These Software as a Service Terms (the “Terms”) govern all transactions between Customer and bioMérieux, Inc. (“bioMérieux”) involving the Software (as defined below). By accepting the Service, Customer agrees to these Terms in full. These Terms along with all applicable Schedules (collectively, the “Agreement”) comprise the entire agreement between the parties regarding the Service and supersede all prior or contemporaneous understandings, agreements, negotiations, representations and warranties and communications, both written and oral, and shall not be supplemented or explained by any evidence of trade usage or course of dealing. All Customer terms and conditions on any Customer documentation or contract are hereby objected to and rejected and shall be of no force and effect or deemed to be binding on bioMérieux in whole or in part. This Agreement will become effective when Customer accepts the Service (the “Effective Date”).

“Access Credentials" means any user name, identification number, password, license or security key, security token, PIN, or other security code, method, technology, or device, used alone or in combination, to verify a User’s identity and authorization to access and use the Service.

“Anonymous Data” means data or data sets, including data definitions, structures, or analyses about such data or data sets, that do not identify, and are not personally attributable to, any Patient of Customer Personnel.  Anonymous Data may include Customer Device Data, Syndromic Trends Data, and any other data or data set that do not identify, or are not attributable to, any Patient or Customer Personnel.

"bioMérieux Personnel" means any employee, agent, or independent contractor of bioMérieux or any bioMérieux Subcontractor.

“BIOFIRE Syndromic Trends” is or can be a Component of the Service that comprises a secure, cloud-based network that compiles real-time pathogen data from Customer Devices to allow Customers access to customized reports and the ability to spot epidemiological patterns on local, regional, and global bases.

“bioMérieux Proprietary Items” means, collectively, the Software, inclusive of the Service and Systems Software, and Documentation, the visual expressions, screen formats, report formats, and other design features of the Software, inclusive of the Service and Systems Software, all ideas, methods, algorithms, models, formulae, and concepts used in developing and/or incorporated into the Software, inclusive of the Service and Systems Software, or Documentation, all future modifications, revisions, updates, refinements, improvements, and enhancements of the Software, inclusive of the Service and Systems Software, or Documentation, all derivative works (as such term is used in U.S. copyright laws) based upon any of the foregoing, including deliverables, work product, and all copies of the foregoing.

“Cloud-Based” means the storage, management, and processing of data on a network of remote servers hosted on the Internet.

“Cloud Service” means an entity that provides Cloud-Based services and shall include, but may not necessarily be limited to, Amazon Web Services (AWS).

“Confidential Information” means all confidential or proprietary information disclosed by one Party (“Disclosing Party”) to the other Party (“Receiving Party”) in connection with this Agreement, unless it is (a) already known by the Receiving Party without obligation of confidentiality; (b) independently developed by the Receiving Party without access to or use of the Disclosing Party’s Confidential Information; (c) publicly known without breach of this Agreement; or (d) lawfully received from a third party without obligation of confidentiality. Without limiting the generality of the foregoing,Confidential Information shall include: (a) Customer Data and non-public information, documentation, and materials, which may be disclosed or made available from any source or in any form relating to the Customer’s business, financial information, patients, employees, programs, documentation, techniques, trade secrets, and systems, (b) bioMérieux Proprietary Items and (c) all work flows and data structures created or provided by bioMérieux pursuant to this Agreement. Confidential Information shall include the terms and pricing in this Agreement, but not the fact that this Agreement has been signed, the identity of the Parties, or the identity of the Service or a Component of the Service.

“Component” means a part or extension of the Service that is dedicated to a specific function. 

“Configure” means making Systems Software ready for use on the Customer Device and may be accomplished either remotely or on-site.

“Customer Patient Data” means Patient Data stored or maintained in a Customer Device.

“Customer Device” means any Customer-owned or Customer-leased medical device as developed or manufactured by bioMérieux subsidiary, BioFire Diagnostics, LLC, and which is connected to the Service. Customer Devices shall include, but are not necessarily limited to, the BIOFIRE^® FILMARRAY^®and SPOTFIRE^® product lines.

“Customer Consumable” means substance or object used or needed to carry out or facilitate tests on the Customer Device and includes, but is not necessarily limited to, pouches, reagents, etc.

“Customer Data” means Customer Patient Data, Customer Device Data, and/or any other data relating to the Customer or Customer Personnel.

“Customer Device Data” means data that is related to the performance or operation of a Customer Device and does not include any Customer Patient Data.

"Customer System" means Customer's information technology infrastructure, including computers, software, hardware, databases, electronic systems (including database management systems), and networks, whether operated directly by Customer or through the use of third-party services.

"Customer Personnel" means any individual associated with Customer as an employee, agent, or independent contractor of Customer or any Customer Subcontractor.

“Documentation” means bioMérieux’s standard user guides, manuals and/or electronic user guides relating to the Service, including on- line help, as updated and amended from time to time.

"Good Faith Dispute" means a good faith dispute by Customer of certain and specific amounts invoiced under this Agreement.

“HIPAA” means the Health Insurance Portability and Accountability Act of 1996, as amended by the Health Information Technology for

Economic and Clinical Health Act, and the rules and regulations issued thereunder.

"Order” means bioMérieux’s standard order form executed by both Parties that references this Agreement, or an order in another form that is executed by both Parties and references this Agreement.

“Patient” means any patient of Customer.

“Patient Data” means information relating to a Patient.

“Process” means any operation or set of operations which is performed on data or on data sets, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

“Protected Health Information" shall have the same meaning as the term "protected health information" in 45 CFR 160.103, limited to the information created or received by a business associate on behalf of a covered entity under HIPAA.

“Publish” means to make information available through paper, electronic, audio or visual means in a manner intended to make such information accessible, in whole or in part, to the general public regardless of whether such access is made freely available or restricted.

“Service” means an instance of the Software as made accessible to Customer as a cloud-hosted software-as-a-service offering, and commonly referred to as FIREWORKS. 

“Software” means bioMérieux’s software, technology, tools, logic, reports, workflows, algorithms, predictive models, database schemes, database, analytics, hardware, and technology infrastructure incorporating or supporting the Service, inclusive of any third-party software included in the Service but excluding any separately licensed Third Party Components (as defined below), as ordered under the terms of this Agreement.

“Syndromic Trends Data” means data or data sets derived from Customer Patient Data through Processing from their initial or original forms or formats prior to transfer from the Customer Device to the Cloud Service so as to create anonymized or de-identified data or data sets that do not identify, and are not personally attributable to, any Patient for purposes of use as part of the optional BIOFIRE Syndromic Trends Component of the Service.

