Thank you for retaining LooperRoom, Inc., a California corporation with its principal place of business at 100 Bayview Circle, Ste. 560, Newport Beach, CA 92660

Services

LR grants to Client a one-year subscription which includes access to LooperRoom Connect, a proprietary interactive technology system for supporting your therapists and their patients.

The subscription will include the following:

• A one-time training of your selected staff to support installation and setup of the application.
• Periodic and ongoing support from LR for usage of the application.
• Access to the application hub for therapists.
• Access to the patient hub for patients.
• Access to LooperRoom Connect
• One-time setup training to support staff

 

Services Fees and Expenses

Professional fees and expenses are due and payable under this Letter for the Services outlined above. All invoices are due and payable thirty days after presentation. Your invoice will be sent by LooperRoom, Inc.

If travel or additional expenses are required to provide the Services, LR will invoice reasonable and customary approved out-of-pocket expenses related to this engagement either as incurred or in the next scheduled invoice.

LR shall issue all invoices due under this Letter to the following individual and e-mail address of the Client:

 

Term, Renewal and Termination

This annual subscription includes one year of Services as laid out herein. LR will begin providing the Services on Subscription Purchase date and the term will end when Subscription End date has passed or Subscription payment has not been paid. Unless terminated by you in writing at least 30 days before the expiration of the term, the subscription will automatically renew for another year to ensure continuity of support.

Please find attached the Terms and Conditions of Service (the “Terms”) and the Business Associate

Agreement (the “BAA”), both of which are incorporated here govern this Agreement.  The Agreement, the Terms, and the BAA together form the contractual basis of our engagement and supersede all prior written or oral agreements and undertakings with respect to this subject matter. 

Please indicate your understanding and agreement to the Terms and the Letter by signing below and returning a copy via e-mail.  This Letter may be executed electronically and in one or more counterparts.

 

Exhibit A: Terms and Conditions of Service

Exhibit B: Business Associate Agreement

 

 EXHIBIT A LOOPERROOM, INC. TERMS AND CONDITIONS OF SERVICE

 

ARTICLE 1  SERVICES

1.1 Access to Services. Subject to compliance of its obligations by the Client, LR shall provide (i) access to the Services specified in the Agreement to Client and (ii) if Reports are expressly offered by LR, in its sole discretion, to Client, a limited, non-exclusive, non-sublicensable, non-transferable license during the Subscription Term of the Agreement to Reports solely for its internal business purposes. Client must acknowledge receipt of the applicable Terms prior to using the applicable Services and must remain in compliance with the applicable Terms while using the Services. 

1.2 Access Restrictions. Client shall not and shall not permit or authorize any third party to, directly or indirectly: (i) copy, rent, sell, lease, sublicense, assign (other than as permitted in Article 9), or otherwise transfer or encumber rights to the Services; (ii) reverse engineer, modify, translate, enhance, decompile, disassemble, or create derivative works based on the Services; (iii) access or use the Services for the purpose of building a competitive product or service or copying its features or user interface; (iv) remove, alter, or obscure any copyright, trademark or other proprietary notices appearing in or on the Services; or (v) use the Services in a manner that overburdens, or that threatens the integrity, performance, or availability of, the Services.

ARTICLE 2  OWNERSHIP

2.1 Ownership of Intellectual Property. Each party owns and retains all right, title, and interest in and to all Intellectual Property Rights that it owned or developed prior to the Effective Date or acquired or developed after the Effective Date without reference to or use of the Intellectual Property Rights of the other party.  Notwithstanding the foregoing, as between the parties, LR owns all right, title, and interest, including all Intellectual Property Rights in the Services, Reports, and any other information, program, or marketing materials provided by LR to Client.

2.2 Client Data. Client owns all Client Data. Client hereby grants LR a non-exclusive, royalty-free license to: (i) use the Client Data to perform LR’s obligations under this Agreement; (ii) comply with Client’s instructions; and (iii) aggregate and de-identify the Client Data solely for the purpose of providing, developing, improving, or reporting on the Services, including creating derivative works.

2.3 Marks. LR may use Client Marks, and Client hereby does provide LR with the necessary rights and licenses, to use Client’s name and logo on the LR’s website, blog, or in marketing materials, including case studies and press references, to identify Client as a customer.

ARTICLE 3  CONFIDENTIALITY

3.1 Use of Confidential Information. Each party agrees to use the Confidential Information of the other party only to exercise rights and fulfill its obligations under this Agreement. Each party will only disclose any Confidential Information disclosed to it by the other party to those employees, consultants, agents, representatives, and contractors who have a need to know such Confidential Information and who are bound to retain the confidentiality thereof under provisions (including, without limitation, provisions relating to nonuse and nondisclosure) materially the same as those required by such party for its own Confidential Information.  Each party will take all reasonable measures to maintain the confidentiality of all Confidential

Information of the other party in its possession or control, which will in no event be less than the measures it uses to maintain the confidentiality of its own information of similar importance.

