ATTENTION:
Please read these terms of this web sites HIPAA compliance policy and agreement carefully before using or submitting information to this web site. If you do not accept these terms ("Terms"), do not use this web site. Using this web site indicates that you accept these terms.

GENERAL
The Company may revise these Terms of the websites HIPAA compliance policy and agreements at any time by updating this posting. You should visit this page from time to time to review the then-current Terms because they are binding on you. Certain provisions of these Terms may be superseded by expressly designated legal notices or terms located on particular pages at this Site. Last updated April 2005.

USE OF SITE.
As a business associate, you are authorized to view and download the Content (Content) at this web site ("Site") only for your professional, non-commercial use, provided that you maintain and protect all proprietary information contained in the original Content, as confidential. You may not modify or distribute any of the Content at this Site in any way or reproduce or publicly display, perform, or distribute or otherwise use them for any public or commercial purpose. For purposes of these Terms, any use of these Content on any other web site or networked computer environment for any purpose is prohibited. The Content at this Site are copyrighted and any unauthorized use of any Content at this Site may violate copyright, trademark, and other US and/or international laws. If you breach any of these Terms, your authorization to use this Site automatically terminates and you must immediately destroy any downloaded or printed Content.

RECITALS: AGREEMENT
WHEREAS, as a Business Associate of the Company, and as the Company is engaged in the business of developing and commercializing regulated healthcare products,

WHEREAS, The Company has entered into a various services arrangements with its Business Associates, under which the Company has engaged its Business Associates to have appropriate access and need to know knowledge, and,

WHEREAS, under such services arrangement, a Business Associate will be or may be acting as a "Business Associate" of the Company within the meaning of the Health Insurance Portability and Accountability Act of 1996 and the Regulations issued thereunder (collectively, "HIPAA") and, as such, the Company is or may be required to enter into a "business associate agreement" with said Business Associate regarding patients' protected health information, that may be known, archived, referenced or applied in the course of the Company's business.

NOW, THEREFORE, in consideration of the foregoing Recitals (which are made a part of this Agreement), in consideration of the use and services arrangement between the parties, and for other good and valuable consideration, the receipt and sufficiency of which are acknowledged, the parties agree as follows:

Confidentiality. If a BUSINESS ASSOCIATE receives any a individually-identifiable health information as defined in 45 C.F.R. § 164.501 ("Protected Health Information" or "PHI") regarding a customer of or patient of a customer of THE COMPANY, or otherwise has access to any PHI in the possession of THE COMPANY or its health care provider, then the BUSINESS ASSOCIATE shall maintain the security and confidentiality of such PHI in the manner as required by applicable law and regulations, including, without limitation, HIPAA.

Permitted Uses and Dissemination of PHI. Except as otherwise provided herein, a BUSINESS ASSOCIATE may only use other COMPANY patient information in its possession for its proper management and administration of such services arrangement and to fulfill its legal responsibilities; provided that such uses are permitted under state and federal confidentiality laws. However, except as otherwise provided herein, a BUSINESS ASSOCIATE may only disclose any PHI in its possession to a third party for the purpose of proper management and administration or to fulfill legal responsibilities if a BUSINESS ASSOCIATE represents to the COMPANY in writing: (1) that the disclosures are required by law, in accordance with 45 C.F.R. § 164.501; or (2) that a BUSINESS ASSOCIATE has received from such third party written assurances regarding such third party's confidential handling of such PHI, as required under 45 C.F.R. § 164.504(e)(4). Each party agrees that it shall not use or further disclose PHI other than as permitted or required by this Agreement or as required by applicable law. Further, if either party uses the PHI for any purpose other than payment, treatment, or health care operations pursuant to § 164.506, the party using such data agrees to obtain specific authorization from the patient for that specific use, and to provide the other party with a copy of such authorization.

Safeguards. The parties shall use appropriate safeguards to prevent use or disclosure of PHI. Upon request, a BUSINESS ASSOCIATE shall provide the COMPANY with such information concerning such safeguards as the COMPANY may reasonably request from time to time, and shall, upon reasonable advance notice, give the COMPANY access to and the ability to copy its practices, policies and procedures concerning the use and disclosure of PHI, for the purpose of determining a BUSINESS ASSOCIATE's compliance with this Agreement.

