- Provide You with standard Client support services, as described in Exhibit A, at no additional charge.
- Use commercially reasonable efforts to make the Services available 24 hours per day, 7 days per week except for situations beyond our control, including, but not limited to acts of God (such as flood, fire, earthquake), civil unrest or act of terror, strike or labor problem (except with Our employees), internet Services provider outage or denial of Services attack. In the event the Services require changes/updates which will make them temporarily unavailable, We will provide at least three (3) business days’ notice of the planned unavailability.
- Protect Your Data through the use of physical, technical and administrative safeguards to preserve the security, integrity and confidentiality of Your Data in accordance with applicable HIPAA standards. These safeguards will include preventing access to, and use or disclosure of Your Data by Our employees and contractors, except (i) to provide the Services; (ii) to address Services or technical issues; (iii) as You specifically authorize in writing; or (iv) if required by a court as referenced in item 7(c) below.
- Your Duties
- The Services and Content are provided on a subscription basis, with a monthly fee charged on the basis of the number of patients entered by You into the Software who become Qualifying Patients as defined in Section 5 below. The actual fees are detailed in Exhibit B, the Order Form.
- The Services may be accessed only by individuals that You have designated as authorized users. We do not charge for additional users, but once a user is set up, that user’s password should not be shared with any other individual.
- You are responsible for: (i) assuring that all Users comply with the provisions of this Agreement; (ii) the accuracy and legal appropriateness of all Data entered into the Services by Your Users; (iii) preventing unauthorized use or access to the Services though commercially reasonable measures.
- Unless contained in a written agreement to the contrary, You may not: (i) allow use of the Services for the benefit of anyone other than You or the Users; (ii) offer, sell or otherwise provide use of the Services for any patients for whom You are not a care provider (such as using the Services to act as a Services bureau or outsourced offering for patients on part of Your practice); (iii) posting any content to the Services that infringes on the rights of others (including privacy rights), or is libelous or otherwise unlawful; (iv) posting any content that contains malicious code; (v) attempt to gain access to anyone else’s data as contained within the Services; (vi) copy or reproduce any part of the Services for use on another computer system, including to build a competitive product or Services; or (vii) attempt to reverse engineer any feature of the Services unless permitted by applicable law.
- Unless contained in a written agreement to the contrary, You may not attempt to integrate any non-CCM application with the Services.
- You acknowledge that the Services are designed to operate on the Google Chrome browser, and that You will use that browser with the Services.
- Payment for Services
- Invoice Amount. Terms are outlined on the Order Form.
- Invoicing and Payment. We will provide the monthly invoice via email to the billing contact as specified on the Order Form. By providing Us with validated credit card information, or a purchase order and/or other credit documentation, You authorize US to charge for the Services as listed in the Order Form. Unless otherwise stated in the Order Form, all invoices are due and payable net thirty (30) days from the invoice date. Because billing will be made via Email only, You are responsible for keeping Us updated with the latest billing and contact information, and to notify Us of any changes to this information.
- Late Payments. In the event that an invoice is not paid by the due date, (i) the unpaid charges may accrue interest at the rate of 1.5% of the amount owed, or the maximum amount permitted by applicable law, whichever is lower; and (ii) We may condition Your future use of the Services on payment of invoices in a different manner or with shorter due date. The foregoing does not in any way limit Our rights and remedies in the event of Your nonpayment.
- Suspension of Services. Without limiting Our rights and remedies, if any amount owed under this or any other agreement You have with Us is thirty (30) or more days overdue, We may suspend Your access to the Services until all amounts owed are paid. We agree that We will give You at least ten (10) days written notice (in the manner specified in Section 12(a)) and the opportunity to cure before We suspend Your access to the Services.
- Applicable Taxes. The fees set forth in the Order Form do not include taxes of any kind (including, but not limited to sales or use taxes) (“Taxes”). You are responsible for paying all Taxes associated with the Services. If We have the obligation to collect or pay such Taxes, then We will add those Taxes to each monthly invoice. Taxes will not be added if You provide Us with a valid tax exemption certificate.
- Rights and Licenses
- Rights Granted. We grant You worldwide, limited-term access to the Services and Content as set forth in this Agreement.
- Rights Reserved. Except as expressly granted to You in this Agreement, We reserve all of our right, title and interest in and to the Services, and to any rights We or others have in the Content.
