AdvancedMD Terms of Service Last updated on February 16, 2021 EXHIBIT D. Permitted Entity Agreement Terms The following provisions shall be in included in a valid and enforceable agreement between the Service Bureau and Permitted Entity prior to the time that the Permitted Entity is provided access to or use of the Hosted Programs or the Third Party Services. The Service Bureau and the Permitted Entity may agree to additional terms and conditions relating to the Service Bureau’s Services as such parties may deem necessary or appropriate, so long as such terms do not violate or conflict with the terms set forth below. 1. Definitions 1.1. “AdvancedMD” means AdvancedMD, Inc., a Delaware corporation. 1.2. “Client Data” means all information (including Health Data) entered by a Permitted Entity into the Hosted Programs or the Third Party Services. 1.3. “Diamond Services” means the provision of print and mail services within the Hosted Programs provided by Diamond Healthcare Communications, an independent third party. 1.4. “DrFirst Services” means the provision of Electronic Prescriptions for Controlled Substances (EPCS) by DrFirst.com, an independent third party. 1.5. “Dyn Services” means the provision of email delivery services within the Hosted Programs provided by Dynamic Network Services, Inc., an independent third party. 1.6. “Electronic Services” means the transmission and processing of claim information (including a distinct claim, remit, inquiry, information request, statement collection letter print image or other item) by an independent third party between the Hosted Programs, on the one hand, and a payor, on the other. 1.7. “First Databank Services” means the provision of and access to drug product information within the Hosted Programs, which drug product information is provided by First Databank, Inc., an independent third party. 1.8. “Health Data” means any Protected Health Information (as defined by HIPAA), and any other Client Data associated therewith that is reasonably necessary for the treatment of any patient of Permitted Entity. 1.9. “Healthwise Services” means the provision of and access to healthcare information and education available through the Hosted Programs or otherwise provided by Healthwise, Inc., an independent third party. 1.10. “HIPAA” means the Health Insurance Portability and Accountability Act of 1996, as amended, and the rules and regulations promulgated thereunder. 1.11. “Hosted Programs” means (i) the computer software programs owned or licensed by AdvancedMD in object code form, and that Permitted Entity has subscribed to, and (ii) online documentation provided by AdvancedMD with respect to such computer software programs; provided, however, that the term “Hosted Programs” does not include any Third Party Service. 1.12. “Jive Services” means the provision of educational, product and online support tools available through the Hosted Programs provided by Jive Software, Inc., an independent third party. 1.13. “Optum Services” means the analysis (using a proprietary rules engine and knowledgebase provided by Optum, Inc., an independent third party) of claim coding and editing performed by Providers of Clients or Permitted Entities (as the case may be). 1.14. “Provider” means the Permitted Entity’s employees, contractors or agents that provide billable patient care or services on behalf of the Permitted Entity. 1.15. “Surescripts Services” means the electronic prescription functionality and clinical interoperability functionality, in either case, that is accessible through the Hosted Programs, and in each case is provided by Surescripts, LLC, an independent third party. 1.16. “Third Party Services” means any software, offering, product or functionality that Permitted Entity uses or has subscribed to, but which is provided by a third party that is not AdvancedMD. Third Party Services currently include Diamond Services, Electronic Services, First Databank Services, Healthwise Services, Jive Services, Optum Services, Surescripts Services, Twilio Services, Updox Services, and Zoom Services. Permitted Entity’s use of the Third Party Services is subject to the terms and conditions of Exhibit E. 1.17. “Twilio Services” means the provision of texting and telecommunication services accessible through the Hosted Programs provided by Twilio, Inc., an independent third party. 1.18. “Updox Services” means an integrated electronic service for inbound and outbound faxes and secure messaging, in either case, that is an option accessible through the Hosted Programs, and in each case is provided by Updox LLC, an independent third party. 