Effective Date: May 23rd, 2025
1. Terms and Acceptance
The following terms and conditions (the "Agreement") shall govern the purchase and resale of BodyBio, Inc. ("BodyBio") products ("Products") by the person or entity identified in the foregoing Authorization/Application ("Reseller").
Submission of the attached application (“Application") and/or purchase of BodyBio’s Products indicates Reseller's agreement to the exact terms and conditions of this Agreement. No additional terms or conditions proposed by Reseller will be accepted by BodyBio or become a part of this Agreement. This Agreement contains the entire agreement of the parties. Failure of either party to enforce any of its rights under this Agreement shall not constitute a waiver of such rights or any other rights. No amendment to this Agreement shall be binding unless approved in writing by BodyBio. BodyBio may approve or reject Reseller's Application for any or no reason, in its sole discretion. Neither of the parties is entering into this Agreement on the basis of any representations or promises not expressly contained herein or in the Application.
2. Services
Reseller represents that it has the experience, equipment and means to provide to resell BodyBio’s Products and will resell the Products in accordance with this Agreement in a professional manner in accordance with all applicable law, rules, regulation, orders or directives (collectively, “Applicable Law”) and BodyBio’s policies.
Reseller will not sell BodyBio Products (i) using inappropriate or illegal advertisements or claims in violation of the Federal Trade Commission Act, the Federal Drug and Cosmetic Act, or the Dietary Supplement Health and Education Act or the regulations under any of those Acts, the CAM SPAM ACT, or any other federal and state consumer protection laws, regulations and guidelines, (ii) using advertising on sites containing/promoting illegal activities, or (iii) in violation of BodyBio’s intellectual property rights or any provision of this Agreement.
Reseller may not resell BodyBio Products through participating website(s) that contain any viruses, time bombs, Trojan horses, worms, cancelbots, or other computer programming routines that are intended to damage, detrimentally interfere with, surreptitiously intercept or expropriate any system, data, or personal information, or could otherwise be considered malware, or spyware. Reseller agrees that it will not engage in “domain recovery” or “domain redirection” strategies where misspelled versions of BodyBio.com or derivatives are used to capture indirectly typed-in search queries that result in traffic routed through qualifying links. Reseller will not compose its website in an illegal manner designed to pull Internet traffic away from the BodyBio.com website. Reseller will not spend advertising dollars on the keywords BodyBio, or any other Product names owned by BodyBio that would interfere with BodyBio’s own marketing.
3. Compliance. Reseller agrees to the following:
(a) Reseller shall only use materials authorized and approved by BodyBio or which contain only statements about BodyBio’s Products that are identical to the statements made by BodyBio.
(b) Reseller will not remove, alter or replace BodyBio’s labels on its Products or repackage the Products in any manner.
(c) Reseller will observe and abide by all of BodyBio’s copyrights, trademarks, and the like and shall not reproduce any BodyBio materials, graphics, logos, etc. without prior approval.
(d) Reseller will comply with Company’s Adverse Event Reporting Policy described in paragraph 11 below.
(e) When promoting, discussing or recommending any BodyBio Product, Reseller will include the following disclaimers on any written materials (including, without limitation, ads, marketing materials, webinar or presentation materials, emails, texts and any social media post) and verbally recite the following disclaimer when speaking with any patient, interviewer, podcast host, telephone or webinar presentation:
The statements about this product have not been evaluated by the Food and Drug Administration. This means that the FDA has not reviewed or approved the Product for safety or efficacy.
This product is not intended to diagnose, treat, cure, or prevent any disease. This means that the Product cannot be used to diagnose, treat, cure, or prevent any medical condition.
(f) Reseller shall not:
(i) make or imply, whether written or verbal, false or misleading statement about any BodyBio Product;
(ii) publish or use any false or misleading advertisement (whether by direct statement or by implication) about a BodyBio Product;
(iii) make or imply, whether written or verbal, any Product claim without having adequate substantiation about the claim;
(iv) make or imply, whether written or verbal, any Product claim or statement that has not been pre-approved by BodyBio.