“Systems Software” means Software provided by bioMérieux on a Customer Device to facilitate the use and functionality of the Service.

“Term” means the duration of Customer’s right to receive, access, and use the Service as set forth in this Agreement.

"User" means any Customer Personnel who is authorized to access or use the Service.

Acceptance. Customer will identify and make its Customer Devices and Customer Systems readily available and accessible to bioMérieux Personnel at the time of or prior to the Configuration of any Systems Software.  The Service shall be deemed accepted by Customer upon the earlier of the following: (i) notification by Customer that the Service is accepted, (ii) the first instance of the transfer of any Customer Data from a Customer Device to the Service, or (iii) five (5) days after the Configuration date. Customer is responsible for providing all reasonably requested assistance to bioMérieux Personnel in a timely manner to ensure bioMérieux can Configure any Systems Software as agreed upon.

Access. bioMérieux has developed and deployed specifications, standards and/or protocols necessary to allow Users to access the Service at the Site using Access Credentials. Customer and Users are jointly responsible for the security of the Access Credentials. Any access to the Service by Customer or Users through improper use or sharing of Access Credentials is prohibited. Subject to the terms and conditions contained in this Agreement, bioMérieux grants to Customer a non-exclusive, non-transferable, revocable right to: (a) permit Users to access the Systems Software and the Service solely for Customer's internal business purposes; (b) permit Customer’s designated administrative users to access administrative features or functions of the Service solely for Customer's internal business purposes in order to manage access rights for Users.

bioMérieux Obligations. On the Configuration date, bioMérieux shall make available to Customer, on a non-exclusive, revocable, and non-transferable basis during the Term, the Service at the Site for up to the number of Users agreed upon along with any necessary Systems Software. In addition, bioMérieux (itself or through third party vendors (e.g. its Cloud Service partners)) will: (a) host, operate, maintain, and provide basic support for the Service as necessary to make the Service available; and (b) specify the procedures by which Customer may establish and obtain access to and use the features and functions of the Service or any Component of the Service.

Customer Obligations. Customer shall: (a) use the Service and Systems Software in accordance with this Agreement, the Documentation, and all applicable laws and regulations; (b) use commercially reasonable efforts to prevent unauthorized access to or use of the Service and Systems Software and notify bioMérieux promptly of any such unauthorized access or use; (c) be responsible for all User acts and omissions; (d) be responsible for maintaining, at all times during the term of this Agreement, one or more current and active administrators of Customer’s account for the Service; (e) be responsible for disabling User accounts immediately upon a User’s separation from Customer or for any other applicable reason,  (f) make available in a timely manner at no charge to bioMérieux Personnel all Customer Devices and/or Customer Systems required by bioMérieux for the performance of the Service, including making any necessary configurations to Customer Devices at customer’s sole cost; (g) be responsible for, and assume the risk of, any problems resulting from, the content, accuracy, completeness, and consistency of all Customer Data; (h) be responsible for the accuracy, quality, integrity, and legality of Customer Data and the means by which such data was acquired, including but not limited to, ensuring that such Customer Data was obtained in accordance with all applicable laws, rules, and regulations, including, where applicable, HIPAA; and (i) reasonably cooperate with bioMérieux Personnel as necessary forbioMérieux to perform its obligations. Customer shall reimburse bioMérieux, per bioMérieux’s standard policies, for any additional efforts or costs including, without limitation, site visits, it incurs resulting from Customer’s failure to perform its obligations.

Restrictions. Customer shall not, and shall not permit any Customer Personnel, to: (a) sell, resell, lease, rent, license, sublicense, distribute, transfer, or otherwise make available the Service or Systems Software, including on a time-sharing, SaaS, service bureau, or other similar basis, to any third party other than Users or otherwise use the Service at any location other than the Site or the Systems Software in connection with any devices other than Customer Devices; (b) use the Service or Systems Software to store or transmit malicious code, infringing, libelous, or otherwise unlawful or tortious material, or to store or transmit material in violation of third-party privacy rights; (c) use or access the Service or Systems Software in any way that threatens the integrity, performance, or availability of the Service or Systems Software or any data therein; (d) load, or permit the loading, of Customer Data in violation of any applicable, law, rule, or contract; (e) remove, modify or obscure any product or service identifier, copyright, trademark or other proprietary rights notice or other notices, instructions, disclaimers or legends; (f) modify or create derivative works of the Service or Systems Software (or third party software embodied therein); (g) decompile, disassemble, or reverse engineer the Service or Systems Software, in whole or in part or attempt to reconstruct or discover any source code or underlying ideas, algorithms, file formats, data structures or other aspects of the Service or Components; or (h) access, use, or copy any portion the Service or Systems Software in order to build a competitive product or to benchmark with any third party product or service. bioMérieux may restrict or prohibit access to Customer if bioMérieux reasonably suspects Customer is breaching its obligations under this Section. No rights are assigned or granted to Customer other than as expressly set forth herein.

Use Acknowledgments. Customer understands and acknowledges that the Service is an analytics solution that is not designed, intended, validated or cleared to be used as a clinical decision support system. Additionally, and where applicable, Customer understands and acknowledges that the optional Cp Viewer Component of the Service has not been considered or cleared by the United States Food and Drug Administration or any other regulatory agency in the United States or elsewhere and cannot be used for patient care.   No license is conveyed or implied for Customer to use, and Customer agrees not to use, the Cp Viewer Component in any manner requiring United States Food and Drug Administration or other regulatory approval, clearance, or registration. 

Third Party Code. The Service may contain or be provided with components subject to the terms and conditions of “open source” software licenses (“Open Source Software”) or other third-party software. bioMérieux shall provide a list of the Open Source Software to Customer upon Customer’s written request. To the extent required by the license that accompanies the Open Source Software, the terms of such license will apply in lieu of the terms of this Agreement with respect to such Open Source Software, including, without limitation, any provisions governing access to source code, modification, or reverse engineering.

Software Update.  The Systems Software will be configured to automatically perform software updates to make software improvements, security improvements and provide feature enhancements to facilitate the use and functionality of the Service. By agreeing to these terms, Customer is providing bioMérieux with authorization to make such automatic updates, improvements, or modifications to the Systems Software.  The Systems Software may also be configured to automatically receive other Customer Device software updates, improvements, or modifications.  However, such other software updates, improvements, or modifications will require user intervention to be configured.

Support.  Support for the Service shall be governed by any applicable service agreement between Customer and bioMérieux or the appropriate bioMérieux subsidiary or distributor.