1.19. “Zoom Services” means the provision of web services, video conferencing and telemedicine services accessible through the Hosted Programs or otherwise provided by Zoom Video Communications, Inc., an independent third party. 2. Use of Hosted Programs and the Third Party Services 2.1. Service Bureau hereby grants to the Permitted Entity a non-exclusive, non-transferable, revocable right for all Providers (and 2 Rev. October 2020 for additional permitted non-Provider users associated with authorized Providers) to access and use the Hosted Programs and the Third Party Services. Permitted Entity shall be entitled to access and use the Hosted Programs and the Third Party Services solely for Permitted Entity’s own internal business operations, provided that Permitted Entity is not in breach of any separate agreements or obligations with AdvancedMD. 2.2. Permitted Entity shall not transfer, sell, lease, or lend the Hosted Programs or the Third Party Services, or any software or systems used to provide the Hosted Programs or the Third Party Services, or any contents, information, tools, and resources therein, to any third party. Permitted Entity shall not (i) allow any third party to access or use the Hosted Programs or the Third Party Services, or (ii) access or use the Hosted Programs or the Third Party Services for third-party training, commercial time-sharing, software hosting, rental or service bureau use. 2.3. Permitted Entity shall not download, modify, create derivative works from, reverse engineer, decompile or disassemble or otherwise attempt to discover any trade secret contained in the Hosted Programs or the Third Party Services or in any software or system used by AdvancedMD in connection with providing the Hosted Programs or the Third Party Services. 2.4. AdvancedMD or its agents shall have the right to monitor use of the Hosted Programs and the Third Party Services by Permitted Entity. This audit right includes, but is not limited to electronic monitoring at any time. 2.5. AdvancedMD shall have the right to terminate use of the Hosted Programs and the Third Party Services by Permitted Entity, including for cause, and for any breach of a separate agreement or obligation to AdvancedMD. 2.6. To the limited extent that any provisions in this agreement are contrary to Permitted Entity’s rights, including those related to fees, with respect to certified API technology as set forth in the Developer Terms of Service at https://developer.advancedmd.com/terms, as such may be updated from time to time in AdvancedMD’s sole discretion, then the terms of the Developer Terms of Service shall control. 3. Third Party Services Permitted Entity shall acknowledge and agree to all the terms related to Third Party Services as set forth on Exhibit E to the Terms of Service between Service Bureau and AdvancedMD. 4. Ownership of Hosted Programs and the Third Party Services Permitted Entity acknowledges and agrees that as between Permitted Entity and AdvancedMD, AdvancedMD retains all title, copyright, and other proprietary rights in the Hosted Programs. Permitted Entity does not acquire any rights, express or implied, in the Hosted Programs or the Third Party Services, other than those specified in this agreement. AdvancedMD reserves the right to terminate any Permitted Entity from Hosted Programs and Third Party Services in AdvancedMD’s sole discretion. 5. Access 5.1. Permitted Entity may designate user account names and passwords for Providers, and for additional permitted non-Provider users associated with authorized Providers (which may include patients of Permitted Entity). Permitted Entity is responsible for safeguarding the confidentiality and use of account names and passwords, and agrees to take any and all actions necessary to maintain the privacy of such information. 5.2. Permitted Entity shall be liable and responsible for any and all activities conducted through its account, whether or not such activities have been authorized by Permitted Entity. Service Bureau and AdvancedMD will deem any communication, data transfer, or use of the Hosted Programs or Third Party Services received under Permitted Entity’s account names and passwords to be for Permitted Entity’s benefit and use. 5.3. Permitted Entity will promptly notify Service Bureau if account names or passwords are lost, stolen, or are being used in an unauthorized manner. Upon Permitted Entity’s request, Permitted Entity will provide Service Bureau with accurate and complete registration information of Providers, and the additional permitted non-Provider users associated with authorized Providers, that have access to the Hosted Programs or Third Party Services. 