This Master Provider Agreement, by and between PatientFi, LLC, a Delaware limited liability company with offices at 530 Technology Drive, Suite 350, Irvine, CA 92618 (“PatientFi”), and the undersigned healthcare provider, together with each Affiliate whose signature is affixed to Schedule 1 attached hereto (collectively, the “Provider”), is entered into and made effective as of _________________ (the “Effective Date”). PatientFi and the Provider are each a "Party" and together they are the "Parties" in this Master Provider Agreement (or “Agreement”).
WHEREAS, PatientFi has developed a program that allows healthcare providers to offer payment plans to patients who want to finance healthcare goods and/or services they obtain from the Provider (the "Program"). The Program uses cloud-based tools and a web-based system administered by PatientFi (the “System”) through which the healthcare providers may offer various payment options to patients, including: (1) closed-end installment loans (each, a “Loan”) offered by PatientFi to patients; (2) open-end revolving line of credit accounts (each, a “Revolving Account” and collectively with Loans, “Loan Agreements”) offered by PatientFi to patients; (3) unsecured retail installment contracts between healthcare providers and patients (each, a "RIC" or a "Patient Contract") that may be purchased and serviced by PatientFi; and (4) other options that PatientFi may offer over time (collectively, “Credit Products”);
WHEREAS, the Provider desires to enter into this Master Provider Agreement with PatientFi to provide these payment options to its patients pursuant to the terms of this Agreement and the Provider is requesting Program access and a System license;
WHEREAS, PatientFi desires to provide such services to the Provider;
NOW, THEREFORE, in consideration of the mutual covenants and promises and for other good and valuable consideration, the receipt and sufficiency of which are hereby acknowledged, the Parties hereto agree as follows:
1. PATIENTFI SERVICES AND FEES
In exchange for the Provider’s agreement to the terms of this Master Provider Agreement and payment of amounts required hereunder, including the Program Fee described herein, PatientFi hereby grants, and the Provider hereby accepts, a non-transferable, non-exclusive license (without right to sublicense), to use the System for the sole and limited purpose of extending credit terms or financing to its patients as set forth in this Master Provider Agreement and will provide the services described in this Section according to the terms and conditions of this Master Provider Agreement (the "Service" or the “Services”). The Provider understands and agrees that the terms of this Master Provider Agreement, including the Services and fees required by the then current Program Fee and all documents incorporated by reference herein, may be amended from time to time in accordance with Section 33 of this Master Provider Agreement. PatientFi retains the right to materially redesign, modify, update or upgrade the organization, navigation, structure, branding, features, functionality and look and feel of the System at any time without prior notice. PatientFi also retains sole control over the Credit Products offered through the System.
(a) Onboarding services. Pursuant to the terms herein, PatientFi shall:
(i) Qualify the Provider for inclusion in the Program and access to electronic fund transfers through the automated clearing house ("ACH") network using a third-party payment processor designated by PatientFi;
(ii) Provide the Provider with access to the System, including the provision of unique access codes;
(iii) Provide the Provider personnel with access to webinar training demonstrations and training materials on:
(A) inputting pricing for treatments and procedures offered by the Provider;
(B) taking credit applications; and
(C) the terms and conditions of available Credit Products.
(b) On-going services. Pursuant to the terms herein, PatientFi shall:
(i) Maintain the System;
(ii) Provide the Provider with monthly reporting to track activity;
(iii) Provide access to ongoing training for the Provider personnel regarding any material modifications to the Program or the System;
(iv) Remit or apply Loan proceeds as directed or agreed to by the Provider.
(c) Service Functionality. Pursuant to the terms herein, throughout the Agreement term, PatientFi shall provide the Provider use of PatientFi’s proprietary credit underwriting software to score applicants and provide credit pricing on behalf of the Provider. Credit underwriting may include a FICO score pull from TransUnion, banking data pull, fraud detection, and income verification.
(d) Fees; Advances. The Provider agrees to pay the amounts required by the then current Program Fee and any other provision of this Master Provider Agreement, in return for the System license, Program access, and Services provided by PatientFi.
2. PRACTICE RESPONSIBILITIES
(a) Advertising and Promotion of the Program. The Provider agrees to market the Program and all related Credit Products in a commercially reasonable manner and in compliance with all applicable law and with the training materials provided by PatientFi. The Provider shall not advertise or promote through any medium or method financial products or services associated with this Master Provider Agreement, Credit Products or PatientFi, unless the Provider has obtained PatientFi’s prior express written authorization for the timing and content of any such financial advertisements or promotions or the Provider is using content prepared and provided to the Provider by PatientFi. This restriction on the advertisements or promotions of financial products or services, and the terms and conditions of such financial products or services, shall not apply to advertisements and promotions limited to the healthcare products and services provided by the Provider. Any review by PatientFi of marketing materials generated by the Provider shall be a review solely with respect to the marketing of the financial products and services associated with Credit Products or PatientFi and shall not constitute an assessment, approval, or other review for any other purpose or for compliance with any law unrelated to this Master Provider Agreement, Loan Agreements, Patient Contracts (as applicable) or PatientFi.
(b) Actions of End Users. The Provider is solely responsible for its actions and the actions of its employees who have access to the Services (“End Users”) while using the Services and for the contents of its transmissions through the Services. The Provider shall ensure all End Users of the Services comply with the Provider’s obligations under this Master Provider Agreement. The Provider agrees:
(i) to abide by all laws relating to the Provider’s use of the Services, including without limitation all laws regarding the transmission of Protected Consumer Information (as herein defined) and export control laws;
(ii) not to upload or distribute files intentionally that contain viruses, malicious files or other harmful code or any other similar software or programs that may access or damage the operation of the Services or another's computer or other devices;
(iii) not to interfere with or disrupt the Services, the data contained in the Services or networks connected to the Services intentionally;
(iv) not to send or store obscene, threatening, libelous or otherwise tortious material intentionally, including material harmful to children or violative of third party privacy rights, and not to use the Services to engage intentionally in any activity that infringes, dilutes, misappropriates, or otherwise violates the Intellectual Property Rights of others;
(v) to comply with all regulations, policies and procedures of networks connected to the Services;
(vi) not to attempt to gain unauthorized access to the Services or its related systems or networks;
(vii) to notify PatientFi promptly of any unauthorized use of any password or account or any other known or suspected breach of security; and
(viii)to take commercially reasonable measures to prevent fraudulent activity by: (A) all employees, agents, service providers and representatives of the Provider; and (B) all individuals who apply for or obtain financing through the Program.
(c) Passwords and Access.
(i) The Provider shall maintain control over and the confidentiality of all end user login IDs, usernames, passwords, and other access credentials for the Services, whether provided by PatientFi or selected by the Provider.
(ii) The Provider is responsible for all use of the Services by those who have access to the Services through the Provider (directly or indirectly), except to the extent unauthorized use of credentials for the Services is caused by PatientFi’s failure to comply with the Agreement’s security requirements.
(iii) The Provider agrees that any employee(s) or representative(s) the Provider designates through the System or otherwise as a “Super Administrator” shall be individually authorized to designate other Provider employee(s) and representative(s) authorized to use the System, as evidenced by the establishment and maintenance of end user login IDs, usernames, passwords, and other access credentials for the Services.
(d) Hardware, Software and Telecommunications. The Provider is solely responsible for obtaining and maintaining all hardware, software (and related licenses) and communications equipment necessary to access and use the Services and for paying all third-party access charges (e.g., ISP, telecommunications) incurred while using the Services. The Provider agrees it has been advised of and can comply with all minimum networking, hardware, software (and related licenses), firewalls and/or environmental conditions, and communications requirements applicable to the Services.
(i) The Provider and its designated Super Administrator have the right and the duty to notify PatientFi through the System about any decision made by the Provider to revoke or cancel the right or ability of any current or former employee or representative of the Provider to use a login ID, username, password and other access credentials for the Services.
(ii) The Provider agrees that PatientFi shall have a reasonable period of time, at least three (3) business days after receiving a revocation or cancellation notice through the System from the Provider and its Super Administrator, to process any such request to revoke or cancel any person’s right to use any login ID, username, password and other access credentials for the Services.
(iii) The Provider is solely responsible for any and all activities that occur under the Provider's account and all agreements made through or charges incurred for use of the Services accessed with the Provider's end user IDs, usernames or passwords.
