RPM-One Inc. Privacy Policy & Terms of Agreement

Effective Date: February 23, 2023

PRIVACY POLICY

Please read the following carefully to understand Our views and practices regarding your (“Your”) Personal Data.

WE AT RPM-ONE INC. (“We”, “Us”, “the Company”) VALUE YOUR PRIVACY AND ARE COMMITTED TO KEEPING YOUR PERSONAL DATA CONFIDENTIAL. WE USE YOUR DATA SOLELY IN THE CONTEXT OF PROVIDING THE RPM-ONE APPLICATION AND WEB PORTAL (THE “PLATFORM”) AND ALL OF ITS CONTENT AND FUNCTIONALITY (COLLECTIVELY, THE “SERVICES”) FOR USE BY QUALIFIED PHYSICIANS (“PROVIDER USERS”) TO PATIENTS (“PATIENT USERS”). YOU ARE EITHER A PROVIDER USER OR A PATIENT USER.

THIS PRIVACY POLICY APPLIES TO PERSONAL DATA THE COMPANY COLLECTS FROM USERS OF THE RPM-ONE PLATFORM AND THE SERVICES. “PERSONAL DATA” INCLUDES ANY INFORMATION THAT CAN BE USED ON ITS OWN OR WITH OTHER INFORMATION IN COMBINATION TO IDENTIFY OR CONTACT ONE OF OUR USERS. WE BELIEVE THAT TRANSPARENCY ABOUT THE USE OF YOUR PERSONAL DATA IS OF UTMOST IMPORTANCE. IN THIS PRIVACY POLICY, WE PROVIDE YOU DETAILED INFORMATION ABOUT OUR COLLECTION, USE, MAINTENANCE, AND DISCLOSURE OF YOUR PERSONAL DATA. THE POLICY EXPLAINS WHAT KIND OF INFORMATION WE COLLECT, WHEN AND HOW WE MIGHT USE YOUR PERSONAL DATA, HOW WE PROTECT PERSONAL DATA, AND YOUR RIGHTS REGARDING YOUR PERSONAL DATA.

Patients Users: SOME OF THE PERSONAL DATA WE COLLECT AND TRANSMIT MAY BE CONSIDERED “HEALTH DATA” (data related to Your physical or mental health), “PROTECTED HEALTH INFORMATION” or “PHI” (information that relates to Your past, present, or future physical or mental health or condition(s); the provision of health care to You; or the past, present, or future payment for the provision of health care to You), and/or MEDICAL RECORDS as defined by state law. THEREFORE, OUR PRIVACY PRACTICES ARE INTENDED TO COMPLY WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (“HIPAA“) AND ARIZONA STATE LAW RELATED TO THE USE AND DISCLOSURE OF MEDICAL RECORDS, WHERE APPLICABLE. FOR ADDITIONAL INFORMATION RELATED TO HOW WE USE AND DISCLOSE YOUR HEALTH DATA, PHI, AND/OR MEDICAL RECORDS DATA, PLEASE CONTACT OUR PRIVACY OFFICER, MATT WILLERT, AT [email protected].

Patients User: BY SUBMITTING YOUR PERSONAL DATA THROUGH THE PLATFORM, YOU ARE ACKNOWLEDGING THAT YOU HAVE READ AND AGREE TO THE TERMS OF THIS PRIVACY POLICY. IF YOU DO NOT AGREE, PLEASE DO NOT SUBMIT ANY PERSONAL DATA TO US AND IMMEDIATELY CEASE USE OF THE SERVICES.

PLEASE NOTE THAT WE OCCASIONALLY UPDATE THIS PRIVACY POLICY AND THAT IT IS YOUR RESPONSIBILITY TO STAY UP TO DATE WITH ANY AMENDED VERSIONS. IF WE MODIFY THIS PRIVACY POLICY, WE WILL POST A LINK TO THE MODIFIED TERMS ON OUR WEBSITE AND/OR NOTIFY YOU VIA THE EMAIL ADDRESS YOU HAVE PROVIDED TO US. YOU CAN STORE THIS POLICY AND/OR ANY AMENDED VERSION(S) DIGITALLY, PRINT IT, OR SAVE IT IN ANY OTHER WAY. ANY CHANGES TO THIS PRIVACY POLICY WILL BE EFFECTIVE IMMEDIATELY UPON PROVIDING NOTICE, AND SHALL APPLY TO ALL PERSONAL DATA WE MAINTAIN, USE, AND DISCLOSE. IF YOU CONTINUE TO USE THE SERVICES FOLLOWING SUCH NOTICE, YOU ARE AGREEING TO THOSE CHANGES.

If You have any questions or concerns after reading this Privacy Policy, please do not hesitate to contact Us at [email protected]. We appreciate Your feedback.

If at any point You no longer agree to the use and disclosure of Personal Data, as described in this Privacy Policy, You can delete Your account by requesting deletion by emailing [email protected] with the subject line “REQUEST FOR PERSONAL DATA DELETION” and requesting account deletion.

Responsible Entity

The Company is the controller of Your Personal Data and may process this data in accordance with this Privacy Policy. If We are processing Personal Data on behalf of a third party that is not an agent or affiliate of Company, the terms of this Privacy Policy do not apply—instead, the terms of that third party’s privacy policy will apply. You can contact Us with any questions about Our Privacy Policy at [email protected].

Links to Other Sites

Our Platform may contain links to websites and services that are owned or operated by third parties (each, a “Third-party Service”). Any information that You provide on or to a Third-party Service or that is collected by a Third-party Service is provided directly to the owner or operator of the Third-party Service and is subject to the owner’s or operator’s privacy policy. We are not responsible for the content, privacy or security practices and policies of any Third-party Service. To protect Your information, We recommend that You carefully review the privacy policies of all Third-party Services that You access.]

What Personal Data Do We collect?

The types of Personal Data We collect are described below.

Demographic Data

We may collect demographic information, such as Your name, date of birth, gender, height, weight, phone number, physical address, state of residence, and email address, and if you are a Provider User, Your National Provider Identifier (“NPI”) will be required. Primarily, the collection of Your Personal Data assists Us in creating Your User Account, which You can use to securely to receive the Services.

Payment Data

If You make payments via Our Platform, We may require that You provide to Us Your financial and billing information, such as billing name and address, credit card number or bank account information.

Support Data

If You contact Us for support or to file a complaint, We may collect technical or other information from You through log files and other technologies, some of which may qualify as Personal Data. (e.g., “IP address”). Such information will be used for the purposes of troubleshooting, customer support, software updates, and improvement of the Platform and related Services in accordance with this Privacy Policy. Calls with RPM-One may be recorded or monitored for training, quality assurance, customer service, and reference purposes.

Device, Telephone, and IP Data

We use common information-gathering tools, such as log files, cookies, Web beacons, and similar technologies to automatically collect information, which may contain Personal Data, from Your computer or mobile device as You navigate our Platform interact with emails We have sent You. The information We collect may include Your IP address (or proxy server), device and application identification numbers, location, browser type, Internet service provider and/or mobile carrier, the pages and files You viewed, Your searches, Your operating system and system configuration information, and date/time stamps associated with Your usage. This information is used to analyze overall trends, to help Us provide and improve Our Services and to guarantee their security and continued proper functioning.

For Patient Users: Health and Device Data

In addition to demographic information, We may collect information regarding Your health conditions, including medical history, symptoms, physiologic data recorded by our supported Devices, and communications between You and the healthcare provider providing healthcare services to You via the Platform. We collect this information to provide You with the Services and to provide Your healthcare provider providing healthcare services through the Platform with the information required to provide treatment Services.

How will We use Your Personal Data?

We process Your Personal Data based on legitimate business interests, the fulfillment of Our Services to You, compliance with Our legal obligations, and/or Your consent. We only use or disclose Your Personal Data when it is legally mandated or where it is necessary to fulfill those purposes described herein. Where required by law, We will ask for Your prior consent before doing so.

Specifically, We process Your Personal Data for the following legitimate business purposes:

• To fulfill Our obligations to You under the Terms of Use (rpm-one.com/terms-of-use);
• To communicate with You about and to manage Your User Account;
• To properly store and track Your data within Our system;
• To respond to lawful requests from public and government authorities, and to comply with applicable state/federal law, including cooperation with judicial proceedings or court orders;
• To protect Our rights, privacy, safety, or property, and/or that of You or others by providing proper notices, pursuing available legal remedies, and acting to limit Our damages;
• To handle technical support and other requests from You;
• To enforce and ensure Your compliance with Our Terms of Use or the terms of any other applicable services agreement We have with You;
• To manage and improve Our operations and the Platform, including the development of additional functionality;
• To manage payment processing;
• To evaluate the quality of service You receive, identify usage trends, and thereby improve Your user experience;
• To keep Our Platform safe and secure for You and for Us;
• To send You information about changes to Our terms, conditions, and policies;
• To allow Us to pursue available remedies or limit the damages that We may sustain;
• If you are a Patient User, to enable You to connect with (or share Personal Data with) the authorized Provider User to enable that individual to monitor Your progress and overall condition, as she/he deems appropriate; and

Where is Your Personal Data processed?