- License to Host Data. By Your use of the Services, You grant Us a limited-term license to host, transmit, copy and display Your Data within the USA as required for Us to provide the Services in accordance with this Agreement; provided that We are granted no right whatsoever in the underlying data.
- License for Requested Features. In the event that You ask for, and We produce any particular new feature of the Services, then You grant Us a worldwide, perpetual, irrevocable and royalty free license to use Your suggestion or recommendation as a separate feature of the Service available to you or as an integral feature of the Service available to others.
- “Confidential Information” means information disclosed orally or in writing by one party (the “Disclosing Party”) to another party (the “Receiving Party”) that the Disclosing Party either indicates is confidential, or that should be reasonably understood as confidential given the nature of the information or the circumstances under which the information is conveyed. With respect to this Agreement, our Order From (specifically including pricing) along with the Services and Content is considered to be our confidential information. Your confidential information includes Your Data. Confidential information may also include our respective technologies, technical information, Services design, and business processes that may be communicated between Us pursuant to this Agreement. Confidential Information does not include: (i) information that is or becomes generally known without there being a breach of confidentiality by a Receiving Party; (ii) information already known by the Receiving Party prior to disclosure by the Disclosing Party; (iii) information received by a third party so long as this information was provided without breach of a duty owed to a Disclosing Party; or (iv) information that was developed independently by the Receiving Party. In addition to any confidentiality obligations in this agreement, the Business Associate Agreement between You and Us shall apply and be incorporated herein by reference.
- Protection of Information. Pursuant to this Agreement, the Receiving Party agrees to protect the confidentiality of information received from the Disclosing Party to at least the same extent as it protects its own Confidential Information (but exercising at least reasonable care). The Receiving party also agrees that: (i) it will not use any Confidential Information for any purpose outside the scope of this Agreement; (ii) will limit its employees’ (and affiliates’) access to the Confidential Information to that reasonably necessary to accomplish the purposes of this Agreement; and (iii) will obtain similar confidentiality agreements from any third-party who may require access to the Confidential Information in order to carry out the purposes of this Agreement. Neither party will disclose the Confidential Information to any third party (except its respective legal counsel and accountants, etc.) without the express written consent of the Disclosing Party and if so disclosed, will remain responsible for the protection of the Confidential Information while in the hands of such third party.
- Legally Required Disclosures. Notwithstanding the foregoing, the Receiving Party may disclose Confidential Information to the extent required by law to do so, provided that the Receiving Party gives the Disclosing Party reasonable advanced notice of the compelled disclosure and assistance should the Disclosing Party wish to contest the legality of the disclosure. If such assistance is requested, the Disclosing Party agrees to reimburse the Receiving Party for the reasonable cost of such assistance.
- Representations and Warranties
- We represent to You, and You represent to Us that we each have authority to enter into this legally binding Agreement.
- Warranties. We warrant the following: (i) any documentation We have provided, including this Agreement and the Order Form, accurately describe the technical and administrative safeguards that will be employed to protect Your Data; (ii) We will make no changes in technology or administrative procedures that will materially decrease the overall security of the Services without providing advance written notice to You; (iii) The Services will perform substantially as intended in accordance with the software specifications; and (iv) use of the Services will not introduce Malicious Code into Your systems.
- Disclaimers. EXCEPT AS EXPRESSLY PROVIDED HEREIN, NEITHER PARTY MAKES ANY WARRANTY OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, AND EACH PARTY SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW. CONTENT AND BETA SERVICES ARE PROVIDED “AS IS,” EXCLUSIVE OF ANY WARRANTY WHATSOEVER.
