CONTACT INFORMATION

SCRIBE SERVICES AGREEMENT

This Scribe Services Agreement (the “Agreement”) is made and entered into on @{Date:37} (the “Effective Date”), by and between Scribekick LLC, a Virginia limited liability company with its principal office located at 2400 Old Brick Road, Glen Allen, VA 23060 (“SCRIBE FIRM”), and with @{Company Name:36} its principal office located at @{Address (Street Address):34.1} (“CLIENT”).

RECITALS

WHEREAS, CLIENT provides health care services through employed or contracted physicians and/or other health care professionals at its practice location(s) in @{Address (State / Province):34.4} @{Address (Country):34.6} ;

WHEREAS, SCRIBE FIRM provides scribe services through the placement of its non-physician employees either on-site at practice locations or remotely; and

WHEREAS, CLIENT desires to engage SCRIBE FIRM to provide scribe services to CLIENT through SCRIBE FIRM’S non-physician employees pursuant to the terms set forth herein.

NOW, THEREFORE, in consideration of the terms and conditions set forth herein, the receipt and sufficiency of which are hereby acknowledged, the parties agree as follows:

AGREEMENT

1. SCRIBE FIRM Duties and Responsibilities.
   

1. On-Site Services. SCRIBE FIRM shall recruit, screen, interview, train, and assign its employed scribes (each, an “Assigned Employee,” and, collectively, the “Assigned Employees”) to assist CLIENT’s medical professionals with patient visit documentation (“Scribe Services”), under the general supervision of CLIENT’s employed or otherwise engaged physicians at the practice locations specified in the attached Exhibit A, as that exhibit may be amended from time to time upon mutual agreement of the parties. CLIENT specifically acknowledges and agrees that SCRIBE FIRM may assign more than one Assigned Employee to CLIENT in order to provide the Scribe Services to one or more of CLIENT’s physicians; provided, however, that SCRIBE FIRM’s duty to fill assignments is subject to the availability of qualified Assigned Employees as determined by SCRIBE FIRM in its sole discretion.
   
2. Virtual Services. SCRIBE FIRM shall provide Scribe Services through its Assigned Employees remotely in lieu of on-site at CLIENT locations on an as-needed basis as reasonably requested by CLIENT. In the event that CLIENT requests the provision of Scribe Services remotely, CLIENT shall ensure that patient visits are made available to the Assigned Employees through a third-party HIPAA- compliant virtual meeting company in a reasonable amount of time for SCRIBE FIRM to complete its obligations hereunder. SCRIBE FIRM shall not be liable for any delay or interruption in the performance or completion of its obligations hereunder that result from any act, neglect, or default of CLIENT or any third-party HIPAA-compliant virtual meeting company, including, but not limited to, any system failures of any third-party HIPAA-compliant virtual meeting company, or otherwise from any cause beyond the reasonable control of SCRIBE FIRM.
   
3. SCRIBE FIRM Employees. The parties acknowledge and agree that the Assigned Employees shall, at all times hereunder, remain the employees of SCRIBE FIRM and that the Assigned Employees shall not be entitled to any employment benefits from CLIENT. SCRIBE FIRM shall pay to its Assigned Employees such wages and provide to them such benefits as SCRIBE FIRM decides to offer to them in its sole discretion. SCRIBE FIRM also shall pay, withhold, and transmit payroll taxes; provide unemployment insurance and workers’ compensation benefits; and maintain ultimate responsibility for unemployment and workers’ compensation claims with respect to Assigned Employees.
   
4. Confidentiality Agreement. SCRIBE FIRM shall require each Assigned Employee to sign a confidentiality agreement in the form attached hereto as Exhibit B before the Assigned Employee provides Scribe Services to CLIENT.
   

2. CLIENT’s Duties and Responsibilities.
   

1. Qualifications of Physicians. At all times during the term of this Agreement CLIENT’s physicians to whom Assigned Employees are assigned shall be duly licensed and qualified to practice medicine in the state(s) in which the physicians provide professional services. CLIENT shall notify SCRIBE FIRM in writing immediately upon CLIENT’s receipt of information indicating that any such physician is no longer duly licensed or qualified.
   
2. Supervision of Assigned Employees. CLIENT shall monitor and supervise the Assigned Employees when such employees are performing Scribe Services for CLIENT, whether on-site or remotely, and shall maintain sole and ultimate responsibility and liability for the accuracy and completeness of patient visit documentation and for the provision of health care services to CLIENT’s patients.
   
3. Practice Locations. CLIENT shall provide Assigned Employees with a safe work environment and shall provide such information and training as is necessary to inform Assigned Employees about any hazardous substances or conditions to which they may be exposed at CLIENT’s practice locations. CLIENT shall monitor, supervise, control, and safeguard its practice locations, including its processes and/or systems, and shall not permit Assigned Employees to operate any vehicle or equipment, or entrust any Assigned Employee with unattended premises, cash, checks, keys, credit cards, merchandise, confidential or trade secret information, negotiable instruments, or other valuables without SCRIBE FIRM’s prior written consent or as strictly required for the Assigned Employee to perform his or her duties hereunder.
   