Personal Data We collect through the Platform and Devices will be stored on secure servers. Personal Data may be transmitted to third parties, which parties may store or maintain the data on their secure servers.

Will We share Your Personal Data with anyone else?

For Patient Users: Yes, with the Provider User with whom You connect via the Services.

We will share information you provide to Us via the Services with the Provider User with whom You connect via the Services. If, at any point, You want to deny access to one or more Provider Users, you can do so by emailing [email protected].

Yes, with third parties that help Us power Our Services

We have a limited number of service providers and other third parties (“Business Partners”) that help Us run various aspects of Our business. These Business Partners are contractually bound to protect Your Personal Data and to use it only for the limited purpose(s) for which it is shared with Us. Business Partners’ use of Personal Data may include, but is not limited to, the provision of services such as data hosting, IT services, customer service, and payment processing.

Yes, with third parties and the government when legal or enforcement issues arise.

We may share Your Personal Data, if reasonable and necessary, to (i) comply with legal processes or enforceable governmental requests, or as otherwise required by law; (ii) cooperate with third parties in investigating acts or omissions that violate this Privacy Policy or the Terms of Use; or (iii) bring legal action against someone who may be violating the Terms of Use or who may be causing intentional or unintentional injury or interference to the rights or property of RPM-One or any third party, including other users of Our Services.

Yes, with third parties that provide advisory services.

We may share Your Personal Data with third parties that provide use services, including but not limited to, Our lawyers, auditors, accountants, or banks, when We have a legitimate business interest in doing so.

Yes, with third parties in the event of a reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of RPM-One’ corporate entity, assets, or stock (including in connection with any bankruptcy or similar proceedings)

If We share Your Personal Data with a third party other than as provided above, You will be notified at the time of data collection or transfer, and You will have the option of not permitting the transfer.

How long do We retain Personal Data?

We will retain Your Personal Data for as long as You maintain a User Account and up to six years after the account is closed. The exact period of retention will depend on the type of Personal Data, Our contractual obligation to You, and applicable law. We keep Your Personal Data for as long as necessary to fulfill the purpose for which it was collected, unless otherwise required or necessary pursuant to a legitimate business purpose outlined in this Privacy Policy. At the end of the applicable retention period, We will remove Your Personal Data from Our databases and will request that Our Business Partners remove Your Personal Data from their databases. If there is any data that We are unable, for technical reasons, to delete entirely from Our systems, We will put in place appropriate measures to prevent any further processing of such data. We retain anonymized data indefinitely.

NOTE: Once We disclose Your Personal Data to third parties, We may not be able to access that Personal Data any longer and cannot force the deletion or modification of any such information by the parties to whom We have made those disclosures. Written requests for deletion of Personal Data other than as described should be directed to [email protected].

What is Our Cookie Policy?

Cookies are small files that a web server sends to Your computer or device when You visit a web site that uses cookies to keep track of Your activity on that site. Cookies also exist within applications when a browser is needed to view certain content or display certain content within the application. Cookies hold a small amount of data specific to that web site, which can later be used to help remember information You enter into the site (like Your email or other contact info), preferences selected, and movement within the site. If You return to a previously visited web site or application (and Your browser has cookies enabled), the web browser sends the small file to the web server, which tells it what activity You engaged in the last time You used the web site or application, and the server can use the cookie to do things like expedite logging in and retrieving user data and keeping Your browser session secure.

We use cookies and other technologies to, among other things, better serve You with more tailored information, and to facilitate efficient and secure access to the Platform. We only use essential cookies. Essential cookies are those necessary for Us to provide services to You. We have provided, below, a full list of our cookies, categorized as described above. We have described the purpose of each, whether they are RPM-One or Third-Party cookies, and how to withdraw consent to their use. We have also indicated which cookies are “session cookies” (which last for as long as You keep Your browser open) and “persistent cookies” (which remain on Your hard drive until You delete them or they expire).

We may also collect information using pixel tags, web beacons, clear GIFs, or other similar technologies. These may be used in connection with some web site or application pages and HTML formatted email messages to, among other things, track the actions of users and email recipients, and compile statistics about usage and response rates.

How can You “Opt Out” of Cookies?

If You prefer, You can usually choose to set Your browser to remove cookies and reject cookies. If You enable a do not track (“DNT”) signal or otherwise configure Your browser to prevent RPM-One from collecting cookies, You will need to reenter Your user name each time You visit the login page.

How do We protect Your Personal Data?

RPM-One is committed to protecting the security and confidentiality of Your Personal Data. We use a combination of reasonable physical, technical, and administrative security controls to maintain the security and integrity of Your Personal Data, to protect against any anticipated threats or hazards to the security or integrity of such information, and to protect against unauthorized access to or use of such information in Our possession or control that could result in substantial harm or inconvenience to You. However, Internet data transmissions, whether wired or wireless, cannot be guaranteed to be 100% secure. As a result, We cannot ensure the security of information You transmit to Us. By using the Platform, You are assuming this risk.

Safeguards

The information collected by RPM-One and stored on secure servers, is protected by a combination of technical, administrative, and physical security safeguards, such as authentication, encryption, backups, and access controls. If RPM-One learns of a security concern, We may attempt to notify You and provide information on protective steps, if available, through the email address that You have provided to Us. Depending on where You live, You may have a legal right to receive such notices in writing.

You are solely responsible for protecting information entered or generated via the Platform that is stored on Your device and/or removable device storage. RPM-One has no access to or control over Your device’s security settings, and it is up to You to implement any device level security features and protections You feel are appropriate (e.g., password protection, encryption, remote wipe capability, etc.). We recommend that You take any and all appropriate steps to secure any device that You use to access Our Platform.

NOTWITHSTANDING ANY OF THE STEPS TAKEN BY US, IT IS NOT POSSIBLE TO GUARANTEE THE SECURITY OR INTEGRITY OF DATA TRANSMITTED OVER THE INTERNET. THERE IS NO GUARANTEE THAT YOUR PERSONAL DATA WILL NOT BE ACCESSED, DISCLOSED, ALTERED, OR DESTROYED DESPITE THE IMPLEMENTATION OF OUR PHYSICAL, TECHNICAL, OR ADMINISTRATIVE SAFEGUARDS. THEREFORE, WE DO NOT AND CANNOT ENSURE OR WARRANT THE SECURITY OR INTEGRITY OF ANY PERSONAL DATA YOU TRANSMIT TO US AND YOU TRANSMIT SUCH PERSONAL DATA AT YOUR OWN RISK.

In instances where You have authorized the Company to use and disclose Your Personal Data for certain purposes, You may withdraw Your consent in the future. You may withdraw Your consent by sending Your request in writing to: [email protected] or RPM-ONE INC., Attn: Website Support, 2200 E Williams Field Rd, Ste 200, Gilbert, AZ 85295. Please note that Your withdrawal will not be effective until We receive Your request and will not apply to uses and disclosures that We have already made in reliance on Your consent.

How can You Protect Your Personal Data?

In addition to securing Your device, as discussed above, We will NEVER send You an email requesting confidential information such as account numbers, usernames, passwords, or social security numbers, and You should NEVER respond to any email requesting such information. If You receive such an email that looks like it is from Us, DO NOT RESPOND to the email and DO NOT click on any links and/or open any attachments in the email, and notify RPM-One support at [email protected].

You are responsible for taking reasonable precautions to protect Your user ID, password, and other User Account information from disclosure to third parties, and You are not permitted to circumvent the use of required encryption technologies. You should immediately notify Us at [email protected] if You know of or suspect any unauthorized use or disclosure of Your user ID, password, and/or other User Account information, or any other security concern.