6. Permitted Entity Representations and Covenants 6.1. Permitted Entity represents and warrants to Service Bureau that (i) Permitted Entity’s use of the Client Data in connection with the Services (including the right to transfer, store, process and cache Client Data in connection with the use of the Hosted Programs and the Third Party Services) complies with all Applicable Laws, and that Permitted Entity has received all necessary third party approvals with respect to the Services and its use of the Hosted Programs and the Third Party Services, and (ii) the Client Data, and Permitted Entity’s use of the Client Data (including storage, processing and caching of Client Data), do not infringe the intellectual property rights of any third party, and Permitted Entity agrees to indemnify and hold Service Bureau and AdvancedMD harmless from any third-party claims arising from Permitted Entity’s use of the Client Data in connection with the services. 6.2. Permitted Entity shall comply with all Applicable Laws and regulations applicable to Permitted Entity’s conduct of its business, including, without limitation, obtaining and maintaining all applicable federal, state and local licenses. 7. De-Identification Provided that Service Bureau or another third party implements appropriate de-identification criteria in accordance with the Standards for Privacy of Individually Identifiable Health Information set forth in 45 C.F.R. §164.514(b) (or any successor provision thereto), such de-identified information is not Protected Health Information as defined under HIPAA; Permitted Entity acknowledges and agrees that Service Bureau or such third party may use such de-identified information for any lawful purpose. 8. Limitation of Liability 8.1. NEITHER ADVANCEDMD NOR SERVICE BUREAU MAKES, AND EACH HEREBY DISCLAIMS, ANY WARRANTY OF ANY KIND WITH REGARD TO THE HOSTED PROGRAMS AND THE THIRD PARTY SERVICES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 8.2. NEITHER PARTY, NOR ADVANCEDMD, SHALL BE LIABLE FOR INDIRECT, INCIDENTAL, SPECIAL OR CONSEQUENTIAL DAMAGES, OR DAMAGES FOR BUSINESS INTERRUPTION, LOSS OF PROFITS, REVENUE, DATA OR USE, OR COST OF COVER SUFFERED BY A PERMITTED ENTITY, WHETHER IN AN ACTION IN CONTRACT OR TORT, AND EVEN IF THE PARTY HAS BEEN ADVISED OF OR IS AWARE OF THE POSSIBILITY OF SUCH DAMAGES. 8.3. ADVANCEDMD IS NOT IN ANY WAY ENGAGED IN THE PRACTICE OF MEDICINE OR ACTING AS A PHYSICIAN OR OTHER HEALTH CARE PROFESSIONAL OR PROVIDER. ANY TREATMENT, THERAPY, PROCEDURE, INFORMATION, MEDICATION, PRODUCT OR OTHER INFORMATION REFERENCED BY OR THROUGH SERVICES ARE NOT INTENDED AS A RECOMMENDATION OR ENDORSEMENT OF ANY COURSE OF TREATMENT, THERAPY, PROCEDURE, INFORMATION, MEDICATION, PRODUCT OR OTHER INFORMATION. THE ULTIMATE RESPONSIBILITY FOR DIAGNOSING AND TREATING ANY PATIENT RESTS WITH THE PATIENT’S HEALTH CARE PROVIDER. 8.4. PERMITTED ENTITY’S USE OF THE HOSTED PROGRAMS, THIRD PARTY SERVICES, OR ANY TEMPLATES MADE AVAILABLE TO PERMITTED ENTITY IN NO WAY CONSTITUTES THE PROVISION OF LEGAL ADVICE FROM ADVANCEDMD TO PERMITTED ENTITY. 8.5. Service Bureau and AdvancedMD’s total aggregate liability for damages suffered by Permitted Entity, any its Providers (or non-Provider users associated with authorized Providers), or any of its affiliates under this agreement shall in no event exceed the amount of fees paid by Permitted Entity under this agreement for the most recent three (3) month period. 9. U.S. Government The Hosted Programs are commercial computer software and documentation developed exclusively at private expense and in all respects are proprietary data belonging to AdvancedMD. If the Hosted Programs are used under the terms of a DoD or civilian agency contract, use, reproduction and disclosure of such software and documentation by the Government is subject to the restrictions set forth in this agreement in accordance with 48 C.F.R. 227.7202 or 48 C.F.R. 12.212, respectively. 