4. Log-In Information. CLIENT shall provide, at its sole expense, each Assigned Employee with his or her own login to be used solely by that Assigned Employee in the performance of his or her duties hereunder. For the avoidance of doubt, CLIENT shall not permit its physicians and/or its other health care professionals to share their login information with Assigned Employees or otherwise permit Assigned Employees to use a physician’s or other health care professional’s login information.
   
5. Assigned Employees’ Duties. CLIENT shall not change Assigned Employees’ job duties without SCRIBE FIRM’s prior written consent.
   
6. Training of CLIENT Employees. Client shall not ask or permit, directly or indirectly, any Assigned Employee to train CLIENT’s employees or otherwise engaged personnel to provide Scribe Services.

7. Exclusion from Employee Benefits Plans. CLIENT shall exclude Assigned Employees from CLIENT’s benefit plans and shall not offer or promise anything to Assigned Employees relating to such employees’ compensation or benefits.

8. Notice of Intent to Terminate Assigned Employee.
   

1. In the event that CLIENT concludes, in its reasonable business judgment, that an Assigned Employee is not performing his or her duties in a satisfactory manner or that Assigned Employee otherwise fails to satisfy the requirements of this Agreement, and CLIENT wishes to terminate the Assigned Employee’s assignment with CLIENT, CLIENT shall provide reasonable notice to SCRIBE FIRM and shall reasonably cooperate with SCRIBE FIRM in replacing the Assigned Employee with a new Assigned Employee.
   
   ii. In the event that CLIENT wishes to terminate the assignment of an Assigned Employee other than for reasons set forth in Section 2(h)(i), CLIENT shall provide thirty (30) days’ prior written notice to SCRIBE FIRM, unless SCRIBE FIRM and CLIENT mutually agree to a shorter notification period.
   

9. Compliance with Laws. At all times during the term of this Agreement, CLIENT shall comply with all applicable federal and state laws, regulations, and rules, including, but not limited to, Medicare rules governing EHR Incentive Programs or other physician payment programs, the Medicare Access and CHIP Reauthorization Act of 2015, and the Health Insurance Portability and Accountability Act of 1996, as amended and revised by the Health Information Technology for Economic and Clinical Health Act (“HIPAA,” and, collectively, “Applicable Laws”).
   
10. Exclusivity. CLIENT acknowledges and agrees that SCRIBE FIRM shall be the exclusive provider of Scribe Services to CLIENT during the term of this Agreement. Notwithstanding the foregoing, nothing herein shall be deemed to limit or prohibit, and shall not limit or prohibit, SCRIBE FIRM from providing Scribe Services to individuals or entities other than CLIENT.
    

3. Fees.
   

1. Fees for Scribe Services. CLIENT shall pay SCRIBE FIRM for the provision of Scribe Services hereunder at the rates set forth on Exhibit A, as that exhibit may be amended from time to time upon mutual agreement of the parties. CLIENT also shall pay to SCRIBE FIRM any additional costs or fees set forth in this Agreement. SCRIBE FIRM shall provide an invoice to CLIENT on a monthly basis for the Scribe Services provided to CLIENT in the prior month. Payment is due to SCRIBE FIRM within thirty (30) days of CLIENT’s receipt of the invoice. Interest will accrue on any amounts past due for more than thirty (30) days at a rate of 1.5% per month of the overdue amount. To assist SCRIBE FIRM in preparing the invoices, CLIENT shall cooperate with SCRIBE FIRM in preparing and/or approving Assigned Employee time sheets or such other mechanism for documenting time worked by the Assigned Employees as mutually agreed to by the parties. If CLIENT disputes any portion of any invoice, CLIENT will pay the undisputed portion in accordance with this section, and the disputed portion of the invoice shall be addressed pursuant to Section 12 of this Agreement.
   
2. Overtime Pay. The parties acknowledge and agree that all Assigned Employees are nonexempt from laws requiring premium pay for overtime, holiday work, or weekend work (“Overtime”).
   SCRIBE FIRM shall charge CLIENT, and CLIENT shall pay to SCRIBE FIRM, applicable rates for Overtime only when federal law requires Overtime pay for an Assigned Employee’s provision of Scribe Services to CLIENT, and CLIENT has authorized and directed, or otherwise permitted, the Assigned Employee to work Overtime. CLIENT’s billing rate for Overtime hours will be the same multiple of the regular billing rate as SCRIBE FIRM is required to apply to the Assigned Employees’ regular pay rate. By way of example, but not limitation, when federal law requires SCRIBE FIRM to pay an Assigned Employee 150% of such employee’s regular pay rate for work exceeding 40 hours per week, SCRIBE FIRM will bill CLIENT, and CLIENT will pay SCRIBE FIRM, at 150% of the regular billing rate for such Overtime.
   