Reporting and Mitigation. A BUSINESS ASSOCIATE shall report to the COMPANY in writing any use or disclosure of PHI that is not permitted or required under this Agreement of which a BUSINESS ASSOCIATE becomes aware within three (3) days of the discovery by a BUSINESS ASSOCIATE of such unauthorized use and/or disclosure. The parties shall establish procedures for mitigating, to the greatest extent possible, any negative effects from any improper use and/or disclosure of PHI while their billing service relationship is in effect and shall follow such procedures in the event of such contingency.

Third Parties. Except as otherwise permitted in this Agreement, a BUSINESS ASSOCIATE shall not disclose PHI to any third party (e.g. agents, business associates, vendors, and/or subcontractors), unless such disclosure is approved in advance by the COMPANY in writing; provided, however, that any such disclosure of PHI shall be made only upon the written agreement of the recipient that such recipient agrees to the same restrictions and conditions that apply through this Agreement with respect to such PHI. With respect to any use or disclosure of PHI permitted under this Agreement, a BUSINESS ASSOCIATE agrees to disclose to third parties only the minimum PHI necessary to perform or fulfill a specific function required or permitted hereunder.

Accounting of Disclosures. A BUSINESS ASSOCIATE shall maintain a record of any and all disclosures of PHI made for any purpose other than for payment, treatment, and/or healthcare operations as outlined in section (2) of this Agreement, and shall include in such record the date of the disclosure, the name and address of the recipient of the PHI, a brief description of the PHI disclosed, and the purpose of the disclosure. A BUSINESS ASSOCIATE shall make such record available to the COMPANY on request.

Disclosure to United States Department of Health and Human Services and the Requesting Party. If either party is required by law to obtain information regarding the other party's use, protection or disclosure of PHI, then, to the extent required by applicable law, upon request it shall make its internal practices and records relating to the use or disclosure of PHI available to the requesting party and to the Secretary of the United States Department of Health and Human Services, for purposes of determining the requesting party's compliance with HIPAA.

Access by A Business Associates and Correction of PHI. Within ten (10) days after either party's request, to the extent required by applicable law, including 45 CFR 164.528, a BUSINESS ASSOCIATE shall permit any a Business Associate whose PHI is in the possession of a BUSINESS ASSOCIATE to have access to and to copy his or her PHI, in the format requested, unless such PHI is not readily producible in such format, in which case such PHI shall be produced in hard copy format. A BUSINESS ASSOCIATE and the COMPANY shall consider amendment of PHI in accordance with §164.526 and in coordination with the other party within sixty (60) days after receipt of request.

Termination for Breach. Without limiting any other rights or remedies of the parties under this Agreement, if a BUSINESS ASSOCIATE breaches any of its obligations under this Protected Health Information Agreement, then the COMPANY may, at its option: (a) provide a BUSINESS ASSOCIATE with written notice of the existence of a breach; and (b) afford a BUSINESS ASSOCIATE an opportunity to cure such breach upon terms acceptable to and to the satisfaction of the COMPANY; provided, however, that if a BUSINESS ASSOCIATE fails to cure any breach to the satisfaction of the COMPANY, then the COMPANY may terminate its arrangements and agreements with a BUSINESS ASSOCIATE immediately by delivering written notice of termination to a BUSINESS ASSOCIATE.

Remedies. The COMPANY's remedies under this Agreement shall be cumulative, and the exercise of any remedy shall not preclude the exercise of any other. Upon the termination or expiration of this Agreement for any reason, a BUSINESS ASSOCIATE shall: (a) recover any PHI in its possession or in the possession of any of its subcontractors or agents, if any; (b) return, or destroy in accordance with a process approved in advance by and acceptable to the COMPANY, all PHI that a BUSINESS ASSOCIATE received from, or created or received on behalf of the COMPANY, that a BUSINESS ASSOCIATE maintains in any form; and (c) not retain any copies of such PHI. If a BUSINESS ASSOCIATE and other party agree that it is not feasible for a BUSINESS ASSOCIATE to return or destroy the PHI in accordance with the foregoing sentence, then a BUSINESS ASSOCIATE shall continue to extend the protections of this Agreement for such PHI, and shall limit further use of the PHI to those purposes that make the return or destruction of the information infeasible.

Survival. This Agreement and the obligations and rights of the parties under this Agreement shall survive the expiration or termination of this Agreement for any reason.