3.2 Exclusions. The provisions in Section 3.1 will not apply to Confidential Information that:  (i) is in or enters the public domain without breach of this Agreement; (ii) the receiving party lawfully receives from a third party without restriction on disclosure and without breach of a nondisclosure obligation; (iii) the receiving party rightfully knew prior to receiving such information from the disclosing party and is free of confidentiality obligations; or (iv) is independently developed by the receiving party without the use of or reference to the Confidential Information of the disclosing party. Either party may disclose Confidential Information of the other party (a) pursuant to an order or requirement of a court, administrative agency, or other governmental body of competent jurisdiction, provided that the disclosing party gives reasonable notice to the other party to contest such order or requirement and (b) on a confidential basis to its legal or financial advisors.

ARTICLE 4  FEES 

4.1 Payment. Client shall pay LR the fees set forth in the Agreement, which are non-refundable. LR shall charge and collect a service fee on any unpaid, past-due amount equal to the lesser of 1.5% per month or the highest interest rate legally permitted. Client will reimburse LR for all reasonable collection expenses, including reasonable attorneys’ fees and court costs, for delinquent amounts. LR reserves the right to suspend or terminate access to the Services for non-payment of fees.

4.2 Taxes. Other than net income taxes imposed on LR, Client is responsible all Taxes resulting from this Services provided under this Agreement. 

ARTICLE 5  TERM

5.1 Term. The term of this Agreement commences on the Effective Date and continues as long as there are Services being provided. 

5.2 Termination for Cause. Either party may terminate this Agreement for a material breach if the breaching party does not cure such breach within 30 days of written notice detailing the material breach.

5.3 Effect of Termination. Upon the termination of the Agreement, Client and Client’s patients will no longer have access to the Services, including any Services purchased during the term of the Agreement but were unused. Upon written request, each party shall return or destroy all copies of Confidential Information of the other party in its possession or control. All paragraphs herein relating to confidentiality, indemnification, limitation of liability, notices, survival, assignment, and governing law shall survive the expiration or early termination of this Agreement.

ARTICLE 6  WARRANTIES AND DISCLAIMERS

6.1 Mutual Warranties. Each party represents and warrants to the other party that: (i) this Agreement has been duly executed and delivered and constitutes a valid and binding agreement enforceable against such party in accordance with its terms and (ii) no authorization or approval from any third party is required to perform and fulfill its obligations under this Agreement.

6.2 Services Warranties. LR warrants that the Services shall substantially conform to any specifications in the Agreement. The entire liability of LR, and Client’s exclusive remedy for any breach of this warranty, shall be for LR to use commercially reasonable efforts to correct any such non-conformance which has been properly reported by Client to LR in writing within 60 days of delivery of the affected Services.

6.3 Compliance. In the performance of this Agreement, each party will comply with Applicable Law, including privacy laws and regulations governing such party and its data privacy practices. Client represents, warrants, and covenants that it has complied and will comply with Applicable Law in connection with its processing of the Client Data and has provided all notices, and obtained all rights and permissions required under Applicable Law as may be necessary for each party to process the Client Data and provide the Services as contemplated by this Agreement.

6.4 Disclaimer. EXCEPT AS EXPRESSLY SET FORTH HEREIN, THE SERVICES SHALL BE PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS WITHOUT FURTHER WARRANTIES OF ANY KIND. TO THE EXTENT PERMITTED UNDER APPLICABLE LAW, LR EXPRESSLY DISCLAIMS ANY AND ALL OTHER EXPRESS OR IMPLIED WARRANTIES, REPRESENTATIONS, CONDITIONS, AND GUARANTEES WITH RESPECT TO THE SERVICES, INCLUDING WITHOUT LIMITATION, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, NON-INFRINGEMENT, WARRANTIES

IMPLIED FROM A COURSE OF DEALING OR COURSE OF PERFORMANCE OR USAGE OF TRADE, OR THAT THE SERVICES AND ANY OTHER INFORMATION PROVIDED BY LR ARE OR WILL BE SECURE, ERROR-FREE, OR UNINTERRUPTED.

ARTICLE 7  INDEMNIFICATION 

7.1 LR Indemnification. LR shall indemnify, defend, and hold harmless the Client from and against any and all Claims, and will pay for the corresponding costs and damages finally awarded against Client to a third party by a court of competent jurisdiction, which may arise by reason of the Services infringing of a third party’s Intellectual Property Rights; provided, however, LR shall not have an indemnification obligation to the extent the Claim arises in whole or in part from: (i) the use or combination of the Services with any hardware, software, products, processes, data, or other materials not provided by LR, including Client’s own systems and data; (ii) modification or alteration of the Services by anyone other than LR; or

(iii) Client or any Client’s patient misuse of the Services or use of the Service in excess of the rights granted in the Agreement (collectively, the “Excluded Claims”).

