Res 022-2021 Purchase Innoculate Software Management from Luminaire, Inc 2/2/2021 Resolution No. 22-2021
Resolution authorizing The City Manager to execute all documents
necessary to purchase the Innoculate software management services
from Luminaire Inc. in the amount of $90,000
WHEREAS, we are currently in the recovery phase of a global pandemic and need
to be able to vaccinate individuals in a safe, effective and efficient manner and,
WHEREAS, the Health District has the need for an electronic vaccination system
and Luminaire INC. is the preferred vendor and,
WHEREAS, this procurement does qualify as an exempted emergency procurement
under Local Government Code § 252.022(a)(2).
NOW, THEREFORE, BE IT RESOLVED BY THE CITY COUNCIL OF THE CITY
OF WICHITA FALLS, TEXAS, THAT:
The City Manager is authorized to execute all documents necessary to enter
into a contract with Luminaire INC. in the amount of$90,000
PASSED AND APPROVED this the 2nd day of February, 2021 .
MAYOR
ATTEST:
City Clerk
SERVICE AGREEMENT
(LUMINARE SOFTWARE
1. This Service Agreement ("Agreement"), dated as of January 18t1 2021 ("Effective Date"), is
made by and between Luminare Inc., with a place of business at TMC Innovation Institute, 2450
Holcombe Blvd., Suite X, Houston, Texas 77021 ("Luminare"), and Wichita County Texas
with a place of business at 900 7th Street, Wichita Falls, TX 76307-7531("Company").
The parties agree as follows:
1. Service. The parties intend for Company to use Luminare's software services identified in
Exhibit B, which is attached hereto and incorporated herein by reference, which services are
will be provided to Company as a hosted, software-as-a-service application (collectively, the
"Service"). This agreement is specifically for the product and scope as described in Exhibit B.
Subject to the terms and conditions of this Agreement, Luminare grants to Company a
nonexclusive and nontransferable license to use the Service for the term of this Agreement.
Company's use of the Service will be solely for its own internal purposes of the Company, by
its employees and any healthcare providers, pharmacists or other employees who are involved
either in patient care or quality management related to patient care and who are authorized by
the Company to use the Service at the Company's facility. Company and Luminare shall each
comply with their respective obligations that are set forth on Exhibit A, which is attached
hereto and incorporated herein by reference.
2. Payment.Company will pay to Luminare the fees and other amounts set forth on Exhibit B or as may be specified
in any mutually agreed upon SOW that is signed by both parties and incorporated by reference into this
Agreement. All fees and other amounts are exclusive of any sales use or other similar taxes or charges, and
Company is responsible for all taxes or charges assessed by any governmental authority in connection with the
provision and use of the Service under this Agreement,except for income taxes payable by Luminare.Fees shall
be invoiced as set forth in Exhibit B or in the applicable SOW.Unless otherwise specified in Exhibit B or in the
applicable SOW,any amount invoiced is due and payable no later than 30 days after the date of invoice.
3. Term; Termination. This Agreement commences on the Effective Date and will remain in
effect for the term set forth on Exhibit A. The parties may extend this term by executing a
signed modification to this Agreement. Either party may terminate this Agreement if the other
Party materially breaches the terms and conditions set forth herein, provided however, that
such breaching Party is provided no less than thirty (30) days in which to cure such alleged
material breach following actual receipt of the written notice from the non-breaching Party
describing the alleged breach in reasonable detail. This Agreement also may be terminated no
more than seven days after the U.S. government revokes the employer's rights to collect their
employee's Input Data. Sections 4 through 13 of this Agreement shall survive expiration or
termination of this Agreement.
4. Ownership of Service IP. As between Company and Luminare, Company acknowledges and agrees that the
software and other intellectual property underlying the Service, as well as any Service user materials, are the
property of Luminare and are protected under U.S. and international intellectual property laws, including
copyrights, trademarks, service marks, patents, trade secrets or other proprietary rights and laws. Luminare
reserves all rights not expressly granted in this Agreement. Luminare has the right, but not the obligation, to
monitor the Service,Input Data(as defined herein)and Service reports.