(e) Customer Identification
(i) The Provider must request an unexpired form of government-issued identification, approved by PatientFi, from each individual who requests financing through the Program, whether as a Patient, a cosigner, or in any other capacity. The forms of government-issued identification currently approved for use with the Program are: (A) a state-issued driver’s license (preferred) or other form of state-issued identification card that includes a photograph; (B) a U.S. passport; (C) U.S. military identification; (D) tribal identification; (E) a non-U.S. passport issued by an identified country of issuance, with a corresponding number; (F) a government-issued alien identification card; or (G) a government-issued visa travel document that includes a photograph.
(ii) The Provider must inspect the photograph and other identifying information from an approved form of government-issued identification to determine whether they match the appearance and identifying information of the Patient, cosigner, or other individual, before the Patient requests Program financing. If the Provider identifies, or reasonably should identify, a discrepancy between the physical appearance and identifying information of any such Patient, cosigner, or other individual and their approved form of government-issued identification, the Provider shall not assist or allow any such individual to request and/or obtain Program financing and the Provider must promptly notify PatientFi about any such determination made by the Provider.
(f) Operating Procedures. In addition to any instructions, requirements, commitments, or other responsibilities imposed on the Provider by this Master Provider Agreement and any other agreement between the Parties, the Provider shall comply with and be bound by any Operating Procedures provided by PatientFi with respect to any specific Credit Product or service provided by PatientFi. Any Operating Procedures PatientFi may impose, and any updates thereto, shall be provided to the Provider through the System, and the Provider’s continuing use of the System shall constitute acceptance of the Operating Procedures and any amendments thereto.
(g) Complaint Resolution. Within five (5) Business Days of receipt, the Provider shall provide PatientFi with a copy of any written complaint or a report of any oral complaint received from any Patient or any other third party, including any regulatory authority, if the complaint relates in any respect to the Services, including but not limited to any Application, Loan Agreement, or Patient Contract, as applicable. The Provider shall cooperate with, and provide such information, documentation, and assistance as requested by, PatientFi in responding to any such complaints.
(h) Fraud Investigation Cooperation. The Provider agrees to cooperate with PatientFi in the investigation of any suspected or actual fraud in connection with the Services, including but not limited to any Loan Agreements or Patient Contracts, as applicable. The Provider also agrees to notify PatientFi immediately upon the detection or suspicion of any fraudulent activity, whether by a Patient, another third party, or the Provider or any of its employees or principals, in connection with the Services, including but not limited to any Loan Agreements or Patient Contracts, as applicable.
(i) Transparency Principles. PatientFi promotes and requires participating Providers to provide full transparency and disclosures to all its Patients that apply for any Credit Product. Provider must comply with the “Transparency Principles” set forth on Exhibit C hereto.
(j) Insurance. During the term of this Agreement and thereafter for so long as the Provider has any obligations with respect to the Services, the Provider shall maintain at its expense insurance in such amount and against such risks as is customary for businesses of a comparable size in the industry in which the Provider operates.
3. AUTHORIZATION FOR AUTOMATIC DIRECT DEPOSITS (ACH CREDITS) AND DIRECT DEBITS (ACH DEBITS)
The Provider authorizes PatientFi, to initiate credit entries for amounts that PatientFi may owe the Provider or that may otherwise be due to the Provider under this Master Provider Agreement. The Provider authorizes PatientFi to initiate debit entries for (i) any credit entries in error, (ii) amounts owed to the Provider under this Master Provider Agreement or (iii) the amounts which the Provider owes to PatientFi under this Master Provider Agreement that exceed the amount owed to the Provider. Such credit and debit entries will be to the bank account identified by the Provider in Exhibit D attached hereto. The Provider and PatientFi acknowledge that the origination of ACH transactions described in this Section 3 must comply with applicable law and NACHA rules. The authorizations set forth in this Section 3 will remain in effect until the date on which no Loan Agreements or Patient Contracts, as applicable, remain outstanding. The Provider must notify PatientFi within three business days of any change to the bank account for such ACH credits and ACH debits. PatientFi agrees to comply with written notifications from the Provider that alter the Provider’s bank account information (i.e., name and address of the bank or financial institution, transit/routing number or account number), provided that PatientFi receives such notification in sufficient time and manner to give it and the bank or financial institution reasonable opportunity to act on it.
CONFIDENTIALITY AND INFORMATION SECURITY
4. GLBA AND HIPAA COMPLIANCE
(a) Safeguards. The Parties agree to maintain administrative, technical, and physical safeguards reasonably designed to maintain the security of Protected Consumer Information while in transit through and at rest within information systems of PatientFi and the Provider. Each Party agrees to monitor its information systems, to notify the other Party promptly of any Security Incident relating to the information systems housing or transmitting any Protected Consumer Information originating with the Provider, and to take prompt action designed to mitigate the impact of the Security Incident and prevent additional Security Incidents.
(b) Business Associate Agreement. The Provider and PatientFi will enter into a Business Associate Agreement attached hereto as EXHIBIT A and incorporated by reference herein.
(c) Training. The Provider shall provide appropriate and adequate training to all Provider employees and representatives in the use of the System and Services, the requirements of this Confidentiality and Information Security Agreement, and the requirements of applicable laws governing the confidentiality, privacy and security of Protected Consumer Information.
(d) The Provider’s Representations and Warranties regarding Confidentiality and Information Security. The Provider warrants and represents that it shall:
(i) maintain, use and provide notices of privacy practices to the Provider’s patients informing each patient of the Provider’s intended use and mode for disclosure of Protected Consumer Information;
(ii) maintain, use and provide patient consent forms that comply with all applicable laws, including without limitation HIPAA and similar state and federal laws, and that are appropriate for use in connection with the Services;
(iii) ensure all patient consent forms have been executed by the Provider’s patients who consent to transmission of their Protected Consumer Information via the System and the Services.
(e) Confidentiality and Information Security Audit Rights. The Provider will be subject to audit by PatientFi, or a third party engaged by PatientFi for such purposes, to confirm compliance with its obligations regarding confidentiality and information security under this Agreement and proper use of the System and Services. Such audits will take place during business hours and upon reasonable notice to the Provider. Such audits will be performed at the expense of PatientFi and in a manner reasonably designed to minimize interference with the Provider’s day to day operations.
5. AUTHORIZATION FOR PROCESSING, COLLECTION AND USE OF DE-IDENTIFIED INFORMATION
(a) The Provider authorizes the processing, collection and use of information about the Provider, Credit Products, and the Program, to the extent allowed by law and for purposes of preparing De-Identified Information set forth in study data and study reports PatientFi may agree to provide third parties that are subject to contracts restricting their collection, use and disclosure of such De-identified Information. The Provider understands and agrees that any such study data and reports may include, without limitation, De-identified Information about:
(i) Procedures financed through the Program, including the total number of Procedures financed;
(ii) the total purchase price for each Procedure; the Amount Financed for each Procedure and all Procedures in relation to the total purchase price, expressed as dollar amounts and percentages;
(iii) financing variables, such as down payments and staff training, for each Procedure and all Procedures;
(iv) aggregated patient demographic information for all Procedures;
(v) aggregated information about repayment rates for all Procedures; and
(vi) aggregated information about default rates for all Procedures, expressed as a percentage of the total number of all Credit Products (if known by PatientFi and allowed by law), or an aggregate dollar amount of all Credit Products (if known by PatientFi and allowed by law).
6. CONFIDENTIAL INFORMATION
(a) Treatment of Confidential Information. Unless otherwise specifically provided in this Master Provider Agreement or authorized in writing by the Disclosing Party, and except as required by court order, the Receiving Party, for itself and for its agents, employees, representatives, contractors, subcontractors, successors and assigns, agrees:
(i) to keep all Confidential Information confidential and in its possession except as necessary to perform the Master Provider Agreement;
(ii) to restrict access to Confidential Information to those persons who are actively and directly participating in the performance of the Master Provider Agreement and who need to know such Confidential Information to fulfill such responsibilities;
(iii) to cause any and all persons or entities who have access to Confidential Information by or through the Receiving Party, including without limitation the Receiving Party’s contractors, subcontractors and subservicers, to observe and comply with the terms of this Master Provider Agreement, and specifically to the obligations regarding confidentiality and information security, as if they were parties hereto;
(iv) to not copy or duplicate any Confidential Information except as necessary to perform the Master Provider Agreement;
(v) to treat any and all copies of, and notes, memoranda, analyses, compilations, abstracts, synopses, studies of other material produced from, the Confidential Information as Confidential Information;
(vi) to communicate only with the designated representatives of the Disclosing Party concerning Confidential Information;
(vii) to not use and not disclose any Confidential Information for any purpose except the purpose for which such Confidential Information was provided in connection with the performance of the RICs or Loan Agreements or the evaluation, as applicable, except as permitted by applicable law in the course of performing the Master Provider Agreement or as otherwise required by applicable law;
(viii) to not use Confidential Information in any way that is detrimental to the Disclosing Party;
(ix) to not disclose to any person the fact that Confidential Information (including without limitation the Master Provider Agreement) has been made available to the Receiving Party or that Receiving Party has reviewed or has in its possession any Confidential Information, except as necessary to perform the Master Provider Agreement; and
(x) to not make, publish, or otherwise disseminate in any manner any public statement or description of the Master Provider Agreement or negotiations relating thereto.