Your Rights

You have certain rights relating to Your Personal Data, subject to applicable data protection laws. These rights may include:

• to access Your Personal Data held by Us;
• to erasure/deletion of Your Personal Data, to the extent permitted by applicable data protection laws;
• to receive communications related to the processing of Your Personal Data that are concise, transparent, intelligible, and easily accessible;
• to restrict the processing of Your Personal Data, to the extent permitted by law (while We verify or investigate Your concerns with this information, for example);
• to object to the further processing of Your Personal Data, including the right to object to marketing;
• to request that Your Personal Data be transferred to a third party, if possible;
• to receive Your Personal Data in a structured, commonly used, and machine-readable format;
• to lodge a complaint with a supervisory authority;
• to rectify inaccurate Personal Data and, taking into account the purpose of processing the Personal Data, ensure it is complete;
• to not be subject to a decision based solely on automated processing, including profiling, which produces legal effects (“Automated Decision-Making”); and

Where the processing of Your Personal Data by Us is based on consent, You have the right to withdraw that consent without detriment at any time or to exercise any of the rights listed above by emailing Us at [email protected].

How can You update, correct, or delete Personal Data?

You can change Your email address and other contact information by contacting us at [email protected]. If You need to make changes or corrections to other information, You may contact us at [email protected]. Please note that in order to comply with certain requests to limit use of Your Personal Data, We may need to terminate Your account and Your ability to access and use the Services, and You agree that We will not be liable to You for such termination or for any refunds of prepaid fees paid by You. You can deactivate Your account by request at [email protected].

Although We will use reasonable efforts to do so, You understand that it may not be technologically possible to remove from Our systems every record of Your Personal Data. The need to back up Our systems to protect information from inadvertent loss means a copy of Your Personal Data may exist in a nonerasable form that will be difficult or impossible for Us to locate or remove.

Can You “OPTOUT” of receiving communications from Us?

We pledge not to market third party services to You without Your consent. We only send emails or SMS text messages to You regarding Your account unless We have Your express consent to do so. You can choose to filter these emails using Your email client settings, but We do not provide an option for You to opt out of these emails.

Information submission by minors

We do not knowingly collect Personal Data from individuals under the age of 18. Our Services are not directed to individuals under the age of 18. We request that these individuals not provide Personal Data to Us. If We learn that Personal Data from users less than 18 years of age has been collected, We will deactivate the account and take reasonable measures to promptly delete such data from Our records. If You are aware of a user under the age of 18 using the Web Site, please contact Us at [email protected].

If You are a resident of California under the age of 18 and have registered for an account with Us, You may ask Us to remove content or information that You have posted to Our Platform.

California Residents

California residents may request and obtain from Us, once a year, free of charge, a list of third parties, if any, to which We disclosed their Personal Data for direct marketing purposes during the preceding calendar year and the categories of Personal Data shared with those third parties. If You are a California resident and wish to obtain that information, please submit Your request by sending Us an email at [email protected] with “California Privacy Rights” in the subject line.

Contact Us

If You have any questions about this Privacy Policy, please contact Us by email at [email protected] or write to Us at RPM-ONE INC., 2200 E Williams Field Rd, Ste 200, Gilbert, AZ 85295. Please note that email communications are not always secure; so please do not include sensitive information in Your emails to Us.

TERMS OF AGREEMENT

Effective For All Service Agreements Entered After January 1, 2023.

These Terms of Agreement (the “Terms of Agreement”) establish the terms under which RPM-One Inc. (“RPM-One”) will provide to Customer Services set forth on that RPM-One Service Agreement between Customer and RPM-One (the “Service Agreement”). All capitalized terms shall have the meaning set forth in Section 1 of these Terms of Agreement or, if not defined herein, in the Service Agreement. In the event of a conflict between the Service Agreement and these Terms of Agreement, the Service Agreement shall govern.

1. DEFINITIONS.

The following definitions will apply to capitalized terms used throughout these Terms of Agreement.

1. “RPM-One Data” means: (a) all data, software (in any form) and information RPM-One submits or transmits to Customer regarding RPM-One; (b) all data, records and information generated in RPM-One’s business or operations, including any information relating to RPM-One’s subcontractors and/or affiliates; (c) all RPM-One Intellectual Property, together with all derivative works of the RPM-One Intellectual Property; and (d) data, records or information occurring in any form, including written, graphic, electronic, visual, or fixed in any tangible medium of expression and whether developed, generated, stored, possessed, or used by RPM-One, Customer, or a third party if related to the items described in (a) through (c) above. RPM-One Data does not include any data or information that relates exclusively to Customer or Customer’s business, operations or activities.
2. “RPM-OneOne Service” means any Service involving the use of the RPM-One supported devices, data analytics, Unified Telemetry Platform (“UTP”) or staff.
3. “ApplicableLaw” means any and all laws, ordinances, rules, regulations, statutes, restrictions, restrictive covenants, judgments, orders or decrees, requirements, and standards of any governmental authority, as adopted, amended, issued, or decreed from time to time including, without limitation, the Medicare and Medicaid Patient and Program Protection Act of 1987, as amended, the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations, as amended by the federal Health Information Technology for Economic and Clinical Health (“HITECH”) Act and its implementing regulations, as each may be modified or amended (collectively “HIPAA”), and any applicable state patient privacy and security laws, the Omnibus Budget Reconciliation Act of 1990, as amended, the Drug Price Competition and Patent Term Restoration Act of 1984, as amended, the Food, Drug and Cosmetic Act (“FDCA”), as amended, all rules and regulations of the Department of Health and Human Services Office of the Inspector General, and federal and state consumer protection and fraud statutes.
4. “Authorized User” means (a) the employees, consultants, Agents, and subcontractors of Customer that Customer authorizes to access the Software on its behalf.
5. “BillingConcierge” means Service provided by RPM-One to submit claims for reimbursement to public and private insurers on behalf of Customer.
6. “ClinicalReview Service” means the review of Participating Patient RPM data, and interaction with Participating Patients, by RPM-One clinical staff under the general supervision of qualified providers.
7. “Customer” means the organization indicated on the Service
8. “Customer Data” means (a) all data and information Customer submits or transmits to RPM-One, excluding any PHI (as defined below) and/or Patient-Generated Health Data necessary for the Services; and (b) data, records and information RPM-One generates that relates directly to the Services for Customer under the Service Agreement, exclusive of information or documentation that RPM-One generates for use in RPM-One’s business generally or for use with multiple customers and exclusive of De-Identified Data as defined below.
9. “De-identified Data” means personally identifiable information (“PII”) and PHI (defined below) that has been stripped of certain identifiable elements in accordance with applicable law so as to render the individual’s data de-identified.
10. “Devices” means the peripheral devices and any other equipment supported and/or provided by RPM-One to Customer under the Service Agreement.
11. “Intellectual Property Rights” means any patent, invention, discovery, know-how, moral, technology, software, copyright, authorship, trade secret, trademark, trade dress, service mark, confidentiality, proprietary, privacy, intellectual property or similar rights (including rights in remote patient monitoring applications, registrations, filings and renewals) that are now or hereafter protected or legally enforceable under state and/or Federal common laws or statutory laws or laws of foreign jurisdictions.
12. “Service Agreement” means the RPM-One Service Agreement provided to Customer for purposes of ordering RPM-One technology and services.
13. “Participating Patients” means those patients of Customer’s practice that Customer has ordered the Services, that are enrolled in the Software and that have consented to receive Services.
14. “PatientClinical Review” means Service provided by RPM-One clinical staff under the general supervision of licensed healthcare providers to satisfy obligations of the healthcare provider relating to Services provided by RPM-One.
15. “Patient-Generated Health Data” means health-related data created, recorded, or gathered by or from patients (or family members or other caregivers) to help address a health concern.
16. “Protected Health Information” or “PHI” shall have the meaning ascribed to such term in 45 F.R. 160.103.
17. “ParticipatingPatient-Facing Interface” means a text-message, mobile application and/or web-based software platform that allows Participating Patients to view and track their health data.
18. “Provider-Facing Dashboard” means a mobile application and/or web-based software platform that allows healthcare providers to view, track, analyze, and act upon their Participating Patients’ health data.
19. “Services” means the products and service offering(s) Customer selects for purchase from RPM-One.
20. “Software” means the Participating Patient-Facing Interface, the Provider-Facing Dashboard, all of the capabilities and functionalities associated with the Participating Patient-Facing Interface and Provider-Facing Dashboard, and user support services provided by RPM-One.
21. “Termsof Use” means the agreement between each of Customer’s individual users of the Software and RPM-One.

22. TERM.

The Service Term indicated on the Service Agreement, inclusive of the Initial Term and any renewal Term, constitutes the term of the Service Agreement (the “Term”). Customer agrees that for the length of the Initial Term and any renewal Term, RPM-One will be the exclusive provider of the Services set forth in the Service Agreement (“Exclusivity”).