Training: Upon request, training on the use of the Service will be provided to an agreed-upon number of Users at a time agreed by the Parties.

Customer Patient Data. All Customer Patient Data shall be considered proprietary to Customer and/or the Patient. bioMérieux will only use Customer Patient Data as authorized under this Agreement.

Customer Patient Data License Grant. Customer hereby grants bioMérieux a worldwide, perpetual, irrevocable, fully paid-up, royalty free, non- exclusive right and license to Process Customer Patient Data for purposes of providing the Service to Customer.

Anonymous Data.  bioMérieux shall be deemed to be the owner of any Anonymous Data.  bioMérieux shall therefore be entitled to use Anonymous Data (a) to facilitate the provision of the Service to Customer, (b) for research, development, and continuous improvement of bioMérieux’s products, software, and services, (c) to monitor the operation or performance of Customer Devices in order to enhance Customer support including, without limitation, use of Customer names and contact information, connected Customer Device information, Customer Device status and configuration information, Customer Device performance metrics, Customer Consumable inventory levels, runs and run performance per Customer Device, panel, institution or laboratory, and (d) for any other commercial purpose not prohibited by applicable law or this Agreement.

Data Safeguards. Where applicable, bioMérieux shall maintain reasonable and appropriate data safeguards and procedures designed to prevent the unauthorized use or disclosure of Customer Patient Data as required under applicable laws. During the Term, bioMérieux will maintain physical, administrative, and technical security measures to ensure the availability, integrity, and confidentiality of Customer Patient Data in accordance with its standard data security policies.

Protected Health Information. The Service enables secure Cloud-Based hosting and processing of data that may include Protected Health Information (as that term is defined under HIPAA).  Pursuant to HIPAA, the business associate agreement (“BAA”) attached to this Agreement as Schedule A and incorporated herein by reference shall govern Customer’s and bioMérieux’s respective obligations regarding Protected Health Information. 

Data Publication. Customer shall retain the right to publish summaries, conclusions, or other results derived from the information or Customer Data derived or obtained from the Service; provided, however, that prior to any such publication, Customer shall provide bioMérieux with a copy of any data, findings, article, abstract, manuscript, poster, presentation or other information intended for publication, at least thirty (30) days prior to submission for publication so that bioMérieux may review the proposed publication for the purpose of determining correct usage of bioMérieux trademarks, verifying that bioMérieux’s confidential information is not disclosed, and verifying that the publication is not in violation of any applicable law or rule pertaining to bioMérieux.

BIOFIRE Syndromic Trends Data.  Where applicable, the use of Syndromic Trends Data shall be governed according to the terms and conditions attached to this Agreement as Schedule B and incorporated herein by reference.

Versions of the Service.  The fees and expenses that bioMérieux will charge Customer for the Service depends on the version of the Service, which versions may change from time to time, and include, but are not necessarily limited to, a Basic Version and a Premium Version.  

Fees. Customer shall pay bioMérieux, without offset or deduction, the fees and expenses as determined under the applicable Order and this Agreement. As applicable, bioMérieux reserves the right to (1) commence charging fees or (2) increase the fees each year, but must provide notification of such an intent to either commence charging fees or increase fees at least thirty (30) days in advance. Unless otherwise provided in an applicable Order, all fees shall be due and payable within thirty (30) calendar days after an invoice is issued by bioMérieux. Whenever any support services are provided by bioMérieux at a Customer location or any other location requested by Customer other than one of bioMérieux's locations, Customer shall reimburse bioMérieux for reasonable travel, lodging, meal, and related expenses incurred by bioMérieux representatives in providing such services.

Recalculation of Fees. The fees set forth in each Order are based on the size of Customer as of the Effective Date. Customer must notify bioMérieux within thirty (30) days of any event that would change the size of the Customer (e.g., acquisition by or of a third party). Upon notice, bioMérieux will recalculate the fee owed by Customer based on its list prices at the time of the notice and will invoice Customer for the balance owed. Customer will pay the invoiced amount within thirty (30) days of its receipt of the new invoice. Any delay by bioMérieux to invoice Customer for the amount owed shall not waive its right to recover such amount.

Taxes. The fees and other amounts payable by Customer to bioMérieux do not include any taxes of any jurisdiction that may be assessed or imposed upon the Service, Documentation, or otherwise, including sales, use, excise, value added, personal property, export, import, and withholding taxes, excluding only taxes based upon bioMérieux's net income. Customer shall directly pay any such taxes assessed. Customer shall promptly reimburse bioMérieux for any taxes payable or collectable by bioMérieux (other than taxes based upon bioMérieux’s net income). If Customer has provided bioMérieux with proof of its tax-exempt status, then, in the event that Customer’s tax-exempt status should become altered, Customer shall be obligated to notify bioMérieux immediately of any such modification and Customer shall become liable for all taxes as set forth above. In the event Customer fails to notify bioMérieux of any such change, Customer shall be liable for payment of any tax related penalties or interest assessed against bioMérieux or Customer because of such Customer failure.

Payment Terms. All amounts payable by Customer for the Service shall be invoiced by bioMérieux with the initial invoice for Service being sent following the earlier of (1) thirty (30) days following Customer’s execution of the Order or (2) Configuration of the Systems Software. Service will be billed for the period agreed upon in the Order. All fees shall be invoiced in advance upon execution of the Order and are payable in advance. All expenses shall be payable as incurred. All invoices shall be sent to Customer's address designated in the Order and are due and payable within thirty (30) calendar days after being issued by bioMérieux. If any Customer payment is more than thirty (30) days past due, interest at the rate of twelve percent (12%) per annum (or, if lower, the maximum rate permitted by applicable law) shall accrue, unless the non-payment is subject to a Good Faith Dispute. A Good Faith Dispute will be deemed to exist only if (a) Customer has given written notice of the dispute to bioMérieux promptly after receiving the invoice and (b) the notice explains Customer's position in reasonable detail. A Good Faith Dispute will not exist as to an invoice in its entirety merely because certain amounts on the invoice have been disputed. All fees and other amounts paid by Customer under this Agreement are non-refundable.

Non-Payment. In the event that Customer’s account is more than thirty (30) days overdue, bioMérieux shall have the right, in addition to its remedies under this Agreement or pursuant to applicable law and at its discretion, to disable Customer’s access to the Service or to grant Customer access to only certain limited features of the Service, until Customer has paid the full balance owed, plus any interest due.