7.2 Client Indemnification. Client shall indemnify, save and hold harmless LR, its subsidiaries, affiliates, related entities, partners, agents, officers, directors, employees, successors and assigns, and each of them, from and against any and all Claims, and will pay for the corresponding costs and damages finally awarded against LR to a third party by a court of competent jurisdiction, which may arise by reason of: (i) the Excluded Claims; (ii) Client’s breach of this Agreement or any breach of the Terms by Client’s patient; and

(iii) any allegation that the Client Data or other content or information provided by Client infringes, misappropriates, or violates the rights of a third party or violates Applicable Law; or (iv) any Claim by a Patient related to the therapeutic services you are providing or have provided to them.

7.3 Notice. Each party seeking indemnification will give the indemnifying party prompt written notice of any Claim as to not prejudice the indemnifying party. The indemnitor shall have sole control of the defense of any such Claim with all assistance, information and authority reasonably required from indemnitee; provided, (i) indemnitee shall also have the right to provide its own defense at its own expense and (ii) the indemnitor shall not settle any Claim without the indemnitee’s consent unless the settlement does not bind indemnitee to pay any monetary amounts or admit any wrongdoing. 

ARTICLE 8  LIMITATION OF LIABILITY

8.1 No Consequential Damages. To the fullest extent permitted under applicable law, LR shall not be liable for any incidental, consequential, indirect, or special damages, lost business or anticipated savings, lost profits, lost data, lost goodwill, whether foreseeable or not, arising out of or in connection with the Services or the Agreement even if such party has been advised, knew, or should have known, of the possibility of such damages and regardless of the form of action, whether in contract or in tort, including negligence and strict liability. 

8.2 Aggregate Cap on Damages. To the fullest extent permitted under applicable law and regardless of the form of action, whether in contract or in tort, including negligence and strict liability, LR’s total liability, if any, for any and all claims arising out of or in connection with the Agreement shall not exceed the total fees (excluding taxes) paid or payable by Client under the Agreement over the last six (6) months.  

ARTICLE 9  MISCELLANEOUS

9.1 Notices. All notices, requests, demands, and other communications required or permitted to be given pursuant to the Agreement must be in writing and shall be (i) delivered to the appropriate address by hand, by nationally recognized overnight service (costs prepaid), (ii) sent by email, or (iii) sent by registered or certified mail, return receipt requested.  Notices shall be deemed received immediately if by email or upon two business days after being deposited by registered or certified mail.  The addresses for notices shall be as set forth in the Agreement. 

9.2 Force Majeure. Neither party shall be liable to the other for its failure to perform any of its obligations under this Agreement, except for payment obligations, during any period in which such performance is rendered commercially impracticable, illegal, or impossible due to circumstances beyond its reasonable control, including without limitation earthquakes, governmental regulation, fire, flood, labor difficulties, epidemic, pandemic, civil disorder, acts of terrorism and acts of God, provided that the party experiencing the delay promptly notifies the other party of the delay. The party experiencing the force majeure event will use commercially reasonable efforts to mitigate the effects of the same.

9.3 Assignment. Client may not assign this or transfer this Agreement by operation of law or otherwise without the prior written consent of LR, which shall not be unreasonably withheld.

9.4 Independent Contractor; Third-party Beneficiaries. LR’s relationship with Client will be that of an independent contractor and nothing contained herein shall be construed to constitute the Client and LR as partners, joint venturers, co-owners, or otherwise as participants in a joint or common undertaking. Nothing set forth in this Agreement is intended to or will be construed to confer any rights or remedies upon any individual, corporation, or other entity that is not a party to this Agreement.

9.5 Jurisdiction, Venue, Choice of Law. All disputes will be resolved exclusively in the state or federal courts located in Orange County, California, without a jury, and each party waives the right to a jury trial and consents to the personal jurisdiction of those courts. The Agreement will be construed under and be governed by the laws of the state of California, without giving effect to conflicts of laws or choice of law principles.

9.6 Changes. This Agreement, or any part thereof, may be modified by LR, including the addition or removal of terms at any time, and such modifications, additions, or deletions will be effective immediately upon posting. Client’s continued use of the Services after such posting shall be deemed to constitute acceptance by you of such modifications, additions, or deletions.

9.7 Entire Agreement. This Agreement represents the entire understanding of the parties superseding all prior communications whether written or oral and any modification of this Agreement shall not be effective unless contained in writing and signed by both parties. Each provision of the Agreement shall be considered severable such that if any single provision or clause conflicts with existing or future applicable law or may not be given full effect because of such law, it shall not affect any other provision of the Agreement which shall be given effect without the conflicting provision or clause.

9.8 Amendments. This Agreement may be amended only in writing signed by the parties. 

9.9 Execution. This Agreement may be executed in counterparts (including by facsimile or PDF), each of which shall be deemed an original and all of which together shall continue one and the same instrument.