3. PRODUCTS & SERVICES.

The Services Customer has agreed to receive are set forth on the Service Agreement, as further detailed in Exhibit A By entering the Service Agreement, Customer agrees to the terms of the Service Agreement, these Terms of Agreement, and all other terms and conditions incorporated by reference into the Service Agreement. Customer agrees that RPM-One may discontinue or change the pricing of individual Services upon thirty (30) days written notice to Customer prior to the start of any renewal Term, to the extent permitted by Applicable Law. RPM-One may also add new Services provided, however, that RPM-One will not charge Customer for new Services without providing thirty (30) days written notice to Customer. The following Services are included with any contract for RPM-One Services.

1. Implementation& Training Services. RPM-One will provide implementation and training services for Customer and Customer’s Authorized Users. Implementation services include integrating Participating Patients’ information into the Software and developing a dedicated tracking system to allow Customer and its Authorized Users to monitor Participating Patients. Training Services shall include virtual communication with Customer and its Authorized Users to educate them on use of the Software and related obligations and Services.
2. Support Services. RPM-One will provide technical support Services to Customer (including Participating Patients, physicians, and staff during business hours between 9 am and 5 pm Pacific Time (PT), excluding Federal holidays (“Support Hours”). Customer may initiate a Helpdesk ticket during Support Hours by emailing [email protected].RPM-One will use commercially reasonable efforts to respond to all Helpdesk tickets within two (2) business days, but RPM-One does not represent, warrant, or guarantee that all tickets will be responded to within such time frame.
3. Software. The Software provides a virtual care management platform that may include remote patient monitoring and/or RPM-One One Service, as well as and integrated communications features for each. The Software provides a full featured remote patient monitoring system consisting of the Participating Patient-Facing Interface, the Provider-Facing Dashboard, the Devices used by a patient to monitor their health status, and a cloud-based repository of information gathered from patients to enable healthcare organizations to monitor, document and manage patient Services. Proprietary data analytics are embedded into the software to predict and prioritize care response, as well as assist in standardized clinical decision making.
4. Software License. Subject to Customer’s compliance with Privacy Policy (RPM-One.com/privacy-policy), RPM-One will provide a revocable, nonexclusive, non-transferrable, non-sublicensable, license to access the Software to Customer and its Authorized Customer and its Authorized Users may use the Software (a) to upload and/or transmit Customer Data by and through the Software; and (b) to access and use reports generated from time to time by RPM-One.

5. CUSTOMER RESPONSIBILITIES. 

1. Service-Specific Responsibilities. For each Service provided to Customer under the Service Agreement, Customer is responsible for the responsibilities set forth in Exhibit A.
2. General Responsibilities. For all Services provided under the Service Agreement, Customer is responsible for the following:
   1. Operations & Enrollment. Customer is responsible for providing RPM-One with information necessary to identify and enroll Participating Patients and for ordering the Services for Participating Patients and to furnish Services to Participating Patients. Additional responsibilities are set forth in Exhibit A.
   2. Patient Consents. Unless otherwise agreed in writing, Customer is responsible for maintaining all necessary consents and authorizations to enable RPM-One to use, upload, process, and store Customer Data and to provide the Services to Participating Patients. Customer will not furnish any Customer Data that includes an individual’s PHI to RPM-One in the event such individual Customer acknowledges and accepts full responsibility and liability for all Customer Data. RPM-One will obtain informed consent for remote patient monitoring and connected Services on behalf of Provider.
   3. Patient Communication. Customer authorizes RPM-One to communicate with Customer’s patients on behalf of Customer to the extent necessary to provide the Communication will be via phone, video chat, or electronic means such as text messages, online chats, and emails. If RPM-One provides Customer portals for patient review of results, communication may take place via the portal.
   4. Privacy Policy. Customer will be solely responsible for its actions and the actions of its Authorized Users while using the As a condition to Customer’s and its Authorized Users’ use of the Software, Customer shall require its Authorized Users to review and accept the RPM-One Privacy Policy (RPM-One.com/privacy-policy), as updated by RPM-One from time to time, prior to accessing the Software. Customer shall abide by, and Customer shall ensure that its Authorized Users abide by, the Terms of Use and Privacy Policy when using or accessing the Software.
   5. Unenrollment of Patients. Customer is responsible for determining when a Participating Patient is no longer eligible for or in need of the Services. Customer must unenroll the patient via the Software or by other method approved by their assigned customer success manager (“CSM”). If Customer fails to unenroll a Participating Patient after they are no longer medically necessary, RPM-One may continue to provide Services to that Participating Patient and Customer will continue to be obligated to pay RPM-One for the Services.

5. PAYMENT TERMS.

1. Fees. As compensation for the Services, Customer will pay RPM-One the Fees indicated on the Service All amounts set forth in the Service Agreement are denominated and shall be paid in U.S. dollars.
2. Invoicing & Payment Method. RPM-One will invoice Customer for fees owed to RPM-One on a monthly basis, or as per defined in the Services Agreement. RPM-One will charge the customer via the payment method selected by Customer after entry into the Service Customer agrees to provide updated or different payment information in the event that their payment information changes or a charge is declined.
3. Due Date. Unless otherwise indicated on the Service Agreement and/or properly disputed according to Section 6(c)(i) below, Customer will be provided with the invoice on the last day of the month, and Customer’s invoiced amounts will be automatically charged via the payment method selected by Customer during online signup by RPM-One within five (5) business days of Customer’s receipt of an invoice.
   1. Disputed Payments. If Customer wishes to dispute any invoiced fees or expenses, Customer must notify RPM-One in writing within five (5) business days of receipt of the invoice specifying such fees or expenses (a “Dispute Notice”). The Dispute Notice must specify the amounts that are being disputed as well as the reason for such RPM-One and Customer agree to attempt to resolve such dispute through informal meetings and discussions in good faith between appropriate representatives of the Parties within forty-five (45) days of receipt of the Dispute Notice before resorting to any other dispute resolution procedure.
   2. Suspension of Services for Nonpayment. If there are undisputed payments outstanding for more than sixty (60) days from the due date, RPM-One reserves the right to suspend Authorized Users’ access to the Software until such amounts are paid in full. Customer will continue to be obligated to pay all Fees during any such suspension period.
4. Taxes. All amounts payable to RPM-One pursuant to the Service Agreement are exclusive of all local, state, federal and foreign taxes, levies, or duties of any nature (“Taxes”), and all payments to RPM-One are payable in full without reduction for Customer is responsible for payment of all Taxes, excluding Taxes owed by RPM-One based on RPM-One’s net income. If RPM-One is legally obligated to pay or collect Taxes for which Customer is responsible, the appropriate amount will be invoiced to and paid by Customer unless Customer provides RPM-One with a valid tax exemption certificate authorized by the appropriate taxing authority.
5. Bona Fide Service Fees. The Parties agree the Fees set forth in the Service Agreement were determined in advance at arms-length and in a manner that represents the fair market value for the Services provided thereunder. The Parties agree that the Fees are: (i) compensation for bona fide services; (ii) not intended to diminish the objectivity or professional judgment of Customer; (iii) not intended in any way as remuneration for referrals or for other business generated which are reimbursed under Medicare, Medicaid or any private health insurance; (iv) not intended as discounts or rebates prohibited by federal or state law, including any state or federal anti-kickback law; and (v) not intended to induce either Party to order, recommend, or arrange for the order of any goods or services from the other party.