(b) Required Disclosures. If the Receiving Party or any Receiving Party Representative is required by applicable law to disclose any Confidential Information in violation of the terms of this Master Provider Agreement, the Receiving Party or Receiving Party Representative, as the case may be, shall provide the Disclosing Party with immediate telephonic and written notice of such requirement so that the Disclosing Party may seek a protective order or other appropriate remedy or waive compliance by the Receiving Party or Receiving Party Representative with the provisions of this Master Provider Agreement. If such protective order or other remedy is not obtained, or if the Disclosing Party grants a written waiver of the affected provisions of this Master Provider Agreement, the Receiving Party or Receiving Party Representative may disclose that portion (and only that portion) of the Confidential Information that, in the opinion of the Receiving Party’s legal counsel, the Receiving Party is legally compelled to disclose, and the Receiving Party will exercise reasonable efforts to obtain reliable assurances that confidential treatment will be accorded to the Confidential Information so furnished.
(c) Ownership, Return of Confidential Information. Notwithstanding anything to the contrary provided in this Master Provider Agreement, the Disclosing Party is and shall remain the sole owner of its Confidential Information and all data derived from it that the Receiving Party receives from the Disclosing Party. The Receiving Party recognizes and agrees that nothing contained in the Master Provider Agreement shall be construed as granting the Receiving Party any property rights, by license, franchise, or otherwise, in or to any Confidential Information of the Disclosing Party except as may be necessary to perform its obligations hereunder; provided, however, the Provider acknowledges and agrees that PatientFi may prepare Aggregate Data relating to the performance and servicing history of the Loan Agreements and Patient Contracts, as applicable (if known by PatientFi and allowed by law). The Provider hereby expressly grants PatientFi a world-wide, perpetual, royalty-free and irrevocable exclusive license to use such Aggregate Data for use in PatientFi's business operations, including, without limitation, incorporation into financial models, marketing materials and other products and services. Promptly after termination or nonrenewal of this Master Provider Agreement the Provider shall return to PatientFi, and delete and erase from the Provider's systems, all Confidential Information of the PatientFi relating to this Master Provider Agreement and, within 30 days after such termination or non-renewal, where requested by PatientFi, the Provider shall certify in writing to PatientFi that all such Confidential Information has been returned to PatientFi and deleted and erased from the Provider's systems.
(d) Injunctive Relief. In the event of a breach by the Receiving Party of any of its obligations regarding confidential and information security under this Master Provider Agreement, the Disclosing Party shall have, in addition to any other rights and remedies available at law or in equity, the right to seek interim, interlocutory and permanent injunctive relief without the necessity of proving either actual damage or that any irreparable harm would or might result from a failure to obtain such injunctive relief, it being acknowledged and agreed by all parties hereto that any such breach will cause irreparable harm to the Disclosing Party and that monetary damages, alone, will not provide an adequate remedy (provided, that no provision of this Master Provider Agreement shall preclude the Disclosing Party from seeking and collecting monetary damages).
REPRESENTATIONS, WARRANTIES, COVENANTS, AND OTHER OBLIGATIONS
7. ADDITIONAL REPRESENTATIONS, WARRANTIES AND AGREEMENTS OF THE PRACTICE.
(a) The Provider represents and warrants to PatientFi as of the Effective Date of this Agreement, the date of each Loan Agreement and Patient Contract, as applicable, and in each instance in which the Provider accesses the Services that: (i) the Provider and/or each physician, surgeon or medical professional performing healthcare services on behalf of the Provider is duly licensed by and in good standing with all applicable medical licensing and oversight bodies; (ii) the Provider and any physicians or healthcare professionals working in the Provider and performing Procedures have obtained and will maintain at all times, before undertaking any act for which registration or licensure is required, all required registrations, licenses, certifications, surety bonds, security deposits, and insurance required by applicable law in any location where located and where providing or performing Procedures; (iii) the Provider has had the benefit of counsel in reviewing this Agreement and the obligations of the Provider created hereby and in connection with the origination of Credit Products; (iv) information provided by the Provider to PatientFi, which it used and will continue to use for permitting access to the System and Services, is true, correct and complete in all respects; and (v) the Provider read, understands and will comply with the terms and conditions of this Agreement.
(b) If the Provider is a business organization, the Provider warrants and represents it is validly existing and in good standing in the state of its formation and that it is duly qualified or domesticated and in good standing in each jurisdiction where such is necessary or advisable. The Provider warrants the execution and delivery of this Master Provider Agreement and all other documents delivered or to be delivered to PatientFi hereunder or to which the Provider is a party, have been duly authorized and, upon execution and delivery, such documents constitute or will constitute the Provider's obligations, binding upon and enforceable against the Provider in accordance with their respective terms. The Provider's execution and delivery of this Master Provider Agreement shall not result in a breach of any other agreement binding upon the Provider. PatientFi shall be entitled to assume the person who signs any document required or contemplated hereunder on behalf of the Provider is authorized to do so. The Provider represents, warrants and covenants it will carry on its business in a lawful manner at all times.
(d) The Provider agrees that it will adhere to all applicable rules of the National Automated Clearing House Association ("NACHA Rules") as they apply to origination of ACH entries (as defined in the NACHA Rules).
(e) The Provider will comply with all applicable laws in connection with the marketing and origination of all Loan Agreement and Patient Contract, as applicable, and that it will comply with all Compliance Guidelines provided by PatientFi through the System, which PatientFi shall develop, control and amend in its sole discretion pursuant to the terms of this Master Provider Agreement.
8. THE PRACTICE'S PAYMENT OBLIGATIONS
(a) If the Provider cancels a scheduled Procedure, or if the Provider fails to notify PatientFi through the System of the satisfactory and timely performance of a Procedure within four (4) business days after the originally scheduled Procedure date in connection with Loan Agreements for which the Provider already received any Loan proceeds, then the Provider must refund all the Loan proceeds it received without recourse from PatientFi. In any such event, the Provider authorizes PatientFi, immediately and without advance notice, to initiate an ACH debit entry in an amount equal to all the Loan proceeds originally delivered to the Provider and charging such amount to the same deposit account into which PatientFi originally credited payment for the applicable Loan Agreement. If, for any reason, PatientFi is unable to obtain payment in full of the Loan proceeds it delivered to Provider after initiating any such ACH debit entry, then the Provider must complete any such refund and make payment to PatientFi for all the Loan proceeds it received within ten (10) calendar days after PatientFi’s notification and demand for the Provider to do so.
(b) If any payment due under a Loan Agreement is not made when due and Patient asserts a defense or counterclaim that relates to the date on which the Procedure services were actually performed or provided by the Provider, or the accuracy of the Amount Financed shown in the Loan Agreements for the Procedure, then the Provider shall refund all the Loan proceeds originally delivered to the Provider without recourse from PatientFi, unless PatientFi determines, in its sole discretion and after reasonable investigation, that any such defense or counterclaim is groundless or asserted in bad faith. PatientFi shall be under no obligation to conduct such an investigation and may demand that the Provider refund all the Loan proceeds it received based solely upon the Patient’s assertion of the defense or counterclaim. The Provider shall complete any such refund within 10 calendar days of PatientFi's notification to the Provider for an amount equal to the unpaid balance of the Amount Financed times the rate of Fractional Interest.