3. Increased Costs. In addition to the bill rates specified in the attached Exhibit A of this Agreement, CLIENT will pay SCRIBE FIRM the amount of all new or increased labor costs associated with CLIENT's Assigned Employees that SCRIBE FIRM is legally required to pay – such as wages, benefits, payroll taxes, social program contributions, or charges linked to benefit levels – until the parties agree on new bill rates.
   

4. Term and Termination.
   

1. Term. This Agreement shall become effective as of the Effective Date and, subject to the termination provisions contained herein. CLIENT agrees to pay SCRIBE FIRM a retainer fee deposit at the time SCRIBE FIRM is hired equal to the estimated total fee for an average month of services provided (defined in Exhibit A). The retainer fee deposit is fully refundable. Any money not used for costs, expenses, and fees owed to SCRIBE FIRM will be refunded to the CLIENT at the conclusion of this agreement.
   
2. Termination Without Cause. Either party may terminate this Agreement without cause by providing the other party with at least thirty (30) days’ prior written notice of such termination.
   
3. Termination For Cause. Either party may terminate this Agreement immediately in the event that the other party (i) breaches a material term of this Agreement and such breach is not cured within ten (10) days of notice thereof; (ii) becomes subject to voluntary or involuntary bankruptcy proceedings; or (iii) liquidates, dissolves, or otherwise ceases operations.
   

5. Confidentiality and Non-Disclosure. Each party acknowledges and agrees that, in performing under this Agreement, each party will receive information that is confidential and proprietary to the other party. As used in this Agreement, “Confidential Information” means any and all information that is not readily available or generally known to the public by proper means through sources outside of SCRIBE FIRM or CLIENT, as applicable, and that concerns SCRIBE FIRM or CLIENT, as applicable, or its business, operations, or affairs, including, without limitation, pricing schedules; information about employees; and the nature and content of this Agreement. Each party hereby covenants and agrees that, during the term of this Agreement and for a period of ten (10) years after termination of this Agreement, or for however long the Confidential Information constitutes a Trade Secret under the Virginia Uniform Trade Secrets Act, whichever period is longer, it will hold such Confidential Information in strict confidence and will not disclose or communicate such information to any third party or use such information for any purpose other than to perform under this Agreement or as required by law.
   
6. Non-Solicitation of Assigned Employees. CLIENT hereby covenants and agrees that, during the term of this Agreement and for a period of six (6) months after the termination of this Agreement, CLIENT will not, without prior written consent from SCRIBE FIRM, (i) offer employment to, solicit, or otherwise hire or contract with any Assigned Employee who provided Scribe Services to CLIENT within the six (6) month period preceding solicitation; or (ii) otherwise induce or attempt to induce any such Assigned Employee to terminate his or her employment with SCRIBE FIRM for the benefit of CLIENT or any business that directly competes with SCRIBE FIRM’s business of providing scribe services to hospitals, physician groups, and/or other individuals or entities in the health care industry.
   
7. Cooperation. The parties agree to cooperate fully and to provide assistance to the other party in the investigation and resolution of any complaints, claims, actions, or proceedings that may be brought by, or that may relate to the provision of Scribe Services by, Assigned Employees pursuant to this Agreement.
   
8. Business Associate Agreement. The parties acknowledge and agree that SCRIBE FIRM is a business associate of CLIENT. As of the Effective Date, the parties have entered into a Business Associate Agreement containing terms and conditions that are mutually agreeable to the parties and that comply with the relevant provisions in HIPAA.
   
9. Insurance. Each party is solely and independently responsible for maintaining appropriate general liability and professional liability insurance policies. The professional liability insurance policy shall be in an amount not less than the applicable statutory limitation on recovery in medical malpractice actions.
   
10. Indemnification.
    

1. By SCRIBE FIRM. To the extent not covered and paid by insurance, SCRIBE FIRM will defend, indemnify, and hold harmless CLIENT and its parent, subsidiaries, directors, officers, agents, representatives, and employees from any and all claims, losses, and liabilities (including reasonable attorneys’ fees) (“Losses”), which arise out of SCRIBE FIRM’s material breach of this Agreement; its failure to discharge its duties and responsibilities set forth in this Agreement; or its gross negligence or willful misconduct related to the provision of services under this Agreement. For the avoidance of doubt, the foregoing obligation shall not apply with respect to any Losses that arise out of claims relating to the accuracy or completeness of patient visit documentation or CLIENT’s gross negligence, breach of this Agreement, or noncompliance with the Applicable Laws in performing its obligations hereunder.
   
2. By CLIENT. To the extent not covered and paid by insurance, CLIENT will defend, indemnify, and hold harmless SCRIBE FIRM and its parent, subsidiaries, directors, officers, agents, representatives, and employees from any and all Losses, which arise out of CLIENT’s material breach of this Agreement; its failure to discharge its duties and responsibilities set forth in this Agreement; or its gross negligence or willful misconduct related to the provision of services under this Agreement.
   