6. PROPRIETARY RIGHTS.

1. RPM-One Intellectual Property. As between RPM-One and Customer, all right, title and interest, including all Intellectual Property Rights, in the Software, RPM-One Data, and any other RPM-One property or materials furnished or made available as part of the Services, and all modifications and enhancements of the same, belong to and are retained solely by RPM-One or RPM-One’s licensors and providers, as Nothing in the Service Agreement is intended to or may be construed to transfer any such rights in any part of the Services to Customer other than as explicitly provided for in the Service Agreement. Customer shall not re-distribute the Software or the Devices other than as specifically provided for in the Service Agreement.
   1. Developments. Except as otherwise explicitly set forth in the Service Agreement, all inventions, works of authorship, and developments conceived, created, written, or generated by or on behalf of RPM-One, whether solely or jointly, in connection with the Services (“RPM-One Developments”) and all Intellectual Property Rights in the same, shall be the sole and exclusive property of RPM-One. Customer agrees to execute any documents or take any actions as may reasonably be necessary, or as RPM-One may reasonably request, to perfect RPM-One’s ownership of the RPM-One Developments.
2. Publicity; Use of Marks. Customer shall permit RPM-One to generate widely disseminated publicity, advertising or promotion concerning the Service Agreement (“Publicity”) without prior written consent of Each Party reserve the right to control the use of its own name, tradenames, service marks, symbols, trademarks or other marks currently existing or later established. Neither Party may use any tradename, trademark, service mark or symbol belonging to the other without first receiving the prior written consent of the Party owning the tradename, trademark, service mark, or symbol. Notwithstanding the foregoing, Customer hereby provides its written authorization for RPM-One to use, during the term of the Service Agreement, Customer’s tradenames, trademarks, service marks or symbols in furtherance of Publicity or RPM-One’s performance of the Service Agreement.
3. Customer Data. As between RPM-One and Customer, all right, title and interest in the Customer Data belong to and are retained solely by Customer.
   1. RPM-One License. Customer grants to RPM-One a limited, non-exclusive, royalty-free, worldwide license to (i) Use, reproduce, aggregate and modify the Customer Data and to perform all acts with respect to the Customer Data as may be necessary for RPM-One to provide the Services to Customer; (ii) Use or modify the Customer Data to create De-identified Data; and (iii) Use Customer’s name, logo, and trademark for marketing purposes upon written consent of Customer. RPM-One intends to use De-identified Data, aggregated with the de-identified data of other RPM-One customers, to enable RPM-One to provide more targeted, accurate, and useful insights to its customers.
   2. Accuracy of Customer Data. As between RPM-One and Customer, Customer is solely responsible for the accuracy, quality, integrity, legality, reliability, and appropriateness of all Customer Data. Customer Data will be included in and treated as Customer’s Confidential Information under the Service Agreement.
4. Feedback License. RPM-One owns all right, title, and interest in and to any suggestion, enhancement, request, recommendation, or other feedback related to the Software provided by Customer (any “Feedback”). Feedback is not Customer’s Confidential Information.
5. De-identified Data. RPM-One may use, create, modify, aggregate, and disclose De-identified Data for any purposes not prohibited by law. RPM-One owns all rights, title and interest, and all Intellectual Property Rights in such De- identified Data and any data, information and material created by RPM-One with such De-identified Data. De- identified Data is NOT Customer For the avoidance of doubt, the second and third sentences of this Section shall survive the expiration or earlier termination of the Service Agreement.

7. CONFIDENTIALITY.

1. Confidential Information Defined. “Confidential Information” means any and all non-public technical and non- technical information disclosed by one Party (the “Disclosing Party”) to the other Party (the “Receiving Party”) in any form or medium, that the Disclosing Party identifies as confidential or that by the nature of the circumstances surrounding the disclosure and/or receipt ought to be treated as confidential and proprietary information. Confidential Information includes, without limitation, (a) techniques, inventions (whether or not patented or patentable), know-how, processes, algorithms, software programs, software source and object codes and documents, APIs, and other creative works (whether or not copyrighted or copyrightable); (b) financial information, customer lists, business forecasts, and marketing plans and information; (c) the business relationships and affairs of either party and its clients, patients, and referral sources; (d) the internal policies and procedures of either Party; (e) proprietary or confidential information of any third party who may disclose such information to Disclosing Party or Receiving Party in the course of Disclosing Party’s business; and (f) the terms of the Service RPM-One’s Confidential Information includes the Software and RPM-One Data. Confidential Information of Customer includes Customer Data. Confidential Information also includes all summaries and abstracts of Confidential Information. In addition, Confidential Information excludes PHI, which must be protected according to the BAA.The term “Confidential Information” shall not include any information which, as evidenced by Receiving Party’s records: (i) was known by the Receiving Party prior to receipt from the Disclosing Party either itself or through receipt directly or indirectly from a source with no obligation of confidentiality to the Disclosing Party; (ii) was developed by the Receiving Party without use of the Disclosing Party’s Confidential Information, or (iii) becomes publicly known or otherwise ceases to be secret or confidential, except as a result of a breach of the Service Agreement or any obligation of confidentiality by the Receiving Party.
2. Confidential Information Terms. The Receiving Party will, at all times, both during the term and thereafter, keep in confidence and trust all of the Disclosing Party’s Confidential The Receiving Party will not use the Disclosing Party’s Confidential Information other than as necessary to fulfill the Receiving Party’s obligations or to exercise the Receiving Party’s rights under the Service Agreement. Either Party may disclose the other Party’s Confidential Information upon the order of any competent court or government agency; provided that, prior to disclosure and to the extent possible, the receiving Party must (i) assert the confidential nature of the Confidential Information to the agency; (ii) immediately notify the Disclosing Party in writing of the order or request; and (iii) cooperate fully with the Disclosing Party in protecting against any such disclosure and/or narrowing the scope of the compelled disclosure. Each Party agrees to secure and protect the other Party’s Confidential Information with the same degree of care and in a manner consistent with the maintenance of such Party’s own Confidential Information (but in no event less than reasonable care). The Receiving Party will not disclose Confidential Information of the Disclosing Party to any person or entity other than its officers, employees, affiliates, and Agents who need access to such Confidential Information in order to effect the intent of the Service Agreement and who are subject to confidentiality obligations at least as stringent as the obligations set forth in the Service Agreement.
3. Injunctive Relief. The Parties agree that any unauthorized disclosure of Confidential Information may cause immediate and irreparable injury to the Disclosing Party and that, in the event of such breach, the Receiving Party will be entitled, in addition to any other available remedies, to seek immediate injunctive and other equitable relief, without bond and without the necessity of showing actual monetary damage.
4. Security. Each of Customer’s Authorized Users will create a unique user login and passwords to be used to access and use the Customer will be, and will ensure that its Authorized Users are, responsible for maintaining the confidentiality of all Authorized User logins and passwords and for ensuring that each login and password is used only by the Authorized User to which it was issued. Customer is responsible for ensuring that its Authorized Users do not share passwords with each other or any third party. Customer agrees to immediately notify RPM-One of any unauthorized use of any account or login and password issued to an Authorized User, or any other breach of security known to Customer. RPM-One will have no liability for any loss or damage arising from Customer’s failure to comply with the terms set forth in this Section. Customer will ensure its Authorized Users do not circumvent or otherwise interfere with any user authentication or security of the Software.

8. TERMINATION. 

1. Without Cause. Without cause termination, if any, shall be set forth in the Service Agreement. If a Service Agreement includes the ability to terminate without cause, the Party or Parties so authorized to terminate without cause may do so by providing the requisite days’ written notice set forth in the Service Agreement. If early termination requires payment of a termination fee, the “Termination Fee,” such the terms of such fee will be set forth in the Service Agreement. Termination Fees may be flat rates or set per patient. In the event the Service Agreement includes a per-patient termination fee, it shall be applied only to Participating Patients who have completed Patient RPM Onboarding and received at least one Device (“Onboarded Participating Patients”). Notwithstanding the foregoing, if amounts earned by the practice under this Service Agreement in a month is below the total amount invoiced by RPM-One for Monthly RPM Service, practice may terminate immediately upon notice with no Termination Fee due to the financial unsustainability of the RPM program.
2. For Cause.
   1. Material Breach. Either Party may terminate the Service Agreement following a material breach of the Service Agreement by the other Party which is not cured during the Cure Period (defined below). The non- breaching Party shall notify the breaching Party of the breach in writing and the breaching party shall have thirty (30) days (the “Cure Period”) to cure the breach following receipt of the If the breaching Party fails to cure the breach within the Cure Period, then the non-breaching Party may terminate the Service Agreement upon written notice to the breaching party.
   2. Termination for Change of Law. The Service Agreement may also be terminated immediately by either Party if such Party determines that any Applicable Law in effect or to become effective as of a date certain, or if RPM-One or Client receives notice of an actual or threatened decision, finding or action by any governmental or private agency or court (collectively referred to herein as an “Action”), which Applicable Law or Action, if or when implemented, would have the effect of (i) subjecting either Party to civil, criminal, or administrative prosecution, litigation, or liability under local, state, and/or federal laws, or other material adverse proceeding on the basis of their participation herein; or (ii) which causes the arrangement contemplated hereunder to become unprofitable for either Party.
   3. Other Cause. RPM-One may terminate the Service Agreement immediately by providing written notice to Customer upon the occurrence of any of the following events:
      1. RPM-One reasonably determines that Customer and/or its Authorized User(s) have been or are engaged in unlawful activity associated with the use of the Software and/or the Services;
      2. The filing, with respect to Customer, of a voluntary or involuntary petition in bankruptcy if such petition is not dismissed within thirty (30) days of such filing; or
      3. Upon the appointment of a receiver or trustee to take possession of all, or substantially all, of Customer’s assets, if such appointment is not terminated within thirty (30) days.
3. Termination For Failure to Use Best Efforts. If, during the first year of the Service Agreement, Customer discontinues RPM for 75% or more of all Onboarded Participating Patients (“Constructive Termination Threshold”), that will constitute constructive evidence of a failure of Customer to utilize best efforts to promote adherence of Participating Patients to the RPM program. In such a circumstance, the Company may, in its sole discretion, terminate the Service Agreement immediately and charge Customer the Termination Fee (“Constructive Termination”). Failure of the Company to trigger Constructive Termination in a month where the Constructive Termination Threshold is met shall not be considered a waiver of the Company’s ability to opt for Constructive Termination in subsequent months.
4. Effect of Termination. Unless otherwise stated below, upon expiration or termination of the Service Agreement for any reason, (a) the License shall terminate and the Customer shall not use or access, directly or indirectly, the Software; (b) RPM-One’s obligation to perform support Services shall cease; and (c) all fees and other amounts owed to RPM-One accrued prior to expiration or termination will be immediately due and payable. Further, if Customer has made any copies of any RPM-One property or materials furnished or made available under the Service Agreement, Customer shall, within thirty (30) days of the effective date of the expiration or termination, either destroy or return to RPM-One all such copies along with a certificate signed by Customer that all such copies have been either destroyed or returned, respectively, and that no copy or any part of the Software, data, or other materials has been retained by Customer in any form.
   1. Return of Customer Data. Within thirty (30) days after the effective date of applicable termination or expiration, RPM-One will make any Customer Data stored on the Software available upon written request to Customer.
   2. Effect of Termination on Exclusivity. If Customer terminates the Service Agreement prior to the end of a Term other than for cause, Exclusivity will continue until the end of the Term. If Customer enters an agreement with a company other than RPM-One for Services subject to Exclusivity under the Service Agreement (“Competing Services”), Customer agrees to pay RPM-One a fee equal to $60 for the greater of the number of Participating Patient enrolled in Services in the three months prior to termination or the number of patients enrolled in the Competing Services.
   3. Termination In First Year of Agreement. If the Service Agreement is terminated for any reason within one (1) year of the Effective Date, then, prior to the first anniversary of the Effective Date, RPM-One and Customer will not enter into any similar agreement with each other for the Services covered hereunder with payment terms that differs from the payment terms set forth herein.