(c) If PatientFi determines that a Loan Agreement has been incorrectly, improperly, or fraudulently completed or executed, or that a document to be delivered or action to be taken by the Provider under Agreement or any Loan Agreement was incorrect or incomplete, and PatientFi requests the Provider to take any lawful remedial action with respect thereto (including in appropriate cases obtaining a replacement or corrected Loan Agreement or other document), the Provider shall, within 10 calendar days of PatientFi's notification to the Provider, either comply with such request or refund all the Loan proceeds it received without recourse to PatientFi for an amount equal to the unpaid balance of the Amount Financed times the rate of Fractional Interest.
(d) Regardless of any contributory action, inaction, negligence or liability by PatientFi and regardless of whether any judgment or other judicial or other determination has been made in connection therewith, the Provider agrees to save, indemnify and hold PatientFi harmless to the full extent of any and all liabilities, settlements, fines, penalties, judgments, awards, fees (including but not limited to attorney's fees), expenses and/or costs which may be incurred or expended by PatientFi in connection with any claim (including any counterclaim or holder in due course allegation), demand, administrative proceeding, arbitral proceeding or lawsuit of any nature whatsoever (“Claim”) which may be directed to or asserted or brought against PatientFi or to which PatientFi may be made a party arising directly or indirectly out of: (i) disclosures made in a Loan Agreement about the date on which a Procedure was actually performed or provided and the accuracy of the Amount Financed shown in the Loan Agreement for a Procedure; and (ii) any alleged or actual fraud or intentional misrepresentations made or allegedly made by any employee or representative of the Provider. PatientFi shall be entitled to engage separate counsel of PatientFi's choice, to control and determine without the Provider's consent all aspects of the conduct, defense, and/or settlement of the matter, and to be promptly reimbursed by the Provider within 15 calendar days of demand for all amounts incurred or expended by PatientFi in connection therewith.
(e) Upon the occurrence of a Claim, PatientFi may, in its sole discretion, require the Provider refund all the Loan proceeds it received relating to such Claim. Such refund shall be made within 10 calendar days of PatientFi's notification to the Provider for an amount equal to the unpaid balance of the Amount Financed times the rate of Fractional Interest.
9. PURCHASE AND SALE OF PATIENT CONTRACTS
If the Provider elects to offer Patient Contracts to patients as a payment option, the Provider agrees to all rights, obligations, representations, warranties and covenants included in the Patient Contract Purchase and Sale Addendum attached hereto and incorporated by reference herein as well as to comply with all associated Operating Procedures related to Patient Contracts provided by PatientFi.
10. FINANCIAL INFORMATION OF THE PRACTICE
If PatientFi reasonably determines that a Default of this Master Provider Agreement by the Provider has occurred or is likely to occur, or that a Provider employee or representative has committed or attempted fraud affecting PatientFi or a Loan Agreement and/or Patient Contract, as applicable, or that there has been a material deterioration in the Provider’s financial condition, then the Provider shall promptly provide financial information and documents requested by PatientFi as to the Provider's business, properties, officers, and operations. The Provider warrants that none of the financial information and documents submitted at any time to PatientFi shall contain any untrue statement of fact or omit any material fact necessary to make the statements contained therein and herein not misleading.
11. THE PRACTICE'S RECORDS; INSPECTION BY PATIENTFI
The Provider shall maintain complete and accurate records concerning the sale of each Procedure. If PatientFi reasonably determines a breach of this Master Provider Agreement by the Provider has occurred or is likely to occur, or that a Provider employee or representative has committed or attempted fraud affecting PatientFi, a Loan Agreement or Patient Contract, as applicable, then the Provider shall promptly: (a) provide copies of records of such Procedure(s) to PatientFi upon its request; and (b) permit PatientFi and its representatives to inspect the Provider's books and records relating to such Procedure(s) and to make extracts from them at all reasonable times.
12. TERM AND TERMINATION
The Agreement term shall begin as of the Effective Date and continue in full force and effect for a period of twelve (12) months, unless earlier terminated in accordance with this Section. The Agreement shall be renewed for successive terms of 12 months each without further action by the Parties but may be terminated by either Party after it gives a 30-day advance written notice of termination to the other Party. Such termination under this Section 13 shall not release the Provider from any obligations of payment or performance under this Master Provider Agreement, nor shall termination of this Master Provider Agreement cancel or limit the exercise by PatientFi of rights and remedies authorized by this Master Provider Agreement and/or by applicable law. The Provider agrees to waive any and all claims for damages against PatientFi and its representatives, including but not limited to loss of anticipated profits, resulting from such termination.
During the term of this Service Agreement, the Provider grants to PatientFi the right to identify the Provider as a user of the Program.
The Provider may only use PatientFi's trademarks, trade names, service marks and/or logos (collectively "Trademarks") with PatientFi's prior written approval for each specific use. Nothing in this Master Purchase Agreement will grant to the Provider any right, title or interest in the Trademarks of or any goodwill arising from use of the Trademarks. The Provider agrees not to challenge the validity of or attempt to register any of the Trademarks of PatientFi. The Provider agrees not to adopt any derivative or confusingly similar trademarks, brands or marks or create any combination marks with any Trademarks. If given written approval, the Provider will use the Trademarks only in accordance with PatientFi's Trademark usage policies as such may be in effect from time to time and only in accordance with the provision of the terms of this Web Agreement or the Service Agreement. If, at any time, PatientFi believes the use of its Trademarks by the Provider fails to otherwise comply with its Trademark usage guidelines, PatientFi shall so notify the Provider in writing. Upon receipt of such notification, the Provider shall immediately initiate steps to conform to the Trademark usage guidelines and shall affect such conformance or cure as promptly as possible and in any event within 15 days.
15. LEGAL Disclaimer
The Provider agrees and acknowledges that none of the System-generated documents, training sessions, usage guides, Operating Procedures, Compliance Guidelines, codicils of this Master Provider Agreement or any and all other information provided to the Provider in support of the System should be construed or considered as legal advice. The Provider is encouraged to contact qualified legal counsel in regard to any questions or concerns over the use of the System or other recommended best practices and any liabilities which could arise from the use of the System and/or the effect of any applicable Federal or State Laws, including but not limited to those regarding the maximum finance charges and other charges, fees and costs chargeable by the Provider and the Provider's warranty obligations. PatientFi hereby asserts and the Provider agrees that PatientFi shall bear no liability whatsoever in regard to the Provider's use of any and all information and materials provided with respect to the use of the System.
The Provider shall have defaulted and be in default under this Master Provider Agreement ("Default") if: (a) Provider fails to perform, observe or comply with any covenant or provision in this Master Provider Agreement; or (b) any representation or warranty made by the Provider in this Master Provider Agreement or in connection with any Loan Agreement and/or Patient Contract, as applicable, is false or incorrect in any material respect; or (c) the Provider fails to perform promptly any of its Payment Obligations; or (d) the Provider becomes insolvent or admits in writing its inability to pay its debts as they mature; or (e) any petition is filed or proceeding commenced by or against the Provider under any bankruptcy or insolvency law.
17. PATIENTFI'S REMEDIES ON DEFAULT
If the Provider is in Default under this Master Provider Agreement, PatientFi may, in its sole discretion, take any action stated in the Agreement and any other action allowed by law. No remedy of PatientFi shall be exhausted by the initial exercise thereof, but rather PatientFi may exercise all remedies from time to time and as often as PatientFi in its judgment may deem desirable, including by terminating, at PatientFi's sole option, any or all of the obligations of PatientFi under this Master Provider Agreement, provided however that, upon the occurrence of an event described in Section 17(d) or (e) of this Master Provider Agreement, such termination shall be automatic and without any action on the part of PatientFi. If the Provider is in Default under this Master Provider Agreement, PatientFi may also exercise any or all of its rights and remedies against the Provider under any other agreement between the Provider and PatientFi, or as otherwise available to PatientFi at law or in equity without notice to the Provider except as required by law. Any amounts owed to PatientFi under this Master Provider Agreement that are not paid when due shall bear interest from date due until paid at the maximum rate of interest permitted by applicable law.