9.10. Cumulative Remedies. The rights and remedies in this Agreement are cumulative and in addition to any other remedies available at law or equity.

9.11 Severability. If any provision of this Agreement is determined to be invalid or unenforceable, it will be deemed modified to the minimum extent necessary to be valid and enforceable. If it cannot be so modified, it will be deleted without affecting any other provision unless, as a result, either party’s rights are materially diminished, or obligations and burdens are materially increased, so as to be unjust or inequitable.

ARTICLE 10  DEFINITIONS

“Affiliate” means an entity that directly or indirectly, owns or controls, is owned or is controlled by or is under common ownership or control with a party. As used herein, “control” means the power to direct the management or affairs of an entity, and “ownership” means the beneficial ownership of fifty percent (50%) or more of the voting equity securities or other equivalent voting interests of the entity.

“Applicable Law” means all laws and regulations including state and federal laws and regulations, judicial or administrative orders, and ordinances applicable to a party.

“Claim” means claims, actions, demands, losses, damages, judgments, settlements, costs, and expenses (including reasonable attorneys’ fees and expenses), and liabilities of every kind and character whatsoever, filed by a third party.

“Client Data” means identifying data of Client’s patients provided by Client to LR for the purpose of providing the Platform Services.

“Confidential Information” means (i) commercial business or technical information of either party, including but not limited to information relating to either party’s product plans, security information, customers, designs, costs, product prices, and names, finances, marketing plans, business opportunities, research, development, or know-how and (ii) any information expressly designated in writing by either party as “confidential” or “proprietary”.

“Effective Date” means the date Client completed the payment for the Platform Services.

“Intellectual Property Rights” means all patent rights, copyrights, mask work rights, trade secret rights, sui generis database rights, moral rights, trade secrets, rights to know-how, data and other confidential information, and all other intellectual and industrial property rights of any kind anywhere in the universe (whether or not registered or perfected or patentable), together with all applications for or to register any of the foregoing and any rights to renew, extend or otherwise improve any of the foregoing.

“Marks” means trademarks, service marks, logos, and other brands.

“Patient” means a Patient of Client that has been designated by Client as eligible to use the Services.

“Platform Services” means collectively (i) access to the LR mobile application and related websites that provide a variety of content and (ii) content accessed from such application or website.

“Professional Services” means consulting, customization work, implementation, or other professional services described in the Agreement or any other writing signed by the parties.

“Reports” means documents, written summaries, and presentations summarizing aggregated usage of the Platform Services by Client’s patients.

“Services” means Professional Services and Platform Services.

“Subscription Term” means the period described in the Agreement.

“Taxes” mean local, state, federal or foreign taxes, levies, duties, and other governmental charges, including value-add, use, or withholding taxes.

“Terms” mean any terms of use governing use of the Services on looperroom.com or within the Platform Services, as updated from time to time in LR’s sole discretion.

             

EXHIBIT B BUSINESS ASSOCIATE AGREEMENT

This Business Associate Agreement (“BAA”) is made and entered into as of the effective date of the underlying Agreement (the “Effective Date”) by and between COMPANY NAME (the “Covered Entity”) and LooperRoom, Inc., a California corporation (“Business Associate”), in furtherance of the obligations of Covered Entity to comply with certain provisions of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), and such rules and regulations as may be lawfully promulgated thereunder by the Department of Health and Human Services (“HHS”) that relate to the security and privacy of individually identifiable health information. In consideration of the covenants, conditions, representations, warranties and restrictions set forth herein, the parties agree as follows:

1. Definitions. Terms used, but not otherwise defined in this Section 1 or otherwise in this Agreement, shall have the same meaning as those terms in the Privacy Rule, Security Rule, and HITECH Act.
   1. “Agent” has the meaning determined in accordance with the federal common law of agency.
   2. “Agreement” shall refer to that certain Provider Services Agreement between the Covered Entity and Business Associate.
   3. “Breach” has the same meaning as the term “breach” in 45 CFR §164.402.
   4. “Business Associate” shall generally have the same meaning as the term “business associate” at 45 CFR 160.103, and in reference to the party to this agreement, shall mean LooperRoom, Inc.
   5. “Covered Entity” has the meaning set forth in the introductory paragraph above and as set forth at 45 CFR 160.103.
   6. “Data Aggregation” has the same meaning as the term “data aggregation” in 45 CFR §164.501.
   7. “Designated Record Set” has the same meaning as the term “designated record set” in 45 CFR §164.501.
   8. “Electronic Health Record” has the same meaning as the term in Section 13400 of the HITECH Act.
   9. “Health Care Operations” has the same meaning as the term “health care operations” in 45 CFR §164.501.
   10. “HITECH Act” means the Health Information Technology for Economic and Clinical Health Act, part of the American Recovery and Reinvestment Act of 2009 (“ARRA” or “Stimulus Package”), specifically DIVISION A: TITLE XIII Subtitle D—Privacy, and its corresponding regulations as enacted under the authority of the Act.
   11. "Individual" has the same meaning as the term "individual" in 45 CFR §160.103 and shall include a person who qualifies as a personal representative in accordance with 45 CFR §164.502(g).
   12. "Privacy Rule" means the Standards for Privacy of Individually Identifiable Health Information at 45 CFR Part 160 and Part 164, Subparts A and E.
   13. "Protected Health Information" has the same meaning as the term "protected health information" in 45 CFR §160.103, limited to the information created, received, maintained or transmitted by Business Associate on behalf of Covered Entity.
   14. "Required by Law" has the same meaning as the term "required by law" in 45 CFR §164.103.
   15. "Secretary" means the Secretary of the Department of Health and Human Services or his or her designee.
   16. “Security Rule” means the Standards for Security of Electronic Protected Health Information at 45 C.F.R. parts §160 and §164, Subparts A and C.
   17. “Subject Matter” means compliance with the Privacy and Security Rules, and with the HITECH Act, and its corresponding regulations.
   18. “Unsecured Protected Health Information” has the same meaning as the term “unsecured protected health information” in 45 CFR §164.402. In the event of a conflict between this BAA and any other agreement between the parties, this BAA shall control.
2. Obligations and Activities of Business Associate.
   1. Business Associate agrees to not use or disclose Protected Health Information other than as permitted or required by this Agreement or as Required by Law.
   2. Business Associate agrees to use appropriate safeguards to prevent any use or disclosure of Protected Health Information except where otherwise provided by this BAA. Business Associate further agrees to implement administrative, physical and technical safeguards that reasonably and appropriately protect the confidentiality, integrity and availability of any electronic Protected Health Information, as provided for in the Security Rule and as mandated by Section 13401 of the HITECH Act.
   3. Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of Protected Health Information by Business Associate in violation of the requirements of this BAA. Business Associate further agrees to report to Covered Entity any use or disclosure of Protected Health Information not provided for by this BAA of which it becomes aware, and in a manner as prescribed herein.
   4. Business Associate agrees to report to Covered Entity any security incident, including all data Breaches or compromises, whether internal or external, related to Protected Health

Information, whether the Protected Health Information is secured or unsecured, of which Business Associate becomes aware. 

1. If a Breach described in paragraph 2(d) pertains to Unsecured Protected Health Information, then Business Associate agrees to report any such data Breach to Covered Entity within ten (10) business days of discovery of said Breach; all other compromises, or attempted compromises, of Protected Health Information shall be reported to Covered Entity with twenty (20) business days of discovery. Business Associate further agrees, consistent with Section 13402 of the HITECH Act, to provide Covered Entity with information necessary for Covered Entity to meet the requirements of said section, and in a manner and format to be specified by Covered Entity.
2. If Business Associate is an Agent of Covered Entity, then Business Associate agrees that any Breach of Unsecured Protected Health Information shall be reported to Covered Entity immediately after the Business Associate becomes aware of said Breach, and under no circumstances later than one (1) business day thereafter. Business Associate further agrees that any compromise, or attempted compromise, of Protected Health Information, other than a Breach of Unsecured Protected Health Information as specified in 2(e) of this BAA, shall be reported to Covered Entity within ten (10) business days of discovering said compromise, or attempted compromise.
3. Business Associate agrees to ensure that any Agent, including a subcontractor, to whom Business Associate provides Protected Health Information, agrees to the same restrictions and conditions that apply through this BAA to Business Associate with respect to such information. Business Associate further agrees that restrictions and conditions analogous to those contained herein shall be imposed on said Agents and/or subcontractors via a written agreement, and that Business Associate shall only provide said Agents and/or subcontractors Protected Health Information consistent with Section 13405(b) of the HITECH Act. Further, Business Associate agrees to provide copies of said written agreements to Covered Entity within ten (10) business days of a Covered Entity’s request for same.
4. Business Associate agrees to provide access, at the request of Covered Entity and during normal business hours, to Protected Health Information in a Designated Record Set to Covered Entity or, as directed by Covered Entity, to an Individual, in order to meet Covered Entity’s requirements under 45 CFR §164.524, provided that Covered Entity delivers to Business Associate a written notice at least three (3) business days in advance of requesting such access.

Business Associate further agrees, in the case where Business Associate controls access to

Protected Health Information in an Electronic Health Record, to provide similar access for Covered Entity to meet its requirements under Section 13405(c) of the HITECH Act. These provisions do not apply if Business Associate and its employees, subcontractors and Agents have no Protected Health Information in a Designated Record Set of Covered Entity. 