9. REPRESENTATIONS & WARRANTIES.

1. Mutual Representations and Warranties. Each Party represents, warrants and covenants that: (a) to its knowledge, it has the full power and authority to enter into the Service Agreement and to perform its obligations thereunder, without the need for any consents, approvals, or immunities not yet obtained; (b) its acceptance of and performance under the Service Agreement will not breach any oral or written agreement with any third party or any obligation it owes to any third party; and (c) it will comply with any and all Applicable Laws regarding data privacy and transmission of personal data.
2. Practice of Medicine. CUSTOMER HEREBY AGREES AND ACKNOWLEDGES THAT RPM-ONE IS IN NO WAY ACTING AS A MEDICAL PROVIDER, NOR IS RPM-ONE PROVIDING 24/7 CONTINUOUS, SYNCHRONOUS, OR EMERGENCY MONITORING OR ALERTING UNLESS SPECIFICALLY SET FORTH IN THE SERVICE CUSTOMER FURTHER ACKNOWLEDGES AND AGREES THAT ANY INFORMATION, PROCESSES, PRODUCTS, AND OTHER ITEMS REFERENCED BY RPM-ONE OR ITS SOFTWARE ARE NOT INTENDED AS A RECOMMENDATION OR ENDORSEMENT OF THAT INFORMATION, PROCESS, PRODUCT, OR OTHER ITEM AND THAT THE ULTIMATE RESPONSIBILITY FOR DIAGNOSING AND TREATING ANY PATIENT RESTS WITH CUSTOMER AND/OR ITS HEALTHCARE PROVIDER(S) TREATING SUCH PATIENT.
3. Third Party Materials. CUSTOMER UNDERSTANDS AND AGREES THAT USING, ACCESSING, DOWNLOADING, OR OTHERWISE OBTAINING INFORMATION, MATERIALS, OR DATA THROUGH THE SOFTWARE FROM A SOURCE OTHER THAN RPM-ONE (“Third Party Materials”) IS AT ITS OWN DISCRETION AND RISK AND THAT CUSTOMER WILL BE SOLELY RESPONSIBLE FOR ANY DAMAGE TO ITS OR ITS AUTHORIZED USERS’ PROPERTY OR LOSS OF DATA THAT RESULTS FROM THE DOWNLOAD OR USE OF SUCH MATERIAL OR DATA.
4. Privacy Law Compliance. Parties will comply with all Applicable Laws protecting the confidentiality of patient records and the disclosure of medical records and other health information including, but not limited to, all requirements of HIPAA and Parties will each maintain industry standard security systems to protect the privacy and confidentiality of the Data. The BAA incorporated by reference into the Service Agreement further describes the parties’ obligations with respect to compliance with HIPAA and HITECH.
5. Disclaimer. EXCEPT FOR THE EXPRESS WARRANTIES SET FORTH IN THIS SECTION, THE SERVICES ARE PROVIDED ON AN AS-IS BASIS. CUSTOMER’S USE OF THE SOFTWARE AND PURCHASE OF THE SERVICES ARE AT ITS OWN RISK. RPM-ONE DOES NOT MAKE, AND HEREBY DISCLAIMS, ANY AND ALL OTHER EXPRESS, STATUTORY, AND IMPLIED WARRANTIES, INCLUDING WITHOUT LIMITATION, WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NONINFRINGEMENT AND ACCURACY (OF DATA OR ANY OTHER INFORMATION OR CONTENT), AND ANY WARRANTIES ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. ANY WARRANTIES MADE BY RPM-ONE ARE FOR THE BENEFIT OF CUSTOMER ONLY AND NOT FOR THE BENEFIT OF ANY THIRD THE SOFTWARE MAY BE SUBJECT TO LIMITATIONS, DELAYS, AND OTHER PROBLEMS INHERENT IN THE USE OF THE INTERNET AND ELECTRONIC COMMUNICATIONS. RPM-ONE IS NOT RESPONSIBLE FOR ANY DELAYS, DELIVERY FAILURES, OR OTHER DAMAGES RESULTING FROM SUCH PROBLEMS. THE ENTIRE RISK ARISING OUT OF USE OR PERFORMANCE OF THE SOFTWARE, INCLUDING WITHOUT LIMITATION ANY INFORMATION, DATA, PRODUCTS, PROCESSES, AND OTHER MATTERS REFERENCED BY THE SERVICES REMAINS WITH THE CUSTOMER. EXCEPT AS EXPRESSLY PROVIDED HEREIN, RPM-ONE DOES NOT GUARANTEE CONTINUOUS, ERROR- FREE, VIRUS-FREE, OR SECURE OPERATION AND ACCESS TO THE SOFTWARE.
6. Basis of the Bargain. CUSTOMER ACKNOWLEDGES AND AGREES THAT RPM-ONE HAS OFFERED ITS SERVICES AND ENTERED INTO THE SERVICE AGREEMENT TO WHICH IT IS A PARTY IN RELIANCE UPON THE WARRANTY DISCLAIMERS AND THE LIMITATIONS OF LIABILITY SET FORTH HEREIN, THAT THE WARRANTY DISCLAIMERS AND THE LIMITATIONS OF LIABILITY SET FORTH HEREIN REFLECT A REASONABLE AND FAIR ALLOCATION OF RISK BETWEEN CUSTOMER AND RPM-ONE, AND THAT THE WARRANTY DISCLAIMERS AND THE LIMITATIONS OF LIABILITY SET FORTH HEREIN FORM AN ESSENTIAL BASIS OF THE BARGAIN BETWEEN CUSTOMER AND RPM-ONE. CUSTOMER ACKNOWLEDGES AND AGREES THAT RPM-ONE WOULD NOT BE ABLE TO PROVIDE THE SERVICES TO CUSTOMER ON AN ECONOMICALLY REASONABLE BASIS WITHOUT THESE LIMITATIONS.