(a) PatientFi’s Indemnification of the Provider. PatientFi agrees to defend and hold harmless the Provider and its Affiliates, and each of their officers, directors, employees, successors, assigns (each, a "Provider Indemnified Party"), from and against any claim by a third party (each a "Claim"), to the extent such Claim alleges the System, the Program or the Services, when used as contemplated hereby and in accordance with any documentation or instructions provided by PatientFi violates any consumer protection or other similar law, rule or regulation relating to the Credit Products and the origination or servicing thereof (each a "Covered Claim"). PatientFi agrees to indemnify the Provider Indemnified Party from any losses, costs, and expenses of any kind including, without limitation to the extent permitted by law, reasonable attorneys’ fees, incurred or suffered by the Provider Indemnified Party in connection with a Covered Claim. PatientFi's obligation to indemnify, defend and hold harmless any Provider Indemnified Party is contingent upon and subject to: (a) the Provider's prompt written notification to PatientFi of any Claim thought to be a Covered Claim and, where permissible by law, details thereof; (b) the Provider and the Provider Indemnified Party's reasonable assistance in the defense or settlement of the Covered Claim; and (c) the Provider Indemnified Party's not making any admission prejudicial to the defense of the Covered Claim. PatientFi shall have no obligation to indemnify a Provider Indemnified Party or pay any amount in compromise or settlement of any Claim negotiated by the Provider or a Provider Indemnified Party without the notification to and approval by PatientFi as required by the preceding sentence. In any event, the Provider, for itself and each Provider Indemnified Party, agrees to take all reasonable steps to mitigate any Covered Claim and any amounts subject to indemnity hereunder. PatientFi's total, aggregate liability under this Section for any and all Covered Claims hereunder shall in no event exceed the total amount of fees the Provider paid to PatientFi hereunder in the twelve-month period immediately prior to the event or action giving rise to the Covered Claim(s). PatientFi shall have no liability for damages in the form of fines or penalties imposed on the Provider or any Provider Indemnified Party by a federal or state regulatory agency during the term of this Agreement arising from or relating to (i) fraud, willful misconduct or gross neglect on the part of the Provider, any Provider Indemnified Party or any patient of the Provider, and (ii) invalid or incorrect data input into the System by the Provider, any Provider Indemnified Party or any patient of the Provider.
(b) The Provider’s Indemnification of PatientFi. The Provider agrees to indemnify, hold harmless and defend PatientFi and its owners, officers, directors, employees, agents, representatives and service providers from any and all loss, damages and expenses, including reasonable attorneys’ fees, arising from any claim, action, proceeding, investigation or otherwise in connection with the Provider’s failure to obtain patient consent for the disclosure of Protected Consumer Information via the System and the Services.
(c) Mutual Indemnification. In addition to PatientFi's Indemnification of the Provider, each Party shall indemnify and hold the other harmless for any losses, claims, damages, awards, penalties, or injuries incurred by any third party, including reasonable attorney's fees, which arise from any alleged breach of such indemnifying Party’s representations, warranties and covenants made under this Agreement, provided that the indemnifying Party is promptly notified of any such claims. The indemnifying Party shall have the sole right to defend such claims at its own expense. The other Party shall provide, at the indemnifying Party’s expense, such assistance in investigating and defending such claims as the indemnifying Party may reasonably request. This indemnity shall survive the termination of this Agreement.
19. LIMITATION OF LIABILITY
(a) Limitation of Liability. SUBJECT TO THE LIMITATIONS AND EXCLUSIONS SET FORTH IN THIS SECTION 20 AND, WITH RESPECT TO PATIENTFI’S INDEMNIFICATION OBLIGATIONS IN SECTION 19, THE TOTAL, AGGREGATE LIABILITY OF PATIENTFI FOR ANY AND ALL CLAIMS HEREUNDER FOR ANY REASON SHALL BE LIMITED TO DIRECT DAMAGES NOT TO EXCEED ONE THOUSAND DOLLARS ($1,000.00). EXCEPT AS PROVIDED ELSEWHERE IN THIS AGREEMENT, IN NO EVENT SHALL EITHER PARTY BE LIABLE TO THE OTHER PARTY FOR ANY SPECIAL, INCIDENTAL, INDIRECT, CONSEQUENTIAL, PUNITIVE, OR EXEMPLARY DAMAGES OF ANY KIND, INCLUDING, WITHOUT LIMITATION, THOSE RESULTING FROM INTERRUPTION OF USE, LOSS OF DATA, THE UNAUTHORIZED ACCESS TO OR THE MISAPPROPRIATION OF ANY CONTENT MADE AVAILABLE ON OR THROUGH THE SYSTEM, OR LOST PROFITS ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT OR USE OF THE PROGRAM AND THE SYSTEM. THIS LIMITATION APPLIES WHETHER THE ALLEGED LIABILITY IS BASED ON CONTRACT, TORT, NEGLIGENCE, STRICT LIABILITY, OR ANY OTHER BASIS, EVEN IF PATIENTFI OR THE PROVIDER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
(b) Disclaimer of Consequential Damages. IN NO EVENT WILL EITHER PARTY BE LIABLE TO THE OTHER PARTY OR ANY THIRD PARTY (WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE) OR OTHERWISE) FOR ANY LOSS OF PRODUCTION, LOSS OR CORRUPTION OF DATA, LOSS OF PROFITS OR OF CONTRACTS, LOSS OF BUSINESS OR OF REVENUES, LOSS OF OPERATION TIME, WASTED MANAGEMENT TIME, LOSS OF GOODWILL OR REPUTATION, IN EACH CASE WHETHER CAUSED DIRECTLY OR INDIRECTLY, OR TO GIVE AN ACCOUNT OF PROFITS TO THE PRACTICE OR ANY THIRD PARTY, OR FOR ANY INDIRECT, INCIDENTAL, EXEMPLARY, SPECIAL, PUNITIVE OR CONSEQUENTIAL LOSS, DAMAGE, COST OR EXPENSE WHATSOEVER AND WHETHER OR NOT SUCH PARTY HAS BEEN ADVISED OF THEIR POSSIBILITY.
(c) Limitations Generally. EXCEPT TO THE EXTENT OF SUCH LIABILITY AS CANNOT BE EXCLUDED BY LAW, THE FOREGOING LIMITATIONS AND DISCLAIMERS APPLY TO ALL CAUSES OF ACTION IN THE AGGREGATE, INCLUDING WITHOUT LIMITATION TO BREACH OF CONTRACT, BREACH OF WARRANTY, NEGLIGENCE, STRICT LIABILITY, MISREPRESENTATIONS, AND OTHER TORTS. EACH OF THE PARTIES ACKNOWLEDGES THAT IT UNDERSTANDS THE LEGAL AND ECONOMIC RAMIFICATIONS OF THE FOREGOING LIMITATIONS, AND THAT THE FOREGOING LIMITATIONS FORM AN ESSENTIAL PART OF THE AGREEMENT OF THE PARTIES.
(d) PatientFi’s Liability to the Provider. PatientFi shall have no liability to the Provider for any action taken or omitted to be taken under or in connection with this Master Provider Agreement, other than as a direct result of PatientFi's gross negligence or willful misconduct.
(e) Provider’s Liability to PatientFi. Provider and the Affiliates listed on Schedule 1 attached hereto, shall be jointly and severally liable to PatientFi for any breach of Provider’s obligations under this Agreement, and each Affiliate agrees to be bound by the terms and conditions set forth in this Agreement.
(f) Time Limit. No action, regardless of form, arising out of this Master Provider Agreement may be brought by either Party more than one (1) year after that Party knew or should have known of the event which gave rise to the cause of action.
20. AGREEMENT FOR REPAYMENT OF ADVANCES
The Provider appoints and designates PatientFi as a limited purpose agent for and attorney-in-fact of the Provider, solely for the purpose of receiving Loan proceeds from third party lenders due to the Provider and then remitting or applying such amounts as agreed or directed by the Provider. PatientFi may, in its sole discretion from time to time, advance Loan proceeds due to the Provider from third party lenders before final settlement and collection of such Loan proceeds by PatientFi. The Provider agrees that PatientFi, after receiving final settlement and collection of Loan proceeds due to the Provider, may setoff and apply such Loan proceeds, first to pay all amounts due and owing to PatientFi for such advances, before remitting the balance of such Loan proceeds to the Provider.
21. BINDING AGREEMENT; ASSIGNMENT AND DELEGATION
The Provider understands and agrees that this Agreement is assignable and delegable by PatientFi, in whole or in part, by operation of law or otherwise, at any time and without prior notice to or express consent from the Provider. This Service Agreement may not be assigned or delegated by the Provider without the prior written consent of PatientFi. This Service Agreement shall be binding upon and inure to the benefit of PatientFi and the Provider and their respective successors and assigns, to the extent permitted by the Service Agreement.
