The Benefits suite

Login

The Thrive Account
Benefits Administration
COBRA
Tuition and Learning
Pre-Tax Administration
Middleware
Vaccine Verification
Resources
Blog
Downloadable Resources
About Thrivepass
Company
Careers
Press
Platform Updates
Support
Privacy Policy
Terms of Use
Contact us
Get In Touch
view close button

Master Services Agreement

MASTER SERVICES AGREEMENTTHIS MASTER SERVICES AGREEMENT, INCLUDING ANY ORDER FORM, STATEMENT OF WORK OR EXHIBITS ATTACHED HERETO WHICH BY THIS REFERENCE ARE INCORPORATED HEREIN (THIS “AGREEMENT”), IS A BINDING AGREEMENT BETWEEN WELLNESS BY WISHLIST, INC., A COLORADO CORPORATION, FLEX COMPENSATION INC., A MINNESOTA CORPORATION, DOING BUSINESS AS THRIVEPASS (COLLECTIVELY “THRIVEPASS”) AND THE PERSON OR ENTITY IDENTIFIED ON THE ORDER FORM (THE “CUSTOMER”).

THRIVEPASS PROVIDES THE SERVICES SOLELY ON THE TERMS AND CONDITIONS SET FORTH IN THIS AGREEMENT AND ON THE CONDITION THAT CUSTOMER ACCEPTS AND COMPLIES WITH THEM. BY [CLICKING THE “ACCEPT” BUTTON/CHECKING THE “ACCEPT” BOX/EXECUTING AN ORDER FORM OR SOW THAT REFERENCES THIS AGREEMENT] YOU (A) ACCEPT THIS AGREEMENT AND AGREE THAT CUSTOMER IS LEGALLY BOUND BY ITS TERMS; AND (B) REPRESENT AND WARARNT THAT (I) YOU ARE OF LEGAL AGE TO ENTER INTO A BINDING AGREEMENT; AND (II) IF CUSTOMER IS A CORPORATION, GOVERNMENTAL ORGANIZATION, OR OTHER LEGAL ENTITY, YOU HAVE THE RIGHT, POWER, AND AUTHORITY TO ENTER INTO THIS AGREEMENT ON BEHALF OF CUSTOMER AND BIND CUSTOMER TO ITS TERMS. IF CUSTOMER DOES NOT AGREE TO THE TERMS OF THIS AGREEMENT, THRIVEPASS WILL NOT AND DOES NOT AGREE TO PROVIDE SERVICES TO CUSTOMER.

This Agreement is effective between ThrivePass and Customer as of the date of Customer’s accepting this Agreement (the “Effective Date”)

Recitals

A. ThrivePass performs certain third party administrative services in connection with various benefit plans and programs that its customers offer or make available to their employees;

B. ThrivePass also operates and maintains a technology platform (the “Platform”) and performs certain Platform-related technology services on behalf of its customers in connection with the benefit plans and programs that such customers offer or make available to their employees;

C. the Customer desires to obtain certain third party administrative services (the “Administrative Services”) and certain Platform-related technology services (the “Technology Services”) from ThrivePass in connection with one or more benefit plans or programs that the Customer offers or makes available to its employees (each, a “Plan”), in accordance with the terms of this MSA, the applicable SOW(s), and the relevant exhibits hereto; and

D. ThrivePass desires to provide the Administrative Services and the Technology Services to the Customer in connection with one or more Plans, in accordance with the terms of this MSA, the applicable SOW(s), and the relevant exhibits hereto.

1. CONSTRUCTION

1.1 Definitions.  The capitalized terms defined throughout the Agreement shall have the meanings assigned thereto.  The following capitalized terms not defined elsewhere in this MSA shall have the meanings ascribed to them in this Section 1.1:

Basic Configuration Plan” refers to the Platform configuration that is dictated by the terms of (a) this MSA and any relevant exhibits hereto, and (b) the standard provisions of each SOW (i.e., provisions other than those specifications required to be set forth in an addendum, as described in Section 3.3 below).

Business Associate Agreement” means a Business Associate Agreement in substantially the form attached hereto as Exhibit A and incorporated herein by this reference, which is either being entered as of the Effective Date or has previously been entered by and between the Customer, in its capacity as the “plan administrator” of each Plan that qualifies as a Covered Entity, as defined in 45 CFR §160.103, and ThrivePass.  

Cardholder Data” has the meaning as set forth in the PCI Standards, but generally refers to any personally identifiable information associated with a Participant who uses an electronic payment card to pay for a Plan benefit.

Code” means the Internal Revenue Code of 1986, as amended.

COBRA” means the Consolidated Omnibus Budget Reconciliation Act of 1985, as amended, and the regulations promulgated thereunder.

Confidential Information” of a Disclosing Party means any non-public information or materials, including, but not limited to, trade secrets, know-how, proprietary information, formulae, processes, techniques, marketing plans, financial data, research and development activities, and information relating to employees, contractors, customers, licensors, and suppliers, that may be disclosed, whether orally or in writing, to the Receiving Party, or that may be otherwise received or accessed by the Receiving Party in connection with the Agreement, either prior to or after the Effective Date, which information is either identified as being Confidential Information or is of a type that a reasonable business person would understand to be confidential.  Confidential Information of the Disclosing Party shall not include information that (a) was previously known to the Receiving Party without an obligation of confidence; (b) is independently developed by or for the Receiving Party without reference to or use of the Confidential Information of the Disclosing Party; (c) is lawfully acquired by the Receiving Party from a third party which is not, to the Receiving Party’s knowledge, under an obligation of confidence with respect to such information; or (d) is or becomes publicly available through no fault or breach of the Receiving Party.  

Customer Data” means all data, files and information relating to the Customer, the Customer’s Plan(s), and the Participants therein and applicants thereto, which is (a) received by ThrivePass from the Customer and/or any Participant or applicant to a Plan, (b) generated by ThrivePass in the course of performing its Services, or (c) otherwise captured by the software components of the Platform.  Customer Data includes Personal Information.

Customizations” means the development, integration, and Platform configuration activities conducted by ThrivePass in order to meet the Customer’s business requirements, including those requirements set forth in the SOWs hereto and any amendment or addendum thereto.  

Deliverables” means certain specific results of the Services performed under the Agreement, which are delivered to the Customer as part of the Services.  This term shall include, but not be limited to, any reports, forms or Plan-related documents supplied by ThrivePass.

Designated Staff” refers to those individuals identified by the Customer who have been authorized to access or receive Personal Information and other Plan-related information on behalf of the Customer.

Early Termination Fee” refers to the amount payable by Wellable on the Customer's behalf to ThrivePass as a result of (a) an early termination of any SOW by the Customer for its convenience pursuant to Section 10.1(b) below; or (b) a termination of the Agreement or any SOW by ThrivePass for cause pursuant to Section 10.2 or Section 10.3 below.  The parties agree that the Early Termination Fee is payable as liquidated damages and is intended to be a reasonable calculation of the approximate amount of damages that ThrivePass would suffer under the circumstances.  In the event the Wellable is obligated to pay ThrivePass an Early Termination Fee with respect to the termination of any SOW Wellable agrees to pay an amount equal to the product of the average Administrative Fee incurred under the SOW during the three (3) month period prior to the termination date of the SOW multiplied by the number of months remaining in the SOW Initial Term or SOW Renewal Term, as applicable.
 
Enhancements” shall mean any improvements, error corrections, modifications, upgrades, updates, fixes, revisions and/or expansions to the Platform that ThrivePass may develop or acquire and incorporate into the Platform.

ERISA” means the Employee Retirement Income Security Act of 1974, as amended.

HIPAA” refers to the Health Insurance Portability and Accountability Act of 1996, as amended. “Implementation Services” shall refer to the technological efforts of ThrivePass that enable it to (a) provide the Customer with the Basic Configuration Plan and the Customizations identified by the Customer, and (b) perform the Administrative Services identified in each SOW.

Materials” means information relating to the Platform that is provided to the Customer, including any user manuals, systems documentation, and training materials, and updates or changes thereto made from time to time during the Term (as defined in Section 2.1 below).

Participant” generally refers to any individual who receives a benefit under a Plan (either as an employee of the Customer or based on the individual’s relationship to an employee of the Customer), but such term may have a more specific meaning with respect to a particular Plan, as set forth in the applicable SOW relating to such Plan.  

PCI Standards” refers to the payment card industry’s data security standards for the protection of Cardholder Data, as updated from time to time during the Term (as defined in Section 2.1 below).  

Personal Information” means individually or personally identifiable information, data or materials relating to any Participant in, or applicant to, any Plan, including without limitation, health care information, enrollment records, billing and payment records, Protected Health Information, Cardholder Data, and other individually or personally identifiable information that is protected under applicable data privacy law.  

Protected Health Information” shall have the meaning set forth in Exhibit A (Business Associate Agreement).  

Services” shall refer to the Technology Services and/or the Administrative Services provided under the Agreement.  

1.2 Applicable SOWs.  The parties shall enter into one or more separately executed SOWs, which shall be subject to the terms of this MSA.  Thereafter, the parties may enter into one or more additional SOWs, which shall also be subject to the terms of this MSA.  Each SOW shall be attached hereto and incorporated herein by this reference and shall be sequentially numbered starting with SOW #1.  Each SOW is intended to address the parties’ specific rights and obligations with respect to a particular Plan.  Accordingly, each SOW shall specify the following:

(a) the identity of the Plan to which it relates;

(b) the scope of the Administrative Services to be provided by ThrivePass in connection with such Plan;

(c) the scope of the Technology Services to be provided by ThrivePass in connection with such Plan;

(d) any Deliverables to be provided by ThrivePass in connection with the Services relating to such Plan;

(e) the date on which ThrivePass will begin providing the Administrative Services in connection with the Plan (the “Launch Date”);

(f) any additional terms and conditions applicable to the provision of the Services described therein; and

(g) the fees payable by the Customer in exchange for the provision of the Services described therein.  