10. INSURANCE AND INDEMNIFICATION.

1. Insurance. During the Term, each Party will, at its own expense, maintain and carry insurance with financially sound and reputable insurers, in full force and effect that includes, but is not limited to (i) cyber liability insurance covering claims based on a violation of the Privacy Rule (as defined in Exhibit D) or any Applicable Law or regulation concerning the privacy of patient information and claims based on obligations pursuant to the Service Agreement with coverage of not less than One Million Dollars ($1,000,000) per occurrence; (ii) product liability insurance and comprehensive general liability coverage with coverage limits that are reasonable based on industry standards, but not less than one million dollars ($1,000,000) per occurrence and three million dollars ($3,000,000) in the aggregate, (iii) as well as all insurance required by Applicable Law. Each Party may request from the other Party and is required to provide to the other Party certificates of insurance showing the insurance coverage required in the Service Except where prohibited by Applicable Law, each Party will require its insurer to waive all rights of subrogation against the other Party and its insurers.
2. Indemnification by Customer. Customer shall indemnify and hold harmless RPM-One and its officers, directors, employees and Agents (“RPM-One Indemnified Parties”), from and against any and all damages, liabilities, penalties, interest, fines, losses, costs and expenses (including reasonable attorneys’ fees and expenses) (“Losses”), arising, directly or indirectly, out of or relating to any claim, action or proceeding (a “Claim”) brought by a third party based on (i) the improper use or operation of the Services (and any third party software provided to Customer pursuant to the Service Agreement) by Participating Patients, Customer and/or Authorized Users, including, without limitation, any non-authorized use of Customer’s user logins, except to the extent that any such Loss was due to the gross negligence or willful misconduct of RPM-One; (ii) a breach of the Agreement by Customer or any of its Authorized Users, (iii) the accuracy, quality, integrity, legality, reliability, or appropriateness of Customer Data or any other content or data introduced to any part of the Services by any Authorized User; (iv) violation of any applicable law, rule, or regulation by Customer or any of the Authorized Users; (v) the diagnosis and/or treatment of any of Customer’s patients; and/or (vi) the negligent acts or willful misconduct of Customer or its personnel. Customer will pay all Losses (whether by settlement or award of by a final judicial judgment) incurred by the RPM-One Indemnified Parties from any such Claim.
3. Indemnification by RPM-One. Subject to limitations of liability set forth in these Terms of Agreement, RPM-One agrees to defend Customer and its officers, directors, employees, and Agents (a “Customer Indemnified Party”) from and against any Losses resulting from or arising out of a successful claim resulting from the negligent acts or willful misconduct of RPM-One or a claim that the Software infringes or misappropriates the patent, trade secret, trademark, copyright, or other Intellectual Property Rights of any third party (an “Infringement Claim”). RPM-One will pay all Losses (whether by settlement or award of by a final judicial judgment) incurred by the Customer Indemnified Parties from any such In the event of an Infringement Claim, RPM-One may, at its election, and sole expense, (i) modify the Software so that such Software is non-infringing and functionally equivalent; or (ii) obtain the right for Customer and Customer’s patients to continue using the Software at no additional cost to Customer. If none of the foregoing is commercially practicable, RPM-One may immediately terminate the Service Agreement upon reasonable notice to Customer.
4. Procedure. Each Party shall provide to the other Party prompt notice of any Claim for which they are seeking indemnification. The indemnified Party may have counsel reasonably acceptable to the indemnifying Party observe the proceedings at the indemnified Party’s expense, provided the indemnifying Party retains sole control of the defense of the The indemnified Party has the right to approve any settlement that affirmatively places on the indemnified Party an obligation that has a material adverse effect on the indemnified Party other than requiring the indemnified Party to cease using all or a portion of the Services or to pay sums eligible for indemnification under the Service Agreement. Such approval shall not be unreasonably withheld.

11. LIMITATIONS OF LIABILITY. 

1. No Consequential Damages. Neither Party will be liable for any indirect, incidental, special, consequential or punitive damages, or any damages for lost data, business interruption, lost profits, lost revenue, or lost business arising out of or in connection with the Service Agreement, including without limitation any such damages arising out of RPM-One’s provision or Customer’s use of the Services or the results thereof, even if a party has been advised of the possibility of such damages. In no event will RPM-One be liable for the cost of procurement of substitute goods or Services.
2. Limits on Liability. In no case will RPM-One be liable for any aggregate amount greater than the amounts paid and payable by customer to RPM-One under the Service Agreement during the twelve (12) month period preceding the date on which the claim first accrued, without regard to whether such claim is based in contract, tort (including negligence), product liability, or otherwise.
3. Essential Purpose. Customer acknowledges that the terms in this Section (Limitations of Liability) are a bargained for reasonable allocation of the risk between the parties and will apply (a) to the maximum extent permitted by applicable law, and (b) even if an exclusive or limited remedy stated herein fails of its essential purpose.
4. Limitation of Action. No action (regardless of form) arising out of the Service Agreement may be commenced by Customer against RPM-One more than two (2) years after the cause of action arose.

12. MISCELLANEOUS.

1. Subcontractors. RPM-One may use its affiliates or subcontractors to perform its obligations under the Service Agreement.
2. Notices. Any notices, requests, consents, demands, or other communications required or permitted under the Service Agreement will be in writing and deemed to have been duly given when delivered, if delivered by hand, sent by email, or delivered by nationally recognized commercial overnight courier; and in each case to the parties at the following addresses or email addresses (or at other addresses or email addresses specified by a notice) with applicable postage or delivery charges prepaid. Notices to RPM-One shall be sent to the following address: RPM-One Inc., a Delaware corporation with its principal office located at 2200 E Williams Field Ste 200, Gilbert, AZ 85295, with a copy to [email protected]. Notices to Customer shall be sent to the address or email address specified in the Service Agreement. Notwithstanding the foregoing, any changes to Services may be noticed via the Provider-Facing Dashboard and will be deemed effective upon receipt by Customer’s Primary Contact.
3. Amendment. Except as may otherwise be specified in the Service Agreement, the Service Agreement may be modified, changed, or amended only by a written amendment mutually agreed to and signed by both Parties.
4. Waiver; Severability. A Party’s right to enforce a provision of the Service Agreement may only be waived in writing and signed by the Party against which the waiver is to be Failure to enforce any provision of the Service Agreement in any one instance will not be construed as a waiver of future performance of that provision, and the Party’s obligations under that provision will continue in full force and effect. The provisions of the Service Agreement are severable. The invalidity or unenforceability of any term or provision in any jurisdiction will be construed and enforced as if it has been narrowly drawn so as not to be invalid, illegal, or unenforceable to the extent possible and will in no way affect the validity or enforceability of any other terms or provisions in that jurisdiction or of this entire Agreement in that jurisdiction.
5. Medicare and Medicaid Fraud Representation. Each Party represents that: (i) it is not currently excluded, debarred or suspended from participation in any federal health care programs and is not under investigation or by any state or federal governmental agency that may lead to such an exclusion, debarment or suspension; and (ii) to the best of its reasonable knowledge, none of its employees, officers, directors and any health care providers contracted to provide Services hereunder is currently excluded, debarred or suspended from participation in any federal health care programs and is not under investigation or by any state or federal governmental agency that may lead to such an exclusion, debarment or suspension. If any of the representations and warranties set forth in this Section ceases to be true, the Party with this information will promptly remove, or cause to be removed, the excluded, debarred or suspended individual from providing Services hereunder and notify the other Party within one (1) business day of confirming the exclusion, debarment or suspension. It is understood and agreed to by the Parties that the ability to verify if any individual is currently debarred is dependent upon the accuracy of the information contained on the OIG list of excluded persons and the representations of such individual.
6. Governing Law. The Service Agreement, any additional applicable terms and conditions incorporated by reference there in, and each Party’s rights and obligations under each will be governed by and construed in accordance with the laws of Delaware without giving effect to conflicts of law principles. The Parties hereby submit to the exclusive jurisdiction of, and waive any venue objections against, state or federal courts sitting in Maricopa County, Arizona in any litigation arising out of the Service Agreement.
7. Assignment. Neither Party may assign or transfer the Service Agreement without the prior written consent of the other Party; provided, however, that RPM-One may assign or transfer the Service Agreement without Customer’s consent to any of RPM-One’s affiliates, subsidiaries, entities controlled by or under common control with RPM-One, or in the event of a merger, change of control or sale of substantially all of its The Service Agreement will bind the Parties and their respective successors and permitted assigns and will inure to the benefit of the Parties and their respective permitted successors and assigns.
8. Invalidity. If any provision of the Service Agreement is found by a court of competent jurisdiction to be unenforceable, the other provisions of the Service Agreement will be unimpaired, and the unenforceable provision will be deemed modified so that it is enforceable to the maximum extent permitted by law (unless such modification is not permitted by law, in which case such provision will be disregarded).
9. Force Majeure. If any Party is unable to perform any of its obligations under the Service Agreement (other than payment obligations) because of any cause beyond the reasonable control of and not the fault of the Party invoking this section, including any act of God, fire, casualty, flood, earthquake, war, strike, lockout, epidemic or pandemic, destruction of production facilities, riot, insurrection or material unavailability, and if the non- performing Party has been unable to avoid or overcome its effects through the exercise of commercially reasonable efforts, such non-performing Party will give prompt notice to the other Party, its performance will be excused, and the time for its performance will be extended for the period of delay or inability to perform due to such occurrences. If performance is extended under this section for more than sixty (60) days, then at any time before reinstatement of the performance, the other Party may terminate the Service Agreement upon notice to the non-performing Party.
10. Relationship of the Parties. The sole relationship between the Parties is solely that of independent contractors. The Service Agreement will not create a joint venture, partnership, agency, employment, or other relationship between the Parties.
11. Survival. Any term of the Service Agreement that contemplates performance after termination of the Service Agreement will survive expiration or termination and continue until fully satisfied.
12. Entire Agreement. The Service Agreement, including all applicable exhibits and other documents incorporated by reference therein, constitutes the entire agreement between the Parties relating to this subject matter and supersedes all prior or simultaneous understandings, representations, discussions, negotiations, and agreements, whether written or oral.
13. Counterparts. The Service Agreement may be executed in one or more counterparts and may be executed electronically. Each counterpart or electronic copy thereof will be an original, but all such counterparts will constitute a single instrument.