Performance Warranties. The Service shall perform as described in the Documentation as of the configuration date. Customer will timely notify bioMérieux of any known non-conformance to the specifications outlined in the Documentation. bioMérieux's only obligation under this warranty, and Customer’s sole and exclusive remedy, is for bioMérieux to correct any failure to so perform, or if such correction is not possible in a commercially reasonable timeframe, refund the fees paid for the specific non-conforming service during the periods of non-conformance.

Customer Warranty. Customer represents and warrants that Customer has all necessary consents and rights to use the Customer Data as part of the Product and Customer is not violating any existing agreements or laws and regulations by providing bioMérieux or bioMérieux Personnel with access to Customer Data.

Federal and State Health Care Program Participation. Each Party represents that: (a) it has not been, nor is it about to be, excluded, debarred, or suspended from participating in any state or federal health care program; (b) it has not arranged or contracted (by employment or otherwise) with any personnel who the Party knows or should know is excluded from participation in any state or federal health care program; and (c) no final adverse action, as such term is defined under 42 U.S.C. § 1320a-7e(g), as amended, has occurred or is pending or threatened against the Party or its personnel (collectively “Adverse Action”). Upon learning of an Adverse Action, the Party subject to the Adverse Action shall immediately provide notice to the other Party. The occurrence of an Adverse Action is a material breach of this Agreement.

Exclusion for Unauthorized Actions and Results of Use. Neither bioMérieux nor its supplier, partners, and vendors shall have any liability underany provision of this Agreement with respect to any performance problem, delay, or other matter to the extent attributable to any unauthorized or improper use or modification of the bioMérieux Proprietary Items, any unauthorized combination with other services, deliverables, products, software, hardware, or technology, or any act or omission by Customer, its affiliates, other users, representatives, or contractors. Customer is solely responsible for the results obtained from the use of the bioMérieux Proprietary Items. THE SERVICE DOES NOT OFFER MEDICAL ADVICE OR ADVICE REGARDING THE OPTIMAL SET OF PROCEDURES, ALERTS, OR STEPS NEEDED TO ACHIEVE THE BEST OUTCOMES FOR A PATIENT. ANY CUSTOMER DATA AND DECISIONS MADE OR ACTIONS TAKEN BASED ON INFORMATION ACCESSED THROUGH THE SERVICE ARE THE SOLE RESPONSIBILITY OF CUSTOMER. 

Disclaimer. EXCEPT AS EXPRESSLY STATED ABOVE IN THIS SECTION (Warranties and Limitations), THE SERVICE, THIRD PARTY COMPONENTS, AND DOCUMENTATION ARE PROVIDED "AS IS" AND NEITHER BIOMÉRIEUX NOR ITS VENDORS, SUPPLIERS, OR PARTNERS MAKES ANY REPRESENTATIONS OR WARRANTIES, ORAL OR WRITTEN, EXPRESS OR IMPLIED, ARISING FROM COURSE OF DEALING, COURSE OF PERFORMANCE, USAGE OF TRADE, OR OTHERWISE, INCLUDING IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, NON-INTERFERENCE, OR NON-INFRINGEMENT. BIOMÉRIEUX MAKES NO REPRESENTATIONS OR WARRANTIES, NOR SHALL BIOMÉRIEUX HAVE ANY LIABILITY WITH RESPECT TO, ANY THIRD-PARTY DATA, THIRD PARTY COMPONENTS, THIRD PARTY PRODUCTS, OR THIRD PARTY SERVICES.

Damage Limitation. IN NO EVENT WILL EITHER PARTY (OR THEIR SUPPLIERS, PARTNERS, OR VENDORS) BE LIABLE TO THE OTHER PARTY FOR ANY INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING WITHOUT LIMITATION ANY LOSS OF REVENUE, SAVINGS, OR DATA) ARISING IN CONNECTION WITH THIS AGREEMENT OR THE USE OF ANY BIOMÉRIEUX PROPRIETARY ITEMS, THIRD PARTY COMPONENTS, OR COMPONENTS BASED ON ANY THEORY OF CONTRACT, TORT, STRICT LIABILITY, NEGLIGENCE, OR OTHERWISE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Except for a third party infringement claim under Section 8 (Indemnification), each Party’s (including its Suppliers, Partners, or Vendors) total liability to theother Party (or their suppliers, partners or vendors) under this Agreement and all Orders shall under no circumstances exceed the feesactually paid by the Customer to bioMérieux: (a) under the applicable Order in the twelve months prior to the claim being made, or (b)under this Agreement in the twelve months prior to the claim being made if such claim does not relate to a specific Order. 

Other Limitations. The warranties made by bioMérieux in this Agreement, and the obligations of bioMérieux under this Agreement, run only to Customer and not to any third party. Under no circumstances shall any Customer affiliate, Patient, student, contractor, or user, or any other third party be considered a third-party beneficiary of this Agreement. No action or claim of any type relating to this Agreement may be brought or made by Customer more than one (1) year after Customer first has knowledge of the basis for the action or claim. Customer and bioMérieux have freely and openly negotiated this Agreement, including the pricing, with the knowledge that the liability is to be limited in accordance with the provisions of this Agreement.

Limitations Relating to Third Party Components. The bioMérieux Proprietary Items may contain or use code and/or components of a third party that require Customer to enter into a separate agreement with such third party. Customer hereby consents to the use of such third-party components and agrees to comply with the terms and conditions set forth in any applicable third-party license. Except as otherwise set forth in the third-party license, the third-party components are provided “as is,” and without representation or warranty of any kind. Customer hereby agrees to use such third-party components in accordance with the terms and conditions of the applicable third-party component license, and agrees to indemnify, defend and hold harmless bioMérieux from all claims, losses, damages, expenses, or actions arising from its breach of any of the terms and conditions of such third-party component license.

All Confidential Information of a Disclosing Party in the possession of the Receiving Party, whether or not authorized, shall be held in strict confidence, and the Receiving Party shall take all steps reasonably necessary to preserve the confidentiality and prevent the unauthorized use or disclosure of the Confidential Information. The Receiving Party will not use or disclose any Confidential Information except as expressly authorized by this Agreement and will protect the Disclosing Party’s Confidential Information using the same degree of care that it uses with respect to its own confidential information, but in no event with safeguards less than a reasonable level of care under similar circumstances. Notwithstanding the foregoing, the Receiving Party will not be in violation of this Section (Confidentiality) with regard to a disclosure that is in response to a valid order or requirement by a court or other governmental body or otherwise required by law, provided the Receiving Party gives the Disclosing Party prior written notice of such disclosure in order to permit the Disclosing Party to seek an appropriate protective order. Information that is disclosed pursuant to a valid court or governmental order shall not lose its status as Confidential Information.