5. Ownership of Input Data; Permitted Use. "Input Data" means all information and data
input into the Luminare Solution purchased in Exhibit B. As between Company and Luminare,
Luminare acknowledges and agrees that any Input Data is proprietary to Company and/or third
parties, and not proprietary to Luminare. Company represents and warrants that it has all
necessary consents, or owns or otherwise controls all necessary rights, to supply Input Data in
connection with the Service and that use of Input Data for such purpose will not violate any
applicable law or infringe or violate the rights of any third party. Luminare will have no
liability under this Agreement for any failure of the foregoing Company representation and
warranty. In addition, Company grants Luminare a nonexclusive license to use de-identified
and/or aggregated data uploaded to the Service and/or produced from Company's use of the
Service, for the purposes of evaluating effectiveness of the Service, making improvements to
the Service, and generating statistics regarding(i) any of the results of use of the Service or(ii)
the general effectiveness of medications and other treatments, individually and in concert, on
disease states.
6. Limitations of Liability. Except for any breaches of a party's obligations relating to
confidentiality or Company's obligations concerning its use of Luminare's intellectual
property, in no event will either party's aggregate liability hereunder to the other party exceed
the total fees paid by Company to Luminare for the twelve-month period preceding the date
on which the subject liability arose. EXCEPT FOR ANY BREACHES OF A PARTY'S
OBLIGATIONS RELATING TO CONFIDENTIALITY OR COMPANY'S OBLIGATIONS
CONCERNING ITS USE OF LUMINARE'S INTELLECTUAL PROPERTY
HEREUNDER, IN NO EVENT SHALL EITHER PARTY BE LIABLE, UNDER ANY
LEGAL OR EQUITABLE THEORY OF LIABILITY, WITH RESPECT TO THE SERVICE
(EXCEPT TO THE EXTENT OTHERWISE REQUIRED BY APPLICABLE LAW OR BY
ANOTHER AGREEMENT BETWEEN THE PARTIES HERETO)FOR ANY LOST DATA,
LOST PROFITS, OR SPECIAL, INDIRECT, INCIDENTAL, PUNITIVE, OR
CONSEQUENTIAL DAMAGES OF ANY KIND WHATSOEVER REGARDLESS OF
WHETHER SUCH LOSS WAS FORESEEABLE OR THE PARTY SUFFERING THE LOSS
OR DAMAGE WAS ADVISED OF THE POSSIBILITY OF SUCH LOSS OR DAMAGE.
7. Disclaimers. Company's access to and use of the Service is at Company's sole risk. Company
understands and agrees that the Service is provided to you on an "AS IS" and "AS
AVAILABLE" basis. Without limiting the foregoing, to the maximum extent permitted under
applicable law, LUMINARE DISCLAIMS ALL WARRANTIES AND CONDITIONS OF
ANY KIND WITH RESPECT TO THE SERVICE, WHETHER EXPRESS OR IMPLIED,
INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-
INFRINGEMENT
8. USE WARNINGS. THE COMPANY DOES NOT OFFER MEDICAL ADVICE,
DIAGNOSES OR OTHER HEALTH MANAGEMENT SERVICES OR ENGAGE IN
THE PRACTICE OF MEDICINE. THE SERVICE IS NOT INTENDED TO BE,AND
DOES NOT CONSTITUTE, A SUBSTITUTE FOR PROFESSIONAL MEDICAL
ADVICE BY PHYSICIANS OR LICENSED INDEPENDENT PRACTITIONERS, OR
A SUBSTITUTE FOR DIAGNOSIS, TREATMENT OR HEALTH MANAGEMENT
AND IS OFFERED FOR INFORMATIONAL PURPOSES ONLY. FURTHERMORE,
THE INFORMATION PRODUCED BY THE SERVICE IS ONLY USEFUL TO THE
EXTENT THAT THE INPUT DATA IS ACCURATE. END USERS SHOULD
ALWAYS RELY ON THEIR CLINICAL JUDGMENT WHEN MAKING DECISIONS