164. Business Associate agrees to make any amendment(s) to Protected Health Information in a Designated Record Set that Covered Entity directs or agrees to pursuant to 45 CFR §164.526, at the request of Covered Entity or an Individual. This provision does not apply if Business Associate and its employees, subcontractors and Agents have no Protected Health Information from a Designated Record Set of Covered Entity.
165. Unless otherwise protected or prohibited from discovery or disclosure by law, Business Associate agrees to make internal practices, books, and records, including policies and procedures (collectively “Compliance Information”), relating to the use or disclosure of Protected Health Information, available to the Covered Entity or to the Secretary for purposes of the Secretary determining Covered Entity's compliance with the Privacy Rule, Security Rule, and the HITECH Act. Business Associate further agrees, at the request of Covered Entity, to provide Covered Entity with demonstrable evidence that its Compliance Information ensures Business Associate’s compliance with this BAA over time. Business Associate shall have a reasonable time within which to comply with requests for such access and/or demonstrable evidence. In no case shall access, or demonstrable evidence, be required in less than five (5) business days after Business Associate’s receipt of such request, unless otherwise designated by the Secretary.
166. Business Associate agrees to maintain necessary and sufficient documentation of disclosures of Protected Health Information as would be required for Covered Entity to respond to a request by an Individual for an accounting of such disclosures, in accordance with 45 CFR §164.528.
167. On request of Covered Entity, Business Associate agrees to provide to Covered Entity documentation made in accordance with this BAA to permit Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 C.F.R.§164.528. Business Associate shall provide said documentation in a manner and format to be specified by Covered Entity. Business Associate shall have a reasonable time within which to comply with such a request from Covered Entity and in no case shall Business Associate be required to provide such documentation in less than three (3) business days after Business Associate's receipt of such request.
168. Except as provided for in this BAA, in the event Business Associate receives an access, amendment, accounting of disclosure, or other similar request directly from an Individual, Business Associate shall redirect the Individual to the Covered Entity.

3. Permitted Uses and Disclosures by Business Associate.
   1. Except as otherwise limited by this BAA, Business Associate may make any uses and disclosures of Protected Health Information necessary to perform its services to Covered Entity and otherwise meet its obligations under this BAA, if such use or disclosure would not violate the Privacy Rule, or the privacy provisions of the HITECH Act, if done by Covered Entity. All other uses or disclosures by Business Associate not authorized by this BAA or by specific instruction of Covered Entity are prohibited.
   2. Except as otherwise limited in this BAA, Business Associate may use Protected Health Information for the proper management and administration of the Business Associate or to carry out the legal responsibilities of the Business Associate.
   3. Except as otherwise limited in this BAA, Business Associate may disclose Protected Health Information for the proper management and administration of the Business Associate, provided that disclosures are Required By Law, or Business Associate obtains reasonable assurances from the person to whom the information is disclosed that it will remain confidential and used, or further disclosed, only as Required By Law, or for the purpose for which it was disclosed to the person, and the person notifies the Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached.
   4. Except as otherwise limited in this BAA, Business Associate may use Protected Health Information to provide Data Aggregation services to Covered Entity as permitted by 45 CFR §164.504(e)(2)(i)(B). Business Associate agrees that such Data Aggregation services shall be provided to Covered Entity only wherein said services pertain to Health Care Operations. Business Associate further agrees that said services shall not be provided in a manner that would result in disclosure of Protected Health Information to another covered entity who was not the originator and/or lawful possessor of said Protected Health Information. Further, Business Associate agrees that any such wrongful disclosure of Protected Health Information is a direct violation of this BAA and shall be reported to Covered Entity immediately after the Business Associate becomes aware of said disclosure and, under no circumstances, later than three (3) business days thereafter.
   5. Business Associate may use Protected Health Information to report violations of law to appropriate Federal and State authorities, consistent with §164.502(j)(1).
4. Obligations and Activities of Covered Entity.
   164. Covered Entity shall notify Business Associate of the provisions and any limitation(s) in its notice of privacy practices of Covered Entity in accordance with 45 CFR §164.520, to the extent that such provisions and limitation(s) may affect Business Associate's use or disclosure of Protected Health Information.
   165. Covered Entity shall notify Business Associate of any changes in, or revocation of, permission by an Individual to use or disclose Protected Health Information, to the extent that the changes or revocation may affect Business Associate's use or disclosure of Protected Health Information.
   166. Covered Entity shall notify Business Associate of any restriction to the use or disclosure of Protected Health Information that Covered Entity has agreed to in accordance with 45 CFR

• 164.522, and also notify Business Associate regarding restrictions that must be honored under section 13405(a) of the HITECH Act, to the extent that such restrictions may affect Business Associate's use or disclosure of Protected Health Information.