Ownership and License Grants. All bioMérieux Proprietary Items provided to or accessed by Customer under this Agreement are being made available on a strictly confidential and limited use basis in accordance with this Agreement and have great commercial value to bioMérieux (or its partners or suppliers). This Agreement provides access and not a license to the Service.  This Agreement grants Customer a non-exclusive, revocable, and non-transferable license to the Systems Software, Documentation, and any other bioMérieux Proprietary Items transferred from bioMérieux to Customer under this Agreement. This Agreement is not an agreement of sale, and no title, patent, copyright, trademark, trade secret, intellectual property or other ownership rights to any bioMérieux Proprietary Items or Components are transferred from bioMérieux to Customer under this Agreement. All bioMérieux Proprietary Items and related intellectual property shall remain the sole and exclusive property of bioMérieux. bioMérieux, on behalf of itself and its vendors, partners, and suppliers, reserves all rights not expressly granted by this Agreement.

Feedback. Customer may provide bioMérieux with feedback, comments, and recommendations regarding the functionality and performance of the Software, inclusive of the Service and Systems Software, including, without limitation, identifying potential errors and improvements. bioMérieux (and its partners and suppliers) shall have the unrestricted right to use such feedback in their sole discretion, including to improve or enhance the Service, the Systems Software, and other bioMérieux (or its partners’ and suppliers’) products, and, accordingly, bioMérieux (and its partners and suppliers) shall have a non-exclusive, perpetual, irrevocable, royalty-free, worldwide right and license to use, reproduce, disclose, sublicense, distribute, modify, and otherwise exploit such feedback without restriction.

bioMérieux shall defend, indemnify, and hold Customer harmless against all third party intellectual property infringement suits brought against Customer, insofar as such suit directly arises out of Customer’s use of the Service or Systems Software, only as expressly authorized under this Agreement, provided bioMérieux shall have no obligation or liability to the extent that the alleged infringement or misappropriation arises from (1) the combination, operation, or use of the bioMérieux Proprietary Items with products, services, deliverables, materials, technologies, business methods, or processes not furnished by bioMérieux; (2) modifications which were not made by bioMérieux; (3) Customer’s breach of this Agreement; or (4) third-party components, Customer-created patient care frameworks and Customer modifications. bioMérieux’s indemnification obligation hereunder is contingent upon prompt notice of and full control over the defense and/or settlement of any claim. Upon the occurrence of any claim for which indemnification is or may be due under this Section (Indemnification), or in the event that bioMérieux believes that such a claim is likely, bioMérieux may, at its sole option (i) modify the bioMérieux Proprietary Item so that it becomes non-infringing, or substitute functionally similar services, deliverables, or documentation; (ii) obtain a license to the applicable third-party intellectual property; or (iii) terminate this Agreement on written notice to Customer and refund to Customer any pre-paid fees for services not provided. The obligations set forth in this Section (Indemnification) shall constitute bioMérieux’s entire liability and Customer’s sole remedy for any infringement or misappropriation.

The Term of this Agreement shall be for the period agreed upon in the Order.  The Agreement shall automatically renew for subsequent twelve (12) month terms.  Either Party may terminate this Agreement for convenience by providing notice of its intent to terminate the Agreement at least ninety (90) prior to the expiration of the current term of the Agreement.

Either Party may terminate this Agreement immediately on giving notice in writing to the other Party if the other Party: (a) commits a material breach (including any non-payment of fees due by Customer other than fees subject to a good faith dispute) and, in the case of a material breach capable of being cured, failed to cure that breach within sixty (60) days after the receipt of a request in writing to cure such breach; (b) files for bankruptcy; (c) becomes or is declared insolvent, or is the subject of any proceedings related to its liquidation, insolvency or the appointment of a receiver or similar officer for it; (d) makes an assignment for the benefit of all or substantially all of its creditors; or (e) enters into an agreement for the cancellation, extension, or readjustment of substantially all of its obligations.

Upon any termination or expiration of this Agreement, Customer: (a) shall cease use of the Service; (b) shall discontinue all access and use of all the Confidential Information of bioMérieux in Customer's possession or control; (c) shall certify in writing that all copies of the Confidential Information of bioMérieux have been permanently deleted; and (d) understands and acknowledges that such termination or expiration shall result in the retention by bioMérieux of Anonymous Data, and the return to Customer in a mutually agreeable format of any Customer Data that does not constitute Anonymous Data. The treatment of Personal Health Information upon termination or expiration of this Agreement shall be governed by the BAA. Customer is expressly prohibited from retaining any Confidential Information of bioMérieux past the Term of this Agreement. Customer shall remain liable for all payments due to bioMérieux with respect to the period ending on the date of termination. For any termination other than a termination for good cause by Customer in accordance with this Section (Term and Termination), the balance of all remaining subscription fees relating to the then current Term will be due and payable. The provisions in the Payments, Warranties and Limitations, Confidentiality, Ownership of bioMérieux Proprietary Items, Indemnification, Termination, and Other Provisions Sections of this Agreement shall survive any termination or expiration of this Agreement.

Compliance with Laws. Each Party will comply with all applicable legal and regulatory (existing or future) rules. The Parties will comply with the Federal Anti-Kickback Statute (42 U.S.C. § 1320a-7b(b)), and do not intend this Agreement to be any type of inducement for any other relationship between the Parties.  The Parties further represent that their performance of this Agreement will not violate any existing covenant, contracts, applicable law, rule, or regulation, and will not infringe upon the rights of third parties, including property, contractual, employment, trade secrets, proprietary information, intellectual property, and nondisclosure rights.

Notice. All notices, consents, and other communications under or regarding this Agreement shall be in writing and shall be deemed to have been received on the earlier of the date of actual receipt or the first business day after being sent by a reputable overnight delivery service. Either Party may change its address for notices by giving written notice of the new address to the other Party.

Parties in Interest. This Agreement shall bind, benefit and be enforceable by and against bioMérieux and Customer and, to the extent permitted hereby, their respective successors and assigns. Neither Party may assign any of its rights or obligations under this Agreement, and any attempt at such assignment will be void without the other Party’s prior written consent, which consent will not be unreasonably withheld. Notwithstanding the foregoing, bioMérieux may assign this Agreement or of any bioMérieux rights under this Agreement to: (a) any bioMérieux successor by merger or consolidation or to any person or entity that acquires all or substantially all of its capital stock or assets; and (b) any person or entity to which bioMérieux transfers any of its rights in the bioMérieux Proprietary Items.