1.3 Conflicts.  In the event of a conflict or inconsistency between any provision in this MSA and any provision set forth in any SOW, such conflict or inconsistency shall be resolved by giving precedence to the provisions set forth in the SOW.

2. TERM AND RENEWAL

2.1 Term of the Agreement.  The Agreement shall be effective as of the Effective Date and shall remain in effect until the earlier of: (a) the first date upon which there are no longer any SOWs in effect, at which time the Agreement shall terminate automatically; or (b) the termination date resulting from a termination for cause pursuant to Section 10.2 below (the “Term”).  Notwithstanding the forgoing, the parties acknowledge that the provisions of a particular SOW may begin on a date subsequent to the Effective Date and end on a date prior to the termination date of the Agreement.

2.2 Term of Each SOW.  

(a) Initial Term.  The initial term of each SOW shall begin and end on the dates specified therein (the “SOW Initial Term”).

(b) Renewal Term.  Except as otherwise provided in Section 10 below or in the applicable SOW, each SOW shall, upon the conclusion of the SOW Initial Term, be automatically renewed for successive one (1) year terms (each, a “SOW Renewal Term”).  

(c) Run-Out Period.  With respect to any SOW pursuant to which ThrivePass performs claims adjudication functions or claims payment or reimbursement functions, the Customer may, upon termination of the SOW (other than a termination for cause under Section 10.3 below) request that ThrivePass continue to provide such claims adjudication functions or claims payment or reimbursement functions solely with respect to those claims or expenses that were incurred by a Participant prior to the termination date of the applicable SOW (the “Run-Out Services”).  Upon receiving the Customer’s request, ThrivePass shall provide the Customer with a proposed amendment to the applicable SOW.  The amendment, which must be executed by the parties prior to the commencement of any Run-Out Services, shall identify (i) the fee payable by the Customer in exchange for such Run-Out Services: and (ii) the period of time during which Run-Out Services will be provided (the “Run-Out Period”). The terms of this MSA will apply during Run-Out Services.

3. THE PLATFORM

3.1 General Description.  The parties acknowledge that the Platform shall include all relevant software owned or licensed by ThrivePass and/or its affiliated entities, the operating environment and technical infrastructure owned by or leased to ThrivePass and/or its affiliated entities, and any Enhancements thereto and Customizations thereof, used in connection with the provision of the Administrative Services and the Technology Services.

3.2 Standard Operations.  ThrivePass generally uses its systems, processes, and resources that are currently developed and functional to meet its obligations under its service agreements.  In doing so, ThrivePass adheres to a Basic Configuration Plan.

3.3 Deviations.  If the Customer desires for ThrivePass to configure the Platform to include features, processes or functionalities that deviate from or otherwise alter the Basic Configuration Plan, the parties will enter into an addendum to the applicable SOW.  Such addendum shall describe the scope of the additional Implementation Services required to accommodate the Customer’s request.  The addendum shall also set forth all other relevant terms and conditions relating to the requested features, processes or functionalities, including the additional fee payable by the Customer in connection with the additional Implementation Services (the “Specialized Programming Fee”).

3.4 Maintenance and Standard Updates.  Subject to the other terms and conditions of the Agreement, ThrivePass shall (a) maintain the Platform in a manner that enables it to meet its obligations under this MSA and each SOW hereto; and (b) periodically update all applicable systems’ infrastructure as required for standard maintenance and upgrades and for routine, non-material regulatory changes.

4. THE SERVICES

4.1 Administrative Services.  

(a) In General.  Subject to the terms and conditions of this MSA and the relevant exhibits hereto, ThrivePass shall provide the Customer with certain Administrative Services, as described herein and as set forth in each SOW hereto.  With respect to a particular Plan of the Customer, ThrivePass shall not be responsible for performing any Administrative Services that are not specifically identified in either this MSA or the applicable SOW.  In no event shall ThrivePass have any responsibility for the content or design of any Plan or the funding or adequacy of the funding of any Plan.

(b) Rules and Instructions.  In performing the Administrative Services, ThrivePass shall follow the Customer’s written instructions, including the applicable Plan document, regarding the benefits provided and the Customer’s administrative rules applicable to such benefits.  ThrivePass shall not be bound by any notice, directive or request of the Customer unless and until it has been received in writing (including by way of email, letter or other similar form of communication) from the Customer.  

(c) Ministerial Functions.  The particular Administrative Services performed by ThrivePass shall, in part, be tailored to the type of Plan identified in the applicable SOW.  In all cases, however, the parties intend for such Services to be administrative and clerical in nature.  Accordingly, to the extent that any Plan identified in any SOW is subject to ERISA (or other similar employee benefits law), the parties agree that ThrivePass shall not be considered, or named in any Plan document or summary plan description, a “fiduciary,” a “named fiduciary” or the “plan administrator” (as those terms are defined under ERISA or other similar employee benefits law) with respect to such Plan; nor shall ThrivePass assume any of the obligations or responsibilities corresponding to those designations.  As such, to the extent that ThrivePass adjudicates claims or remits payments or reimbursements with respect to any Plan, it shall do so only in accordance with the terms and conditions of the applicable Plan document(s) (or any other written instructions from the Customer) and the provisions of the Agreement.  In the event ThrivePass has not agreed in any SOW to process appeals, ThrivePass shall forward any appeal relating to the denial (or partial denial) of any such claim, payment or reimbursement to the Customer for final (and any interim) determination.  ThrivePass shall have no discretionary authority or discretionary control with respect to the management of such Plan, and ThrivePass shall not exercise any authority or control with respect to the management or disposition of the assets of such Plan.  To the extent that ThrivePass facilitates any benefit payments or reimbursements by a particular Plan, it shall do so only in accordance with the terms and conditions of the applicable Plan document(s) (or any other written instructions from the Customer) and the provisions of the Agreement.  Finally, ThrivePass shall not render investment advice with respect to any money or other property of such Plan, and shall have no authority or responsibility to do so.  

(d) Records-Related Obligations.  In connection with each SOW and the Plan to which it relates, ThrivePass shall be responsible for the following:

(i) Record Maintenance and Retention.  ThrivePass shall maintain, in electronic media, all books and records of the transactions that take place pursuant to the Agreement between ThrivePass and (A) the Customer; (B) any Participant in, or applicant to, the particular Plan; and (C) any third party vendor of the Customer (the “Records”).  For plan subject to ERISA, and further, subject to the provisions of Section 4.1(d)(iii) below, ThrivePass shall retain all Records in a secure location for a period of seven (7) years following the date of the transaction to which the Records relate, or such other period if required by applicable law.  Except as otherwise provided herein, the Customer shall retain full ownership rights over all such Records.  Upon the expiration of the foregoing retention period, ThrivePass shall, at the Customer’s option, either forward such Records to the Customer (in the electronic readable format determined by ThrivePass) or destroy the Records.  ThrivePass shall notify the Customer of the fee, if any, to be charged in connection with transferring such Records.  ThrivePass agrees to exercise due care in the retention and destruction of all Records so as to prevent any unauthorized disclosure of or access to such Records.  

(ii) Standard Record Requests.  ThrivePass agrees to provide copies of any Records to the Customer upon the Customer’s reasonable request, and within a reasonable time period requested by the Customer.  Records shall be provided in the electronic readable format determined by ThrivePass.  Upon receipt of Customer’s Records request, ThrivePass shall notify the Customer of the fee, if any, to be charged in connection with supplying such Records.  

(iii) Transfer of Records.  Notwithstanding any provision in this Section 4.1(d) to the contrary, upon termination of the SOW (or the termination of the Run-Out Period, if applicable), ThrivePass shall transfer the Records in its possession relating to such SOW to the Customer or the Customer’s designee at the location specified by the Customer, at the Customer’s request.  Such Records shall be transferred in the electronic readable format determined by ThrivePass and shall be sent within thirty (30) days after the applicable termination date.  ThrivePass shall notify the Customer of the fee, if any, to be charged in connection with supplying such Records.  Subject to the terms of the Business Associate Agreement, if applicable, ThrivePass shall be permitted to retain a copy of the Records for archival and compliance purposes, and such Records shall continue to be subject to the confidentiality protections afforded under the Agreement.  In the event that ThrivePass does not retain certain Records that are later needed by ThrivePass to respond to an inquiry from a governmental authority or to respond to any other claim, demand, investigation, or cause of action, the Customer shall promptly provide ThrivePass with a copy of the Records requested by ThrivePass.  Ninety (90) days after Services have ceased, records may no longer be requested.  

4.2 Technology Services.  ThrivePass shall provide the Technology Services to the Customer as follows:  

(a) Implementation Services.  ThrivePass shall begin performing the Implementation Services on the date specified in the applicable SOW, however will not begin administration prior to the execution of the applicable SOW, and shall complete such Implementation Services in accordance with the terms and conditions set forth in the applicable SOW.  

(b) Access Services.  To the extent provided in the applicable SOW, the Implementation Services performed by ThrivePass shall include configuring the Platform to allow for remote, electronic access to certain information maintained on the Platform with respect to a particular Plan.  The configuration may limit the Customer’s remote, electronic access so that only Designated Staff may receive Plan-related information, including real-time data relating to the Participants in the Plan, through a user-facing portal with self-service capabilities (the “Customer Portal”).  Alternatively, the configuration may provide for both a Customer Portal and a Participant-facing portal that allows individual Participants to access certain real-time data and to utilize various self-service features on a remote, electronic basis (the “Participant Portal”).  The specific features and capabilities, if any, that ThrivePass makes available to the Customer and/or the Participants on a remote, electronic basis (the “Access Services”) shall be outlined in the applicable SOW.