164. Covered Entity shall notify Business Associate of any modifications to accounting disclosures of Protected Health Information under 45 CFR §164.528, made applicable under Section 13405(c) of the HITECH Act, to the extent that such restrictions may affect Business Associate's use or disclosure of Protected Health Information.
165. Covered Entity shall provide Business Associate, within thirty (30) business days of Covered Entity executing this BAA, a description and/or specification regarding the manner and format in which Business Associate shall provide information to Covered Entity, wherein such information is required to be provided to Covered Entity as agreed to by Business Associate in paragraph 2(e) of this BAA. Covered Entity reserves the right to modify the manner and format in which said information is provided to Covered Entity, as long as the requested modification is reasonably required by Covered Entity to comply with the Privacy Rule or the HITECH Act,

and Business Associate is provided sixty (60) business days’ notice before the requested modification takes effect. 

1. Covered Entity shall provide Business Associate, within thirty (30) business days of Covered Entity executing this BAA, a description and/or specification regarding the manner and format in which Business Associate shall provide information to Covered Entity, wherein such information is required to be provided to Covered Entity as agreed to by Business Associate in paragraph 2(l) of this BAA. Covered Entity reserves the right to modify the manner and format in which said information is provided to Covered Entity, as long as the requested modification is reasonably required by Covered Entity to comply with the Privacy Rule or the HITECH Act, and Business Associate is provided sixty (60) business days’ notice before the requested modification takes effect.

5. Term and Termination.
   1. This BAA shall commence as of the Effective Date and shall terminate on the later of (i) the date which is thirty (30) days from the date upon which notice has been delivered in writing by the terminating party to the other party, and (ii) Business Associate has provided written notice to Covered Entity that all of the Protected Health Information provided by Covered Entity to Business Associate, or created or received by Business Associate on behalf of Covered Entity, has been destroyed or returned to Covered Entity, except that if it is infeasible to return or destroy Protected Health Information, protections shall be extended to such information, in accordance with the termination provisions in this BAA.
   2. Termination for Cause by Covered Entity. Upon Covered Entity's knowledge of a material breach of this BAA by Business Associate, Covered Entity shall give Business Associate written notice of such breach and provide reasonable opportunity for Business Associate to cure the breach or end the violation. Covered Entity may terminate this BAA, and Business Associate agrees to such termination, if Business Associate has breached a material term of this BAA and does not cure the breach or cure is not possible. If neither termination nor cure is feasible, Covered Entity shall report the violation to the Secretary.
   3. Termination for Cause by Business Associate. Upon Business Associate's knowledge of a material breach of this BAA by Covered Entity, Business Associate shall give Covered Entity written notice of such breach and provide reasonable opportunity for Covered Entity to cure the breach or end the violation. Business Associate may terminate this BAA, and Covered Entity agrees to such termination, if Covered Entity has breached a material term of this BAA and does not cure the breach or cure is not possible. If neither termination nor cure is feasible, Business Associate shall report the violation to the Secretary.
   4. Effect of Termination.
   5. Except as provided in paragraph (ii) of this section, upon termination of this BAA for any reason, Business Associate shall return or destroy all Protected Health Information received from, or created, or received by Business Associate on behalf of Covered Entity. This provision shall also apply to Protected Health Information that is in the possession of subcontractors or Agents of Business Associate. Business Associate shall retain no copies of the Protected Health Information.
   6. If Business Associate determines that returning or destroying the Protected Health Information is infeasible, Business Associate shall provide to Covered Entity, within ten (10) business days, notification of the conditions that make return or destruction infeasible. Upon such determination, Business Associate shall extend the protections of this BAA to such Protected Health Information and limit further uses and disclosures of such Protected Health Information to those purposes that make the return or destruction infeasible, for so long as Business Associate maintains such Protected Health Information.

• Notwithstanding any other provision of this Agreement, any obligation of Business Associate to return Protected Health Information to Covered Entity shall be in a format which is mutually agreeable to the parties, and if the parties cannot agree on a format, the Protected Health Information shall be returned to Covered Entity in the then current Adobe Portable Document Format (PDF).

