EPOWER USER AGREEMENT

This agreement is made between VIVA Health (Company) and the ePower User (VIVA Health contracted provider, referred to herein as User). This agreement provides the terms and conditions governing access of patient/member data using ePower. Both Company and User are referred to collectively as Parties. Both Parties acknowledge and agree that the privacy and security of data held by or exchanged between them is of utmost priority. Parties agree to take steps reasonably necessary to ensure that electronic transactions between them conform to the Health Insurance Portability and Accountability Act of 1996 (HIPAA). This agreement becomes effective when User accesses ePower and will remain in effect until terminated according to the terms listed in this agreement. Company may alter this agreement at any time, with or without notice, by posting a new agreement to its website at www.vivahealth.com. If the User disagrees with the terms of this agreement, User must not use the ePower system.

I. Term and Termination
Access to ePower may be revoked immediately if the User’s provider contract terminates with VIVA Health and this agreement shall be terminated effective as of the date access is revoked. In addition, either Party may voluntarily terminate this agreement at any time by providing notice to the other Party. If a Party breaches any material obligation of this agreement, the other Party may terminate this agreement immediately followed by notice to the other Party. In the event, Company believes it is vulnerable to a security breach, suspects a security breach, or is notified that a security breach has or may have occurred, Company may terminate User access without notice until the suspected vulnerability or breach can be fully investigated and resolved to the Company’s satisfaction. Company may terminate User access without notice due to inactivity if User has not accessed ePower for a period of ninety (90) days. Company reserves the right to discontinue ePower access and to terminate User access at any time and for any reason with no advance notice. In the event of termination, the obligations of the User in regard to information obtained through ePower prior to the termination shall remain in force until such time as all such information has been destroyed or returned to Company.

II. Obligations of the Parties
1. User agrees to only use ePower access for appropriate business purposes of User. User will take reasonable precautions to limit the disclosure of the electronic data to authorized personnel on a need-to-know basis. User certifies that an appropriate confidentiality agreement (for employees) or HIPAA compliant Business Associate Agreement (for subcontractors) is and remains in place with any person or entity to whom User provides access to ePower on User’s behalf (hereafter Designee) throughout the term of this agreement. User agrees to ensure that any Designee agrees to the same restrictions and conditions that apply through this agreement to User. User agrees that sharing of User IDs and passwords among multiple Designees is strictly prohibited. If additional User IDs are needed, User will assign unique User IDs to its Designees or will contact Company for assistance.

2. User agrees to change its password immediately if its relationship with such Designee ends or it is no longer appropriate for such Designee to have access to the information available through ePower.

3. User and any Designees shall not disclose the information accessed under this agreement to any other person or organization without the express written permission of the subject of the data (i.e., the Company’s member) unless such disclosure is permissible by State or Federal law.

4. User will notify the Company’s Privacy Officer or Security Officer immediately of any suspected or confirmed security breaches related to data obtained from ePower. Any disclosure that is not expressly permitted by this agreement constitutes a breach. User agrees to fully cooperate with Company’s investigation of a suspected or reported breach. To contact the Company’s Privacy Officer or Security Officer, User should call 205-558-7474 or 1-800-294-7780.

5. User and any Designees shall treat the information sent and received electronically as proprietary and will not use the information for any purpose or in a manner that would violate any privacy, security, or confidentiality laws or regulations including, but not limited to, HIPAA. User will put appropriate safeguards in place to protect patient specific data from improper access and will maintain the confidentiality of ePower User IDs and passwords.

III. Indemnification
User shall indemnify, defend, and hold Company, its employees, directors, trustees, officers, representatives and agents (collectively the Indemnitees) harmless from and against all claims, causes of action, liabilities, judgments, fines, assessments, penalties, damages, awards or other expenses, of any kind or nature whatsoever, including, without limitation, attorney’s fees, expert witness fees, and costs of investigation, litigation or dispute resolution, incurred by the Indemnitees due to the User’s or its Designee’s negligence, intentional wrongdoing, or violation or alleged violation of this agreement or any other misuse or alleged misuse by User or User Designee of information obtained from ePower.