4. Privacy; Data Protection
Reseller is responsible for determining what laws, including data privacy laws, to which Reseller and its business are subject in all jurisdictions in which Reseller operates. Reseller shall ensure that all personally identifiable information is collected, protected, processed, stored, and destroyed in accordance with applicable Data Protection Laws. At no time will Reseller transmit any personally identifiable information of a person other any Reseller to BodyBio.
5. Payment Terms; Taxes
Payment shall be due and payable in full at the time of order. Reseller shall be responsible for paying all taxes due on each purchase or providing BodyBio with a valid resale certificate in each state in which resales of Products may be made.
Reseller is responsible for determining the applicability of tax laws depending on the location of its operations, the scope of its activity, and other applicable criteria. Reseller agrees to comply with all applicable tax laws, and Reseller agrees that it is solely responsible for any tax obligation arising from or in connection with the sale of any Products.
6. Delivery and Return of Products
(a) BodyBio will deliver Products by common carrier F.O.B. BodyBio's warehouse. Title and risk of loss shall transfer from BodyBio to Reseller upon delivery of the Product by BodyBio to a common carrier; provided that, until paid in full, BodyBio retains, and Reseller hereby grants BodyBio, a purchase money security interest in the Product. Reseller shall promptly perform all actions necessary for BodyBio to effect and perfect such security interest. BodyBio shall not be responsible for insuring any shipment during transit unless paid for in advance by Reseller.
(b) BodyBio will not ship to storage units, shipping stores, freight forwarders or co-working spaces/shared office spaces unless otherwise approved.
E-mail orders@bodybio.com for clarification.
(c) Products may be returned up to 60 days from the date you received it. After 60 days, Product returns will not be accepted. To return a Product, please follow the instruction in our US Return policy or UK Return policy as applicable.
7. Online Sales
Reseller shall not advertise, list, offer for sale, sell or distribute any Product via the Internet, except through Reseller's wholly-owned website operated in Reseller’s legal name or registered fictitious in compliance BodyBio Online Sales Guidelines, attached as Exhibit A, as BodyBio may amend from time to time. Without limiting the generality of the foregoing, Reseller shall not sell Product via any third-party websites, mobile applications, or online marketplaces (including Amazon.com, Walmart.com, Tik Tok and Ebay.com), and shall not advertise Product on the Internet except on Reseller's own website. Reseller shall not advertise using banner or pop-up advertisements, or using sponsored searches (e.g., Google AdWords, Yahoo! Search Marketing, or Bing Search Marketing).
8. Reseller/Distributor Resale Prohibited
Reseller shall not sell Product to anyone who Reseller suspects, knows, or reasonably should know, intends to resell or re-distribute the Product. Reseller shall only sell the Product in bona fide retail transactions to end users of the Products.
9. Minimum Advertised Pricing
Reseller acknowledges that it is subject to BodyBio's minimum advertised pricing policy, as may be updated from time to time, available at www.bodybio.com/map. This section is for informational purposes only. BodyBio’s MAP Policy is not an agreement between BodyBio and Reseller. BodyBio does not seek and will not accept any promise of compliance with its MAP Policy from any Reseller or other party.
10. Product Care, Customer Service, and Other Quality Controls
Reseller shall comply with all of BodyBio's quality controls, protocols, and instructions with respect to the Product, in order to maintain the quality of the Product, including the BodyBio Product Care, Customer Service, and Other Quality Controls, attached as Exhibit B, as may be updated from time-to-time by BodyBio.
11. Adverse Event Reporting
An adverse event is any adverse health outcome associated with the use of a dietary supplement. A serious adverse event is an adverse event that results in death, life-threatening illness or injury, inpatient hospitalization, a persistent or significant disability or incapacity, or a congenital anomaly or birth defect.
Reporting of Adverse Events
If Reseller becomes aware of an Adverse Event associated with the use of a dietary supplement manufactured, marketed, or distributed by BodyBio, they must report the event to BodyBio within 48 hours of becoming aware of the Adverse Event.
The information that must be reported to BodyBio includes: the identity of the person to whom the Adverse Event occurred; the identity of the person who reported the Adverse Event; the name of the suspect dietary supplement(s); and a description of the Adverse Event.