- Our Indemnification. We will defend You against any claim, demand, suit or proceeding made or brought against You by a third party alleging that the use of the Services in accordance with this Agreement infringes such third party’s intellectual property rights and will indemnify You from any damages, attorney fees and costs finally awarded against You as a result of, or for amounts paid by You under a court-approved settlement of, a claim against You as described above, provided that You: (i) promptly give Us written notice of the claim, (ii) allow Us sole control of the defense and settlement of the claim (except that We may not settle any such claim unless it unconditionally releases You of all liability), and (iii) give Us all reasonable assistance, at Our expense. CCM shall indemnify, hold harmless, and defend (at its sole expense) Client and its affiliates and its or their officers, directors, employees, agents, successors, and assigns, from and against claims brought against Client and/or one or more affiliates by any third party alleging that Client’s use of the cloud service, in accordance with the terms and conditions of the Agreement, constitutes infringement or misappropriation of their patent, copyright, trademark, or trade secret rights, and/or third party claims based on or resulting from CCM’s breach of its confidentiality or data security obligations under this Agreement. CCM will pay damages finally awarded against Client (or the amount of any settlement CCM enters into) with respect to such claims and any reasonable costs and expenses, and further provided that CCM shall be responsible for the cost of preparing a risk assessment of the probability of whether Client Data has been compromised as well as any data breach mitigation expenses for breaches resulting from CCM’s (or its affiliates’’ or subprocessors’) use of Client Data, including the costs of notifying individuals, the media or government agencies. If We receive information about an infringement claim related to the Services, We may in Our discretion and at no cost to You: (x) modify the Services so that it no longer infringes, without breaching Our warranties under Section 8; (y) obtain a license for Your continued use of the Services in accordance with this Agreement; or (z) terminate Your subscriptions for the Services upon 30 days’ written notice and refund You any prepaid fees covering the remainder of the term of the subscription. The above defense and indemnification obligations do not apply to the extent that such claim arises from Your breach of this Agreement.
- Your Indemnification. You will defend Us against any claim, demand, suit or proceeding made or brought against Us by a third party alleging that Your Data, or Your use of any Services in breach of this Agreement, infringes such third party’s intellectual property rights or violates applicable law, and will indemnify Us from any damages, attorney fees and costs finally awarded against Us as a result of, or for any amounts paid by Us under a court-approved settlement of such a claim, provided: We (i) promptly give You written notice of the claim, (ii) give You sole control of the defense and settlement of the claim (except that You may not settle any claim unless it unconditionally releases Us of all liability), and (iii) give You all reasonable assistance, at Your expense.
- Exclusive Remedy. This Section states the indemnifying party’s sole liability to, and the indemnified party’s exclusive remedy against, the other party for any type of claim described in this Section 9.
- Limitation of Liability
- General, Professional Liability, and Cyber Insurance. CCM shall maintain for itself and on behalf of each of its employees providing services hereunder general liability insurance and professional liability insurance with a limit of not less than $1,000,000 per occurrence and $5,000,000 aggregate. Upon request, CCM will supply Client with satisfactory documentation of such insurance. CCM will give Client at least thirty (30) days written notice prior of the cancellation of any such policies.
- Limitation. EXCEPT FOR OBLIGATIONS FOR WHICH THERE IS A DUTY TO INDEMNIFY AND VIOLATIONS OF THE BUSINESS ASSOCIATE AGREEMENT, NEITHER PARTY’S LIABILITY WITH RESPECT TO ANY SINGLE INCIDENT ARISING OUT OF OR RELATED TO THIS AGREEMENT WILL EXCEED THE AMOUNT PAID BY CLIENT HEREUNDER IN THE 12 MONTHS PRECEDING THE INCIDENT, PROVIDED THAT IN NO EVENT WILL EITHER PARTY’S AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT EXCEED THE TOTAL AMOUNT PAID BY CLIENT HEREUNDER. THE ABOVE LIMITATIONS WILL APPLY WHETHER AN ACTION IS IN CONTRACT OR TORT AND REGARDLESS OF THE THEORY OF LIABILITY. HOWEVER, THE ABOVE LIMITATIONS WILL NOT LIMIT CLIENT’S PAYMENT OBLIGATIONS UNDER SECTION 5.
- Exclusion of Consequential Damages. IN NO EVENT WILL EITHER PARTY HAVE ANY LIABILITY TO THE OTHER PARTY FOR ANY LOST PROFITS, REVENUES OR INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, COVER OR PUNITIVE DAMAGES, WHETHER AN ACTION IS IN CONTRACT OR TORT AND REGARDLESS OF THE THEORY OF LIABILITY, EVEN IF A PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THE FOREGOING DISCLAIMER WILL NOT APPLY TO THE EXTENT PROHIBITED BY LAW.
- Term and Termination
- Term of Agreement. This Agreement commences on the first to occur of (i) that date You sign the Order Form or (ii) the date You first load Your Data into the applicable Services, and continues for a term as described on the Order Form. The term of this Agreement shall automatically renew for additional periods equal to the expiring subscription term or one year (whichever is shorter), unless either party gives the other notice of non-renewal at least 90 days before the end of the relevant subscription term. The per-patient pricing during any automatic renewal term will be the same as that during the immediately prior term unless We have given You written notice of a pricing increase at least 60 days before the end of that prior term, in which case the pricing increase will be effective upon renewal and thereafter.