3. Notice Required. As a condition precedent to indemnification, the party seeking indemnification will inform the other party in writing within thirty (30) business days of receiving notice of any Losses for which it seeks indemnification from the other party. The party seeking indemnification will cooperate in the investigation and defense of any such matter.
   
4. No Additional Obligations. The provisions in this section constitute the complete agreement between the parties with respect to indemnification, and each party waives its right to assert any common law indemnification or contribution claim against the other party.
   
5. Survival. The indemnification obligations set forth herein shall survive termination of this Agreement.
   

11. Limitation on Liability. Neither party shall be liable for or be required to indemnify the other party for any incidental, consequential, exemplary, special, punitive, or lost profit damages that arise out of, relate to, or are in connection with this Agreement, regardless of the form of action (whether in contract, tort, negligence, strict liability, or otherwise) and regardless of how characterized, even if such party has been advised of the possibility of such damages.
    
12. Dispute Resolution. Prior to pursuing judicial resolution of any dispute relating to or arising out of this Agreement, the parties agree to first attempt to resolve any such dispute by way of informal settlement conference and/or mediation.
    
13. Miscellaneous.
    

1. Independent Contractors. The parties acknowledge and agree that the relationship between the parties is that of independent contractors. Nothing contained herein shall be construed to create a partnership, joint venture, or employment relationship between the parties.
   
2. Governing Law and Venue. This Agreement shall be construed and governed according to the laws of the Commonwealth of Virginia without regard to conflicts of law principles. Any action or claim to enforce and/or related to this Agreement shall be brought only in the federal or state courts in the City of Richmond, Virginia. The parties hereby consent to the jurisdiction of such courts.
   
3. Force Majeure. Neither party shall be liable or be deemed to be in default of this Agreement for any delay or failure to perform caused by Acts of God, war, disasters, strikes, or any similar cause beyond the control of the nonperforming party.
   
4. Entire Agreement. This Agreement and the Exhibits attached hereto constitute the entire agreement between the parties with respect to the subject matter hereof and supersede all prior and contemporaneous agreements relating to the subject matter hereof.
   
5. Amendments. No party shall be entitled to amend this Agreement or any Exhibit hereto without the prior written consent of the other party. Any such amendment must be in writing signed by all parties.
   
6. Effect of Agreement. This Agreement shall be binding upon and inure to the benefit of each of the parties and their respective heirs, successors, and permitted assigns.
   
7. Assignment. This Agreement is not assignable by either party without the prior written consent of both parties.
   
8. Third-Party Beneficiaries. There are no third parties intended to be beneficiaries of any obligation or right under this Agreement.
   
9. Severability. If any term of this Agreement is determined by a court of competent jurisdiction to be invalid, illegal, or otherwise unenforceable, all other terms and conditions hereof shall remain in full force and effect.
   
10. Waiver. No delay or omission by either party to exercise any right or remedy under this Agreement shall be construed to be either acquiescence or the waiver of the ability to exercise any right or remedy in the future.
    
11. Notices. All notices and other communications under this Agreement shall be in writing and delivered by hand or via the USPS or other nationally recognized courier to the parties at the addresses set forth on the first page hereof, unless otherwise specified in writing by the parties.
    
12. Counterparts. This Agreement may be executed in multiple counterparts, each of which shall be deemed an original, but all of which together shall constitute one and same instrument.
    
13. Authorization to Sign. The signatories for each party represent and warrant that he or she has the right and authority to execute this Agreement on behalf of his or her respective party and to therefore bind that party to the terms and conditions of this Agreement.
    

AGREEMENT SIGNATURE

@{Company Name:36} (“CLIENT”)

(“SCRIBE FIRM”) Scribekick LLC

Scribekick LLC Signator 1

Scribekick LLC Signator 2

EXHIBIT A

Scribekick LLC (“SCRIBE FIRM”)

Scribekick LLC Signator 1

Scribekick LLC Signator 2

Business Associate Agreement

BUSINESS ASSOCIATE AGREEMENT

This Business Associate Agreement (“Agreement”), effective @{Date:37}, (“Effective Date”), is entered between @{Company Name:36} (“Covered Entity”) and Scribekick LLC, a Virginia Limited Liability company (“Business Associate”).

Recitals

WHEREAS, the parties have entered into an agreement dated @{Date:37} (“Services Agreement”), whereby Business Associate will provide certain services as outlined in the Services Agreement for Covered Entity (the “Designated Functions”), and pursuant to such Services Agreement, Business Associate may receive or have access to Protected Health Information (defined below) and be a “business associate” of Covered Entity as defined at 45 C.F.R. § 160.103 in the HIPAA Security and Privacy Rule (defined below); and

WHEREAS, the parties desire to enter into this Agreement to comply with the regulations promulgated by the U.S. Department of Health and Human Services (“HHS”) set forth at 45 C.F.R. Parts 160 and 164 (the “HIPAA Security and Privacy Rule”) regarding the security, confidentiality, and integrity of health information under the Administrative Simplification Provisions of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), as amended and revised by the Health Information Technology for Economic and Clinical Health Act (“HITECH”), passed as part of the American Recovery and Reinvestment Act of 2009, as amended from time to time.