BodyBio will investigate all reports of Adverse Events and will determine any corrective actions that need to be taken. Reseller must assist BodyBio in obtaining any information needed to investigate the Adverse Event and report the event to the FDA.
BodyBio will maintain records of all Adverse Events reported and investigated. Records of Adverse Events will be kept for a period of at least six years. All records must be accessible to the FDA for review.
12. Injunctive Relief
The parties agree that breach of Sections 3, 4, 5, 6, 7, 8, 9 and 10 ("Sections") will irreparably harm BodyBio's brand reputation and goodwill. Accordingly, BodyBio shall have the right to seek injunctive or other equitable relief to prevent a breach or threatened breach of those Sections, without the necessity of posting a bond or other security.
13. Liquidated Damages
Reseller acknowledges that Sections 3-10 are necessary and proper in order to protect BodyBio's brand reputation and goodwill, and to preserve authorized resellers (including Reseller's) ability to make a reasonable margin on Product sales. Reseller agrees that if it violates the Sections, BodyBio will be damaged in an amount that will be difficult or impossible to ascertain. Accordingly, Reseller agrees to pay liquidated damages to compensate BodyBio for damages resulting from Reseller's breach of the Sections (the “Liquidated Damages”). The parties have made advance provision for Liquidated Damages to avoid controversy, delay and expense in the event of any breach of the Sections. Liquidated Damages shall be an amount equal to $200.00 for each separate breach for each day of breach. Each breach with respect to a Product shall be considered a separate breach for the purposes of this Section. For example, if Reseller is in breach with respect to three different Product for a period of 10 days, Reseller will be deemed to have committed 30 breaches and be subject to Liquidated Damages of $6,000.00. The Liquidated Damages are estimated based on the various damages that BodyBio expects to suffer upon any breach of these Sections, including lost sales; infringement of BodyBio's trademarks and other intellectual property; irreparable harm to BodyBio's business, customer relationships, goodwill and quality control procedures; and costs of investigating breaches. Reseller agrees that the Liquidated Damages are not a penalty and are reasonably estimated in light of the anticipated or actual harm that would be caused by a breach and the difficulty of proving the amount of loss and otherwise providing an adequate remedy to BodyBio.
14. Representations
Reseller's representations made in the Application and this Agreement are true and correct. Reseller shall promptly advise BodyBio if those representations are no longer true and correct, provided, that such notice shall not diminish or eliminate Reseller’s liability for misrepresentations made prior thereto.
Reseller shall not make any representations or warranties about BodyBio’s Products that are not expressly provided by BodyBio or that are in violation of rules, regulations, orders and directives of the Food and Drug Administration (“FDA”) and the Federal Trade Commission (“FTC”).
15. Independent Contractors
BodyBio's relationship with Reseller is that of an independent contractor. Nothing contained in this Agreement shall be construed to place the parties or their personnel in the relationship of employer and employee, partners, principal and agent, joint venturers or as an insurer or a representative of the other party to this Agreement. Reseller shall not have the authority to bind or obligate BodyBio nor shall Reseller hold itself out as having such authority.
16. Intellectual Property
All trademarks, trade dress, copyright and goodwill as they relate to the Products, as well as the packaging, image, merchandising and advertising materials related to the Products shall remain the sole and exclusive property of BodyBio and no rights thereto are granted to Reseller by virtue of this Agreement. Reseller shall have a personal, non-exclusive, non-assignable, non-sublicensable, non-transferable, revocable (by BodyBio at will) limited license to use BodyBio’s trademarks, trade dress, copyrights, packaging, image, merchandising and advertising materials related to the Products to resell the Products in accordance with this Agreement.
17. No Evaluation of Published Statements
Reseller acknowledges that no published statements about BodyBio’s Products have been evaluated by the FDA or any other government agency. None of BodyBio’s products are intended to diagnose, treat, cure, mitigate or prevent any disease and Reseller enters this Agreement with the understanding that BodyBio’s Products are not offered and will not be sold for such purposes.