- Termination. A party may terminate this Agreement for cause (i) upon 30 days written notice to the other party of a material breach if such breach remains uncured at the expiration of such period, or (ii) if the other party becomes the subject of a petition in bankruptcy or any other proceeding relating to insolvency, receivership, liquidation or assignment for the benefit of creditors. This agreement may be terminated by either Party, with or without cause, upon thirty (90) days prior written notice.
- Refund upon termination. If this Agreement is terminated by You in accordance with this Section We will refund You any prepaid fees covering the remainder of the term of all Order Forms after the effective date of termination. If this Agreement is terminated by Us in accordance with this Section You will pay any unpaid fees covering the remainder of the term of all Order Forms. In no event will termination relieve You of Your obligation to pay any fees payable to Us for the period prior to the effective date of termination.
- Return of Data. Upon request by You made within 30 days after the effective date of termination or expiration of this Agreement, We and any of Our third party data centers, host providers, or other subcontractors will make Your Data available to You for export or download. After that 30-day period, We will have no obligation to maintain or provide Your Data, and will thereafter delete or destroy all copies of Your Data in Our systems or otherwise in Our possession or control, unless legally prohibited.
- Extension for termination. If Client requires other access to the Application Software to export and retrieve Client data after the effective date of termination or expiration, Client may extend the term for up to ninety (90) days by notifying CCM no later than (30) days after to the effective date of termination or expiration and paying fees for such extension, if applicable. Monthly fees for such extension, if applicable, shall be calculated as 10% of the prior 12 months total fees.
- Client shall not be prohibited from continuing to use, copy, or revise any print-outs, reports, electronic files, documents, notes, emails or other items generated through use of the Application Software that contain Client data for Client’s or its affiliates’ internal business purposes. CCM shall have no right to use any Client’s data or Client Confidential Information upon expiration or termination except in connection with providing Client data transition assistance.
- Provisions Surviving Termination. The following Sections will survive any termination or expiration of this Agreement: Sections 5, 6, 7, 9, 10, 11(d), 11(e), and 12.
- Miscellaneous Provisions
- Data Retention. All Client data will be stored by CCM for as long as required by Client.
- All Client data will be fully encrypted.
- Intellectual Property Claim. In the event an intellectual property claim is made or in CCM’s reasonable opinion is likely to be made, CCM may, at its sole option and expense: (i) procure for Client right to continue using the applicable Software Application under the terms of the Agreement; or (ii) replace or modify the applicable Application Software to be non-infringing without material decrease in functionality. If CCM provides written notice to Client that the foregoing options are not reasonably available, Client may terminate Client’s subscription to the affected Application Software and CCM shall refund to Client all prepaid fees for the affected Application Software for the remainder of its term after the date of termination.
- SSAE 16 SOC Type 2 Audit / Right to Audit: CCM shall meet or exceed industry standards for security and applicable laws governing the handling of data. In the event CCM fails to meet its audit obligations and Client has to conduct the audit, then CCM shall be responsible for paying the costs of the audit.
CCM shall use appropriate administrative, physical, and technical safeguards to reasonably protect Client Data from disclosure or use other than in for Client’s benefit as provided in this Agreement, and CCM shall comply with the Security Standards for the Protection of Electronic Protected Health Information, codified at C.F.R. § 164 Subparts A and C (as may be amended from time to time). CCM’s (and all affiliates’ and sub-processors’) processing, disclosure, or other use of Client Data shall comply in all material respect with HIPAA (defined below) and all applicable similar state laws.
CCM will maintain accurate and detailed records of its performance of its obligations under this Agreement [and each Exhibit, Attachment and Schedule thereto]. Client reserves the right to perform, either itself or through an authorized representative, upon prior written notice and during normal business hours, financial and/or performance audits relating to the service and obligations under this Agreement [and each Exhibit, Attachment and Schedule thereto]. Audits may include examination of financially relevant information to support the Service (such as billing and contract costs), as well as a review of CCM’s (including affiliates’ and sub-processors’) internal controls relevant to this Agreement (such as business, security, and information technology practices, documentation and procedures, as well as any SSAE 16 or related audits). CCM will make all pertinent records available for inspection or audit by Client or its authorized agent at CCM’s (or its affiliates’ or sub-processors’) business office during normal business hours for up to two (2) years after the termination of this Agreement [and each Exhibit, Attachment and Schedule thereto]. CCM (and any affiliates or sub-processors) shall make its internal practices, books, and records, including policies and procedures, relating to the use and disclosure of Client Data available to the Secretary of HHS and Client for determining compliance with the Health Insurance Portability and Accountability Act of 1996, the Health Information Technology for Economic and Clinical Act and their promulgating regulations as may be amended from time to time (collectively HIPAA).
