Terms of Service

Version 2.0, Updated on October 12th, 2017

zHealth, Inc. ("zHealth", "we", "us" or "our") provides marketing software and services for healthcare providers (the "Service"). The Order Form (the "Order Form") sets forth the Service being purchased by the client who signed the Order Form ("you", "your" or "Client"), the costs for such Service, and any other relevant details.

These terms of service (the "Terms") are incorporated by reference into and made a part of any Order Form and govern the relationship between you and zHealth. All Order Forms are subject to acceptance by zHealth, in its sole discretion. The Order Form, the Terms, and any documents or links referenced in such documents are together referred to as the "Agreement".

If you are accepting these Terms on behalf of your employer or another entity, you represent and warrant that (i) you have full legal authority to bind your employer or such legal entity to these Terms, (ii) you have read and understand these Terms, and (iii) you agree, on behalf of the Client, to these Terms.

PLEASE READ THE FOLLOWING TERMS CAREFULLY. Except as otherwise provided in Section 13 (Dispute Resolution and Arbitration), these Terms provide that all disputes between you and zHealth will be resolved by BINDING ARBITRATION AND YOU AGREE TO GIVE UP YOUR RIGHT TO GO TO COURT to assert or defend your rights. Except as otherwise provided in Section 13 (Dispute Resolution and Arbitration), your rights will be determined by a NEUTRAL ARBITRATOR and NOT a judge or jury, and your claims cannot be brought as part of a class action. Please review Section 13 (Dispute Resolution and Arbitration) below for the details regarding your agreement to arbitrate disputes with zHealth.

1. Elements of Service Capitalized terms used in this Agreement and not otherwise defined herein shall have that meaning given to them in the HIPAA Rules."Breach" when capitalized, shall have the meaning set forth in 45 CFR 164.402 (including all of its subsections); with respect to all other uses of the word "breach" in this Agreement, the word shall have its ordinary contract meaning."Electronic Protected Health Information" or "EPHI" shall have the same meaning as the term "electronic protected health information" in 45 CFR 160.103, limited to information that Business Associate creates, accesses or receives from or on behalf of Covered Entity."Individually Identifiable Health Information" means information that is a subset of health information, including demographic information collected from an individual, and;is created or received by a health care provider, health plan, employer, or health care clearinghouse; and relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present or future payment for provision of health care to an individual; and

• that identifies the individual; or

• with respect to which there is a reasonable basis to believe the information can be used to identify the individual.

"Protected Health Information" or "PHI" shall have the meaning set forth in the Privacy Rule, limited to information that Business Associate creates, accesses or receives from or on behalf of Covered Entity. PHI includes EPHI.

"Privacy Rule" means the Standards for Privacy of Individually Identifiable Health Information, codified at 45 CFR parts 160 and 164, Subparts A, D and E, as currently in effect.

"Security Incident" shall have the same meaning as the term "security incident" at 45 CFR 164.304.

"Security Rule" means the Standards for Security for the Protection of Electronic Protected Health Information, codified at 45 CFR parts 160 and 164, Subpart C, as currently in effect.

"Unsecured Protected Health Information" or "Unsecured PHI" shall have the same meaning as the term "unsecured protected health information" in 45 CFR § 164.402, limited to the information created or received by Business Associate from or on behalf of Covered Entity.


• Business Associate Status

Business Associate acknowledges and agrees that it is a "Business Associate" as defined by the HIPAA Rules, and as such, Business Associate shall, in addition to complying with the other terms and conditions of the Terms of Service Agreement, comply with the HIPAA-required provisions set forth in this Agreement. In the event of a conflict between the terms of this Agreement and the Terms of Service Agreement with respect to the use or disclosure of PHI, the terms of this Agreement will govern. In all other circumstances, the terms of the Terms of Service Agreement will govern.

• Performance of Services

Business Associate may use PHI only to perform the services and its other obligations pursuant to the Terms of Service Agreement or as Required by Law. Business Associate may disclose such PHI only within its organization and only to those of its employees who need to know such information in order to perform its obligations under the Terms of Service Agreement and, in such case, only the minimum amount of such PHI as is necessary for such performance. Business Associate shall not access, use or disclose PHI in any manner that would violate the HIPAA Rules if such access, use or disclosure was done by Business Associate or Covered Entity,

• Privacy Rule Obligations

Business Associate shall comply with the Privacy Rule as it directly applies to business associates: To the extent Business Associate carries out one or more of Covered Entity's obligations under the Privacy Rule, Business Associate shall comply with the requirements of HIPAA that apply to Business Associate or Covered Entity in the performance of such obligation(s).