All notices required or permitted to be given hereunder in writing and shall be deemed to have been given when personally delivered or mailed, by certified or registered mail, return receipt requested, addressed to the intended recipient as follows: (1) notices to PatientFi shall be sent to 530 Technology Drive, Suite 350, Irvine, CA 92618, or such other notification address as PatientFi may specify in writing to the Provider after the Effective Date; and (2) notices to the Provider shall be sent to the address specified in the area signed by its duly authorized representative, or such other notification address as the Provider may specify in writing to PatientFi after the Effective Date.
23. CHOICE OF LAW, VENUE
This Agreement shall be governed and construed under and in accordance with the laws of the State of Delaware, without regard to its conflicts of law provisions. All obligations of the Parties created in this Service Agreement are performable in Orange County, California, and the Parties agree that venue shall be exclusively in the State and Federal courts located in Orange County, California.
The Parties agree all claims, disputes, disagreements, or controversies between them, including those, relating to or arising under this Service Agreement, including, without limitation, contract and tort disputes and claims for breach of fiduciary duties, shall be arbitrated pursuant to the Commercial Arbitration Rules of the American Arbitration Association in effect at the time the claim is filed, upon request of either Party, and that judgment upon any award rendered by any arbitrator may be entered in any court having jurisdiction. The Parties further agree that nothing in this Section shall preclude any Party from seeking equitable relief from a court of competent jurisdiction; the statute of limitations, estoppel, waiver, laches, and similar doctrines which would otherwise be applicable in an action brought by a Party shall be applicable in any arbitration proceeding; the commencement of an arbitration proceeding shall be deemed the commencement of an action for these purposes; and the Federal Arbitration Act shall apply to the construction, interpretation, and enforcement of this arbitration provision.
25. WAIVER OF JURY TRIAL
EACH PARTY HEREBY IRREVOCABLY WAIVES ALL RIGHT TO TRIAL BY JURY IN ANY ACTION (WHETHER BASED ON CONTRACT, TORT OR OTHERWISE) ARISING OUT OF OR RELATING TO THIS SERVICE AGREEMENT OR THE ACTIONS OF SUCH PARTY IN THE NEGOTIATION, ADMINISTRATION, PERFORMANCE AND ENFORCEMENT HEREOF.
26. DISCLAIMER OF WARRANTIES
THE PROGRAM AND ALL CONTENT AND MATERIALS, INCLUDING, WITHOUT LIMITATION, THE SYSTEM, ARE PROVIDED "AS IS" AND "AS AVAILABLE," WITHOUT ANY WARRANTIES OR INDEMNITIES OF ANY KIND. PATIENTFI EXPRESSLY DISCLAIMS ALL WARRANTIES OF ANY KIND, WHETHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTIES CONCERNING THE AVAILABILITY, ACCURACY, APPROPRIATENESS, RELIABILITY OR TIMELINESS OF THE SYSTEM AND ALL CONTENT; OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON- INFRINGEMENT; THAT ANY DEFECTS OR ERRORS WILL BE CORRECTED; THAT UNAUTHORIZED ACCESS TO OR MISAPPROPRIATION OF THE SYSTEM WILL NOT OCCUR; OR THAT THE SYSTEM IS FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS. THE PRACTICE'S USE OF THE SYSTEM IS SOLELY AT THE PRACTICE'S RISK.
The Provider hereby releases PatientFi and its present and former officers, directors, agents, managers, members, investors, partners, employees, shareholders, fiduciaries, parents, affiliates, subsidiaries, divisions, legal representatives, predecessors, estates, trusts, executors, successors and assigns and all persons (natural, corporate or otherwise) in privity with PatientFi or any of them from all claims, demands and damages (actual and consequential) of every kind and nature, disclosed or undisclosed, known and unknown, suspected and unsuspected, in any way arising out of or in connection with the medical or dental services and goods that are financed by a Loan Agreement or Patient Contract, as applicable.
28. PARTIES BOUND; LIMITED AGENCY; INDEPENDENCE
This Master Provider Agreement shall be binding on and inure to the benefit of the Parties and their respective heirs, executors, administrators, legal representatives, successors, and assigns. The Provider appoints and designates PatientFi as a limited purpose agent for and attorney-in-fact of the Provider, solely for the purpose or receiving Loan proceeds from third party lenders due to the Provider and then remitting or applying such amounts as agreed or directed by the Provider. For all purposes under this Master Provider Agreement, each Party shall be and act as an independent contractor of the other Party and shall not bind or attempt to bind the other Party in any way. No agency, partnership, joint venture, employer-employee or franchisor-franchisee relationship is intended or created by this Service Agreement, except to the extent otherwise expressly set forth in this subsection.
29. LEGAL CONSTRUCTION
In any case any one or more of the provisions contained in this Service Agreement shall for any reason be held to be invalid, illegal, or unenforceable in any respect, the invalidity, illegality, or unenforceability shall not affect any other provision in this Agreement and this Agreement shall be construed as if the invalid, illegal, or unenforceable provision had never been contained in it.
30. FORCE MAJEURE
In the event that either Party shall be prevented from performing its obligations under the Agreement due to governmental or administrative prohibitions, labor difficulties, acts of God, acts of public enemy, riot, accidents, breakdown of equipment, weather conditions, delivery interruptions, or other causes beyond such Party’s control, the Party so prevented shall, upon notice to the other Party, be thereafter released from its obligations so long as such causes shall continue.
31. PRIOR AGREEMENTS SUPERSEDED
This Master Provider Agreement constitutes the sole and only agreement of the Parties and supersedes any prior understandings or written or oral agreements between the Parties respecting the subject matter of this Agreement.
32. MODIFICATION AND AMENDMENT
This Master Provider Agreement, all exhibits and documents attached hereto and incorporated by reference herein, including but not limited to the Program Fee, may be amended by PatientFi by providing written or electronic notice to the Provider. The Provider’s continued participation in the Program for new Applications after the effective date of any such modification will constitute the Provider’s acceptance of the modified terms and the Provider’s agreement to be bound by such modifications. If the Provider does not want to accept such modifications, it must not submit any Applications subsequent to such effective date and must advise PatientFi in writing of its decision. Notwithstanding the foregoing, modifications to this Agreement that are applicable only to the Provider and not generally to other participants in the Program shall not be effective unless provided to the Provider in writing and agreed to by the Provider, either in writing or by its continued participation in the Program.
33. DEFINED TERMS
This Master Provider Agreement shall be subject to the terms defined in Exhibit B attached hereto and incorporated by reference herein.
34. ELECTRONIC SIGNATURES; ELECTRONIC RECORDS
The Parties acknowledge and agree that an electronic signature, including a signature by facsimile, is equivalent to and has the same force and effect as an original signature. No strikeouts, interlineations, additions or modification to this Service Agreement may be made and this Service Agreement may be transmitted to or from PatientFi and/or retained electronically by PatientFi and electronic copies will constitute an original.
35. NOTICE OF NEW AFFILIATE
Provider shall provide PatientFi not less than 90 days’ notice for the onboarding of any new Affiliate who will be using the Services, and the parties agree to execute a written amendment to this Agreement adding any new Affiliate to Schedule 1.
BUSINESS ASSOCIATE AGREEMENT
This BUSINESS ASSOCIATE AGREEMENT (“Business Associate Agreement” or “BAA”) is attached to and incorporated as part of the Provider Agreement by and between PatientFi, LLC (“PatientFi” or “Business Associate”) and [______________________________] (the “Provider” or “Covered Entity”), effective as of [ ] (the “Effective Date”). PatientFi and the Provider are each a "Party" and together they are the "Parties" in the Business Associate Agreement. This Business Associate Agreement may be amended from time to time, in accordance with its terms. Capitalized terms used but not otherwise defined by this Business Associate Agreement shall have the same meaning as in the Provider Agreement or other referenced agreements that make up the Provider Agreement.
The Business Associate will, from time to time, provide certain services for Covered Entity that involve the use and disclosure of Protected Health Information that is created or received by Business Associate from or on behalf of Covered Entity. The Parties are committed to complying with the Standards for Privacy of Individually Identifiable Health Information, 45 CFR Part 160 and Part 164, Subparts A and E as amended from time to time (the “Privacy Rule”), and with the Security Standards, 45 CFR Part 160 and Part 164, Subparts A and C as amended from time to time (the “Security Rule”), under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), as amended by the Health Information Technology for Economic and Clinical Health Act and its implementing regulations (“HITECH”). This BAA sets forth the terms and conditions pursuant to which Protected Health Information, and, when applicable, Electronic Protected Health Information (“EPHI”), shall be handled.