Exhibit A

RPM-One Services

The following Services comprise all Services, including Beta Services, currently offered by RPM-One under the Service Agreement, as well as any specific Customer Responsibilities relating to each Service. To determine which Services have been purchased by Customer, please refer to the Service Agreement and any Amendments thereto.

1. Remote Patient Monitoring Services. The following Services comprise RPM-One remote patient monitoring (“RPM”) Services:
   1. Practice RPM Implementation. Practice RPM Implementation is the initial startup Service that kicks off on the Service Start Date. During Practice RPM Implementation the RPM-One implementation team will work with Customer to determine which of Customer’s patients may benefit from RPM Services. Upon approval and ordering of RPM Services for Participating Patients, RPM-One will then conduct outreach to patients via phone, email, text message, and via the Sign-Up Portal (defined below). Upon Participating Patient sign-up, RPM-One will implement Patient RPM Onboarding.
      1. Customer Responsibilities. Customer is responsible for:
         1. Providing RPM-One with access to its EHR system within five (5) business days of the Service Start Date;
         2. Setting up and hosting on its website, within fourteen (14) days of the Service Start Date, a web page through which Participating Patients may sign up for and consent to RPM Services, provided, however, that failure to do so will not be considered a breach of the Service Agreement but will instead result in the elimination of any discount provided to Customer for Practice RPM Implementation;
         3. Reviewing RPM-One recommended Participating Patients and ordering RPM Services for Participating Patients;
         4. Reviewing and either approving or recommending changes to RPM programs recommended by RPM-One for each Participating Patient (“Patient-Specific RPM Program”), which programs may include recommended RPM Devices appropriate for each condition from which the Participating Patient suffers, testing frequency, Device rollout timelines and criteria, and recommended ranges for RPM results, and;
         5. Periodically, but no less than monthly, reviewing with RPM-One whether any RPM Orders need adjustment or discontinuation or whether additional patients not currently receiving RPM would benefit from doing so.
2. Patient RPM Onboarding. Upon Patient sign-up for RPM, RPM-One will undertake a two-month onboarding process in which RPM-One will initiate Patient RPM Device Management, establish Patient Clinical Review Services if ordered by Customer, establish Billing Concierge, providing and monitoring the first two months of Monthly RPM Service and validating the success of the claims process for Customer (“Patient RPM Onboarding”). If RPM-One fails to complete Patient RPM Onboarding, the Patient RPM Onboarding fee will not be charged to Customer, and no Monthly RPM Services will be billed until Patient RPM Onboarding is complete.
   1. Customer Responsibilities. Customer:
      1. Authorizes RPM-One to to contact on behalf of the Customer RPM patients for which a provider has ordered RPM, acknowledging and accepting that RPM-One may be required to send multiple text messages, emails, letters, and/or calls in order to successfully connect with patients and successfully complete Patient RPM Onboarding;
      2. Agrees to inform RPM-One of any questions Participating Patients submit regarding Patient RPM Onboarding that Customer is unable to answer independently;
      3. Agrees to inform RPM-One upon the completion or failure of claims processing; and
      4. Agrees to Provide a dedicated internal administrative contact for RPM-One to contact regarding billing questions.
3. Patient RPM Device Management. At no cost to Participating Patient or Customer, RPM-One will send one or more RPM Devices to Participating Patients, as determined by the Patient-Specific RPM Program. RPM-One will help Participating Patients complete any needed setup and onboarding of RPM Devices, will replace Devices that cease working through no fault of the Participating Patient, and will require return of, or, at RPM-One’s sole discretion, instruct Participating Patients on the disposition of, Devices once Participating Patient is no longer actively participating in RPM Services (“Active Participating Patient”). To be an Active Participating Patient, a Participating Patient must utilize their RPM Device no less than one per month at the frequency established by their healthcare provider.
4. Monthly RPM Service. RPM-One will provide monthly RPM monitoring Service to each Participating Patient. RPM-One will provide reminders, connect no less than daily with the RPM devices to measure adherence and to collect Participating Patient measurements and related Device information, and display all results in the Provider-Facing Dashboard. RPM-One will provide monthly reporting.
   1. Customer Customer Agrees to:
      1. Inform RPM-One when Participating Patients request to discontinue RPM Service or Participating Patients’ provider determines that RPM is no longer appropriate; and,
      2. Unless Customer receives RPM-One’s Clinical Review Service, to undertake no less than twenty minutes of RPM data review and patient interaction for each Participating Patient each month in which RPM Services are provided.
5. Clinical Review Service. RPM-One’s clinical team will act under the general supervision of Customer’s licensed healthcare providers to complete RPM clinical responsibilities (“Clinical Review Service”), including, but not limited to, review of patient monitoring results, interaction with patients, review of provider-approved recommendations for patient care, and implementation of provider healthcare recommendations. All clinical staff are appropriately licensed and/or credentialed to provide Clinical Review Service in the state in which Participating Patients reside.
   1. Customer Responsibilities. Customer:
      1. Authorizes RPM-One clinical staff to undertake Clinical Review Service and to contact on behalf of the Customer Participating Patients;
      2. Agrees on behalf of each billing provider to provide general supervision of RPM-One clinical staff providing Clinical Review Services;
      3. Agrees to collaborate with RPM-One staff to approve or offer amendment to any clinical protocols utilized by RPM-One Clinical Staff for Clinical Review Service;
      4. Agrees to provide one or more methods for RPM-One clinical team to escalate to supervising providers of Customer in the event their clinical review results in questions or concerns; and
      5. Agrees that for non-urgent escalation, RPM-One clinical staff may utilize the Provider- Facing Dashboard to communicate with Customer’s providers.

Billing Concierge. RPM-One or one or more RPM-One-contracted third party service providers (collectively, the “Billers”) will code and submit claims for reimbursement on behalf of Customer. Customer authorizes RPM-One to submit claims for any patient who received Monthly RPM Service without prior review from Customer.

1. 1. Customer Customer:
      1. Agrees to provide RPM-One with independent, admin-level logins for all insurance portals (e.g., Availity, Payspan, LinkBlue, etc…), Medicare Login, and primary biller / billing clearinghouse within ten (10) business days of the Service Start Date.;
      2. Agrees to promptly sign and return any Electronic Data Interchange “EDI,” Electronic Remittance Advice (ERA), or related forms (“Billing Permission Forms”) required for RPM-One to provide Billing Concierge Service, authorizes Company to sign Billing Permission Forms on its behalf, and irrevocably makes, constitutes, and appoints Company (and any of Company’s officers or employees designated by Company) as such Customer’s, and, to the extent legally permissible, Customer’s providers’, true and lawful attorney for the sole purpose of and with the power to sign their name on Billing Permission Forms for expediency.
      3. Agrees to review claims and notify Biller of any issues with that may require correction or reversal of claims;
      4. Acknowledges and agrees that RPM-One may utilize third-party billing vendors to provide the Services comprising the Billing Concierge Service and may authorize the third-party billing vendors on behalf of Customer to provide Billing Services for Customer and Participating Patients;
      5. Agrees to make best efforts to assist RPM-One in providing Billing Concierge Service, including timely responding to requests for information from RPM-One staff; and, Agrees to provide information to RPM-One upon request regarding claims success for individual Participating Patients.