REGARDING PATIENT CARE. AT ALL TIMES,IT IS THE RESPONSIBILITY OF
COMPANY AND ITS END USERS TO ACCESS,REVIEW AND RESPOND TO ALL
RESULTS FROM USE OF THE SERVICE, INCLUDING WITHOUT LIMITATION
ANY ALERTS MADE AVAILABLE BY THE SERVICE (COLLECTIVELY,
SERVICE RESULTS),IN A TIMELY AND CLINICALLY APPROPRIATE MANNER,
AND LUMINARE WILL HAVE NO LIABILITY TO COMPANY, ANY END USER
OR ANY THIRD PARTY FOR ANY FAILURE OF COMPANY,ANY END USER OR
ANY OTHER CLINICIAN TO APPROPRIATELY RESPOND TO ANY SERVICE
RESULTS.
9. BUSINESS ASSOCIATE AGREEMENT: EXECUTION OF THIS CONTRACT WILL
ALSO RESULT IN EXECUTION OF THE ATTACHED BUSINESS ASSOCIATE
AGREEMENT AND THE TERMS INCLUDED THERE.
10. Any feedback provided by the Company regarding the Service("Feedback")is the proprietary
and confidential information of Luminare, and the Company hereby assigns all right, title and
interest in and to such Feedback,including all intellectual property rights therein,to Luminare.
The Company agrees not to disclose or provide such Feedback to any third party.
11. This Agreement shall be governed by and interpreted in accordance with the laws of the State
of Texas exclusively, excluding its conflicts of laws principles. Both the Uniform Computer
Information Transactions Act and the United Nations Convention on Contracts for the
International Sale of Goods (1980) are excluded in their entirety from application to this
Agreement. The parties consent to the exclusive jurisdiction of and venue in the federal and/or
state courts for Austin, Texas, for all claims arising out of or relating to this Agreement or the
Company's use of the Service. Notwithstanding any law, rule or regulation to the contrary, the
Company agrees that any claim or cause of action it may have arising out of this Agreement
or the Company's use of the Service must be filed within one(1)year after such claim or cause
of action arose or be forever barred.
12. This Agreement, including all documents incorporated herein by reference, constitutes the
complete and exclusive agreement between the parties with respect to the subject matter
hereof, and supersedes and replaces any and all prior or contemporaneous discussions,
negotiations, understandings and agreements, written and oral, regarding such subject matter.
Any additional or different terms in any purchase order or other response by the Company shall
be deemed objected to by Luminare without need of further notice of objection, and shall be
of no effect or in any way binding upon Luminare.
13. This Agreement may be executed in two or more counterparts, each of which will be deemed
an original,but all of which together shall constitute one and the same instrument. Once signed,
any reproduction of this Agreement made by reliable means (e.g., photocopy, PDF) is
considered an original. This Agreement may be changed only by a written document signed
by authorized representatives of both parties.
14. All parties agree that this contract is one wherein the Company is solely performing a
governmental function. All parties expressly agree that the Company is not engaging in any
propriety functions.
15. If any action at law or in equity is necessary to enforce this agreement, each party agrees to
pay its own attorneys' fees and will not seek to recover its own attorneys' fees from the other
party.
IN WITNESS WHEREOF, the parties have caused their duly authorized officers to
execute this Agreement.