(1) Definitions. Terms used but not otherwise defined by this BAA or the Service Agreement shall have the same meaning as those terms in HIPAA, the Privacy Rule, the Security Rule and HITECH. Examples of specific definitions:
(a) Individual. "Individual" shall have the same meaning as the term "individual" in 45 CFR 160.103 and shall include a person who qualifies as a personal representative in accordance with 45 CFR § 164.502(g).
(b) Protected Health Information. "Protected Health Information" shall have the same meaning as the term "protected health information" in 45 CFR 160.103, limited to the information created or received by Business Associate from or on behalf of Covered Entity.
(c) Required By Law. "Required By Law" shall have the same meaning as the term "required by law" in 45 CFR § 164.103.
1. Secretary. "Secretary" shall mean the Secretary of the Department of Health and Human Services or his or her designee.
(2) Obligations of Business Associate.
(a) Business Associate agrees to not use or disclose Protected Health Information other than as permitted, required by this BAA, or Required by Law.
(b) Business Associate agrees to use appropriate safeguards to prevent use or disclosure of the Protected Health Information other than as provided for by this BAA.
(c) Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of Protected Health Information by Business Associate in violation of the requirements of this BAA.
(d) Business Associate agrees to report to Covered Entity: (i) any use or disclosure of the Protected Health Information not provided for by this BAA of which it becomes aware; and (ii) any Breach of unsecured Protected Health Information as specified by 45 CFR 164.410.
(e) Business Associate agrees to provide access, at the request of Covered Entity, to Protected Health Information in a Designated Record Set, to Covered Entity or, as directed by Covered Entity, to an Individual.
(f) Business Associate agrees to make any amendment(s) to Protected Health Information in a Designated Record Set that the Covered Entity directs or agrees to pursuant to 45 CFR § 164.526 at the request of Covered Entity or an Individual.
(g) Business Associate agrees to make its internal practices, books, and records relating to the use and disclosure of Protected Health Information received from, or created or received by Business Associate available to the Covered Entity, or to the Secretary, or to a person designated by the Secretary, for purposes of the Secretary determining Covered Entity's compliance with the Privacy Rule or Security Rule.
(h) Business Associate agrees to document such disclosures of Protected Health Information and information related to such disclosures as would be required for Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR § 164.528.
(i) Business Associate agrees to provide to Covered Entity information to permit Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR § 164.528.
(3) Additional Responsibilities of Business Associate with Respect to EPHI. In the event that Business Associate has access to EPHI, in addition to the other requirements set forth in this BAA relating to Protected Health Information, Business Associate shall:
(a) implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of EPHI that Business Associate creates, receives, maintains, or transmits on behalf of Covered Entity as required by 45 C.F.R. Part 164, Subpart C;
(b) ensure that any subcontractor or agent to whom Business Associate provides any EPHI agrees in writing to implement reasonable and appropriate safeguards to protect such EPHI; and
(c) report to the privacy officer of Covered Entity, in writing, any Security Incident involving EPHI of which Business Associate becomes aware within ten (10) business days of Business Associate’s discovery of such Security Incident. For purposes of this Section, a Security Incident shall mean (consistent with the definition set forth at 45 C.F.R. § 164.304), the attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or interference with systems operations in an information system.
(4) Permitted Uses and Disclosures by Business Associate. Except as otherwise limited in this BAA, Business Associate may use or disclose Protected Health Information to perform functions, activities, or services for, or on behalf of, Covered Entity as specified, provided that such use or disclosure would not violate the Privacy Rule if done by Covered Entity or the minimum necessary policies and procedures of the Covered Entity.
(5) Obligations of Covered Entity.
(a) Covered Entity agrees to not use or disclose Protected Health Information other than as permitted, required by this BAA, or Required by Law;
(b) Covered Entity shall provide Business Associate a copy of Covered Entity’s notice of privacy practices (“Notice”) currently in use;
(c) Covered Entity shall notify Business Associate of any limitation(s) in its Notice in accordance with 45 CFR § 164.520, to the extent that such limitations may affect Business Associate's use or disclosure of Protected Health Information.
(d) Covered Entity shall notify Business Associate of any changes to the Notice that Covered Entity provides to individuals pursuant to 45 C.F.R. § 164.520, to the extent that such changes may affect Business Associate’s use or disclosure of Protected Health Information;
(e) Covered Entity shall notify Business Associate of any changes in, or withdrawal of, the consent or authorization of an individual regarding the use or disclosure of Protected Health Information provided to Covered Entity pursuant to 45 C.F.R. § 164.506 or § 164.508, to the extent that such changes may affect Business Associate’s use or disclosure of Protected Health Information; and
(f) Covered Entity shall notify Business Associate in writing and in a timely manner, of any restriction to the use or disclosure of Protected Health Information that Covered Entity has agreed to in accordance with 45 CFR § 164.522, to the extent that such restriction may affect Business Associate's use or disclosure of Protected Health Information.
(6) Subsidiaries, Affiliates, Subcontractors.
(a) Subsidiaries and Affiliates. Business Associate has entered into this BAA on behalf of itself, and its current and future subsidiaries and affiliates, each of which shall be bound hereunder as is Business Associate. Business Associate shall enter into and keep in force with each subsidiary and affiliate, a contract similar in form and format to this BAA so as to provide Covered Entity with the same agreements, assurances, rights and protections with respect to those subsidiaries and affiliates as Covered Entity has with respect to Business Associate.
(b) Subcontractors. Business Associate shall enter into and keep in force with each agent and subcontractor whose functions require access to Protected Health Information, a contract similar in form and format to this BAA so as to provide Covered Entity with the same agreements, assurances, rights and protections with respect to those agents and subcontractors as Covered Entity has with respect to Business Associate.
(c) Support for Covered Entity’s Functions. The Privacy Rule permits the Business Associates of Covered Entity to provide Protected Health Information to the Covered Entity’s other Business Associates, agents and subcontractors when and where necessary to support Covered Entity in its “Treatment, Payments and Operations” functions, as those are defined in the Privacy Rule, and to make other uses and disclosures in support of Covered Entity where such use or disclosure would be permitted to Covered Entity by the Privacy Rule. Business Associate agrees to limit the use and disclosure of Protected Health Information among its subsidiaries, affiliates and subcontractors to such permitted uses and disclosures.
(7) Permissible Requests by Covered Entity. Covered Entity shall not request Business Associate to use or disclose Protected Health Information in any manner that would not be permissible under the Privacy Rule if done by Covered Entity.
(8) Term and Termination.
(a) Term. The Term of this BAA shall be effective as of the acceptance date hereof, and shall terminate when all of the Protected Health Information provided by Covered Entity to Business Associate, or created or received by Business Associate on behalf of Covered Entity, is destroyed or returned to Covered Entity, or, if it is unpractical to return or destroy Protected Health Information, protections are extended to such information, in accordance with the termination provisions in this Section.
(i) Either Covered Entity or Business Associate may terminate this BAA and any related agreements if the terminating Party determines in good faith that the terminated Party has breached a material term of this BAA; provided, however, that no Party may terminate this BAA if the breaching Party cures such breach to the reasonable satisfaction of the terminating Party within thirty (30) business days after the breaching Party’s receipt of written notice of such breach.
(ii) If neither termination nor cure are feasible, the terminating Party shall report the violation to the Secretary.
(iii) Covered Entity may terminate this BAA at any time and for any reason, after giving Business Associate (10) ten days written notice.
(b) Effect of Termination.
(i) Upon termination of this BAA, Business Associate shall return, destroy, or continually protect and cease any use of all Protected Health Information received from Covered Entity, or created or received by Business Associate on behalf of Covered Entity. This provision shall apply to Protected Health Information that is in the possession of subcontractors or agents of Business Associate.
(ii) Upon termination of this BAA, Covered Entity agrees to continually protect all Protected Health Information received by or created by Business Associate and follow all regulations Required By Law.
(a) Regulatory References. A reference in this BAA to a section in HIPAA, HITECH, the Privacy Rule or the Security Rule means the section as in effect or as amended.