The health information provided by BodyBio to Reseller is provided as an information resource only, and is not to be used or relied on for any diagnostic or treatment purposes. This information is not intended to be patient education, does not create any patient-physician relationship, and should not be used as a substitute for professional diagnosis and treatment.
Reseller will not represent, state, imply or suggest to any person that BodyBio’s Products have been evaluated by the FDA or other government agency or that BodyBio’s Products diagnose, treat, cure, mitigate or prevent any disease.
18. Disclaimer of Warranties
PROVIDED THE PRODUCT IS ONLY SOLD IN ACCORDANCE WITH THIS AGREEMENT. BODYBIO WARRANTS THAT THE PRODUCT WILL CONFORM TO THE cGMP REQUIREMENTS LISTED IN SECTION 8 OF NSF/ANSI 173. OTHERWISE, BODYBIO’S PRODUCTS ARE PROVIDED "AS IS" WITHOUT ANY WARRANTIES WHATSOEVER, WHETHER EXPRESS OR IMPLIED, INCLUDING, WITHOUT LIMITATION, ANY WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR ANY OTHER STATUTORY OR COMMON LAW WARRANTY.
19. Limitation of Liability
EXCEPT FOR RESELLER’S VIOLATIONS OF SECTIONS 3-9, AND RESELLER’S INDEMNIFICATION OBLIGATIONS IN SECTION 20, NEITHER PARTY SHALL BE LIABLE FOR ANY INDIRECT, INCIDENTAL, PUNITIVE, CONSEQUENTIAL, EXEMPLARY OR SPECIAL DAMAGES OF ANY NATURE WHATSOEVER, INCLUDING, WITHOUT LIMITATION, ANY SUCH DAMAGES ARISING FROM OR RELATING TO ANY BODYBIO PRODUCTS, EVEN IF SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, BODYBIO'S TOTAL LIABILITY ARISING OUT OF THIS AGREEMENT, REGARDLESS OF THEORY OF LIABILITY, SHALL BE LIMITED TO THE AMOUNT PAID BY RESELLER OR ITS CUSTOMER FOR THE PRODUCT GIVING RISE TO THE ALLEGED LIABILITY.
20. Termination; Suspension; Survival
This Agreement may be terminated by either party at any time, with or without reason, by giving the other party written notice of such termination. In lieu of termination, BodyBio may elect to suspend Reseller for breach until Reseller has cured such breaches to BodyBio's satisfaction. Upon termination or suspension of this Agreement, Reseller shall not be entitled to order additional Products from BodyBio and the limited license to sell BodyBio’s Products and use its intellectual property shall immediately cease. Those provisions that by their nature are intended to survive termination or expiration of this Agreement shall so survive.
21. Indemnification
Reseller agrees to indemnify and hold harmless BodyBio, its affiliates and their respective officers, directors, members, shareholders, employees and/or agents (collectively, “BodyBio Indemnitees”) from any claims of any kind whatsoever, including attorney fees and related expenses, in any manner caused by, arising from, incident to, or growing out of the negligence, malfeasance of Reseller, violation of this Agreement or any actual or alleged violation of Applicable Law by Reseller.
BodyBio may, at its election in its sole discretion, assume the exclusive defense and control of any matter otherwise subject to indemnification. BodyBio may participate in the defense of all claims as to which it does not assume defense and control, and Reseller will not settle any such claim without BodyBio's prior written consent.
22. No Reverse Engineering
Reseller agrees that it shall not reverse engineer, duplicate or copy the Products, nor have any Products reverse engineered, duplicated or copied by any third party for Reseller’s or any third party’s benefit.
23. Governing Law; Disputes
The laws of New Jersey, without giving effect to its principles of conflicts of law, govern any dispute arising in connection with this Agreement. Any proceeding arising out of this Agreement may be brought only in the state or federal courts of New Jersey, and each party hereby submits to the exclusive jurisdiction of those courts for purposes of any such proceeding. Reseller shall pay BodyBio's legal fees in connection with enforcing this Agreement.
24. Notices
All notices hereunder shall be in writing and shall be deemed to have been-given when hand delivered or mailed by registered or certified mail, to the address set forth on the Application, or to such addresses as the parties shall designate.