LUMINARE INC. CLIENT: CITY OF WICHITA FALLS,TX
By: By:
Name: Sarma N.Velamuri,M.D. Name: Darron J.Leiker
Title: Chief Executive Officer Title:City Manager
Attest:
City Clerk
Approved as to form:
City Attorney
Attachments: BUSINESS ASSOCIATE AGREEMENT
EXHIBIT A
to Service Agreement
Service Use Requirements; Service Specifications
Part 1—Current Data Input and similar Technical Requirements
Company shall provide or supply,as applicable,the following: Administrative oversight to ensure adequate overview of the
use of the Luminare solution purchased in Exhibit B for the Company.
Part 2-Security Matters Concerning Use of Service
Input Data will be supplied to Luminare either by Company or on Company's behalf. In addition, in order to access reports
generated by the Service, Company will have access to certain Service web page(s). Company will be responsible for
maintaining the security and confidentiality of all activity (i) to supply Input Data to the Service and (ii) to access reports
generated for Company by the Service. Company will take reasonable steps,including no less than industry standard security
measures, to prevent unauthorized use of the Service, and Company will immediately notify Luminare in writing of any
unauthorized use of any of its users' login names or passwords of which such user,or other Company party,becomes aware.
Luminare may suspend the Service(in whole or in part),including without limitation suspending access for certain previously
authorized users,in the event of the potential or actual compromise or unauthorized use of the Service.
Part 3—Compliance with Applicable Law
Each party agrees to comply with all applicable federal,state and local laws,orders,regulations and regulatory standards with
respect to its respective obligations and performance under this Agreement and, in the case of Company, with respect to
Company's use of the Service.
Part 4—Error Reporting
Company will follow Luminare's reasonable procedures and instructions to report any errors and difficulties it encounters with
regard to the Service so as to permit Luminare to recreate and evaluate same.
Part 5—Additional Restrictions on Company's Use of Service
Company will not(a)use the Service or any documentation, know-how or other information received from Luminare or its
representatives or licensors (the "Evaluation Materials") to create any similar application or service, (b)decompile,
disassemble or otherwise reverse engineer any technology employed by the Service,or use any similar means to discover the
source code or trade secrets embodied in the Service,or otherwise circumvent any technical measure that controls access to the
Service or(c)permit any third party use the Service to do any of the foregoing. Except for the limited rights and licenses
expressly granted in this Agreement,no other license is granted,no other use is permitted and Luminare and its licensors will
retain all right,title and interest(including patents,copyrights,trade secrets and trademarks)in and to the Service,Evaluation
Materials and any underlying intellectual property (acknowledging that none of the foregoing includes any Input Data).
Company will not take any action inconsistent with such ownership.
EXHIBIT B
to Service Agreement
Fee Schedule and Product Services
Solution Purchased: Luminare's Innoculate Covid Vaccine Management Solution
Contract term:Initially 12 Month term.Contract auto renews in 12 month increments unless 30 day notice of non-
renewal is received by Luminare.
Total amount invoiced at time of signing contract: $90,000.
Rates are for use for the citizens of Wichita County TX(geographic)location unless
otherwise specified
Services Rate Notes
Innoculate Covid-19 Vaccine License for use to Inoculate the
Management Solution $86100 citizens of Wichita County,TX
Standard support during working
Support Included hours by email
Protocol Vetting and
Compliance Checking Included
Pre-paid text bundle(20,000)
.015 per text Texts above 20,000 will be prebilled
$300.00 $300 to company in bundles of 10,000
Education Superuser training
per session Included Web-based training is free.
Set up fee$1500 0 Waived
One time discount Additional API's
One API integration$5,000 $3,600 will be billed at$5,000
Special Fees
• Customization and/or special project work beyond reasonable scope may be charged at an hourly rate
through December 31,2022,with estimates provided for approval prior to proceeding.
BUSINESS ASSOCIATE AGREEMENT(FOR HIPAA)
If a Customer is a Covered Entity or a Business Associate and includes Protected Health
Information in Customer Data (as such terms are defined below), execution of a license agreement that
includes Luminare's Terms of use ("Agreement") will incorporate the terms of this HIPAA Business
Associate Agreement ("BAA") into that agreement. If there is any conflict between a provision in this BAA
and a provision in the Agreement, this BAA will control.