4.3 Adding or Modifying Services.  During the SOW Initial Term or any SOW Renewal Term, the Customer may submit a written request to (a) add services that are not already included within the scope of Services identified in this MSA or a particular SOW, or (b) modify the Services being provided under this MSA or a particular SOW.  If the proposed new services or the proposed modifications to the existing Services, as applicable, are reasonable, ThrivePass shall prepare an estimate of the fees it would impose in connection with performing the new services or the modified Services.  The estimate shall also identify any other fees ThrivePass would impose in connection with implementing the Customer’s requested changes.  If the parties agree upon the scope of the new services or modification of existing Services, as applicable, the timeframe for implementing and delivering the Customer’s requested changes, and the applicable fees to be paid by the Customer, the parties shall enter into an amendment to the SOW to which the Customer’s requested changes apply.  Such amendment shall be executed by the parties prior to the commencement of any further activities relating to the Customer’s requested changes.  The provisions of this Section 4.3 shall apply, but shall not be limited to, those occasions on which the Customer requests a new service or a modification of existing Services in order to address a change in the law (or a change in the Customer’s interpretation of the law) relating to the Plan described in a particular SOW.  

4.4 Subcontractors.  ThrivePass may retain one or more subcontractors (each, a “Subcontractor”) to perform certain Services identified in the Agreement.  ThrivePass shall enter into written agreements with its Subcontractors binding them, as appropriate, to the obligations and requirements to which ThrivePass is bound under the Agreement.  ThrivePass shall be responsible for managing its Subcontractors and shall be responsible for the Services performed by any Subcontractor to the same extent as if such Services had been performed by ThrivePass itself.

5. RESPONSIBILITIES OF THE CUSTOMER

5.1 Acknowledgement of Status.  With respect to any Plan that is subject to ERISA, the Customer hereby acknowledges that it is the “plan sponsor,” the “plan administrator” and a “named fiduciary” of the Plan, as those terms are defined under ERISA.  Any reference in the Agreement to the Customer shall be deemed to refer to the Customer in its capacity as the employer, “plan sponsor,” “plan administrator” and/or “named fiduciary,” as appropriate in the particular context.  

5.2 Benefit Design and Operation.  The Customer shall be solely responsible for the design and operation of each Plan to which the Agreement applies.  The Customer shall have the sole authority and responsibility for establishing, administering, construing, and interpreting the provisions of each such Plan and making all determinations thereunder.  The Customer shall be responsible for all final determinations as to a Participant's entitlement to a particular benefit, including determinations following the appeal of a denied claim for any benefit, payment or reimbursement under the applicable Plan.  The Customer shall also be solely responsible for amending its Plan documents as necessary to comply with applicable law changes and to reflect any other changes relating to the benefits described therein.  

5.3 Compliance.  The Customer shall be solely responsible for ensuring that each Plan to which the Agreement applies is in compliance with all federal and state laws, including, but not limited to, ERISA, the Code, HIPAA, COBRA, Title V of the Gramm-Leach-Bliley Act (“GLBA”) and the Genetic Information Nondiscrimination Act of 2008, as amended (“GINA”), and the regulations promulgated thereunder, to the extent applicable.  The Customer acknowledges that the engagement of ThrivePass to assist the Customer in meeting any such obligation does not relieve the Customer of its responsibility for the obligation.  Furthermore, the Customer specifically acknowledges that ThrivePass is not providing, does not provide, and has no authority to provide any tax or legal advice whatsoever, and that the Customer shall be solely responsible for determining the legal and tax status of each Plan to which the Agreement applies.  With respect to any documents or forms supplied by ThrivePass for use by the Customer (or for use by ThrivePass on behalf of the Customer) in connection with any Plan, the Customer shall be responsible for reviewing and confirming the accuracy of such documents and forms, and for ensuring their compliance with applicable law.  

5.4 Furnishing Plan Documents.  For Plans offered which require a written plan document, the Customer shall provide ThrivePass with a copy of the applicable Plan document (and all other relevant documentation necessary for ThrivePass to perform the Services) prior to the execution of the SOW relating thereto.  Thereafter, the Customer shall notify ThrivePass of any changes or amendments to the Plan at least thirty (30) days before the effective date of any such change.  

5.5 Furnishing Related Information.  The Customer shall furnish ThrivePass with such other information (including information relating to benefit eligibility and participation) and updates to such information as may be necessary for ThrivePass to meet its obligations under the Agreement.  Such information shall be provided to ThrivePass in the time and in the manner agreed by the parties.  The Customer shall have sole responsibility and liability for the accuracy, completeness, and timeliness of all Customer Data provided to ThrivePass and for obtaining any necessary consents or authorizations in order for the Customer to disclose Personal Information to ThrivePass.  In those instances, in which ThrivePass provides the Customer with updated eligibility or participation data with respect to a particular Plan for audit or ongoing administration, the Customer shall be responsible for ensuring the accuracy of such data.  The Customer agrees that ThrivePass shall have no liability (to the Customer, the Plan, any Participant, former Participant or other individual) for any errors attributable to the Customer’s failure to provide information timely or to update or ensure the accuracy of such information.  ThrivePass shall likewise have no obligation to credit the Customer for any expenses or Administrative Fees paid or payable to ThrivePass as a consequence of the Customer’s failure to furnish, update or review relevant Plan-related data.  

5.6 Identification of Designated Staff.  The Customer shall be responsible for identifying those individuals who serve as its Designated Staff.  All Customer reports shall be delivered by ThrivePass only to the Designated Staff.  Any other documentation delivered by ThrivePass to the Customer, and any other communications between ThrivePass and the Customer, shall occur only between ThrivePass and the Designated Staff when such documentation or communications contain or involve Personal Information.

5.7 Payment of Fees and Charges.  In connection with each Plan, the Customer shall be responsible for paying the Administrative Fees, the Implementation Fees, and any other charges identified in any SOW.    

5.8 Benefit Funding.  The Customer hereby agrees as follows:

(a) Bank Account(s).  The Customer shall establish and maintain one or more general asset bank accounts (each, a “Bank Account”) with an accredited banking institution to be used for the payment of benefits and/or reimbursements by the applicable Plan.  The Customer shall be solely responsible for determining the number of Bank Accounts it is required to establish for such purposes, and for confirming that each Plan that is subject to ERISA operates in a manner that is consistent with the trust and reporting nonenforcement policy applicable to ERISA-governed plans.  The Customer specifically acknowledges that it shall be solely responsible for any and all consequences resulting from the establishment of a banking or benefit funding arrangement that deviates from the arrangement contemplated in this Section 5.8(a), including, but not limited to, any arrangement that requires ThrivePass to receive or hold Plan contributions or any other Plan assets in a ThrivePass account.  The Customer hereby agrees that any tasks that ThrivePass is responsible for performing in connection with any Bank Account shall be ministerial and not financial in nature.  

(b) Participant Contributions.  The Customer shall forward Participant contributions, if any, made in connection with any Plan to the appropriate Bank Account within the time period required by law.  It shall be the sole responsibility of the Customer to ensure that Participant contributions are handled in a manner that complies with all applicable laws and regulations.

(c) Adequate Funds.  The Customer shall maintain immediately available funds in each Bank Account in an amount sufficient to pay any benefit or reimbursement owed by the applicable Plan.  ThrivePass agrees to advise the Customer, from time to time, if additional funding of a Bank Account is necessary.  The Customer acknowledges that ThrivePass shall not, under any circumstances, be responsible for using its own funds to make a payment or reimbursement for any benefit identified in, or any claim made pursuant to, any Plan, or to pay for any other obligation of the Plan.  Likewise, the Customer acknowledges that ThrivePass does not serve as an insurer, underwriter or guarantor with respect to any benefit available under any such Plan.  Customer is responsible for all amounts paid on behalf of its Participants even in the event of fraud.  ThrivePass will cooperate with Customer and law enforcement in recovering amounts reported as fraudulent.

(d) Bank Account for Claim Reimbursement. With respect to any Plan for which benefit payments or reimbursements are to be made from a ThrivePass bank account,  ThrivePass will establish a checking account, which account shall be used by ThrivePass to draw and sign checks or other orders for payment of money withdrawing funds from said account in respect of the Plan (the "Disbursements Account").  The signatories on such Disbursements Account will be determined by ThrivePass, but Customer will be advised of the identity of all authorized signers upon Customer’s request.  ThrivePass will withdraw funds from the Disbursements Account only for the limited purpose of paying claims.  ThrivePass reserves the right to utilize the account for the benefit of ThrivePass clients other than Customer, but in no event will ThrivePass use this account for any purpose other than the payment of reimbursement account claims by such clients. ThrivePass shall communicate to Customer the amount needed to pay reimbursements adjudicated as of any given date. Customer agrees to deliver good funds to ThrivePass for deposit into the Disbursements Account. Customer understands and agrees that it will deposit funds into the Disbursements Account as necessary to comply with the terms and provisions of Customer’s plan(s) and this Agreement, and that ThrivePass will not pay any claims from the Disbursements Account until funds, adequate to cover such claims, have been deposited in the Disbursements Account by Customer. ThrivePass agrees to reconcile the Disbursements Account as of the end of each month and maintain a separate accounting for each customer utilizing the Disbursements Account, providing access to such accounting to Customer upon request.  Such accounting shall summarize each client's share of the month end account balance (the "Employer's Allocable Share") calculated as follows: deposits requested minus payments initiated minus outstanding deposits plus outstanding payments.

(e) Card Payments. With respect to any Plan for which benefit payments or reimbursements are to be made by payment cards, the Customer agrees to provide ThrivePass access to an account established by Customer in order to fund card transactions. Customer may be required to establish and pre-fund an account to cover daily disbursement activity and be required to maintain said amount by daily or weekly replenishment of the account.  Customer is responsible for and agrees to pay ThrivePass the entire amount of all card transactions even in the event of fraudulent transactions.  If the established balance falls below the applicable percentage, ThrivePass reserves the right to suspend all activity related to debit card usage until such time as the account is brought back to an acceptable balance. For both legal and practical reasons, this account must be an account in the Customer’s name.