Export Laws and Use Outside of the United States. Customer shall comply with the export related laws and regulations. Customer shall not export or re-export directly or indirectly (including via remote access) any bioMérieux Proprietary Items (or parts thereof) to any applicable jurisdiction or entity prohibited by law or to which a license is required without first obtaining a license from the applicable regulatory authority. Customer agrees to indemnify, defend and hold harmless bioMérieux (and its partners and suppliers) from and against any and all losses they may suffer in any way arising out of or related to Customer’s breach of this Section.

Relationship. The relationship between the Parties under this Agreement is that of independent contractors and not partners, joint venturers or agents.

Entire Understanding. This Agreement, which includes and incorporates Orders, attachments, and any other schedules, exhibits and addenda attached to it, states the entire understanding between the Parties with respect to its subject matter, and supersedes all prior proposals, marketing materials, negotiations and other written or oral communications between the Parties with respect to the subject matter of this Agreement. In the event of any conflict between these Terms and Conditions and an Order, the Order shall govern.

Modification. bioMérieux may revise this Agreement from time to time to better reflect changes to the law, new regulatory requirements, or improvements or enhancements made to the Service.  If a revision affects the use of the Service and any legal rights relating to the Service, bioMérieux will provide notification prior to the effective data by sending an email to the email address associated with Customer or, where applicable, via an in-product notification.  Revised terms will be effective no less than 30 days from when bioMérieux’s notification.  If Customer does not agree to the revisions, Customer may terminate this Agreement before the revised terms take effect.  Where applicable, bioMérieux will offer a prorated refund based on the amounts Customer has prepaid for the Service.  By continuing to use or access the Service after the revisions take effect, Customer agrees to be bound by the revised terms. 

Severability. If any provision of this Agreement is declared unenforceable, the other provisions herein will remain in full force and effect and this Agreement will be amended in order to effect, to the maximum extent allowable by law, the original intent of such provision.

Right to Seek Injunctive Relief. The Parties acknowledge and agree that either Party may seek injunctive relief relating to a breach of this Agreement.

Counterparts. This Agreement may be executed in one or more counterparts, each of which shall be deemed an original and all of which together shall constitute one and the same instrument.

Governing Law. This Agreement will be interpreted according to the laws of Utah without application of conflict of laws principles. Provided, however, that the terms of any applicable law now or hereafter enacted that is based on or similar to the Uniform Computer Information Transactions Act drafted by the National Conference of Commissioners on Uniform State Laws shall not apply.

Force Majeure. Except with respect to Customer’s payment obligations, neither Party shall be liable for, nor shall either Party be considered in breach of this Agreement due to any failure to perform its obligations under this Agreement as a result of a cause beyond its control, including any act of God or a public enemy, act of any military, civil or regulatory authority, change in any law or regulation, fire, flood, earthquake, storm or other like event, disruption or outage of communications (including the Internet or other networked environment), power or other utility, labor problem, unavailability of supplies, disruption of the Service due to Internet connection impairments, or any other cause which could not have been prevented by the non-performing Party with reasonable care.

Use of Customer’s Name. Customer authorizes bioMérieux to use Customer’s name and logo in any routine list of bioMérieux clients, as a reference, or in any advertising or press release.

Government End-Users. Customer acknowledges and agrees that the Service, Documentation, and Product (including any Third-Party Componentsincluded therein) is a commercial product, which was developed at private expense. All government end users only have the rights set forth herein.

1.1            This Business Associate Agreement (BAA) is intended to ensure that Business Associate will establish and implement appropriate safeguards for the Protected Health Information ("PHI") (as defined under the HIPAA Rules) that Business Associate may receive, create, maintain, use, or disclose in connection with the Service. The Service that Business Associate performs for Covered Entity are defined in the FIREWORKS Software as a Service Terms (the "Underlying Agreement").  This BAA shall take effect on the same date as the Underlying Agreement (“Effective Date”).

1.2            Pursuant to changes required under the Health Information Technology for Economic and Clinical Health Act of 2009 (the "HITECH Act") and under the American Recovery and Reinvestment Act of 2009 ("ARRA"), this BAA also reflects federal breach notification requirements imposed on Business Associate when "Unsecured PHI" (as defined under the HIPAA Rules) is acquired by an unauthorized party, and the expanded privacy and security provisions imposed on business associates. 

1.3            Unless the context clearly indicates otherwise, the following terms in this BAA shall have the same meaning as those terms in the HIPAA Rules: Breach, Data Aggregation, Designated Record Set, disclosure, Electronic Media, Electronic Protected Health Information (ePHI), Health Care Operations, individual, Minimum Necessary, Notice of Privacy Practices, Required By Law, Secretary, Security Incident, Subcontractor, Unsecured PHI, and use.

1.4            A reference in this BAA to the Privacy Rule means the Privacy Rule, in conformity with the regulations at 45 C.F.R. Parts 160-164 (the "Privacy Rule") as interpreted under applicable regulations and guidance of general application published by HHS, including all amendments thereto for which compliance is required, as amended by the HITECH Act, ARRA, and the HIPAA Rules.

2.1            Limitation on Uses and Disclosures.  Business Associate shall not to use or disclose PHI, other than as permitted or required by this BAA or as Required By Law, or if such use or disclosure does not otherwise cause a Breach of Unsecured PHI. 

2.2            Safeguards.  Business Associate shall use appropriate safeguards and comply with Subpart C of 45 C.F.R. Part 164 with respect to ePHI, to prevent use or disclosure of PHI other than as provided for by the BAA.

2.3            Mitigation of Impermissible Uses and Disclosures.  Business Associate shall mitigate, to the extent practicable, any harmful effect that is known to Business Associate as a result of a use or disclosure of PHI by Business Associate or Business Associate’s subcontractor in violation of this BAA's requirements or that would otherwise cause a Breach of Unsecured PHI.

2.4            Reporting of Security Incidents.  Business Associate shall report to Covered Entity any Breach of Unsecured PHI not provided for by this BAA of which it becomes aware without unreasonable delay. Business Associate also shall provide any available additional information reasonably requested by Covered Entity for purposes of investigating the Breach and any other available information that Covered Entity is required to include to the individual under 45 C.F.R. § 164.404(c) at the time of notification or promptly thereafter as information becomes available. Business Associate's notification of a Breach of Unsecured PHI under this Section shall comply in all respects with each applicable provision of Section 13400 of Subtitle D (Privacy) of ARRA, the HIPAA Rules, and related guidance issued by the Secretary or the delegate of the Secretary from time to time.