25. Assignment
Reseller's rights and/or obligations under this Agreement may not be transferred or assigned in any manner, to any other person or entity, without the written consent of BodyBio, which may be granted or withheld in its sole discretion.
26. Force Majeure
BodyBio will not be liable to Reseller by reason of any failure or delay in the performance of its obligations hereunder on account of shortages, riots, insurrection, fires, flood, storm, explosions, acts of God, war, governmental action, strikes, earthquakes, interruptions in telecommunications services or internet facilities, epidemics, pandemics or any other cause which is beyond the reasonable control of BodyBio.
BUSINESS ASSOCIATE AGREEMENT
1. Parties; Applicability
(a) Parties. This Business Associate Agreement (“BA Agreement”) is between Reseller (as defined in the Terms & Conditions for Healthcare Practitioners (“Covered Entity”) and BodyBio, Inc. (“Business Associate”).
(b) Applicability. The terms of this BA Agreement apply only if and to the extent a business associate relationship under HIPAA (as defined below) has been established between Covered Entity and Business Associate as to any business associate functions, activities or services provided by Business Associate to Covered Entity (“Services”).
(c) Effect. This BA Agreement amends, restates and replaces in its entirety any prior business associate agreement between Reseller and Business Associate relating to their compliance with health information privacy and security laws, including HIPAA, and constitutes the entire agreement between the parties with respect to the subject matter hereof.
2. Definitions
(a) Interpretation. The terms defined below are included for ease of reference and are intended to have the same meaning as provided under HIPAA. Other terms used but not otherwise defined in this BA Agreement are also intended to be defined and interpreted in accordance with HIPAA.
(b) “Breach” means, as defined in 45 CFR § 164.402, acquisition, access, use, or disclosure of PHI in a manner not permitted under 45 CFR Part 164 Subpart E which compromises the security or privacy of the PHI.
(c) “Designated Record Set” means, as defined in 45 CFR § 164.501, a group of records maintained by or for a covered entity that is, (i) the medical records and billing records about individuals maintained by or for a covered health care provider, or (ii) the enrollment, payment, claims adjudication, and case or medical management record systems maintained by or for a health plan, or (iii) used, in whole or in part, by or for a covered entity to make decisions about individuals. For purposes of this paragraph, the term “record” means any item, collection, or grouping of information that includes PHI and is maintained, collected, used, or disseminated by or for a covered entity.
(d) “DHHS” means the U.S. Department of Health & Human Services.
(e) “Electronic Protected Health Information” (also “E-PHI”) means, as defined in 45 CFR § 160.103, PHI that is transmitted by or maintained in electronic media.
(f) “HIPAA” means the federal Health Insurance Portability and Accountability Act of 1996 (“Original HIPAA”), as amended by the Health Information Technology for Economic and Clinical Health Act (“HITECH,” and collectively with Original HIPAA, the “HIPAA Statute”), along with regulations promulgated by the Secretary under the HIPAA Statute, including the “Privacy Rule” (45 C.F.R. Parts 160 and 164, Subparts A and E) and the “Security Rule” (45 C.F.R. Part 160 and 164, Subparts A and C), as amended by the “Omnibus Rule” (45 C.F.R. Part 160, Subparts A, B, C and D and Part 164, Subparts A and C), all as may be amended from time to time.
(g) “Protected Health Information” (also “PHI”) means, as defined in 45 CFR § 160.103, information that is a subset of health information, including demographic information collected from an individual, that (i) is created or received by a health care provider, health plan, employer or health care clearinghouse, (ii) relates to the past, present, or future physical or mental condition of an individual, the provision of health care to an individual, or the payment for the provision of health care to an individual, and (iii) either identifies an individual or there is a reasonable basis to believe that it could be used to identify an individual. For purposes of this BA Agreement, PHI is limited to that which Business Associate creates, receives, maintains, transmits or collects for or on behalf of Covered Entity.