(f) Other Payment Methods.  With respect to any Plan for which benefit payments or reimbursements are to be issued electronically by ThrivePass, ThrivePass shall be authorized to issue electronic payments from the applicable Bank Account, as instructed by the Customer.  ThrivePass shall notify the Customer of the total dollar amount of the electronic payments in advance of issuing such payment(s), and the Customer shall, within 24 hours of such notice, ensure that the applicable Bank Account is sufficiently funded to accommodate a withdrawal of the amount specified in the notice.  The Customer shall enter into such agreements and provide instructions to its bank as necessary to secure the authority of ThrivePass to issue benefit payments electronically of behalf of the applicable Plan.  The Customer shall be solely responsible for authorizing payment of any Plan benefits ThrivePass indicates are due from the applicable Bank Account.

5.9 Benefit Corrections.  The Customer represents and warrants that the documents governing the Plan identified in each SOW provide that the amount of any overpayment by the Plan to a Participant may be recovered from the Participant or set off against future payments owing to the Participant, and that any shortfall in the amount payable by the Participant under the Plan may be subject to corrective billings or set-offs of benefits or payments owing to the Participant under the Plan.  ThrivePass shall notify the Customer of any overpayment or shortfall that ThrivePass discovers and shall make reasonable efforts, in accordance with the terms of the applicable Plan, to recover the amount owed to the Plan.  Any decision by the Customer or the Plan to forgo the right of recovery or offset against the Participant shall relieve ThrivePass for any liability it may otherwise have with respect to the overpayment or shortfall. Notwithstanding the foregoing, the provisions of this Section 5.9 are not intended to address those instances in which corrections are required under the regulations governing electronic payment cards (e.g., when a claim requires substantiation after payment is made and the Participant fails to provide proper substantiation).  

5.10 Minimum System Requirements.  The Customer acknowledges that certain computer operating equipment, hardware, software and other technological elements, are required to receive the Administrative Services and the Technology Services contemplated herein.  Notwithstanding any provision in the Agreement to the contrary, the Customer, rather than ThrivePass, shall be responsible for acquiring, maintaining and updating its own computer operating equipment, hardware, software and other technological elements, including all costs and expenses associated therewith.

5.11 General Cooperation.  The Customer shall provide reasonable cooperation to ThrivePass so that ThrivePass may perform its Services in accordance with the terms of this MSA and each SOW hereto.  Such cooperation shall include, but not be limited to, making appropriate personnel available to ThrivePass and ensuring access to, and the cooperation of, its third party vendors.  

5.12 Cooperation With Audits.  If any audit of ThrivePass by any governmental authority results in a notice that the Customer or any of its Plans is not in compliance with any law, regulation or other governmental requirement, the Customer shall promptly take actions to comply with such law or requirement and shall bear the expense of any response, any remedial actions, and any associated fines or penalties attributable to its lack of compliance.  In addition, the Customer shall bear the reasonable expenses (including photocopying charges and labor costs) of any activities required to be undertaken by ThrivePass during the course of the audit to the extent such activities or the audit itself resulted from the Customer’s actions or any failure to comply with applicable legal, regulatory or other governmental requirements.  

5.13 Permission to Use Marks.  Notwithstanding any provision herein to the contrary, the Customer hereby agrees that, during the Term, ThrivePass shall be permitted to use and reproduce the Customer’s name and any logos, brand features, trademarks, symbols, or similar designations belonging to the Customer, in connection with its (a) performance of the Services (e.g., on invoices and other documents delivered to the Customer; on any documents sent on behalf of the Customer to Participants in and/or applicants to any Plan; on any portal used to provide Access Services, etc.), and (b) own marketing or promotional materials.

6. COMPENSATION

6.1 Monthly Invoices.  Wellable on the Customer's behalf shall pay ThrivePass on a monthly basis for the Administrative Services performed in connection with each SOW hereto (each, an “Administrative Fee”).  Except as otherwise provided in the applicable SOW, ThrivePass shall issue a monthly invoice to the Customer for such Administrative Services on or before the last business day of each month, for services incurred in the prior month, during the Term of the Agreement with respect to each SOW that is in effect during such month, unless a different invoice date is mutually agreed upon by both parties in writing.  Each invoice shall provide sufficient detail to allow the Customer to determine whether the Administrative Fee being billed is appropriate.  Each invoice shall also include an itemized list of any agreed upon pass-through reimbursable expenses (e.g., printing and postage, etc.) if any, incurred by ThrivePass on behalf of the Customer during the previous month in connection with the Plan to which the SOW applies.  Except as otherwise provided in the applicable SOW, each invoice issued pursuant to this Section 6.1 shall be due and payable within fifteen (15) days of its receipt (the “Due Date”).

6.2 Other Invoices.  The Customer shall pay ThrivePass for the Implementation Services performed in connection with each SOW hereto (each, an “Implementation Fee”) at the time and in the manner specified in the applicable SOW.  ThrivePass shall also issue invoices to the Customer for any Specialized Programming Fees (as set forth in Section 3.3 above) and any fees relating to new or modified Services, as contemplated in Section 4.3 above.  Each such invoice shall be due and payable as set forth in the applicable SOW or in the amendment or addendum thereto.  

6.3 Late Fees.  With respect to any invoice payment that is not received by ThrivePass on or before its Due Date, ThrivePass may assess a late charge at a rate equal to the lesser of (a) one and a half percent (1.5%) per month, or (b) the maximum interest rate permitted by applicable law, from such Due Date until the date when such unpaid amount is paid in full.

6.4 Form of Payment.  All payments owed to ThrivePass pursuant to the Agreement shall be made by either ACH or wire transfer.

6.5 Dispute.  If the Customer disputes any amount set forth on an invoice, the Customer shall pay the undisputed amount in accordance with this Section 6, and the parties shall cooperate in resolving the disputed portion of the invoice within thirty (30) days.  Any payment owed on the disputed portion of the invoice shall be paid promptly upon such resolution.

6.6 Fee Increases.  With respect to each SOW, ThrivePass shall have the right to propose an increase in the fees payable during any SOW Renewal Term by giving notice to the Customer at least thirty (30) days prior to the end of the SOW Initial Term or the SOW Renewal Term, as applicable.  If the Customer rejects the proposed fee increase, the Customer may terminate the applicable SOW as set forth in Section 10.1 below.  

6.7 Taxes.  The Customer shall pay all taxes due in connection with the Agreement, including (without limitation) sales, use, excise, value-added taxes assessed on the goods and Services provided hereunder, consumption, and other similar taxes or duties.  Notwithstanding the foregoing, each party shall be responsible for paying taxes based on its own income.  

6.8 Disclosure.  ThrivePass acknowledges that, in the event it receives any direct or indirect compensation from any third party in connection with the Services it performs with respect to any Plan that is governed by ERISA, ThrivePass may be obligated to disclose the details of such compensation to the Customer (or to the applicable Plan) upon receiving a request from the Customer (or the applicable Plan).  Notwithstanding the foregoing, it shall be the obligation of the Customer to identify the Plan(s) to which the disclosure requirement applies and to request the relevant information from ThrivePass during each period (for example, each Plan year) to which the requirement applies.

7. OWNERSHIP RIGHTS AND RESTRICTIONS

7.1 The Platform and Materials.

(a) Ownership.  AS BETWEEN THRIVEPASS AND THE CUSTOMER, THRIVEPASS IS AND SHALL REMAIN THE SOLE AND EXCLUSIVE OWNER OF ALL RIGHT, TITLE, AND INTEREST IN AND TO THE PLATFORMS IT OWNS, AND ALL RIGHTS NOT EXPRESSLY GRANTED HEREUNDER ARE RESERVED.  FURTHERMORE, AS BETWEEN THRIVEPASS AND THE CUSTOMER, THRIVEPASS IS AND SHALL REMAIN THE SOLE AND EXCLUSIVE OWNER OF ALL RIGHT, TITLE, AND INTEREST IN AND TO THE MATERIALS, EXCEPT TO THE EXTENT THAT SUCH MATERIALS CONTAIN CUSTOMER DATA, AND ALL RIGHTS NOT EXPRESSLY GRANTED HEREUNDER ARE RESERVED.  The Customer acknowledges and agrees that the Platform constitutes a trade secret of ThrivePass, and that the Materials (other than any Customer Data contained therein) constitute Confidential Information of ThrivePass.  As between ThrivePass and the Customer, all functionalities of the Platform, including all Enhancements thereto and Customizations thereof, shall constitute work product, and shall be and remain the sole and exclusive intellectual property right of ThrivePass.  

(b) Grant of License.  Notwithstanding the foregoing, during the Term, and subject to the provisions of this MSA and any applicable SOW, ThrivePass hereby grants to the Customer a limited, non-exclusive, non-transferable, non-sublicensable, worldwide, revocable, royalty-free license to (i) access and use the Platforms it owns for the Customer’s own business purposes solely in connection with its receipt of the Access Services; (ii) generate, print, copy, upload, download, store and otherwise process all visual, digital and other output, displays and other content as may result from its access to or use of the Platform; (iii) access and use the Platforms it owns for such non-production uses and applications as may be necessary or useful for the effective receipt of the Access Services, including for purposes of analysis, configuration, integration, testing and training.  The Customer shall be bound by and shall be obligated (and shall obligate all Participants and Plan applicants) to adhere to the Terms of Use provisions set forth on the thrivepass.com website, as updated from time to time, which provisions are hereby incorporated into the Agreement by this reference.  

(c) Limited Interests.  The Agreement does not convey, and the Customer acknowledges and agrees that, with the exception of any Customer Data contained therein, the Customer neither has, nor at any time shall attempt to claim, any interest in or to any or all of the components of the Platform or the Materials or any intellectual property rights related to the foregoing or the use thereof, unless such interest is expressly granted herein or in an SOW.  

(d) Copies.  Notwithstanding the forgoing, the Customer may make a reasonable number of copies of any Deliverables or Materials provided to the Customer and use such copies for the Customer’s own business purposes solely in connection with its receipt of the Services provided pursuant to the Agreement.

(e) Precautions.  The Customer shall use commercially reasonable efforts to ensure that it does not send to ThrivePass, cause to be sent to ThrivePass, or store on any computer or other device that is used to receive any Service from ThrivePass, any material containing a virus, Trojan horse, worm, or other program code or instruction with the ability to, damage, interfere with or otherwise adversely affect computer programs, data files or operations.