NOW, THEREFORE, for and in consideration of the foregoing recitals and the mutual promises and covenants hereinafter contained, the parties agree as follows:

Agreement

1. DEFINITIONS

For purposes of this Agreement, the following definitions shall apply:

“Administrative Safeguards” shall mean administrative actions, policies and procedures to manage the selection, development, implementation and maintenance of reasonable and appropriate security measures to protect Electronic Protected Health Information (defined below) and to manage the conduct of Covered Entity’s or Business Associate’s workforce, as applicable, in relation to the protection of that information.

“Data Aggregation” shall mean, with respect to Protected Health Information created or received by Business Associate in its capacity as the business associate of Covered Entity, the combining of such Protected Health Information by Business Associate with the Protected Health Information received by Business Associate in its capacity as a business associate of another covered entity under the HIPAA Security and Privacy Rule, to permit data analyses that relate to the health care operations of the respective covered entities.

“Designated Record Set” shall mean a group of records maintained by or for Covered Entity that is (i) the medical records and billing records about individuals maintained by or for Covered Entity, (ii) the enrollment, payment, claims adjudication, and case or medical management record systems maintained by or for a health plan; or (iii) used, in whole or in part, by or for Covered Entity to make decisions about individuals. As used herein the term “record” means any item, collection, or grouping of information that includes Protected Health Information and is maintained, collected, used, or disseminated by or for Covered Entity.

“Electronic Protected Health Information” shall mean Protected Health Information that is transmitted by Electronic Media (as defined in the HIPAA Security and Privacy Rule) or maintained in Electronic Media.

“Individually Identifiable Health Information” shall mean information that is a subset of health information, including demographic information collected from an individual, and

(i) is created or received by a health care provider, health plan, employer, or health care clearinghouse; and

(ii) relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; and (a) identifies the individual, or (b) with respect to which there is a reasonable basis to believe that the information can be used to identify the individual.

“Physical Safeguards” shall mean reasonable and appropriate physical measures, policies and procedures to protect Covered Entity’s electronic information systems and related buildings and equipment, from natural and environmental hazards, and unauthorized intrusion.

“Privacy Standards” shall mean the Standard for Privacy of Individually Identifiable Health Information, 45 C.F.R. Parts 160 and 164, and related guidance and advice published by HHS or its designee.

“Protected Health Information” shall mean Individually Identifiable Health Information that is (i) transmitted electronically, (ii) maintained electronically, or (iii) transmitted or maintained in any other form or medium. “Protected Health Information” includes, without limitation, “Electronic Protected Health Information.”

“Secretary” shall mean the Secretary of HHS or any other officer or employee of HHS to whom the authority involved has been delegated.

“Security Incident” shall mean the attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or interference with system operations in an information system.

“Technical Safeguards” shall mean the reasonable and appropriate technology and the policy and procedures for its use that protect Electronic Protected Health Information and control access to it.

II. OBLIGATIONS OF BUSINESS ASSOCIATE

Section 1. Permitted Uses of Protected Health Information.

Business Associate agrees to use Protected Health Information received by Business Associate from Covered Entity or created by Business Associate on behalf of Covered Entity solely in its capacity as a business associate to Covered Entity, and only to the extent necessary: (i) to perform the Designated Functions subject to the restrictions herein; (ii) for the proper management and administration of Business Associate; and (iii) to carry out Business Associate’s legal responsibilities. Business Associate shall not use Protected Health Information for any other purpose, or in any manner that would constitute a violation of the Privacy Standards.

Section 2. Disclosure of Protected Health Information.

Business Associate shall not, and shall ensure that its directors, officers, employees, contractors and agents do not, disclose Protected Health Information received from Covered Entity in any manner that would constitute a violation of the Privacy Standards if disclosed by Covered Entity, except that Business Associate may disclose Protected Health Information in a manner permitted pursuant to this Agreement or as required by law. Business Associate shall immediately report to the Privacy Officer of Covered Entity, in writing, any Security Incident and/or any use and/or disclosure of Protected Health Information that is not permitted or required by this Agreement or by applicable law of which Business Associate becomes aware, and provide notice to Covered Entity in accordance with Section 4.