1. Termination of this BAA shall result in the concurrent termination of the Agreement.

6. Entire Agreement.
   1. This BAA supersedes all other, prior, and contemporaneous written and oral agreements and understandings between Covered Entity and Business Associate regarding this Subject Matter. It contains the entire Business Associate Agreement between the parties.
   2. This BAA may be modified only by a signed written agreement between Covered Entity and Business Associate.
   3. All other agreements entered into between Covered Entity and Business Associate, not related to this Subject Matter, remain in full force and effect.
7. Miscellaneous.
   1. Regulatory References. A reference in this BAA to a section in the Privacy Rule, Security Rule, or HITECH Act means the section as in effect or as amended.
   2. The Parties agree to take such action as is necessary to amend this BAA from time to time as is necessary for Covered Entity to comply with the requirements of the Privacy Rule, Security Rule, the Health Insurance Portability and Accountability Act of 1996 (Pub. L. No. 104-191), and the HITECH Act, and its corresponding regulations.
   3. The respective rights and obligations of Business Associate under Section 5(d) of this BAA shall survive the termination of this BAA.
   4. Assignment and Delegation. Neither Party shall assign its rights or delegate its performance under this Agreement without the other Party’s written consent. Any purported assignment or delegation without the written consent of the other Party shall be void.
   5. This Agreement binds and benefits the Parties and their respective permitted assigns.
   6. Any ambiguity in this BAA shall be resolved to permit Covered Entity to comply with the Privacy Rule, Security Rule, the Health Insurance Portability and Accountability Act of 1996 (Pub. L. No. 104-191), and the HITECH Act, and its corresponding regulations.
   7. If any provision of this BAA is determined by a court of competent jurisdiction to be unlawful, void, or unenforceable, this BAA shall not be unlawful, void or unenforceable thereby, but shall continue in effect and be enforced as though such provision or provisions were omitted; on the condition that the essential business and legal provisions of the Agreement are legal and enforceable.
   8. Section or paragraph headings are provided solely for the purpose of organization for the benefit of the parties and shall have no effect on the interpretation of any term or provision of this BAA.
   9. This BAA may be executed in any number of counterparts, each of which shall be deemed an original, but all of which together shall constitute one original BAA. Facsimile or electronically authenticated signatures shall be accepted and enforceable in lieu of original signatures.

_________________________________________

LOOPERROOM APP

PRIVACY POLICY

Last Updated:  2/25/2024

Your mental health provider (“Clinician”) has contracted with LooperRoom, Inc., to use the

LooperRoom App to aid in your diagnosis and treatment. This Privacy Policy, together with the Disclaimer and Terms of Use, govern your access to and use of the LooperRoom App.  By using the LooperRoom App as part of your treatment plan, you consent to this Privacy Policy.   

 

How your data will be collected.  The LooperRoom App collects and stores individual data provided by you through a non-identifying user number that will be assigned to you by your Clinician.  Your Clinician is only person who has access to your user number and is the only person who is able to associate you with your user number.  LooperRoom does not ask for or collect addresses, phone numbers, or use real full names.  You will be required to provide an email address in order to establish your account.  Your email address will be stored in a HIPAAcompliant cloud database which cannot be accessed by LooperRoom.  LooperRoom is not able to connect your user number with any personally-identifying information about you.  

 

How your data will be used.  All de-identified data you provide to the App through the assessments and by interacting with ChatBot will be synthesized and analyzed and sent to your Clinician electronically over a secure HIPAA-compliant platform in order to assist your Clinician in diagnosis and treatment planning.  The de-identified data you provide to the App will also be used to develop, expand and test our AI technology in order to improve the operation of the App, the ChatBot and the user experience.  

 

How your data will be stored. All de-identified user data will be stored in a HIPAA-compliant cloud database according to your user number. LooperRoom agrees to use appropriate safeguards to prevent any improper use or disclosure of your data. LooperRoom will implement administrative, physical and technical safeguards that reasonably and appropriately protect the confidentiality, integrity and availability of all electronically-stored patient data. 

 

How your data will be shared. The LooperRoom App will only distribute the data collected through the App to your Clinician.  LooperRoom will not use, share, sell, distribute or otherwise disclose your data collected through the App with any other person or entity (including you) unless required or permitted by law such as to comply with a subpoena, in response to a search warrant or other legally valid inquiry, court order or similar legal process.   

Business Associate Agreement. In order to protect your de-identified personal data,

LooperRoom will enter into a “Business Associate Agreement” with your Clinician agreeing to safeguard the privacy of your data in compliance with  California’s Confidentiality of Medical Information Act and the federal Health Insurance Portability and Accountability Act of 1996  and its implementing regulations. 

Using the ChatBot. No human will be able to eavesdrop during your conversations with the Chatbot. The Chatbot will always check if it has understood you correctly before progressing. Although the ChatBot responses are carefully drafted with clinical expertise and undergo thorough safety testing, no electronic transmission or data storage method is flawless or

LooperRoom App Privacy Policy

invulnerable. Despite our efforts to implement safeguards for your personal data, LooperRoom, Inc. can't guarantee absolute security. 

 

Data generated by the ChatBot not a patient record.  The data generated by the LooperRoom App is not considered a patient record.  All data generated by LooperRoom will be sent directly to your Clinician for use by the Clinician within his or her discretion.  All information generated by the App is the property of your Clinician. You have no right to inspect or copy any data about you that is generated by the LooperRoom platform. 

 

Patient records belonging to your Clinician. LooperRoom, Inc. has no control over the confidentiality of any personal information about you in the possession of your Clinician.  Please refer to your Clinician’s Privacy Policy.  LooperRoom expressly disclaims all liability for unauthorized disclosures of your personal information by your Clinician.  

LooperRoom, Inc. may update this Privacy Policy from time to time. LooperRoom, Inc. encourages you to periodically review this policy for the latest information on our privacy practices.