(b) Amendment. This BAA may not be modified or amended, except in a writing duly signed by authorized representatives of the Parties. To the extent that any relevant provision of HIPAA or HITECH is materially amended in a manner that changes the obligations of Business Associates or Covered Entities, the Parties agree to negotiate in good faith appropriate amendment(s) to this BAA to give effect to the revised obligations. Further, no provision of this BAA shall be waived, except in a writing duly signed by authorized representatives of the Parties. A waiver with respect to one event shall not be construed as continuing, or as a bar to or waiver of any right or remedy as to subsequent events.
(c) Survival. The respective rights and obligations of Business Associate and Covered Entity under "Effect of Termination" and “Survival” above shall survive the termination of this BAA.
(d) Interpretation. Any ambiguity in this BAA shall be resolved to permit Covered Entity to comply with the Privacy Rule.
(e) LIMITATION OF LIABILITY. NO PARTY SHALL BE LIABLE TO ANY OTHER PARTY FOR ANY INCIDENTAL, CONSEQUENTIAL, SPECIAL, OR PUNITIVE DAMAGES OF ANY KIND OR NATURE, WHETHER SUCH LIABILITY IS ASSERTED ON THE BASIS OF CONTRACT, TORT (INCLUDING NEGLIGENCE OR STRICT LIABILITY), OR OTHERWISE, EVEN IF THE PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH LOSS OR DAMAGES
(1) "Affiliate" means a person or entity that directly or indirectly controls, is controlled by, or is under common ownership or control with the Provider.
(2) “Aggregate Data” means aggregate information relating to the performance and servicing history of Patient Contracts and/or Loan Agreements, to the extent known by PatientFi and allowed by law, where such information is anonymized and does not reveal the identity (expressly or implicitly) of any patient(s) of the Provider.
(3) "Agreement" means this Master Provider Agreement, any amendments hereto or modifications hereof under Section 33 of this Master Provider Agreement or which may otherwise from time to time be agreed to in writing by the Provider and PatientFi, and any written directions from PatientFi to the Provider pursuant to the provisions hereof.
(4) “Amount Financed" means the dollar amount of the Procedure that Patient agrees to finance which is properly disclosed as such in a given, Loan, Revolving Account, or Patient Contract.
(5) "Applicant" means the person or persons seeking to finance the purchase price of a Procedure from the Provider by submission of a credit application through the Program.
(6) "Application" means the application for credit submitted by Applicant to the Provider in the form and manner prescribed by or otherwise acceptable to PatientFi.
(7) "Completion Certificate" means an acknowledgement signed by Patient that a Procedure has been completed by the Provider to Patient's satisfaction, on a form provided by PatientFi.
(8) “Confidential Information” means all documents, materials, data and/or information, in whatever form or format (including, without limitation, electronic media), which relates to the Services, the Program, and each RIC or Loan Agreement, whether furnished before, on, or after the date of the Service Agreement, including without limitation:
(i) the business systems and practices, know-how, documents, reports, plans, proposals, forecasts, personnel files, lists, statistics, information, or data relating to or about applicants, interviewees, or candidates for employment, marketing and sales plans of PatientFi;
(ii) any lists, statistics, information, or data relating to the patients of the Provider;
(iii) any other information which the Disclosing Party designates, orally or in writing, as confidential or proprietary information or which the Receiving Party has reason to know is confidential or proprietary information; provided, however, that notwithstanding the foregoing, Confidential Information (except to the extent it is Protected Consumer Information) shall not include information that becomes generally available to the public other than as a result of a disclosure by or through the Receiving Party, or its agents, employees, representatives, contractors, subcontractors, successors and assigns, or that becomes available to the Receiving Party on a nonconfidential basis from a source other than the Disclosing Party, provided that such source is not bound by a confidentiality agreement with the Disclosing Party or is not otherwise prohibited from transmitting the information by a contractual, legal or fiduciary obligation.
(9) “De-identified Information” means Protected Health Information (PHI) that meets the standard and implementation specifications for de-identification under the Standards for Privacy of Individually Identifiable Health Information, 45 CFR Part 160 and Part 164, Subparts A and E, as amended from time to time (the “HIPAA Privacy Rule”).
(10) “Disclosing Party” means the Party (either PatientFi or the Provider, as the case may be) disclosing Confidential Information to the Receiving Party.
(11) “Nonpublic Personal Information” (“NPI”) shall have the same meaning as defined by the Gramm-Leach-Bliley Act (“GLBA”) and its implementing regulations and include nonpublic and personally identifiable financial information otherwise protected by any applicable state financial privacy laws.
(12) "Party" means the Provider and PatientFi, individually, and the "Parties" mean the Provider and PatientFi, collectively.
(13) "Patient" means the person who purchases individually, the persons who purchase jointly, or the person for whom a third party borrower purchases for their benefit a Procedure from the Provider by entering into a Credit Product in connection with such purchase.
(14) "Payment Obligations" means the obligations of the Provider to make payments to PatientFi pursuant to the Master Provider Agreement or repurchase Patient Contracts under the Patient Contract Purchase and Sale Addendum, as applicable.
(15) "PHI" means protected health information, as defined in the Health Insurance Portability and Accountability Act of 1996 (Pub. Law 104-191) and its implementing regulations.
(16) "Procedure" means the dental or medical services performed by the Provider, the purchase of which is financed under a Patient Contract.
(17) "Program" means that certain Program described in the Master Provider Agreement between PatientFi and the Provider.
(18) "Program Fee " means the fees owed by the Provider to PatientFi under this Master Provider Agreement pursuant to the Program Fee Schedule, as may be amended from time to time by PatientFi in its sole discretion pursuant to Section 33 and as made available to the Provider through the System.
(19) “Protected Consumer Information” means Nonpublic Personal Information (NPI) and Protected Health Information (PHI), collectively.
(20) "Protected Health Information” (“PHI”) shall have the same meaning as defined by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and its implementing regulations.
(21) “Receiving Party” means the Party (either PatientFi or the Provider, as the case may be) receiving Confidential Information from the Disclosing Party.
(22) “Receiving Party Representative” means any agent, employee, representative, contractor, subcontractor or subservicer of a Receiving Party.
(23) “Security Incident” means any breach or known attempted breach by an unauthorized third party of a Party’s information systems that are used for housing or transmitting any Protected Consumer Information originating with the Provider.
(24) "System” means the web-based finance system provided by PatientFi and licensed for use by the Provider as described in this Master Provider Agreement.
PatientFi Transparency Principles
(1) Financing is provided by federally insured financial institutions without regard to race, color, religion, national origin, sex or familial status.
(2) PatientFi offers unsecured installment or revolving loans, or may purchase retail installment contracts, and is NOT an in-house credit product.
(3) The Provider will ensure that their employees who discuss the Credit Products offered through PatientFi with their Patients take and pass the appropriate training where required.
(4) The Patient’s accounts should only be charged for those costs incurred or services rendered within 30 days of the charge. If services are not rendered within 30 days, the Patient may have the right to an automatic refund. Additional services maybe billed as the Patient receives them from their Provider.
(5) The Patient must apply directly for financing online. If the Provider does not permit the Patient to apply directly online or requires the Patient to complete a paper application, the Patient will have the right to reverse the charge from their account, even if services are rendered. If the Patient exercises this right, PatientFi may chargeback the Provider for the transaction.
(6) Neither PatientFi, nor the financial institutions that fund loans, assume any responsibility or duty of care for the quality or outcome of any health care items and services that the Patient receives from their Provider.
(7) For deferred interest loans, Patients will pay an APR up to 28.99%. The interest accrues at the interest rate from the date of purchase.Finance charges will be waived ONLY IF the entire purchase balance is paid in full prior to the end of the promotional period.
Automatic Direct Deposits and Direct Debits
Provider Bank Account Information
DEPOSITORY INSTITUTION NAME:
ABA ROUTING NUMBER (should be 9 digits):
DEPOSIT ACCOUNT NUMBER:
NAME ON DEPOSIT ACCOUNT (Must match name on this agreement and voided check)
Provider Affiliate Parties
By signing below, each Affiliate of the healthcare provider that executed the Master Provider Agreement (“Agreement”) with PatientFi, LLC, acknowledges that it agrees to be bound, jointly and severally, to the terms and conditions of the Agreement:
Name of Affiliate: ________________________________
Name of Affiliate: ________________________________
Name of Affiliate: ________________________________