• Safeguards for Protection of PHI

Business Associate agrees that it will (a) protect and safeguard from any disclosure (whether oral, written or otherwise) all PHI with which it may come into contact with in accordance with the HIPAA Rules and more stringent state laws and regulations governing the handling of such information; and (b) use appropriate safeguards to prevent use or disclosure of PHI other than as permitted by the Terms of Service Agreement or this Agreement or as Required by Law.

• Mitigation

Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of PHI by Business Associate in violation of the requirements of this Agreement.

• Miscellaneous

Except for the obligation to pay money, neither party will be liable for any failure or delay in its performance under this Agreement due to any cause beyond its reasonable control, including acts of war, acts of God, earthquake, flood, embargo, riot, sabotage, labor shortage or dispute, governmental act or failure of the Internet, provided that the delayed party: (i) gives the other party prompt notice of such cause, and (ii) uses its reasonable commercial efforts to correct promptly such failure or delay in performance. This Agreement is made under and will be governed by and construed in accordance with the laws of the State of California (except that body of law controlling conflicts of law). Neither party may assign this Agreement without the prior written consent of the other party, except that zHealth may freely assign this Agreement as part of a corporate reorganization, consolidation, merger, or sale of substantially all of its business or assets without the prior consent of Client. Any attempted assignment or delegation in violation of the foregoing will be void. This Agreement will bind and inure to the benefit of each party's successors and permitted assigns. zHealth may, without your consent, subcontract to any party the performance of all or any of zHealth's obligations under this Agreement provided that zHealth remains primarily liable for the performance of those obligations. Any notice or communication required or permitted to be given hereunder may be delivered by hand, deposited with an overnight courier, sent by confirmed facsimile, or mailed by registered or certified mail, return receipt requested, postage prepaid to the address for the applicable party as furnished in writing by either party hereto to the other. zHealth's address for notice is: zHealth, Inc., 333 1st St, #N705, San Francisco, CA 94105, Attn: General Counsel, and by email to: pr@zHealth.com. Such notice will be deemed to have been given as of the date it is delivered, mailed or sent, whichever is earlier. zHealth and Client are independent contractors and this Agreement will not establish any relationship of partnership, joint venture, employment, franchise or agency between zHealth and Client. Neither zHealth nor Client will have the power to bind the other or incur obligations on the other's behalf without the other's prior written consent, except as otherwise expressly provided herein. This Agreement, including all documents and terms incorporated herein by reference, constitutes the complete and exclusive agreement between the parties with respect to the subject matter hereof, and supersedes and replaces any and all prior or contemporaneous discussions, negotiations, understandings and agreements, written and oral, regarding such subject matter. The parties agree to take such action to amend this Agreement from time to time as is necessary for compliance with the requirements of the Privacy Rule, the Security Rule, HIPAA, and the HITECH Act. Notwithstanding the foregoing, if the parties have not amended this Agreement to address a law or final regulation that becomes effective after the date that the parties enter into this Agreement and that is applicable to this Agreement, then upon the effective date of such law or regulation (or any portion thereof) this Agreement shall be amended automatically and shall incorporate such new or revised provisions as are necessary for this Agreement to be consistent with such law or regulations, and for both parties to be and remain in compliance with all applicable laws and regulations. Except as expressly provided in this Section 14, this Agreement may be amended only in writing executed by both parties. The waiver of any breach or default of this Agreement will not constitute a waiver of any subsequent breach or default, and will not act to amend or negate the rights of the waiving party. Except as expressly provided in subsection 13(iii), if any provision of this Agreement or any word, phrase, clause, sentence, or other portion thereof should be held to be unenforceable or invalid for any reason, then such provision or portion thereof shall be modified or deleted in such manner as to render this Agreement as modified legal and enforceable to the maximum extent permitted under applicable laws. Any reference in this Agreement to a section of HIPAA, the Privacy Rule, the Security Rule, the HITECH Act, or any other regulations implementing HIPAA or the HITECH Act, shall mean such regulation or statute as in effect at the time of execution of this Agreement or, if and to the extent applicable, as subsequently updated, amended or revised.