Business Associate agrees that it shall disclose to third parties only the minimum Protected Health Information necessary to perform or fulfill a specific function required or permitted hereunder. To the extent Business Associate discloses Protected Health Information to a third party, Business Associate must obtain, prior to making any such disclosure, (i) the agreement of such third party to the same restrictions and conditions that apply to Business Associate with respect to such Protected Health Information, (ii) reasonable assurances from such third party that such Protected Health Information will be held confidential as provided pursuant to this Agreement and only disclosed as required by law or for the purposes for which it was disclosed to such third party, and (iii) an agreement from such third party (a) to immediately notify Business Associate of any breaches of the confidentiality of the Protected Health Information, to the extent it has obtained knowledge of such breach, (b) to provide information regarding the breach to Business Associate so that Business Associate and Covered Entity may comply with the requirements set forth at 45 C.F.R. § 164.400 et seq. as more fully described in Section 4 below, and (c) to take reasonable steps to mitigate the harm to the individual impacted by the breach and to protect against future breaches.

Section 3. Safeguards Against Misuse of Information.

Business Associate agrees that it will implement all appropriate and commercially reasonable safeguards to maintain the security of and prevent the use or disclosure of Protected Health Information other than use or disclosure by Covered Entity or Business Associate pursuant to the terms and conditions of this Agreement. Business Associate further agrees to comply with all legal requirements affecting the use and disclosure of Protected Health Information, including, without limitation, any applicable requirements of 45 C.F.R. § 164.504 et seq. Business Associate will also establish and implement procedures for mitigating the harmful effects from any improper use and/or disclosure of such Protected Health Information. Business Associate agrees to assume all costs associated with mitigation of any improper use and/or disclosure of Protected Health Information.

Section 4. Reporting of Inappropriate Disclosures of Protected Health Information.

Business Associate agrees to implement reasonable systems for the discovery and prompt reporting of any “breach” of “unsecured Protected Health Information” as those terms are defined by 45 C.F.R. §164.402 (hereinafter a “HIPAA Breach”). The parties acknowledge and agree that 45 C.F.R. §164.404, as described below in this Section 4, governs the determination of the date of a HIPAA Breach. In the event of any conflict between this Section 4 and the requirements set forth in HIPAA, HITECH, or their implementing regulations, the more stringent requirements shall govern.

Business Associate will, following the discovery of a HIPAA Breach, notify Covered Entity immediately and in no event later than five (5) business days after Business Associate discovers such HIPAA Breach, unless Business Associate is prevented from doing so by 45 C.F.R. §164.412 concerning law enforcement investigations. For purposes of reporting a HIPAA Breach to Covered Entity, the discovery of a HIPAA Breach shall occur as of the first day on which such HIPAA Breach is known to Business Associate or, by exercising reasonable diligence, would have been known to Business Associate. Business Associate will be considered to have had knowledge of a HIPAA Breach if the HIPAA Breach is known, or by exercising reasonable diligence would have been known, to any person (other than the person committing the HIPAA Breach) who is an employee, officer, or other agent of Business Associate. No later than fourteen (14) business days following a HIPAA Breach, Business Associate shall provide Covered Entity with sufficient information to permit Covered Entity to comply with the HIPAA Breach notification requirements set forth at 45 C.F.R. §164.400 et seq. Specifically, if the following information is known to (or can be reasonably obtained by) Business Associate, Business Associate will provide Covered Entity with: (i) contact information for individuals who were or who may have been impacted by the HIPAA Breach (e.g., first and last name, mailing address, street address, phone number, email address); (ii) a brief description of the circumstances of the HIPAA Breach, including the date of the HIPAA Breach and the date of discovery; (iii) a description of the types of unsecured Protected Health Information involved in the HIPAA Breach (e.g., names, social security number, date of birth, address(es), account numbers of any type, disability codes, diagnostic and/or billing codes and similar information); (iv) a brief description of what Business Associate has done or is doing to investigate the HIPAA Breach, mitigate harm to the individual impacted by the HIPAA Breach, and protect against future HIPAA Breaches; and (v) appoint a liaison and provide contact information for same so that Covered Entity may ask questions or learn additional information concerning the HIPAA Breach. Following a HIPAA Breach, Business Associate will have a continuing duty to inform Covered Entity of new information learned by Business Associate regarding the HIPAA Breach, including, but not limited to, the information described in items (i) through (v) above.

Section 5. Agreements with Third Parties. If Business Associate enters into an agreement with any agent or subcontractor that will have access to Protected Health Information that is received from Covered Entity, or created or received by Business Associate on behalf of Covered Entity, Business Associate shall enter into an agreement with such agent or subcontractor that requires such agent or subcontractor to be bound by the same restrictions, terms, and conditions that apply to Business Associate pursuant to this Agreement with respect to such Protected Health Information.

Section 6. Access to Information. Within five (5) days of a request by Covered Entity for access to Protected Health Information about an individual contained in a Designated Record Set, Business Associate shall make available to Covered Entity such Protected Health Information for so long as such information is maintained in the Designated Record Set. In the event that any individual requests access to Protected Health Information directly from Business Associate, Business Associate shall within two (2) days forward such request to Covered Entity. Any denials of access to the Protected Health Information requested shall be the responsibility of Covered Entity.