10. Termination Service Bureau may terminate this agreement (or access to or use of one or more Hosted Programs or the Third Party Services) upon notice to the Permitted Entity. AdvancedMD may terminate access to or use of one or more Hosted Programs or the Third Party Services upon notice to the Service Bureau. Upon any such termination by Service Bureau or AdvancedMD, as the case may be, all rights granted to Permitted Entity under this agreement shall terminate and Permitted Entity will no longer have any right to access or use the Hosted Programs or the Third Party Services (including any data that may be accessible only through the Hosted Programs or the Third Party Services) and neither Service Bureau nor AdvancedMD shall be liable for any damages caused by such inaccessibility. Upon any termination of this agreement (or access to or use of one or more Hosted Programs or the Third Party Services), AdvancedMD shall have the right to maintain a copy of all Client Data in accordance with, and for the period of time it determines is required or permitted by, Applicable Law and, to the extent AdvancedMD in its sole discretion determines appropriate, shall have the right to provide access to or otherwise make available any or all of the Client Data to the Permitted Entity. If within 30 days of termination of the agreement Permitted Entity requests return of Client Data and Permitted Entity has not obtained an electronic copy of Client Data through any export functionality of the Hosted Programs, AdvancedMD will make available data export and retrieval methods and related services to Permitted Entity that AdvancedMD has determined are technically feasible and commercially reasonable as of the Client Data export request date. Permitted Entity acknowledges that data export and retrieval methods and related services available from AdvancedMD may change over time based on the features and functionality of the Hosted Programs, regulatory requirements and other factors. AdvancedMD will provide any mutually agreeable Client Data export and retrieval services to Permitted Entity at the lesser of AdvancedMD’s then-current rates or (b) ) a flat fee ranging from $1,250 to $2,250 (depending on the type of export requested), provided that on January 1 of each year such flat fees shall increase by the greater of (x) three percent or (y) the percentage increase in the Employer Cost Index for the then-most recently reported twelve (12)-month period published by the US Department of Labor, Bureau of Labor Statistics. Client may contact AdvancedMD for additional details about the specific data and formats available under the then-available export options. 11. Survival The provisions of Sections 4, 6, 8, 10, 11 and 12 of this agreement shall survive any termination of this agreement. 12. Third Party Beneficiary Service Bureau and Permitted Entity each acknowledge and agree that AdvancedMD (and each of its affiliates) is an intended third-party beneficiary of this agreement for the purpose of enforcing at law and at equity the covenants of Permitted Entity and the warranty disclaimers and limitations of liability set forth in this agreement, whether or not such provisions make specific reference to AdvancedMD (or such affiliates). EXHIBIT E: Terms and Conditions Applicable to Third Party Services The terms and conditions set forth in this Exhibit E apply to use by Client of various Third Party Services used in connection with the Hosted Programs and are required by the third parties that provide such services. Capitalized terms used but not defined in these terms and conditions shall have the meaning ascribed to such terms in this Agreement (which includes, without limitation, this Exhibit E). 1.1. Electronic Services If Client uses the Electronic Services, Client acknowledges and agrees that Electronic Services are generally available approximately 4 to 8 weeks after Client has properly completed and returned to AdvancedMD all applicable implementation forms related to Client’s use of Electronic Services. 1.2. First Data Bank Services If Client uses the First Data Bank Services: A. Client hereby covenants and agrees to indemnify and hold First Databank, Inc. (“FDB”) harmless from and against any liability, loss, injury or expense (including reasonable attorneys’ fees and court costs) imposed upon, incurred or suffered by FDB relating to or arising out of any allegation or claim that the use of the medical, pharmaceutical and nutritional information originally provided by FDB and made available to Client through its use of the Hosted Programs (including any user manuals), or any information contained therein, caused or contributed to the personal injury or death of an individual; provided, however, that this indemnity shall not apply in the case of FDB’s gross negligence or willful misconduct. FDB is an intended third party beneficiary of this Section 1.2.A of this Exhibit E. This Section 1.2.A will survive any termination of this Agreement with AdvancedMD. B. Client hereby acknowledges and agrees that AdvancedMD’s