WHEREAS, Covered Entity and Business Associate have executed the Agreement pursuant to which
Business Associate provides services (the "Agreement Services") for Covered Entity that may require
Business Associate to access or create health information that is protected by state and/or federal law;
WHEREAS, Business Associate and Covered Entity desire that Business Associate obtain access to such
information in accordance with the terms specified herein; and
NOW THEREFORE, in consideration of the mutual promises set forth in this BAA and other good and
valuable consideration, the sufficiency and receipt of which are hereby severally acknowledged,the parties
agree as follows:
1. Definitions. Unless otherwise specified in this BAA, all capitalized terms not otherwise defined shall
have the meanings established in Title 45, Parts 160 and 164, of the United States Code of Federal
Regulations, as amended from time to time, and/or in the American Recovery and Reinvestment Act of
2009 ("ARRA"). For purposes of clarification, the following terms shall have the definitions set forth below:
1.1 "Privacy Standards"shall mean the Standards for Privacy of Individually Identifiable Health
Information as set forth in 45 C.F.R. Parts 160 and 164.
1.2 "Security Standards" shall mean the Security Standards for the Protection of Electronic
Protected Health Information as set forth in 45 C.F.R. Parts 160 and 164.
2. Business Associate Obligations. Business Associate may receive from Covered Entity health
information that is protected under applicable state and/or federal law, including without limitation, Protected
Health Information ("PHI"). Business Associate agrees not to Use or Disclose (or permit the Use or
Disclosure of) PHI in a manner that would violate the requirements of the Privacy Standards or the Security
Standards if the PHI were used or disclosed by Covered Entity in the same manner. Business Associate
shall use appropriate safeguards to prevent the Use or Disclosure of PHI other than as expressly permitted
under this BAA.
3. Use of PHI. Business Associate may use PHI as necessary (i) for performing the Agreement
Services, (ii) for the proper management and administration of the Business Associate, or (iii) for carrying
out its legal responsibilities, provided in each case that such Uses are permitted under federal and state
law. Covered Entity shall retain all rights in the PHI not granted herein.
4. Disclosure of PHI. Business Associate may Disclose PHI as necessary (i) to perform the
Agreement Services, (ii) for the proper management and administration of the Business Associate, or (iii)
to carry out its legal responsibilities, provided that either (a) the Disclosure is Required by Law or (b) the
Business Associate obtains reasonable assurances from the person to whom the information is Disclosed
that the information will be held confidential and further Used and Disclosed only as Required by Law or for
the purpose for which it was Disclosed to the person, and such person agrees to immediately notify the
Business Associate of any instances of which it is aware that the confidentiality of the information has been
breached.
5. Reports.Business Associate agrees to report to Covered Entity:
5.1 Any Use or Disclosure of PHI not authorized by this BAA within five (5) days of the
Business Associate becoming aware of such unauthorized Use or Disclosure;
5.2 Any Security Incident within five (5) days of the Business Associate becoming aware of
the Security Incident; and
5.3 Each report of a Breach of Unsecured PHI Discovered by Business Associate,to the extent
Business Associate accesses, maintains, retains, modifies, records, stores, destroys or otherwise holds, Uses or
Discloses Unsecured PHI,unless delayed for law enforcement purposes, shall be made without delay and in no case
later than thirty(30)calendar days after Discovery of the Breach,and shall include the identification of each Individual
whose Unsecured PHI has been, or is reasonably believed by Business Associate to have been, accessed, acquired or
Disclosed during such Breach.Notwithstanding anything herein to the contrary,the provisions of this Section 5.3 shall
only be applicable to Breaches that are Discovered on or after the date that is thirty (30) days after the date of
publication of interim final regulations promulgated by the Secretary that address notifications of Breaches of
Unsecured PHI.