Section 7. Availability of Protected Health Information for Amendment. Within ten (10) days of receipt of a request from Covered Entity for the amendment of an individual’s Protected Health Information or a record regarding an individual contained in a Designated Record Set (for so long as the Protected Health Information is maintained in the Designated Record Set), Business Associate shall provide such information to Covered Entity for amendment and incorporate any such amendment into the Protected Health Information as required by 45 C.F.R. § 164.526. In the event that any individual requests an amendment of Protected Health Information directly from Business Associate, Business Associate shall within two (2) business days forward such request to Covered Entity.

Section 8. Accounting of Disclosures. Within ten (10) days of notice by Covered Entity to Business Associate that it has received a request for an accounting of disclosures of Protected Health Information regarding an individual, Business Associate shall make available to Covered Entity such information as is in Business Associate’s possession and is required for Covered Entity to make the accounting required by 45 C.F.R. § 164.528. At a minimum, Business Associate shall provide Covered Entity with the following information: (i) the date of the disclosure, (ii) the name of the entity or person who received the Protected Health Information, and, if known, the address of such entity or person, (iii) a brief description of the Protected Health Information disclosed, and (iv) a brief statement of the purpose of such disclosure, which includes an explanation of the basis for such disclosure. In the event that the request for an accounting is delivered directly to Business Associate, Business Associate shall, within two (2) business days, forward such request to Covered Entity. It shall be Covered Entity’s responsibility to prepare and deliver any such accounting requested. Business Associate hereby agrees to implement an appropriate recordkeeping process to enable it to comply with the requirements of this Section 8 and shall maintain the accounting records relating to any disclosure required to be included in the accounting described in this Section 8 for a period of six (6) years from and after the date of such disclosure.

Section 9. Availability of Books and Records. Business Associate hereby agrees to make its internal practices, books, and records relating to the use and disclosure of Protected Health Information received from Covered Entity, or created or received by Business Associate on behalf of Covered Entity, available to Covered Entity and the Secretary for purposes of determining Covered Entity’s and Business Associate’s compliance with the Privacy Standards, subject to attorney-client and other applicable privileges. Business Associate hereby agrees to give Covered Entity immediate notice if Business Associate is contacted by Secretary or any third party regarding Business Associate’s compliance with HIPAA and/or the Privacy Standards. Business Associate agrees to make any and all records in question immediately available to Covered Entity for review.

Section 10. Security Standards. Business Associate agrees to implement Administrative Safeguards, Physical Safeguards, and Technical Safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the Electronic Protected Health Information that Business Associate creates, receives, maintains, or transmits on behalf of Covered Entity as required by 45 C.F.R. Part 164, Subpart C.

III. OBLIGATIONS OF COVERED ENTITY

Section 1. Notice of Privacy Practices. Upon written request of Business Associate, Covered Entity shall provide Business Associate with a copy of its Notice of Privacy Practices (“NPP”) that Covered Entity provides or makes available to individuals pursuant to Section 164.520 of the Privacy Standards. If Covered Entity modifies or amends its NPP, Covered Entity shall so inform Business Associate and provide an updated/current copy of its NPP.

Section 2. Revocation/Restrictions. Covered Entity shall notify Business Associate as soon as practicable of any request for restrictions by an individual of the use or disclosure of the individual’s Protected Health Information that Covered Entity has agreed to accept. Covered Entity shall notify Business Associate of any change in, withdrawal, or revocation of any authorization or other permission(s) granted to Covered Entity by an individual for the use and/or disclosure of the individual’s Protected Health Information, to the extent that such change, withdrawal or revocation affects Business Associate.

IV. TERMINATION

Section 1. Automatic Termination. This Agreement will automatically terminate upon the termination or expiration of the Services Agreement between the parties.

Section 2. Material Breach by Business Associate. Notwithstanding any provision in this Agreement or the Services Agreement to the contrary, Covered Entity may, immediately and without penalty to Covered Entity, terminate this Agreement and the Services Agreement if Covered Entity determines that Business Associate has breached a material term of this Agreement. Alternatively, Covered Entity may choose to allow Business Associate to cure the alleged breach upon terms and conditions acceptable to Covered Entity, in its sole discretion. If any such breach is not thereafter cured within thirty (30) days, Covered Entity may terminate this Agreement and the Services Agreement without penalty to Covered Entity. If termination is not feasible, Covered Entity shall report Business Associate’s breach to the Secretary.

Section 3. Effect of Termination. Upon the termination of this Agreement and/or the Services Agreement, Business Associate shall, if feasible, return or destroy all Protected Health Information received from Covered Entity, or created or received by Business Associate on behalf of Covered Entity, that Business Associate or any contractor, agent or associate of Business Associate still maintains in any form and retain (and permit any such contractor, agent, or associate to retain) no copies of such information or, if such return or destruction is not feasible, extend (and cause any such contractor, agent, or associate to extend) the protections of this Agreement to such Protected Health Information and limit further uses and disclosures thereof to those purposes that make the return or destruction of the information infeasible.