electronic health record application utilizes information provided by FDB. FDB takes actions designed to ensure that the information provided by FDB is accurate, up-to-date, and complete, but no guarantee is made to that effect. FDB’s product is designed to supplement, and not a substitute for, the expertise, skill, knowledge and judgment of healthcare practitioners. FDB’s drug information does not endorse drugs, diagnose patients or recommend therapy. The absence of a warning for a given drug or drug combination in no way should be construed to indicate that the drug or drug combination is safe, effective or appropriate for any given patient. The information contained therein is not intended to cover all possible uses, directions, precautions, warnings, drug interactions, allergic reactions, or adverse effects. In addition, the drug information contained therein may be time sensitive. FDB information is compiled for use by healthcare practitioners in the United States. Neither AdvancedMD nor FDB warrants that uses outside of the United States are appropriate. Client acknowledges that the professional duty to the patient in providing healthcare services lies solely with the healthcare professional providing patent care services. Client and healthcare practitioners should use their professional judgment in using the information provided. Neither AdvancedMD nor FDB assumes any responsibility for actions of Client which may result in any liability or damages due to the malpractice, failure to warn, negligence or any other basis. 1.3. Surescripts Services If Client uses the Surescripts Services, Client hereby acknowledges and agrees that: A. Access to and Use Client shall ensure that (i) only persons that qualify as Prescriber End Users hereunder access and use the Surescripts through the AdvancedMD e-Prescribing solution, and (ii) all Prescriber End Users are registered with AdvancedMD. B. Surescripts Information Client agrees that it shall keep confidential any data or information relating to Surescripts, or its services or operations, of which it becomes aware. C. Adherence to Applicable Law and Commercial Messaging Rules i. Client shall comply with all Applicable Law and Client shall ensure that each Prescriber End User shall obtain all necessary patient consents and authorizations prior to requesting medication history for such patient. ii. Client shall not, and shall ensure that its Prescriber End Users do not, use any means, program, or device, or permit any other person to use any means, program, or device, including, but not limited to, advertising, instant messaging, and popup ads, to influence or attempt to influence, through economic incentives or otherwise, the Prescribing Decision of a prescriber at the Point of Care if: (i) such means, program, or device (as described above) is triggered by, initiated by, or is in specific response to, the input, selection, and/or act of a prescriber or his/her agent prescribing a pharmaceutical or selecting a pharmacy for a patient; and (ii) that prescription shall be delivered via the Surescripts network. Notwithstanding the above Client may: (A) show information regarding a payer’s formulary and benefit plan design, including patient lowest cost options, on/off tier, prior authorization, step therapy, coverage status, and co-pay information; and/or (B) deliver or have delivered to Prescriber End Users clinical alerts that are sourced from payers and/or are attributed to generally recognized and reputable sources providing clinical information to the prescriber, even if, in the event of either (A) or (B), such information influences the patient or prescriber’s choice of pharmacy or other prescribing decisions. Any custom lists created and maintained by Prescriber End Users within the Hosted Programs, including but not limited to: (i) an individual Prescriber End User’s most often prescribed medication list; (ii) an individual Prescriber End User’s most often used pharmacy list; and/or (iii) an individual Prescriber End User’s most often used SIGs (i.e., instructions for the use of medications), would not be considered a violation of this section. D. Surescripts Policies. In the event that Surescripts or any Data Source issues privacy and patient consent policies related to the delivery of Private Information, Client shall ensure that Prescriber End Users promptly comply with such policies. E. Surescripts Disclaimers i. Availability of Data Sources. No representation or warranty is made regarding the availability of any particular Data Source or other Participant