- Disaster Recovery Plan. CCM shall have a written disaster recovery policy and shall provide a copy to Client upon request. CCM’s disaster recovery obligations shall include industry standard, reasonable steps, including at a minimum redundancy, data mirroring, restoration standards, and notification procedures. CCM shall exercise commercially reasonable efforts to restore the cloud service and all Client Data entered and/or aged within one hour and to return Client to active service within four hours. CCM shall notify Client of any suspected loss of data, security incident, or breach of privacy of Client Data as soon as practicable, within at most 24 hours.
- Defined Backup Policies / Data Protection. CCM shall maintain and provide backups for system maintenance, restoration, and disaster recovery with 24×7 monitoring of the cloud service. CCM shall back-up (at least hourly) and maintain Client Data during the term of the Agreement, including any Renewal Term, and for up to ninety (90) days after termination unless Client provides earlier notification that Client has retrieved or exported a copy thereof and no longer needs access to Client’s Data, provided however that such obligation shall not extend beyond ninety (90) days after termination unless otherwise agreed in writing. CCM shall, upon termination or expiration for any reason, promptly provide Client with a copy of its Client Data in CSV or other mutually-acceptable format and shall provide reasonable transition assistance. All Client Data shall be encrypted when in transit and at rest. CCM shall perform regular security screens and audits of its systems and ensure that cloud service and all Client data is secure.
- Notices. All notices specified or allowed under this Agreement must be in writing and will be deemed to have been given (i) upon the third business day after mailing; (ii) the second business day after being sent by facsimile the receipt of which is confirmed by the sending machine; (iii) the first business day after sending by email; (iv) the date receive by You according to a delivery receipt provided by FedEx or UPS. Notwithstanding the above, notices related to claim indemnification and notices of termination are not effective if delivered by email. Notices regarding billing shall be sent to the “billing contact” as noted on the Order Form. All other notices shall be made to the Client contact on the Order Form. Notices may be sent to Us as follows:
Chronic Care Management, LLC
30575 Bainbridge Rd., Suite 180
Solon, Ohio 44139
Facsimile: (440) 248-8700
- Governing Law and Jurisdiction. The parties agree that any dispute arising under this agreement shall be adjudicated under the laws of the State of Ohio without regard to its conflict of laws provisions, and hereby submits to the jurisdiction of courts in Ohio.
- No Agency. The parties mutually confirm that they are entering into this Agreement as principals, and that no agency relationship is intended; The duties on obligations of You and Us under this Agreement are personal to Us, and may only be assigned as set forth in Section 12(f).
- Anti-Corruption. You represent that You have not been offered (or received) any illegal bribe, kickback, gift or other thing of value from any employee of CCM in connection with this Agreement. Reasonable gifts/meals/entertainment provided in the ordinary course of business do not violate this restriction. If You learn of any violation of this restriction, You agree to notify Us at firstname.lastname@example.org.
- Entire Agreement. This Agreement, in conjunction with the provisions of the Order Form, forms the entire agreement between You and Us, and supersedes all prior agreements, proposals or other communications whether written or oral. No modification or claimed modification of this Agreement will be effective unless in a writing signed by You and by Us. We further agree that any term in Your purchase order or other order documentation that conflicts with the terms of this Agreement (including the Order Form) will be considered null and void.
- Assignment. Neither You nor Us may assign its rights or obligations under this Agreement without the other party’s prior written consent, which consent shall not be unreasonably delayed, conditioned or withheld; provided however, that assignment is permitted if it is part of a merger, acquisition, corporate reorganization or other transaction involving the sale of substantially all of its assets.
- Relationship of the Parties. The parties to this Agreement are independent contractors, and this agreement does not create a partnership, joint venture, fiduciary or any other relationship between the parties.
- Third-Party Beneficiaries. There are no third-party beneficiaries under this Agreement.
- No Waiver. The failure or delay by either party in exercising its rights under this agreement shall not be considered a waiver of that right unless that wavier is in writing and signed by both parties.
- Severability. To the extent any provision of this Agreement is held to be unenforceable by a court having jurisdiction over the same, that provision shall be deemed null and void, but the remaining provisions of this Agreement will remain in full force an effect.