V. MISCELLANEOUS

Section 1. Independent Contractors. In performing the services herein specified, Business Associate will be acting as an independent contractor. Business Associate and Covered Entity agree that neither Business Associate nor any of its directors, employees, or agents is an employee of Covered Entity. Nothing contained in this Agreement shall be construed to create a partnership or a joint venture or to authorize Business Associate to act as a general or special agent except as specifically set forth in this Agreement or the Services Agreement between the parties.

Section 2. Indemnification and Insurance. Without limiting any other provision of the Services Agreement or this Agreement, Business Associate hereby agrees to indemnify, hold harmless and defend Covered Entity from and against any and all claims, losses, liabilities, costs and other expenses incurred as a result of, or arising directly or indirectly out of or in connection with performance or failure to perform under the terms of this Agreement or the Privacy Standards. The obligation to indemnify shall survive the expiration or termination of this Agreement and/or the Services Agreement between the parties. Business Associate agrees that Business Associate shall maintain commercial insurance coverage sufficient to satisfy any claims or indemnification requirements potentially arising under the terms of this Agreement in amounts satisfactory to Covered Entity. Business Associate agrees to provide proof or certification of coverage upon request by Covered Entity.

Section 3. Assignment. Nothing contained in this Agreement shall be construed to permit the assignment or delegation by Business Associate of any rights or obligations hereunder and such assignment is expressly prohibited.

Section 4. Notices. Whenever under this Agreement, a provision is made for notice of any kind, it shall be deemed sufficient notice and service thereof if such notice is hand delivered or mailed to Covered Entity or Business Associate at the following addresses by certified mail, return receipt requested or by overnight delivery by a nationally recognized overnight courier (any notice sent by mail or overnight courier shall be deemed to be given on the date that it is received or rejected):

If to Covered Entity:

@{Company Name:36}

@{Address (Street Address):34.1}

@{Address (Address Line 2):34.2}

@{Address (City):34.3}, @{Address (State / Province):34.4} @{Address (ZIP / Postal Code):34.5}

@{Address (Country):34.6}

If to Business Associate:

Scribekick LLC

501 East Franklin St, Suite 305

Richmond, VA 23219

ATTN: Bradley Barr

Each party may change the person to whom and the address to which such communications are to be directed by giving written notice to the other party in the manner provided in this Section.

Section 5. Governing Law; Venue. This Agreement shall be governed by the federal law and the laws of the Commonwealth of Virginia. Any arbitration authorized hereunder shall be conducted in either the General District Court or the Circuit Court of the County of Chesterfield, Virginia. Exclusive venue for any other dispute arising hereunder shall be resolved in the state or federal courts in the County of Chesterfield, Virginia or its immediately surrounding counties.

Section 6. Section Heading; Preamble. The section headings in this Agreement are for reference purposes only and shall not be given any legal effect or affect in any way the meaning or interpretation of this Agreement. The preamble language of this Agreement shall be considered part of this Agreement and shall be considered in the interpretation hereof.

Section 7. Entire Agreement. This Agreement supersedes all previous contracts or agreements between the parties with respect to the subject matter hereof and constitutes the entire agreement between the parties related to this subject matter.

Section 8. Amendments. This Agreement, and any provision hereof, may be amended, modified or deleted only by written agreement of the parties. The parties agree to take such action to amend this Agreement from time to time as is necessary for Covered Entity to comply with the Privacy Standards and all other applicable laws or regulations.

Section 9. Severability. If any clause or provision herein shall be judged invalid or unenforceable by a court of competent jurisdiction or by operation of any applicable law, the validity of any other clause or provision shall not be affected and the remainder of this Agreement and the Services Agreement between the parties shall remain in full force and effect. Each of the provisions of this Agreement shall be enforceable independent of any other provision of this Agreement and independent of any other claim or cause of action.

Section 10. Survival. The provisions of this Agreement, which, by their terms, contain continuing obligations, shall survive the termination of this Agreement. The respective obligations of Business Associate as well as the effects of termination of this Agreement, including the return of all Protected Health Information, and indemnification, shall specifically survive termination of this Agreement.

Section 11. Waiver. The failure or delay of any party to enforce or pursue any right or remedy existing pursuant to this Agreement shall not be deemed a waiver of such right or remedy and shall not limit such party’s ability to pursue or enforce such right or remedy or any future right or remedy.

Section 12. Interpretation. This Agreement shall be interpreted as broadly as necessary to implement and comply with HIPAA, HITECH, and the Privacy Standards. The parties hereby agree that any ambiguity in this Agreement shall be resolved in favor of a meaning that complies with HIPAA, HITECH, and the Privacy Standards.

IN WITNESS WHEREOF, the parties hereto have signed this Agreement as of the Effective Date.

@{Company Name:36} (“CLIENT”)

Scribekick LLC (“SCRIBE FIRM”)

Scribekick LLC Signator 1

Scribekick LLC Signator 2