7.1.1 Customer Data.

(a) Ownership
.  As between ThrivePass and the Customer, the Customer is and shall remain the sole and exclusive owner of all right, title and interest in and to all Customer Data.

(b) Grant of License.  Notwithstanding the foregoing, subject to the terms and conditions of the Agreement, the Customer hereby grants to ThrivePass a limited, non-exclusive, non-transferable, non-sublicensable, worldwide, royalty-free license to:

(i) access, host, use, collect, store, upload, download, record, reproduce, organize, copy, reformat, display, disclose, create derivative works of (including adapted, reformatted, aggregated or anonymized versions), distribute, transmit and otherwise process Customer Data during the Term solely in connection with the provision of its Services to the Customer; and

(ii) use, reproduce, organize, copy, reformat, display, modify, create derivative works of (including adapted, reformatted, aggregated or anonymized versions), distribute and transmit Customer Data, on a perpetual basis, for any business purpose of ThrivePass, including, but not limited to, analyzing business trends, improving and enhancing the services it performs for its customers, and improving the software components of its Platform; provided, however, that the rights granted under this Section 7.2 shall not extend to any Protected Health Information unless it has first been de-identified in accordance with the applicable HIPAA regulations (at 45 CFR §164.514), and shall not extend to any other Personal Information or Customer Data until such information has been de-identified or otherwise protected as required by applicable law, in order to ensure that such information is not directly or indirectly attributable to or identified with the Customer or any individual who is the subject thereof.

(c) Restrictions.  Except as specifically permitted under the Agreement, Customer Data shall not be (i) disclosed, sold, assigned, leased or otherwise encumbered or provided to third parties by ThrivePass, or (ii) commercially exploited by or on behalf of ThrivePass, its employees or agents.

7.2 Deliverables.  Subject to the provisions of this MSA and any SOW hereto, each Deliverable created pursuant to the Agreement will be considered a “work made for hire” and will be owned by the Customer, except to the extent such Deliverable contains Materials and/or Confidential Information of ThrivePass.

8. CONFIDENTIALITY AND DATA SECURITY

8.1 Confidentiality Obligations.  

(a) General Obligations. A party (the “Disclosing Party”) may from time to time, prior to or during the Term of the Agreement, disclose to the other party (the “Receiving Party”) certain Confidential Information.  The Receiving Party shall hold in strict confidence the Confidential Information of the Disclosing Party using the same degree of care that the Receiving Party ordinarily uses with respect to its own Confidential Information, but in no event less than reasonable care.  The Receiving Party shall not use the Confidential Information of the Disclosing Party for any purpose not expressly permitted by the Agreement, and shall not disclose the Confidential Information of the Disclosing Party other than on a “need to know basis,” and then only to the Receiving Party’s (i) employees, officers and agents who are engaged in a use permitted hereby, and who have been bound by the Receiving Party to the restrictions of this Section 8.1; (ii) affiliated entities, but only if they are restricted in use and subsequent disclosure to the same extent as the Receiving Party; and (iii) third party vendors or Subcontractors, as applicable; provided, however, that such disclosure is for purposes of fulfilling the Receiving Party’s obligations under the Agreement, and that such persons or entities are, with respect to the Confidential Information of the Disclosing Party, bound in writing by confidentiality terms no less restrictive than those contained in this MSA.  The Receiving Party shall not duplicate any material containing Confidential Information of the Disclosing Party except in the direct performance of its obligations under the Agreement.  The Receiving Party may disclose the terms of the Agreement to governmental authorities, as may be required by applicable law, with instruction that such terms be treated as confidential.

(b) Governmental Authority.  Notwithstanding anything in this Section 8 to the contrary, the Receiving Party may disclose this MSA, any SOW or exhibit, and other Confidential Information of the Disclosing Party to any governmental authority if required to do so in connection with (i) an examination of the Receiving Party by such governmental authority; or (ii) the filing of any application for, or a renewal of, any license or registration that the Receiving Party is required by law to obtain and that is issued by the governmental authority.

(c) Return or Destruction of Confidential Information. Except as otherwise provided in the Agreement, upon the Disclosing Party's written request, or following the completion or termination of the Agreement, the Receiving Party shall promptly (i) return to the Disclosing Party all documents and other media containing Confidential Information of the Disclosing Party that is in the Receiving Party's possession or under its control; (ii) purge, delete or destroy any such Confidential Information that cannot feasibly be returned to the Disclosing Party and provide written certification to the Disclosing Party that such action has been taken; and (iii) safeguard any documents or media containing the Disclosing Party’s Confidential Information if such documents or media cannot be returned, purged, deleted or destroyed.

8.2 Data Security Obligations.

(a) Obligations of ThrivePass. ThrivePass shall follow appropriate administrative, physical, and technical safeguards to secure its data environment and protect access to the Platform (along with the Customizations and Enhancements), the Materials, and Customer Data.  ThrivePass shall also comply with all PCI Standards that apply to its performance of the Services (including those applicable to it as a third party provider of hosting and storage services, when appropriate).

(b) Mutual Obligations under HIPAA. To the extent that any Plan offered by the Customer is subject to the requirements of the privacy and security provisions of HIPAA, each party agrees to comply with the terms set forth in the Business Associate Agreement attached hereto as Exhibit A (Business Associate Agreement), with respect to such Services.

9. INDEMNIFICATION; INSURANCE; LIMITATION OF LIABILITY

9.1 General Indemnification. Each party (the “Indemnifying Party”) shall defend, indemnify and hold the other party and its affiliates and their respective officers, directors, employees, agents, contractors, successors, and assigns (the “Indemnified Party”) harmless from and against any and all damages, losses, fines, penalties, costs, and other amounts (including reasonable attorney's fees and expenses) (collectively, the “Losses”) arising from or in connection with any claim, demand, investigation, or cause of action brought by a third party (each an “Action”) to the extent such Action is based on or arises from or relates to (a) any material breach by the Indemnifying Party in performing its obligations under the Agreement; or (b) any negligence or willful misconduct of the Indemnifying Party or its affiliates, or any of their respective officers, directors, employees, agents, contractors, successors and assigns.

9.2 Additional Obligations of the Customer. In addition to its obligations set forth in Section 9.1 above, and notwithstanding any provision herein to the contrary, the Customer shall defend, indemnify and hold ThrivePass (and its affiliates and their respective officers, directors, employees, agents, contractors, successors, and assigns) harmless from any Losses arising from any Action that is based on or arises out of (a) any written instruction given to ThrivePass by the Customer, or such other instruction that is consistent with the terms of the Agreement and is contemporaneously documented in the business records of ThrivePass, or (b) any action or course of action taken by ThrivePass in good faith with the consent of the Customer.

9.3 Indemnification Procedure/Notice.  Each Indemnified Party shall provide the Indemnifying Party with prompt written notice of any Action for which the Indemnified Party is seeking or may seek indemnification hereunder (provided that the failure of the Indemnified Party to notify the Indemnifying Party promptly hereunder shall not relieve the Indemnifying Party of any liability with respect to the Action, except to the extent the Indemnifying Party demonstrates that the defense of the Action is prejudiced by such failure).  The Indemnified Party shall provide reasonable cooperation (at the Indemnifying Party’s expense) and full authority to defend or settle the Action.  The Indemnifying Party shall keep the Indemnified Party fully informed concerning the status of any litigation, negotiations or settlements of any such Action.  The Indemnified Party shall be entitled, at its own expense, to participate in any such litigation, negotiations and settlements with counsel of its own choosing.  The Indemnifying Party shall not have the right to settle any Action if such settlement arises from or is part of any criminal action or proceeding, or contains a stipulation to, or an admission or acknowledgement of, any wrongdoing (whether in tort or otherwise) on the part of the Indemnified Party, without the prior written consent of such Indemnified Party.

9.4 Insurance. Throughout the Term, each party shall maintain such insurance coverage as is reasonably necessary to support its respective indemnification obligations and business operations contemplated under the Agreement, including, but not limited to, general liability insurance, fiduciary liability insurance, errors and omissions insurance, and cyber insurance as applicable.

9.5 LIMITATION OF LIABILITY.  EXCEPT FOR ACTIONS RELATING TO EITHER PARTY’S BREACH OF ITS CONFIDENTIALITY OBLIGATIONS HEREUNDER, NEITHER PARTY SHALL BE LIABLE TO THE OTHER PARTY FOR ANY SPECIAL, INDIRECT, INCIDENTAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES (INCLUDING, WITHOUT LIMITATION, LOST PROFITS, LOST SAVINGS, OR LOSS OF GOOD WILL) ARISING UNDER OR IN CONNECTION WITH A BREACH OR ALLEGED BREACH OF THE AGREEMENT, EVEN IF SUCH OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.  ANY DAMAGES AND COSTS PAYABLE PURSUANT TO THE INDEMNIFICATION PROVISIONS HEREOF SHALL BE CONSTRUED AS DIRECT DAMAGES.

9.6 MAXIMUM DAMAGES OF THRIVEPASS. IN NO EVENT WILL THE AGGREGATE LIABILITY OF THRIVEPASS ARISING OUT OF OR RELATING TO THE AGREEMENT, REGARDLESS OF THE BASIS OF LIABILITY, WHETHER IN CONTRACT OR IN TORT, EXCEED THE AMOUNT OF FEES PAID OR PAYABLE FOR SERVICES UNDER THE AGREEMENT FOR THE SIX (6) MONTH PERIOD DURING WHICH THE HIGHEST AMOUNT OF FEES WERE PAID BY THE CUSTOMER.  IF SIX (6) MONTHS HAVE NOT ELAPSED SINCE THE EFFECTIVE DATE, SUCH TOTAL AGGREGATE LIABILITY WILL NOT EXCEED SIX (6) TIMES THE AVERAGE MONTHLY FEES PAID DURING THE ELAPSED PERIOD OF THE TERM.