2.5            Limitations on Reporting.  For relevant reporting obligations under this Schedule, Business Associate and Covered Entity acknowledge that because the PHI is hosted in an encrypted format by Business Associate’s cloud service provider, it may not be possible for Business Associate to provide information about the identities of individuals who may be affected, or a description of the type of information that may have been subject to a Security Incident, Impermissible Use or Disclosure, or Breach.

2.6            Subcontractors.  Business Associate shall, in accordance with 45 C.F.R. §§ 164.502(e)(1)(ii) and 164.308(b)(2), if applicable, require that any Subcontractors, including its cloud service provider, that create, receive, maintain, or transmit PHI on behalf of the Business Associate agree to the same restrictions, conditions, and requirements that apply to the Business Associate under this Agreement.

2.7            Access to PHI.  Provided that PHI is maintained in a Designated Record Set, Business Associate shall make available PHI in a Designated Record Set to the Covered Entity as necessary to satisfy Covered Entity's obligations under 45 C.F.R. § 164.524.

2.8            Amendment of PHI.  Provided that PHI is maintained in a Designated Record Set, Business Associate shall make any amendments to PHI in a Designated Record Set as directed or agreed to by the Covered Entity pursuant to 45 C.F.R. § 164.526, or to take other measures as necessary to satisfy Covered Entity's obligations under 45 C.F.R. § 164.526.

2.9            Accounting of Disclosures.  Business Associate, in cooperation with its cloud service provider, shall make available to the Covered Entity information required to provide an accounting of disclosures in accordance with 45 C.F.R. § 164.528 of which Business Associate is aware of.

2.10         Internal Records.  Business Associate agrees to make its internal practices, books, and records, including policies and procedures regarding PHI, relating to the use and disclosure of PHI and Breach of any Unsecured PHI received from Covered Entity, or created or received by the Business Associate on behalf of Covered Entity, available to Covered Entity (or the Secretary) for the purpose of Covered Entity or the Secretary determining compliance with the Privacy Rule (as defined in Section 8).

2.11         Non-Performance of Covered Entity’s Obligations.  Business Associate and Covered Entity acknowledge that the Service is a software as a service offering to be used by the Covered Entity and, thus, Business Associate shall not be deemed to carry out any of Covered Entity's obligation(s) under Subpart E of 45 C.F.R. Part 164 by virtue of making the Service available to the Covered Entity.

2.12         Prohibition on Sale of PHI.  Business Associate agrees to comply with the "Prohibition on Sale of Electronic Health Records or Protected Health Information," as provided in Section 13405(d) of Subtitle D (Privacy) of ARRA, and the "Conditions on Certain Contacts as Part of Health Care Operations," as provided in Section 13406 of Subtitle D (Privacy) of ARRA and related guidance issued by the Secretary from time to time.

2.13         Liability.  Business Associate acknowledges that, effective on the Effective Date of this BAA, it shall be liable under the civil and criminal enforcement provisions set forth at 42 U.S.C. § 1320d-5 and 1320d-6, as amended, for failure to comply with any of the use and disclosure requirements of this BAA and any guidance issued by the Secretary from time to time with respect to such use and disclosure requirements.

3.1            General Uses and Disclosures. Business Associate agrees to receive, create, use, or disclose PHI only in a manner that is consistent with this BAA, the Privacy Rule, or Security Rule, and only in connection with providing services to Covered Entity; provided that the use or disclosure would not violate the Privacy Rule, including 45 C.F.R. § 164.504(e), if the use or disclosure would be done by Covered Entity. 

3.2            Disclosures Required by Law.  Business Associate may use or disclose PHI only as Required By Law.

3.3            Impermissible Disclosures.  Business Associate may not use or disclose PHI in a manner that would violate Subpart E of 45 C.F.R. Part 164 if done by the Covered Entity.

4.1            Obligations.  Covered Entity shall:

                (a)            Provide Business Associate with the Notice of Privacy Practices that Covered Entity produces in accordance with the Privacy Rule, and any changes or limitations to such notice under 45 C.F.R. § 164.520, to the extent that such changes or limitations may affect Business Associate's use or disclosure of PHI.

                (b)            Notify Business Associate of any restriction on the use or disclosure of PHI that Covered Entity has agreed to or is required to comply with under 45 C.F.R. § 164.522, to the extent that such restriction may affect Business Associate's use or disclosure of PHI under this BAA.

                (c)             Notify Business Associate of any changes in or revocation of permission by an individual to use or disclose PHI, if such change or revocation may affect Business Associate's permitted or required uses and disclosures of PHI under this BAA.

4.2            Prohibited Requests.  Covered Entity shall not request Business Associate to use or disclose PHI in any manner that would not be permissible under the Privacy and Security Rule if done by Covered Entity, except as provided under Section 3 of this BAA.

4.3            Necessary Consents.  Covered Entity warrants that it has obtained any necessary authorizations, consents, and other permissions that may be required under applicable law prior to utilizing the Service to process or host PHI.

The parties agree and acknowledge that except as set forth herein, the indemnification obligations contained under the Underlying Agreement shall govern each party's performance under this BAA.  Notwithstanding the foregoing, nothing in this Section shall limit any rights that any of the indemnified parties may have to additional remedies under the Underlying Agreement or under applicable law for any acts or omissions of Business Associate or its agents or Subcontractors.

6.1            This BAA shall be in effect as of the Effective Date, and shall terminate on the earlier of the date that: 

                (a)            Either party terminates for cause as authorized under Section 6.2.

                (b)            All of the PHI received from Covered Entity, or created or received by Business Associate or its cloud service provider, is destroyed or returned to Covered Entity. If it is not feasible to return or destroy PHI, protections are extended in accordance with Section 6.3.

6.2            Upon either party's knowledge of material breach by the other party, the non-breaching party shall provide an opportunity for the breaching party to cure the breach or end the violation; or terminate the BAA. If the breaching party does not cure the breach or end the violation within a reasonable timeframe not to exceed thirty (30) days from the notification of the breach, or if a material term of the BAA has been breached and a cure is not possible, the non-breaching party may terminate this BAA and the Underlying Agreement, upon written notice to the other party.

6.3            Upon termination of this BAA for any reason, Business Associate and its cloud service provider, with respect to PHI received from Covered Entity, or created, maintained, or received by Business Associate on behalf of Covered Entity, shall:

                (a)            Retain only that PHI that is necessary for Business Associate or its cloud service provider to continue its proper management and administration or to carry out its legal responsibilities.

                (b)            Return to Covered Entity or, if agreed to by Covered Entity, destroy the remaining PHI that the Business Associate still maintains in any form.