5.4 Business Associate agrees to indemnify and hold harmless, Covered Entity, its Officers,
directors, shareholders, agents, and employees against all liability claims, damages, suits, demands, expenses, and
civil monetary penalties(including but not limited to,court costs and reasonable attorneys'fees)of every kind arising
out of the negligent errors and omissions or willful misconduct of Business Associate,its agents, servants, employees
and independent contractors (excluding Covered Entity)in the performance of or conduct relating to this Section 5.
6. Agents and Subcontractors. If Business Associate discloses PHI received from Covered Entity, or
created or received by Business Associate on behalf of Covered Entity,to agents, including a subcontractor
(collectively, "Recipients"), Business Associate shall require Recipients to agree in writing to the same
restrictions and conditions that apply to the Business Associate under this BAA.
7. Individual Rights to Access and Amendment.
7.1 Access. If Business Associate maintains a Designated Record Set on behalf of
Covered Entity, Business Associate shall permit an Individual to inspect or copy PHI contained in that set
about the Individual in accordance with the Privacy Standards set forth in 45 C.F.R. § 164.524, as it may
be amended from time to time, unless excepted or a basis for denial exists under 45 C.F.R. § 164.524, as
determined by the Covered Entity. In the event a Business Associate uses or maintains an Electronic
Health Record on behalf of Covered Entity, then, as of the date required by ARRA, an Individual's right of
access under 45 C.F.R. § 164.524 shall include the right to obtain a copy of the PHI in an electronic format
and, if the Individual chooses in a clear, conspicuous and specific manner, to direct the Business Associate
to transmit such copy to any person designated by the Individual. Business Associate shall respond to any
request from Covered Entity for access by an Individual within five(5)days of such request unless otherwise
agreed to by Covered Entity. The information shall be provided in the form or format requested, if it is
readily producible in such form or format, or in summary, if the Individual has agreed in advance to accept
the information in summary form. A reasonable, cost based fee may be charged for copying PHI or
providing a summary of PHI in accordance with 45 C.F.R. § 164.524(c)(4), provided that any such fee
relating to a copy or summary of PHI provided in an electronic form may not be greater than the labor costs
incurred in response to the request for the copy or summary.
7.2 Amendment. Business Associate shall accommodate an Individual's right to
amend PHI or a record about the Individual in a Designated Record Set in accordance with the Privacy
Standards set forth at 45 C.F.R. § 164.526, as it may be amended from time to time, unless excepted or a
basis for denial exists under 45 C.F.R. § 164.526, as determined by the Covered Entity. Covered Entity
shall determine whether a denial to an amendment request is appropriate or an exception applies. Business
Associate shall notify Covered Entity within five (5) days of receipt of any request for amendment by an
Individual and shall make any amendment requested by Covered Entity within ten (10) days of such
request. Business Associate shall have a process in place for requests for amendments and for appending
such requests to the Designated Record Set.
8. Accounting of Disclosures.
8.1 General Accounting Provisions. Business Associate shall make available to
Covered Entity in response to a request from an Individual, information required for an accounting of
Disclosures of PHI with respect to the Individual, in accordance with 45 C.F.R. § 164.528, as it may be
amended from time to time, unless an exception to such Accounting exists under 45 C.F.R. § 164.528.
Such Accounting is limited to Disclosures that were made in the six(6) years prior to the request and shall
not include any Disclosures that were made prior to the compliance date of the Privacy Standards.
Business Associate shall provide such information necessary to provide an accounting within thirty (30)
days of Covered Entity's request.