10. TERMINATION

10.1 Terminating an SOW For Convenience.  Notwithstanding the automatic renewal provisions of Section 2.2(b), except as otherwise provided in the applicable SOW, either party may terminate an SOW “for convenience” only as of the end of either the SOW Initial Term or an SOW Renewal Term, by notifying the other party, in writing, at least ninety (90) days prior to the end of such SOW Initial Term or SOW Renewal Term, as applicable, of its intent to terminate the SOW.  Any termination for convenience shall be subject to the following provisions:

(a) Impact on Other Provisions.  When an SOW is terminated for convenience as described in this Section 10.1, all other portions of the Agreement (i.e., this MSA, other SOWs and any applicable exhibits) shall remain in full force and effect and continue to apply.  Notwithstanding the foregoing, if there are no other SOWs in effect as of the date of the termination of the SOW identified in the termination notice (or the last day of the Run-Out Period relating thereto, if applicable), the Agreement shall automatically terminate as contemplated in Section 2.1(a) above.

(b) Early Termination.  In the event the Customer terminates any SOW other than as provided above in this Section 10.1 when there has been no material uncured breach by ThrivePass, the Customer will be considered to be in breach of the SOW and will be obligated to pay an Early Termination Fee.  Except as otherwise provided in the applicable SOW, any Early Termination Fee owed by Wellable on the Customer's behalf shall be due and payable as follows: (i) one-half upon delivery of the Customer’s notice of such termination; and (ii) the balance on the earlier of: (A) the first (1st) day of the Run-Out Period, if applicable; or (B) fifteen (15) days following the date of the Customer’s notice of termination.

(c) Termination under Provisions of the Brand Promise. The Customer is subject to the ThrivePass brand promise which can be found here: https://thrivepass.com/brandpromiseclients. This brand promise has set forth provisions that allow the Customer to terminate their contract early with no penalties provided that they have participated in the structured improvement processes as outlined in the linked document. ThrivePass reserves the right to update and make changes to the brand promise at any time.

(d) Terminating an SOW Under Federal Judicial Review. Notwithstanding the automatic renewal provisions of Section 2.2(b), except as otherwise provided in the applicable SOW, either party may terminate an SOW if the United States Supreme Court determines the related Administrative Services or Technology Services” to be unconstitutional with 30 days prior written notice.

(e) Clarification of Rights.  For clarity, the parties acknowledge that there is no right to terminate the Agreement (as a whole) for convenience (other than by terminating each outstanding SOW pursuant to Section 10.1(a) above).

10.2 Terminating the Agreement For Cause.  Either party may terminate the Agreement “for cause” as follows:

(a) Breach of the Agreement.  Either party may terminate the Agreement if the other party materially breaches the Agreement (i.e., materially breaches a provision of this MSA, any SOW or any applicable exhibit hereto) and fails to cure such breach within the fifteen (15) day period following the defaulting party’s receipt of written notice of such breach from the non-defaulting party.  Notwithstanding the foregoing, the fifteen (15) day cure period set forth in the previous sentence shall be shortened to a five (5) day cure period in the event the Customer’s material breach is either a failure to pay any undisputed fee owed under the Agreement or a failure to fund a Bank Account as required.  Further notwithstanding the foregoing, no cure period whatsoever shall apply in the event the defaulting party fails to comply with the confidentiality obligations set forth in Section 8 above, which failure shall be considered a material breach of the Agreement.

(b) Dissolution; Insolvency.  Either party may terminate the Agreement upon the occurrence of any of the following: (i) the entry of a decree or order for relief of the other party by a court of competent jurisdiction in any involuntary case involving the other party under any bankruptcy, insolvency, or other similar law now or hereafter in effect, or the filing with respect to the other party of a petition in any such involuntary bankruptcy or similar case, which petition remains undismissed for a period of sixty (60) days; (ii) the appointment of a receiver for the other party or substantially all the assets of the other party; or (iii) the commencement by the other party of a voluntary case under any bankruptcy or insolvency law (or other similar law now or hereafter in effect), or the dissolution of the entire business and operations of the other party.  Termination of the Agreement pursuant to this Section 10.2(b) shall occur immediately upon the other party’s receipt of written notice from the terminating party specifically referencing the provision within this Section 10.2(b) that is being relied upon.

10.3 Terminating an SOW For Cause.  Notwithstanding any provision in the Agreement to the contrary, either party may terminate a particular SOW if the other party materially breaches the SOW and fails to cure such breach within the fifteen (15) day period following the defaulting party’s receipt of written notice of such breach from the non-defaulting party.  Notwithstanding the foregoing, the fifteen (15) day cure period set forth in the previous sentence shall be shortened to a five (5) day cure period in the event the Customer’s material breach is either a failure to pay any undisputed fee owed under the SOW or a failure to fund the applicable Bank Account as required.  Further notwithstanding the foregoing, no cure period whatsoever shall apply in the event the defaulting party fails to comply with the confidentiality obligations set forth in Section 8 (to the extent such obligations apply to such SOW), which failure shall be considered a material breach of the SOW.  

10.4 Impact of a For Cause Termination.  

(a) Termination of the Agreement.  In the event the Agreement is terminated for cause pursuant to Section 10.2 above, all SOWs in effect on the termination date shall likewise be terminated.  If the Customer is the defaulting party with respect to the termination, Wellable on the Customer's behalf shall be obligated to pay the Early Termination Fee, if any, identified in each terminating SOW.

(b) Termination of an SOW.  In the event an individual SOW is terminated for cause pursuant to Section 10.3 above, such termination shall not affect any other SOW then in effect, and this MSA and the applicable exhibits hereto shall continue to govern such other SOWs as long as they are in effect.  If the Customer is the defaulting party with respect to the terminating SOW, Wellable on the Customer's behalf shall be obligated to pay the Early Termination Fee, if any, identified in such SOW.

(c) Run-Out Services.  ThrivePass shall have no obligation to perform Run-Out Services in connection with any SOW that is terminated for cause by ThrivePass pursuant to Section 10.2 or Section 10.3 above.

11. MISCELLANEOUS

11.1 Entire Agreement.  The Agreement (which includes the SOWs and exhibits hereto) is the entire agreement between the parties with respect to its subject matter, and there are no other representations, understandings, or agreements between the parties relative to such subject matter.

11.2 Contractual Relationship.  The only relationship between ThrivePass and the Customer is the contractual relationship established by the Agreement.  Nothing contained in the Agreement shall be construed to create the relationship of principal and agent (except as otherwise specifically provided), employer and employee, or partners or joint venturers between ThrivePass and the Customer.  Each party’s authority shall be limited to that which is expressly stated in the Agreement.  Except as specifically provided in the Agreement, neither party shall exercise any control over the hours, office location, rentals, or employees of the other party.

11.3 WARRANTY LIMITATION.  NOTWITHSTANDING ANY PROVISION TO THE CONTRARY CONTAINED IN THIS MSA, ANY SOW, ANY EXHIBIT HERETO, OR ANY OTHER MATERIALS PROVIDED BY THRIVEPASS, THRIVEPASS MAKES NO WARRANTIES REGARDING THE PLATFORM OR ITS SERVICES, EXPRESS OR IMPLIED, OR OTHERWISE ARISING BY OPERATION OF LAW, INCLUDING WITHOUT LIMITATION, ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.  THRIVEPASS DOES NOT WARRANT THAT THE USE OF OR ACCESS TO THE PLATFORM WILL BE UNINTERRUPTED OR ERROR-FREE.  FURTHERMORE, THE CUSTOMER UNDERSTANDS AND ACKNOWLEDGES THAT THRIVEPASS CANNOT AND DOES NOT REPRESENT, WARRANT, OR GUARANTEE THE ABSOLUTE SAFETY AND PROTECTION OF ANY CUSTOMER DATA, AND THAT THE INTERNET POSES INHERENT RISKS TO CUSTOMER DATA, THE PLATFORM AND THE CONTEMPLATED SERVICES, REGARDLESS OF THE MEASURES TAKEN BY THE PARTIES.  ACCORDINGLY, AND NOTWITHSTANDING ANYTHING TO THE CONTRARY IN THE AGREEMENT, THRIVEPASS SHALL NOT BE LIABLE TO THE CUSTOMER UNDER THE AGREEMENT FOR ANY INFORMATION SECURITY BREACH OR OTHER SECURITY INCIDENT THAT IS NOT CAUSED BY A FAILURE OF THRIVEPASS TO PERFORM ITS OBLIGATIONS UNDER THE AGREEMENT, NEGLIGENT ACTS OR OMISSIONS OF THRIVEPASS, OR THE INTENTIONAL MISCONDUCT OF THRIVEPASS.

11.4 Binding Agreement; Assignment.  The Agreement is binding upon, and inures to the benefit of, the parties hereto and their respective successors and permitted assigns.  Except as specifically provided in the Agreement, neither the Agreement nor any rights, interests, or obligations under the Agreement may be assigned by either party other than to an affiliate or successor of such party, without the prior written consent of the other party, which consent will not be unreasonably withheld.  Any attempted assignment, transfer or delegation in violation of this Section 11.4 shall be void and shall constitute a material breach of the Agreement by the party attempting the assignment.

11.5 Dispute Resolution.  

(a) Negotiation; Mediation.  In the event of a dispute between the parties with respect to the Agreement, the aggrieved party shall provide written notice to the other party describing the dispute and a proposed resolution.  The parties will then meet as soon as practicable thereafter and negotiate in good faith to resolve the dispute.  If the parties are unable to resolve the dispute through negotiation within thirty (30) days of notice of the dispute, the parties shall submit the dispute to a mutually acceptable mediator, unless the parties otherwise agree in writing.  