(h) “Required by Law” means, as defined in 45 CFR § 164.103, a mandate contained in law that compels person to make a use or disclosure of PHI and that is enforceable in a court of law. Required by Law includes, but is not limited to, court orders and court-ordered warrants; subpoenas or summons issued by a court, a grand jury, a governmental or tribal inspector general, or an administrative body authorized to require the production of information; civil or authorized investigative demands; Medicare conditions of participation with respect to health care providers participating in the program; and statutes or regulations that require the production of information, including statutes or regulations that require such information if payment is sought under a government program providing public benefits.
(i) “Secretary” means, as defined in 45 CFR § 160.103, the Secretary of the DHHS or any other officer or employee of the department to whom the authority involved has been delegated.
(j) “Security Incident” means, as defined in 45 CFR § 164.304, the attempted or successful unauthorized access, use, disclosure, modification or destruction of information, or interference with system operations in an information system.
(k) “Subcontractor” means, as defined in 45 CFR § 160.103, a person to whom Business Associate delegates a function, activity, or service, other than in the capacity of a member of the workforce of Business Associate.
(l) “Unsecured PHI” means, as defined in 45 CFR § 164.402, PHI that is not rendered unusable, unreadable, or indecipherable to unauthorized persons through the use of a technology or methodology specified by the Secretary.
3. Permitted Uses and Disclosures of PHI
(a) Performance of Services. Except as otherwise prohibited or limited by any applicable law, rule or regulation, Business Associate may use or disclose PHI to perform the Services for or on behalf of Covered Entity, provided that (i) such use or disclosure involves only the minimum amount of PHI as is necessary for such performance, and (ii) the use or disclosure would not violate HIPAA if done by Covered Entity.
(b) Subcontractors. Business Associate may disclose PHI to a business associate (as defined in 45 CFR § 160.103) that is a Subcontractor and may permit such Subcontractor to create, receive, maintain or transmit PHI on its behalf, but only if Business Associate enters into a written business associate agreement with the Subcontractor that satisfies the requirements of 45 CFR § 164.314(a) and § 164.504(e).
(c) Management, Administration and Legal Responsibilities. Business Associate may use PHI as is necessary for the proper management and administration of Business Associate or for Business Associate to perform its legal obligations. Business Associate may disclose PHI for such purposes, but only if (i) the disclosure is Required by Law, or (ii) Business Associate obtains reasonable assurances from the person to whom the information is disclosed that it will be held confidentially and used or further disclosed only as Required by Law or for the purposes for which it was disclosed to the person, and the person notifies Business Associate of any breach of confidentiality concerning such information of which it is aware.
(d) Data Aggregation Services; De-Identification. Business Associate may use PHI to provide data aggregation services to Covered Entity relating to the health care operations of Covered Entity as permitted by 45 CFR § 164.504(e)(2)(i)(B). Business Associate may use PHI to create information that is de-identified in accordance with 45 CFR §164.514, and thereafter own, use and disclose de-identified data for any purpose permitted under applicable law.
(e) Reporting. Business Associate may use PHI to report violations of law to appropriate federal and state authorities, consistent with 45 CFR § 164.502(j)(1).
4. Responsibilities of the Parties with Respect to PHI
(a) Obligations of Business Associate. Business Associate shall:
(i) not use or disclose PHI other than as permitted or required under this BA Agreement, or as Required by Law.
(ii) use appropriate administrative, physical and technical safeguards and comply with the applicable requirements of Subpart C of 45 CFR Part 164 with respect to E-PHI to prevent the use or disclosure of PHI other than as provided for in this BA Agreement.
(iii) comply with the applicable requirements of Subpart E of 45 CFR Part 164. If and to the extent that Business Associate, in providing the Services, is carrying out one or more of Covered Entity’s obligations under Subpart E of 45 CFR Part 164, Business Associate shall comply with the requirements of Subpart E that apply to Covered Entity in the performance of such obligations.
(iv) ensure that any Subcontractors that create, receive, maintain or transmit PHI, including any E-PHI, on behalf of Business Associate agree to comply with the applicable requirements of Subpart C and Subpart E of 45 CFR Part 164, and that each Subcontractor enters into a business associate agreement with Business Associate under which each Subcontractor agrees to the same restrictions and conditions that apply to Business Associate with respect to PHI.