in the Surescripts network. At any time, Data Sources or other Participants in the Surescripts network may be added to or deleted from the Surescripts network or may limit access to their data, such changes may occur without prior notice. F. Surescripts Data Sources Client acknowledges that any Data Source, in its sole discretion, may elect not to receive prescriptions and other messages from Client and/or any Prescriber End User. G. Audit by Surescripts Client acknowledges and agrees that Surescripts may access, inspect, and audit any information in the Hosted Programs relating to Client’s use of the Surescripts network and/or Surescripts Data. H. Use of Data by Surescripts Subject to compliance with all Applicable Law (including without limitation all laws regarding the protection of protected health information (as defined under HIPAA), Surescripts shall be entitled to use and disclose information received from Client and Prescriber End Users for the purpose of Surescripts’ business. I. Clinical Operability Services In the event Client uses the clinical operability services provided by Surescripts as part of the Hosted Programs, Client shall obtain any and all necessary patient consents and authorizations required by Applicable Law. Client shall, upon request, certify to having obtained all such necessary patient consents and authorizations. J. Indemnity Client shall indemnify and hold harmless Surescripts and Data Sources and their Affiliates from (i) any breach by Client of any confidentiality or privacy obligation under Applicable Law, or any misuse of data and/or systems provided by Surescripts and (ii) any loss of connectivity to the Surescripts network due to acts or omissions of Client; provided, however, that this Section 1.3.J shall only apply to Clients that qualify as a “Service Bureau” under this Agreement. Client agrees that Surescripts shall be a third party beneficiary of this Section 1.3.J. K. As used in this Section 1.3 to this Exhibit E only, the following terms have the following meanings: i. “Data Source” means all PBM Data Sources and Pharmacy Data Sources. ii. “PBM Data Source” means a pharmacy benefit manager, health benefit payor or administrator, or other similar entity which has entered into a written agreement with Surescripts to allow access through the Surescripts network to information in its possession. iii. “Pharmacy Data Source” means a pharmacy, pharmacy chain, or aggregator that aggregates information on behalf of pharmacies, or other similar entity which has entered into a written agreement with Surescripts to allow access through the Surescripts network to information in its possession. iv. “Point of Care” means the place and time that a prescriber or his/her agent is in the act of prescribing a pharmaceutical for a patient. v. “Prescribing Decision” means a prescriber’s decision to prescribe a certain pharmaceutical or direct a patient to a certain pharmacy. vi. “Prescriber End User” means an individual, located in the United States or a United States territory, that: (1) is employed by, an active member of the medical staff of, or otherwise performing healthcare services as a legally authorized representative of Client; and (2) if required by Applicable Law to be licensed, registered, or otherwise authorized by a governmental authority, is properly and duly licensed, registered, or otherwise authorized with the appropriate governmental authority to perform the applicable healthcare services. vii. “Private Information” means: (i) Protected Health Information (“PHI”), as defined under HIPAA and related regulations, created or received on behalf of, or received from Surescripts; (ii) Nonpublic Personal Financial Information and, as applicable, Nonpublic Personal Health Information, as defined by the Gramm-Leach-Bliley Act; or (iii) any data or information that: (1) relates to an individual, and (2) identifies or can reasonably be believed to form the basis for identifying an individual 3 Rev. October 2020 (such as, but not limited to, an individual’s name, postal address, e-mail address, telephone number, date of birth, Social Security number, driver’s license number, financial account number, or any other unique identifier), in each case, that is provided to AdvancedMD to Client. viii. “Surescripts” means Surescripts, LLC. ix. “Surescripts Data” means any data or information relating to Surescripts, or its services or operations, provided to AdvancedMD and/or Prescriber End Users) by or on behalf of Surescripts, including statistics collected by Surescripts regarding