8.2 Special Provisions for Disclosures made through an Electronic Health Record. As
of the date required by ARRA, if Covered Entity uses or maintains an Electronic Health Record with respect
to PHI and if Business Associate makes Disclosures of PHI for Treatment, Payment or Health Care
Operations purposes through such Electronic Health Record, Business Associate will provide an
accounting of Disclosures that Covered Entity has determined were for Covered Entity's Treatment,
Payment and/or Health Care Operations purposes to Individuals who request an accounting directly from
Business Associate. Any accounting made pursuant to this Section 8.2 shall be limited to Disclosures made
in the three (3) years prior to the Individual's request for the accounting. The content of the accounting
shall be in accordance with 45 C.F.R. § 164.528, as it may be amended from time to time.
8.3 Fees for an Accounting. Any accounting provided under Section 8.1 or Section 8.2
must be provided without cost to the Individual or to Covered Entity if it is the first accounting requested by
an Individual within any twelve (12) month period; however, a reasonable, cost based fee may be charged
for subsequent accountings if Business Associate informs the Covered Entity and the Covered Entity
informs the Individual in advance of the fee, and the Individual is afforded an opportunity to withdraw or
modify the request.
9. Withdrawal of Consent or Authorization. If the use or disclosure of PHI in this BAA is based upon
an Individual's specific consent or authorization for the use of his or her PHI, and (i) the Individual revokes
such consent or authorization in writing, (ii) the effective date of such authorization has expired, or(iii) the
consent or authorization is found to be defective in any manner that renders it invalid, Business Associate
agrees, if it has notice of such revocation or invalidity, to cease the Use and Disclosure of any such
Individual's PHI except to the extent it has relied on such Use or Disclosure, or where an exception under
the Privacy Standards expressly applies.
10. Records and Audit. Business Associate shall make available to Covered Entity and to the
Secretary or her agents, its internal practices, books, and records relating to the Use and Disclosure of PHI
received from, or created or received by, Business Associate on behalf of Covered Entity for the purpose
of determining Covered Entity's compliance with the Privacy Standards and the Security Standards or any
other health oversight agency, in a timely a manner designated by Covered Entity or the Secretary. Except
to the extent prohibited by law, Business Associate agrees to notify Covered Entity immediately upon
receipt by Business Associate of any and all requests served upon Business Associate by or on behalf of
any and all government authorities relating to PHI received from, or created or received by, Business
Associate on behalf of Covered Entity.
11. Notice of Privacy Practices. Covered Entity shall provide to Business Associate its Notice of
Privacy Practices ("Notice"), including any amendments to the Notice. Business Associate agrees that it
will abide by any limitations set forth in the Notice, as it may be amended from time to time, of which it has
knowledge. An amended Notice shall not affect permitted Uses and Disclosures on which Business
Associate has relied prior to receipt of such Notice.
12. Security. Business Associate will (i) implement Administrative, Physical and Technical Safeguards
that reasonably and appropriate protect the confidentiality, integrity and availability of the Electronic
Protected Health Information that it creates, receives, maintains, or transmits on behalf of Covered Entity;
and (ii) ensure that any agent, including a subcontractor, to whom it provides Electronic Protected Health
Information agrees to implement reasonable and appropriate safeguards to protect such information.
Further, as of the date required by ARRA, Business Associate shall comply with the standards and
implementation specifications set forth in 45 C.F.R.§§ 164.308, 164.310, 164.312 and 164.316 with respect
to such Administrative, Physical and Technical Safeguards.
13. Term and Termination.
13.1 This BAA shall commence on the effective date of the Agreement and shall remain
in effect until terminated in accordance with the terms of this Section 13, provided, however, that any
termination shall not affect the respective obligations or rights of the parties arising under this BAA prior to
the effective date of termination, all of which shall continue in accordance with their terms.
13.2 Covered Entity shall have the right to terminate this BAA for any reason upon thirty
(30) days written notice to Business Associate.