(v) report to Covered Entity within a reasonable period of time after Business Associate’s discovery of any use or disclosure of PHI not permitted by this BA Agreement, as well as any successful Security Incident. This paragraph constitutes notice by Business Associate to Covered Entity of the ongoing existence and occurrence of attempted but Unsuccessful Security Incidents (as defined below) for which no additional notice to Covered Entity shall be required. “Unsuccessful Security Incidents” shall include, but not be limited to, pings and other broadcast attacks on Business Associate’s firewall, port scans, unsuccessful log-on attempts, denials of service and any combination of the above, so long as no such incident results in a Breach of Unsecured PHI.
(vi) following its discovery of a Breach of Unsecured PHI, notify Covered Entity of the Breach without unreasonable delay and in no case later than sixty (60) days after discovery of the breach, and satisfy its other obligations under 45 CFR § 164.410. A Breach is deemed discovered by Business Associate as of the first day on which it is known to Business Associate or to any person, other than the person committing the Breach, who is an employee, officer or other agent of Business Associate, or, by exercising reasonable diligence, would have been known to Business Associate or such person.
(vii) mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of PHI by Business Associate in violation of the requirements of this BA Agreement or of a Breach of Unsecured PHI.
(viii) to the extent Business Associate maintains PHI in a Designated Record Set, provide access to PHI in a Designated Record Set to Covered Entity in order for Covered Entity to meet its access obligations under 45 CFR § 164.524.
(ix) to the extent Business Associate maintains PHI in a Designated Record Set, make PHI available to Covered Entity to meet its amendment obligations under 45 CFR § 164.526 and incorporate any such amendments to PHI in its possession.
(x) make available to Covered Entity information required in order for Covered Entity to provide an accounting of disclosures of PHI as required under 45 CFR § 164.528.
(xi) make its internal practices, books and records relating to the use and disclosure of PHI received from, or created or received by Business Associate on behalf of, Covered Entity to the DHHS for purposes of determining the Covered Entity’s compliance with Subpart D of 45 CFR Part 164.
(b) Obligations of Covered Entity. Covered Entity shall:
(i) comply with all applicable provisions of HIPAA. Without limiting the generality of the foregoing, Covered Entity shall use appropriate administrative, physical and technical safeguards and comply with the applicable requirements of Subpart C of 45 CFR Part 164 with respect to E-PHI to prevent the use or disclosure of PHI in violation of HIPAA.
(ii) notify Business Associate of any limitations in its notice of privacy practices in accordance with 45 CFR § 164.520, to the extent that such limitation may affect Business Associate’s use or disclosure of PHI.
(iii) notify Business Associate of any changes in, or revocation of, permission by an individual to use or disclose PHI, to the extent that such changes may affect Business Associate’s use or disclosure of PHI.
(iv) notify Business Associate of any restriction to the use or disclosure of PHI that Covered Entity has agreed to in accordance with 45 CFR § 164.522, to the extent that such restriction may affect Business Associate’s use or disclosure of PHI.
5. Term and Termination
(a) Term. This BA Agreement is effective as of the earlier of the first date Covered Entity places an order for Business Associate products on behalf of its patient or the date Covered Entity electronically accepts and agrees to this BA Agreement. This BA Agreement continues until terminated as set forth below.
(b) Termination. If either party knows of a breach of this BA Agreement or a pattern of activity or practice of the other party that constitutes a material breach or violation of this BA Agreement or HIPAA, then the non-breaching party shall provide written notice to the other party of the breach or violation that specifies the nature of the breach or violation. The breaching party must cure the breach or end the violation on or before thirty (30) days after receipt of the written notice. In the absence of a cure reasonably satisfactory to the non-breaching party, the non-breaching party may do the following: (i) if feasible, terminate this BA Agreement and the Services of Business Associate to Covered Entity; or (ii) if termination of this BA Agreement or termination of the Services is not feasible, report the breach to the Secretary. This BA Agreement automatically terminates upon termination of Services to Covered Entity or if HIPAA is no longer applicable to the parties.