                (c)             Continue to use appropriate safeguards and comply with Subpart C of 45 C.F.R. Part 164 with respect to ePHI to prevent use or disclosure of the PHI, other than as provided for in this Section 7, for as long as Business Associate retains the PHI.

                (d)            Not use or disclose the PHI retained by Business Associate other than for the purposes for which such PHI was retained and subject to the same conditions set out at paragraphs (2) and (3) above which applied prior to termination.

6.4            Return to Covered Entity or, if agreed to by Covered Entity, destroy any PHI retained by Business Associate when it is no longer needed by Business Associate for its proper management and administration or to carry out its legal responsibilities.

6.5            The obligations of Business Associate under this Section 6 shall survive the termination of this BAA.

7.1            The parties agree to take such action as is necessary to amend this BAA to comply with the requirements of the Privacy Rule, the Security Rule, HIPAA, ARRA, the HITECH Act, the Consolidated Appropriations Act, 2021 (CAA-21), the HIPAA Rules, and any other applicable law.

7.2            The respective rights and obligations of parties under Section 5 and Section 6 of this BAA shall survive the termination of this BAA.

7.3            This BAA shall be interpreted in the following manner:

                (a)            Any ambiguity shall be resolved in favor of a meaning that permits Covered Entity to comply with the HIPAA Rules.

                (b)            Any inconsistency between the BAA's provisions and the HIPAA Rules, including all amendments, as interpreted by the United States Department of Health and Human Services (the “HHS”), a court, or another regulatory agency with authority over the Parties, shall be interpreted according to the interpretation of the HHS, the court, or the regulatory agency.

                (c)             Any provision of this BAA that differs from those required by the HIPAA Rules, but is nonetheless permitted by the HIPAA Rules, shall be adhered to as stated in this BAA.

7.4            This BAA constitutes the entire agreement between the parties related to the subject matter of this BAA. This BAA supersedes all prior negotiations, discussions, representations, or proposals, whether oral or written. This BAA may not be modified unless done so in writing and signed by a duly authorized representative of both parties. If any provision of this BAA, or part thereof, is found to be invalid, the remaining provisions shall remain in effect.

7.5            This BAA will be binding on the successors and assigns of the Covered Entity and the Business Associate. However, this BAA may not be assigned, in whole or in part, without the written consent of the other party. Any attempted assignment in violation of this provision shall be null and void.

BioFire^® Syndromic Trends (Trend) Access. As part of the Service, bioMérieux may provide Customer with access to Syndromic Trends. 

Customer DIDS. As a condition of Customer’s continued access to Syndromic Trends, Customer will provide bioMérieux with a de-identified data set (“DIDS”). The process of de-identifying the information provided in the DIDS takes place within the portion of the Service installed on the Instrument (or theInstrument’s peripheral, as applicable) prior to transmission to bioMérieux and is intended to fully remove any and all Protected Health Information, as such termis defined in HIPAA, so that the de-identified information does not identify an individual and there is no reasonable basis to believe that the information can be used to identify an individual. Customer will be able to see and analyze its own DIDS through the Syndromic Trends reports and dashboard, but no other customer in the Syndromic Trends program or other third party will be able to identify a specific customer or its DIDS. Syndromic Trends is certified by anexpert as compliant with the de-identification standards defined by HIPAA.

License to DIDS. Customer grants BioFire a worldwide, non-exclusive, perpetual, irrevocable, fully paid-up, royalty free license to use the DIDS in accordance with the terms of this Schedule.

Aggregation. bioMérieux will aggregate the DIDS provided by Customer with DIDS provided by other customers to form an aggregate data set (the “ADS”). The ADS, and data derived from the ADS, are stored in secure locations. The process of creating ADS includes the removal of identifiers that could link any test data to the institution that provided it.

Additional Permitted Uses.

ADS Permitted Uses. bioMérieux may use the ADS for internal research and development purposes, as well as for commercial and/or publichealth purposes that support the continued understanding of pathogen and disease dynamics, including but not limited to, publishing the data derived from the ADS at www.syndromictrends.com.

DIDS Permitted Uses. bioMérieux will not use a Customer’s own DIDS for sales or marketing purposes without Customer’s prior written consent. bioMérieux may use a Customer’s DIDS for internal post- market surveillance and instrument monitoring, including but not limited to customer service activities, and research and development activities.

Third Party Contractors. bioMérieux may also partner with third party contractors and/or consultants (“Third Parties”) working on behalf of bioMérieux for research and development purposes. These Third Parties may receive access to DIDS in the scope of their work. Each Third Party will enter into an agreement with bioMérieux requiring them to: (i) agree to the same terms that apply to bioMérieux’s use and disclosure of participant data; (ii) promptly report prohibited uses, disclosures, or security incidents to bioMérieux; (iii) mitigate, to the extent practicable and as soon as possible, any harmful effect from a prohibited use, disclosure, or security incident that is known to the third party; and (iv) implementreasonable and appropriate safeguards to protect the confidentiality, integrity, and availability of the de-identified data and to prevent securityincidents.

bioMérieux Prohibited Uses. bioMérieux will not re-identify, attempt to re-identify, or make any effort to contact the individuals represented bythe de-identified data. bioMérieux will not aid any other party in re-identification efforts.

Customer Prohibit Uses. Customer will not use information obtained or generated as a result of its participation in Syndromic Trends for patient care or for diagnostic purposes.

Government Access. bioMérieux will make available to the Secretary of the Department of Health and Human Services all records requested by the Secretary or the Secretary’s designee. Neither bioMérieux nor Customer waives any attorney-client, accountant-client, or other legal privilege or confidentiality as a result of this Section.

Legally Required Disclosure. Nothing in this Agreement will prevent bioMérieux from disclosing Customer’s DIDS to the extent required pursuant to ajudicial or government request, requirement, or order. bioMérieux will notify Customer in writing at least 15 days before providing the de-identified data to any third party pursuant to any such request, requirement, or order, and will cooperate with Customer, as Customer reasonably requests, in seeking a protective order or limiting the effect of that disclosure.

Data Privacy. Both Parties will comply with applicable data protection laws with respect to their processing (if any) of the personal information they collect,transfer to or receive from the other Party, pursuant to the Agreement.

Customer represents and warrants that it serves a patient population of at least 2,000 persons.

Customer represents and warrants that Customer owns the DIDS that it discloses to bioMérieux under this Agreement and has obtained all consents and authorizations required to disclosure the DIDS to bioMérieux for the purposes set forth in this Agreement.