13.3 Covered Entity,at its sole discretion, may immediately terminate this BAA and shall
have no further obligations to Business Associate hereunder if any of the following events shall have
occurred and be continuing:
(i) Business Associate shall fail to observe or perform any material covenant or
agreement contained in this BAA for ten (10) days after written notice thereof has been given to Business
Associate by Covered Entity; or
(ii) A violation by Business Associate of any provision of the Privacy Standards,
Security Standards, or other applicable federal or state privacy law.
13.4 Upon the termination of the Agreement, this BAA shall terminate simultaneously
without additional notice.
13.5 Upon termination of this BAA for any reason, Business Associate agrees either to
return to Covered Entity or to destroy all PHI received from Covered Entity or otherwise created through
the performance of the Agreement Services for Covered Entity, that is in the possession or control of
Business Associate or its agents. In the case of information for which it is not feasible to"return or destroy,"
Business Associate shall continue to comply with the covenants in this BAA with respect to such PHI and
shall comply with other applicable state or federal law, which may require a specific period of retention,
redaction, or other treatment. Termination of this BAA shall be cause for Covered Entity to terminate the
Agreement.
14. Compliance with Red Flap Policies. Covered Entity shall provide to Business Associate any
policies and procedures adopted by the Covered Entity to detect, prevent and mitigate the risk of identity
theft in accordance with the "Red Flag Rules" promulgated by the Federal Trade Commission, as well as
any amendments to such policies and procedures. Business Associate agrees that it will abide by such
policies and procedures, and any amendments to such policies and procedures of which it is aware, in
rendering the Agreement Services to Covered Entity.
15. Miscellaneous.
15.1 Notice. Customer hereby agrees that any reports, notification or other notice by
Luminare pursuant to this BAA may be made electronically. Customer shall provide contact information to
support@luminaremed.com or such other location or method of updating contact information as Microsoft
may specify from time to time and shall ensure that Customer's contact information remains up to date
during the term of this BAA. Contact information must include name of individual(s)to be contacted, title of
individual(s) to be contacted, em-mail address of individual(s) to be contacted, name of Customer
organization and if available, either contract number or customer identification number.
15.2 Waiver. No provision of this BAA or any breach thereof shall be deemed waived
unless such waiver is in writing and signed by the party claimed to have waived such provision or breach.
No waiver of a breach shall constitute a waiver of or excuse any different or subsequent breach.
15.3 Assignment. Neither party may assign (whether by operation or law or otherwise)
any of its rights or delegate or subcontract any of its obligations under this BAA without the prior written
consent of the other party. Notwithstanding the foregoing, Covered Entity shall have the right to assign its
rights and obligations hereunder to any entity that is an affiliate or successor of Covered Entity, without the
prior approval of Business Associate.
15.4 Compliance with ARRA; Agreement to Amend BAA. The parties agree that it is
their intention (i) to comply with the privacy and security provisions contained in Title XIII of ARRA and (ii)
to incorporate those provisions into this BAA to the extent required by ARRA. The parties further agree to
amend this BAA to the extent necessary to comply with state and federal laws, including without limitation,
the Health Insurance Portability and Accountability Act of 1996 ("HIPAA") and ARRA, and any regulations
promulgated or other guidance issued pursuant to HIPAA and ARRA.
15.5 Entire Agreement. This BAA constitutes the complete agreement between
Business Associate and Covered Entity relating to the matters specified in this BAA, and supersedes all
prior representations or agreements, whether oral or written, with respect to such matters. In the event of
any conflict between the terms of this BAA and the terms of the Agreement or any such later agreement(s),
the terms of this BAA shall control unless the terms of such Agreement or later agreement comply with the
Privacy Standards and the Security Standards. No oral modification or waiver of any of the provisions of
this BAA shall be binding on either party. This BAA is for the benefit of, and shall be binding upon the
parties, their affiliates and respective successors and assigns. No third party shall be considered a third
party beneficiary under this BAA, nor shall any third party have any rights as a result of this BAA.
15.6 Governing Law. This BAA shall be governed by and interpreted in accordance
with the laws of the State of Texas.