(c) Upon Termination. Within sixty (60) days after termination of this BA Agreement, Business Associate shall return to Covered Entity or destroy, if Business Associate determines it is feasible to do so, all PHI in its possession and shall require its Subcontractors to do so. If Business Associate determines return or destruction is not feasible, Business Associate shall extend the protections of this BA Agreement to the PHI in its possession and limit further uses and disclosures to those purposes that make the return or destruction of the PHI infeasible.
6. Limitation of Liability
NEITHER PARTY SHALL BE LIABLE FOR ANY INDIRECT, INCIDENTAL, PUNITIVE, CONSEQUENTIAL, EXEMPLARY OR SPECIAL DAMAGES OF ANY NATURE WHATSOEVER, INCLUDING, WITHOUT LIMITATION, ANY SUCH DAMAGES ARISING FROM OR RELATING TO ANY BREACH OF UNSECURED PHI, EVEN IF SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. BUSINESS ASSOCIATE'S TOTAL LIABILITY ARISING OUT OF THIS BA AGREEMENT, REGARDLESS OF THEORY OF LIABILITY, SHALL BE LIMITED TO THE AMOUNT OF TWENTY-FIVE THOUSAND DOLLARS.
7. Miscellaneous
(a) Independent Contractors. The parties are independent contractors. Nothing in this BA Agreement will be deemed or construed as creating the relationship of employer and employee, principal and agent, partners, joint ventures, or any similar relationship, between the parties. There are no third-party beneficiaries to this BA Agreement.
(b) Benefit. This BA Agreement is binding upon and inures to the benefit of the parties hereto and their successors and permitted assigns.
(c) Paragraph Headings; Benefit; Amendment; Waiver; Severability. The paragraph headings in this BA Agreement are solely for convenience or reference and are not intended to affect its interpretation. This BA Agreement may not be modified, nor may any provision hereof be waived or amended, except in a writing duly signed by authorized representatives of the parties. A waiver with respect to one event may not be construed as continuing, or as a bar to or waiver of any right or remedy as to subsequent events. If any provision of this BA Agreement or the application thereof to any person or circumstance is found, for any reason or to any extent, to be invalid or unenforceable by a court of competent jurisdiction or government agency with the authority to make such a finding, the remainder of this BA Agreement and the application hereof to any person or circumstance will not be affected thereby, but rather, the remainder of this BA Agreement will be enforced to the greatest extent permitted by law.
(d) Assignment. Covered Entity may not assign this BA Agreement or its rights and obligations hereunder to any person, without the written consent of Business Associate, which may be granted or withheld in its sole discretion. Business Associate may assign this BA Agreement and its rights and obligations hereunder to an affiliate or successor (whether by merger, acquisition, operation of law or otherwise).
(e) Notices. All notices hereunder shall be in writing and shall be deemed to have been given when hand delivered or mailed by registered or certified mail, to Covered Entity at the address in Business Associate’s records and to Business Associate at its corporate office address, or to such other address as a party may provide to the other party pursuant to this paragraph.
(f) Governing Law; Jurisdiction. The laws of New Jersey, without giving effect to its principles of conflicts of law, govern any dispute arising in connection with this BA Agreement. Any proceeding arising out of this BA Agreement may be brought only in the state or federal courts of New Jersey, and each party hereby submits to the exclusive jurisdiction of those courts for purposes of any such proceeding. Covered Entity shall pay Business Associate’s legal fees in connection with enforcing this BA Agreement.
(g) Force Majeure. Business Associate will not be liable to Covered Entity by reason of any failure or delay in the performance of its obligations hereunder on account of shortages, riots, insurrection, fires, flood, storm, explosions, acts of God, war, dlx action, strikes, earthquakes, interruptions in telecommunications services or internet facilities, epidemics, pandemics or any other cause which is beyond the reasonable control of Business Associate.
(h) Regulatory References. A reference in this BA Agreement to a section in HIPAA means the section as in effect or as amended from time to time.
(i) Survival. Section 5(c), Section 6 and Section 7 survive termination of this BA Agreement.