transactions processed by the Surescripts network. x. “Surescripts network” means the Surescripts proprietary technology for a secure, nationwide, interoperable health information infrastructure, including Surescripts materials, interfaces, functionality, and transaction maps, as they may be further modified or developed by Surescripts from time to time. 1.4. Updox Services If Client uses the Updox Services, Client acknowledges and agrees that (i) in order for the Updox Services to be enabled, Updox requires that Client agree to the Updox Terms of Use, (ii) the Updox Terms of Use exclusively governs the provision of, and Client’s use of, the Updox Services, and (iii) it has reviewed and accepts such Updox Terms of Use. 1.5. CareAgent Services If Client uses the CareAgent Services from Corepoint Health, Client agrees to the following terms: (A) Client is authorized to only use the CareAgent Services internally, and solely in conjunction with the Hosted Programs and Services; (B) Client will not copy any of the software used to provide CareAgent Services (“CareAgent Software”); (C) Client shall destroy all copies of the CareAgent Software after license termination which is coterminous with this Agreement; (D) Client is prohibited from reverse assembling, reverse compiling or translating the CareAgent Software except where Applicable Law permits it despite this limitation; and (E) the CareAgent Software is copyrighted and licensed; it is not sold. Further (i) AdvancedMD and Corepoint Health disclaim all implied warranties, including any implied warranties of noninfringement, merchantability, and fitness for a particular purpose; and (ii) the collective liabilities of AdvancedMD and Corepoint Health, are subject to the limitation of liabilities described in this Agreement. Corepoint Health disclaims all liability for all consequential, punitive, incidental, and other indirect damages including, but not limited to, lost profits, lost or damaged data, and the provision of substitute goods. AdvancedMD is an intended beneficiary of these limitations and disclaimers, and the limitation of liabilities for the Corepoint Health and AdvancedMD are not cumulative. 1.6. DrFirst Services If Client uses DrFirst Services for Electronic Prescriptions for Controlled Substances (EPCS), Client agrees to the following: A. Prescribing Providers. Each EPCS account shall be assigned to a specific provider (the “Prescribing Provider”). Each Prescribing Provider must properly register through the Hosted Programs and the DrFirst website. As part of the two-factor authentication setup requirement for the EPCS feature, each Prescribing Provider will be provided with a complimentary Identity- Proof Hard Token (“IDP Hard Token”) and confirmation letter. In the event the IDP Hard Token is lost, damaged or becomes inoperable thereafter, Client shall pay AdvancedMD the then-current fee for each additional IDP Hard Token and confirmation letter, as applicable. Prescribing Provider secures and elects to use an Identity-Proof Soft Token (“IDP Soft Token”), provided by a third-party, (e.g. Symantec mobile application, etc.), the IDP Soft Token must be downloaded/stored on a separate device from the computer or device on which the Prescribing Provider gains access to the EPCS feature and transmits prescriptions. (The IDP Hard Token and IDP Soft Token are sometimes referred to generally as an “IDP Token”) B. Client Responsibilities. Client and each Prescribing Provider understand and agree: (a) to retain sole possession of the IDP Hard Token, and not to share the login passphrase with any other person; (b) that it shall not allow any other person to use an IDP Token or enter the login passphrase in order to sign controlled substance prescriptions; (c) that failure to secure the IDP Token, login passphrase, or any biometric information may provide a basis for revocation or suspension of the EPCS account; (d) to notify AdvancedMD within one business day of discovery if: (i) Client or a Prescribing Provider is contacted by a pharmacy because one or more controlled substance prescriptions are displaying the incorrect United States Drug Enforcement Administration (the “DEA”) number; (ii) if Client or a Prescribing Provider discover that one or more controlled substance prescriptions issued using a Prescribing Provider DEA number were not consistent with the prescriptions actually signed, or were not signed at all; (iii) if a Prescribing Provider’s IDP Token has been lost, stolen, or the authentication protocol has been compromised in any way; (e) that the