(b) Arbitration.  If the parties’ dispute cannot be resolved by way of direct negotiation or mediation within sixty (60) days of notice of the dispute, either party may proceed with formal arbitration proceedings hereunder.  At such time, arbitration shall be the sole and exclusive remedy for resolving and redressing any dispute, claim or controversy involving the interpretation of the Agreement and the obligations of the parties.  Any such arbitration will be conducted in Minneapolis, Minnesota and will be conducted by a single, qualified arbitrator with subject matter experience in contract law (and health care law or ERISA, to the extent applicable to the particular dispute).  The arbitrator will be mutually agreed upon by the parties, and the arbitration will be conducted in accordance with the rules of the American Arbitration Association.  The parties shall share equally the arbitrator’s fee and other costs associated with any arbitration, and each party shall pay its own legal fees, unless the arbitrator elects to award any such fees or costs to the prevailing party.

11.6 Equitable Relief.  Notwithstanding any provision in the Agreement to the contrary, either party may seek interim injunctive or other equitable relief, without the necessity of posting a bond, whether prohibitive or mandatory, in any court of competent jurisdiction, to prevent immediate or irreparable harm attributable to the other party’s violation or threatened violation of the Agreement.

11.7 Force Majeure.  Neither party shall be liable for any delay in performing its obligations under the Agreement to the extent such delay results from circumstances or causes beyond such party’s reasonable control, or without its fault or negligence, including, but not limited to, fire, flood, catastrophe, act of God, riot, insurrection, civil commotion, military action, war, strike, lock-out, labor dispute, or other similar event (each, a “Force Majeure Event”); provided, however, that the non-performing party promptly notifies the other party of the Force Majeure Event.  The existence of the Force Majeure Event shall extend the term of performance on the part of the non-performing party to such extent as may be necessary to enable it to complete performance in the exercise of reasonable diligence after the cause of the delay has been removed.

11.8 Notice.  All notices, requests, consents, claims, demands, waivers and other communications pursuant to the Agreement shall be in writing and shall be deemed to have been duly given to a party if:  (a) delivered in person or by overnight mail (with all fees pre-paid) to the other party at its address set forth in the most recent SOW (or to any other address that the receiving party may designate from time to time in accordance with this Section 11.8); (b) sent by e-mail (in each case, with confirmation of delivery) to the email address specified below; or (c) sent by United States Mail, via certified or registered mail (in each case with return receipt requested and postage pre-paid).  Notice shall be effective only upon receipt by the receiving party.  Each notice hereunder shall be sent asset forth in the most recent SOW. Either party may, from time to time, change its address or designee for notification purposes by providing the other party with prior written notice, in accordance with this Section 11.8, of the new address or designee and the date upon which the change shall become effective.

11.9 Severability.  If any provision or requirement of the Agreement is held by a court of competent jurisdiction to be contrary to law, such provision or requirement shall be enforced only to the extent it is not in violation of such law or is not otherwise unenforceable, and all other provisions and requirements of the Agreement shall remain in full force and effect.  

11.10 Modification; Waiver.  No modification, amendment or waiver of the Agreement, or any part of it, shall be valid unless it is in writing and signed by authorized representatives of both parties.  No waiver of any breach or condition of the Agreement shall be deemed to be a waiver of any subsequent breach or condition, whether of like or different nature.

11.11 Interpretation.  The parties hereto agree that this MSA, and the SOWs and exhibits relating to this MSA are the product of negotiation between sophisticated parties and individuals, each of which was represented by counsel or had an opportunity to be represented by counsel, and each of which had an opportunity to participate, and did participate, in the drafting of the Agreement.  Accordingly, ambiguities in the Agreement, if any, shall not be construed strictly or in favor of or against any party hereto, but rather shall be given a fair and reasonable construction.  

11.12 Cumulative Remedies.  Except as otherwise expressly stated in the Agreement, all remedies provided for in the Agreement shall be cumulative and in addition to, and not in lieu of, any other remedies available to either party at law, in equity or otherwise.

11.13 No Third Party Beneficiaries.  The Agreement shall not, and is not intended to, confer upon any party, other than the parties hereto and their successors and permitted assigns, any rights, remedies, obligations or liabilities, except as expressly provided herein.

11.14 Further Acts.  Each party shall execute and deliver any further legal instruments and perform any acts that are or may become necessary to effectuate the purposes of the Agreement.  

11.15 References and Section Headings.  Any reference to the singular shall include reference to the plural, and vice versa.  Section headings are intended for the purpose of description only and shall not be used for purposes of interpreting the Agreement.  All pronouns and variations thereof shall be deemed to refer to the masculine, feminine, or neuter, as the case may be.

11.16 Governing Law and Jurisdiction.  The Agreement shall be subject to and construed under the laws of the State of Minnesota, without regard to its conflicts of law provisions or principles.

11.17 Survival.  Any provisions of the Agreement that, by their nature, extend beyond the expiration or termination of the Agreement, shall survive the termination of the Agreement and shall remain in full force and effect until all such obligations are satisfied, including without limitation, Section 1, Section 2.2(c), Section 4.1(d)(iii), Section 5.7, Section 5.9, Section 5.12, Section 6.1, Section 6.2, Section 6.3, Section 6.4, Section 6.5, Section 6.7, Section 6.8, Section 7.1(a), Section 7.1(c), Section 7.2, Section 8, Section 9, Section 10, and this Section 11.

EXHIBIT A
BUSINESS ASSOCIATE AGREEMENT
This Business Associate Agreement (the “BAA”) is made as of the Effective Date by and between the Customer, on behalf of each HIPAA-governed Plan (each, a “Covered Entity”), and Wellness by Wishlist, Inc., a Colorado corporation doing business as ThrivePass (the “Business Associate”) is entered for the purpose of complying with the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), as amended by the Health Information Technology for Economic and Clinical Health Act (the “HITECH Act”) provisions and any regulations promulgated thereunder, including but not limited to the final privacy, security, enforcement and breach notification regulations issued by the Department of Health and Human Services (“HHS”) as the Health Insurance Portability and Accountability Act Omnibus Final Rule, as such laws and regulations may be amended from time to time (collectively, the “HIPAA Rules”).  This BAA is effective as of the Effective Date of the Master Services Agreement between the Customer and ThrivePass, as such terms are defined therein.

Recitals

WHEREAS, the Covered Entity is a “covered entity,” as that term is defined under the HIPAA Rules, and as such, is required to comply with the requirements thereof regarding the confidentiality and privacy of Protected Health Information; and WHEREAS, the Business Associate has entered into a Master Services Agreement effective as of the Effective Date, as well as one or more statements of work, with the Covered Entity (the “Service Agreement”) and will have access to, create, receive, maintain and/or transmit certain Protected Health Information in conjunction with the services being provided under the Service Agreement; and WHEREAS, by providing the services under the Service Agreement, the Business Associate is considered a “business associate” of the Covered Entity, as that term is defined under the HIPAA Rules. NOW THEREFORE, in consideration of the mutual covenants, promises and agreements contained herein, the Covered Entity and the Business Associate agree as follows:

1. Definitions.  Terms used but not otherwise defined in this BAA shall have the same meaning as set forth in the HIPAA Rules.  For purposes of this BAA, the following capitalized terms shall have the meanings ascribed to them below:

(a)Breach” shall have the meaning given to such term under 45 CFR §164.402.

(b)Designated Record Set” shall have the meaning given to such term under 45 CFR §164.501.

(c)Electronic Protected Health Information” shall have the meaning given to such term under 45 CFR §160.103.

(d)GLBA” shall refer to Title V of the Gramm-Leach-Bliley Act (15 USC §6801 et seq.) governing the treatment of nonpublic personal information about consumers (“NPI”) by financial institutions, including insurance underwriters

(e)Individual” shall have the meaning given to such term under 45 CFR §160.103, and shall include a person who qualifies as a personal representative in accordance with 45 CFR §164.502(g).

(f)Privacy Rule” shall mean the Standards for Privacy of Individually Identifiable Health Information at 45 CFR Part 160 and Part 164, Subparts A and E.

(g)Protected Health Information” shall have the meaning given to such term under 45 CFR §160.103, limited to the information created, received, maintained and/or transmitted by the Business Associate from or on behalf of the Covered Entity.

(h)Required By Law” shall have the meaning given to such term under 45 CFR §164.103.

(i)Secretary” shall mean the Secretary of the Department of Health and Human Services or his/her designee.

(j)Security Rule” shall mean the Security Standards for the Protection of Electronic Protected Health Information at 45 CFR Part 160 and Part 164, Subparts A and C.

(k)Unsecured Protected Health Information” shall have the meaning given to such term under 45 CFR §164.402.

2. Obligations and Activities of the Business Associate.

(a) The Business Associate agrees to not use or disclose Protected Health Information other than as permitted or required by this BAA or as Required By Law.

(b) The Business Associate agrees to use appropriate safeguards, and to comply with the Security Rule with respect to Electronic Protected Health Information, to prevent the use or disclosure of Protected Health Information other than as provided for by this BAA.

(c) The Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to the Business Associate of a use or disclosure of Protected Health Information by the Business Associate in violation of the requirements of this BAA.  

(d) The Business Associate agrees to report to the Covered Entity any use or disclosure of Protected Health Information not provided for by this BAA of which it becomes aware, and to report to the Covered Entity any material Security Incident, as defined by the Security Rule, of which it becomes aware.

(e) The Business Associate shall, following the discovery of a Breach Unsecured Protected Health Information, notify the Covered Entity of such Breach without unreasonable delay, and in no case later than fifteen (15) days after the Business Associate’s discovery of such Breach (subject to any extension permitted for a law enforcement delay under 45 CFR §164.412).  Such notice shall, to the extent possible, include the identification of each Individual whose Unsecured Protected Health Information has been, or is reasonably believed to have been, accessed, acquired or disclosed during such Breach.   The Business Associate shall also provide the Covered Entity with the following additional information either at the time of the notification, or promptly thereafter, as it becomes available:

(i) a brief description of what happened, including the date of the Breach and the date of the discovery of the Breach, if known;

(ii) a description of the types of Unsecured Protected Health Information involved in the Breach (such as full name, Social Security number, date of birth, home address, account number or disability code);

(iii) the steps Individuals should take to protect themselves from potential harm resulting from the Breach;

(iv) a brief description of what the Business Associate is doing to investigate the Breach, mitigate losses, and prevent further Breaches; and

(v) contact procedures for Individuals to ask questions or learn additional information, which will include a toll-free number, an e-mail address, website, or postal address.  

(f) The Business Associate agrees to ensure that its agents and/or subcontractors that create, receive, maintain and/or transmit Protected Health Information (which is Protected Health Information that the Business Associate creates, receives, maintains and/or transmits on behalf of the Covered Entity), agree in writing to the same restrictions and conditions that apply through this BAA to the Business Associate with respect to such information.

(g) The Business Associate agrees to provide access, at the request of the Covered Entity, within fifteen (15) days, to Protected Health Information in a Designated Record Set, to the Covered Entity or, as directed by the Covered Entity, to an Individual in order to meet the requirements under 45 CFR §164.524.  If the Business Associate provides copies or summaries of Protected Health Information to an Individual, it may impose a reasonable, cost-based fee in accordance with 45 CFR §164.524(c)(4).

(h) The Business Associate agrees to make any amendment(s) to Protected Health Information in a Designated Record Set that the Covered Entity directs or agrees to pursuant to 45 CFR §164.526, at the request of the Covered Entity or an Individual, and in the time and manner reasonably designated by the Covered Entity.

(i) The Business Associate agrees to make internal practices, books, and records, including policies and procedures, relating to the use and disclosure of Protected Health Information received from, or created or received by, the Business Associate on behalf of the Covered Entity available to the Covered Entity or the Secretary, in a time and manner reasonably designated by the Covered Entity or the Secretary, for purposes of having the Secretary determine the Covered Entity’s compliance with the HIPAA Rules.

(j) The Business Associate agrees to document such disclosures of Protected Health Information and information related to such disclosures as would be required for the Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR §164.528.

(k) The Business Associate agrees to provide to the Covered Entity or an Individual, in the time and manner reasonably requested by the Covered Entity, information collected in accordance with Section 2 (j) above, to permit the Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR §164.528.

(l) To the extent the Business Associate has been engaged to perform any obligation of the Covered Entity that is described in Subpart E of 45 CFR Part 164, the Business Associate agrees to comply with the requirements of Subpart E (that would apply to the Covered Entity) in performing such obligation.  

(m) The Business Associate understands and acknowledges that it is subject to GLBA to the extent it receives NPI from any nonaffiliated financial institution in the course of performing its services.  As such, the Business Associate agrees that it will (i) only use and disclose NPI in the ordinary course of business to carry out the purpose for which the information was received, or as otherwise necessary, such as to respond to a subpoena or to comply with other legal obligations; (ii) utilize appropriate safeguards to prevent the use or disclosure of NPI other than as provided for by the Service Agreement; and (iii) for as long as the Business Associate maintains NPI, adhere to the other applicable requirements set forth in GLBA.

3. Permitted Uses and Disclosures by the Business Associate.

(a) General Use and Disclosure Provisions. Except as otherwise limited in this BAA, the Business Associate may use or disclose Protected Health Information to perform functions, activities, or services for, or on behalf of, the Covered Entity as specified in the Service Agreement, provided that such use or disclosure would not violate the Privacy Rule if done by the Covered Entity.  When using or disclosing Protected Health Information or when requesting Protected Health Information from the Covered Entity (or another covered entity) or another business associate, the Business Associate shall make reasonable efforts to limit Protected Health Information to the minimum necessary to accomplish the intended purpose of the use, disclosure or request.  

(b) Specific Use and Disclosure Provisions.

(i) Except as otherwise limited in this BAA, the Business Associate may use Protected Health Information for the proper management and administration of the Business Associate or to carry out the legal responsibilities of the Business Associate.

(ii) Except as otherwise limited in this BAA, the Business Associate may disclose Protected Health Information for the proper management and administration of the Business Associate or to carry out legal responsibilities, provided that disclosures are Required By Law, or the Business Associate obtains reasonable assurances from the person to whom the information is disclosed that it will remain confidential and used or further disclosed only as Required By Law or for the purpose for which it was disclosed to the person, and the person notifies the Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached.

(iii) Except as otherwise limited in this BAA, the Business Associate shall be permitted to de-identify Protected Health Information in order to perform data aggregation services, as defined in 45 C.F.R. 164.501, for its customers.  The Business Associate may use such de-identified information for purposes of aggregating data and preparing reports and statistics regarding the use and functioning of the Business Associate’s services by the Business Associate’s various customers, improving the Business Associate’s materials, creating new solutions to serve industry needs, and conducting research and analysis related to the Business Associate’s services, which may be distributed to its customers and potential customers, so long as the Business Associate continues to protect the Protected Health Information and the identity of the Covered Entity in accordance with this BAA.  Finally, the Business Associate may use and disclose such de-identified information for any lawful purpose, regardless of whether the Covered Entity intends to use the de-identified information, subject to the limitations set forth in 45 CFR §164.502(d)(2).

(iv) The Business Associate may use Protected Health Information to report violations of law to appropriate Federal and State authorities, consistent with 45 CFR §164.502(j)(1).

4. Obligations of the Covered Entity.

(a) Provisions for the Covered Entity to Inform the Business Associate of Privacy Practices and Restrictions.

(i) The Covered Entity shall notify the Business Associate of any limitation(s) in the notice of privacy practices of the Covered Entity in accordance with 45 CFR §164.520, to the extent that such limitation may affect the Business Associate’s use or disclosure of Protected Health Information.

(ii) The Covered Entity shall notify the Business Associate of any changes in, or revocation of, permission by an Individual to use or disclose Protected Health Information, to the extent that such changes may affect the Business Associate’s use or disclosure of Protected Health Information.

(iii) The Covered Entity shall consult with the Business Associate as to the administrative practicality of a restriction prior to agreeing to a restriction that affects the Business Associate’s use or disclosure of Protected Health Information.  The Covered Entity shall also notify the Business Associate of any restriction to the use or disclosure of Protected Health Information that the Covered Entity has agreed to in accordance with 45 CFR §164.522, to the extent that such restriction may affect the Business Associate’s use or disclosure of Protected Health Information.

(b) Permissible Requests by the Covered Entity.  The Covered Entity shall not request the Business Associate to use or disclose Protected Health Information in any manner that would not be permissible under the Privacy Rule if done by the Covered Entity, except as otherwise contemplated herein.

5. Electronic Data Interchange.  The Business Associate agrees that if it (or any of its agents or subcontractors) conducts electronic transmissions on behalf of the Covered Entity for which the Secretary has established a “standard transaction,” the Business Associate (and such agents and subcontractors) shall comply with the requirements of the Standards for Electronic Transactions under 45 CFR Parts 160 and 162.

6. Term and Termination.

(a) Term
.  The term of this BAA shall terminate when all Protected Health Information provided by the Covered Entity to the Business Associate, or created or received by the Business Associate on behalf of the Covered Entity, is destroyed or returned to the Covered Entity, or, if it is infeasible to return or destroy Protected Health Information, protections are extended to such information, in accordance with the termination provisions in this Section 6.

(b) Termination for Cause.  Without limiting the termination rights of the parties pursuant to the Service Agreement, upon the Covered Entity’s knowledge of a material breach of the terms of this BAA by the Business Associate, the Covered Entity shall either:

(i) Provide an opportunity for the Business Associate to cure the breach or end the violation, and shall terminate this BAA and the Service Agreement if the Business Associate does not cure the breach or end the violation within the time specified by the Covered Entity; or

(ii) Immediately terminate this BAA and the Service Agreement if the Business Associate has breached a material term of this BAA and cure is not possible.

(c) Effect of Termination.

(i) Except as provided in paragraph (ii) of this subsection, upon termination of this BAA, for any reason, the Business Associate shall return or destroy all Protected Health Information received from the Covered Entity, or created or received by the Business Associate on behalf of the Covered Entity.  This provision shall apply to Protected Health Information that is in the possession of subcontractors or agents of the Business Associate.  The Business Associate shall retain no copies of Protected Health Information.

(ii) In the event that the Business Associate determines that returning or destroying Protected Health Information is infeasible (because such information is needed for its own management and administration or to carry out its legal responsibilities), the Business Associate shall retain such Protected Health Information and either return or destroy the remainder of the Protected Health Information.  The Business Associate shall extend the protections of this BAA to the retained Protected Health Information and limit further uses and disclosures of such Protected Health Information to those purposes that make the return or destruction infeasible, for so long as the Business Associate maintains such Protected Health Information.

(d) Termination of Agent or Subcontractor Relationship.  The Business Associate agrees to include in its agreements with any agents or subcontractors that create, receive, maintain and/or transmit Protected Health Information (which is Protected Health Information that the Business Associate creates, receives, maintains and/or transmits on behalf of the Covered Entity) termination provisions corresponding to the terms set forth in this Section 6.

7. Miscellaneous.

(a) Regulatory References
.  A reference in this BAA to a section in the HIPAA Rules means the section as in effect or as amended.

(b) Amendment.  The parties agree to take such action as is necessary to amend this BAA from time to time as is necessary for the Covered Entity to comply with the requirements of the HIPAA Rules.

(c) Survival.  The respective rights and obligations of the Business Associate under Section 6(c) above of this BAA shall survive the termination of this BAA.

(d) Interpretation.  Any ambiguity in this BAA shall be resolved to permit the Covered Entity and the Business Associate to comply with the HIPAA Rules.  In the event of any inconsistency or conflict between this BAA and the Service Agreement, the terms, provisions and conditions of this BAA shall govern and control.

(e) No Third Party Beneficiary.  Nothing expressed or implied in this BAA or in the Service Agreement is intended to confer, nor shall anything herein confer, upon any person other than the parties and the respective successors or assigns of the parties, any rights, remedies, obligations, or liabilities whatsoever.

(f) Notices.  Any notices to be given hereunder shall be made via hand delivery or certified U.S. mail, return receipt requested, at the address(es) listed below.

If to the Business Associate, to:

ThrivePass
Attention:  Privacy Officer
3801 Franklin St
Denver, CO 80205