Prescribing Provider is responsible for any controlled substance prescriptions written using its two-factor authentication credential; (f) that Prescribing Providers have the same responsibilities when issuing electronic prescriptions for controlled substances as when issuing paper or oral prescriptions; (g) to prescribe controlled substances only for legitimate medical purposes; (h) to review security logs on a daily basis for any security incidents; and (i) to report to the DEA any security incident and provide AdvancedMD with a copy of such report. Client agrees to keep all security incident reports on file for a period of two (2) years. Client represents and warrants that Client is not currently under formal investigation, indictment, or prosecution and has not been convicted, disciplined, or sanctioned within the preceding five (5) years by any governmental entity or self-regulation program for violation of any Applicable Laws under or related to health care, drugs, or criminal acts. Further, Client shall indemnify, hold harmless, and defend DrFirst, the National Association of Boards of Pharmacy, APPRISS and each of their respective officers, directors, employees, members, contractor’s and affiliates from and against any losses, liabilities, costs (including reasonable attorneys’ fees) or damages resulting from any third party claim in which any above-named party is named as a result of any access or use of the DrFirst services or application by Client. 1.7. Dyn Services If Client uses Dyn Services, Client agrees that neither it, nor its end users, if any, will use the Services: (a) for illegal purposes (including but not limited to use in violation of the CAN-SPAM Act of 2003, as amended); (b) in a way that interferes with or disrupts networks connected to the Dyn Services; (c) in a way that violates any regulation, policy, or procedure of the networks connected to the Dyn Services; (d) in a way that violates, that facilitates the violation of, any Applicable Law, including, without limitation, those that relate to the exportation of technical data from the United States to foreign countries or any international law; (e) in a way that facilitates, coordinates, or implements any terrorist activity, (f) in way that facilitates, coordinates or implements “botnets”; (g) in a way that interferes with another’s use and enjoyment of the Dyn Services or similar services; (h) to store, distribute or facilitate the distribution of illegal software or illegal pornography; (i) to facilitate spamming, linkspamming, spamdexing, or any other distribution of electronic mail to one or more people who have not given specific permission to be included in such a distribution; (j) to engage in or facilitate online gambling; (k) to distribute or otherwise make available to others any copyrighted material that Client does not have authorization or the legal right to distribute; (l) to transmit or to aid in the transmission of any unlawful, harassing, libelous, abusive, threatening, harmful, vulgar, obscene or otherwise objectionable material of any kind or nature; (m) to transmit or aid in the transmission of any material that encourages conduct that could constitute a criminal offense or give rise to civil liability; or (n) to gain or attempt to gain unauthorized access to computers or computer networks. The Dyn Services make use of the Internet’s DNS protocol to create and delegate domain names, therefore, Client agrees that it, and its end users, if any, will use the Dyn Services in a way that complies with all Internet regulations, policies, and procedures. For purposes of these terms, facilitation of the unauthorized distribution of copyrighted materials through operation of a “hub”, “tracker”, or other similar file sharing mechanism, shall be considered identical to the actual illegal distribution of those copyrighted materials. 4. Additionally, Client agrees that neither it nor its end users, if any will use Dyn’s email delivery services: (a) to send email to any email address that is not opt-in and that was not obtained through lawful and authorized means; (b) to send email to recipients whose addresses was manually or automatically “scraped” or “aggregated” from websites or third party lists; (c) without ensuring that every email includes a link or instructions allowing recipients to remove themselves from Client’s email list; (d) to distribute content it does not have the right to distribute; (e) if Client fails to regularly, but in no case less then every ten (10) days, remove undeliverable email addresses from its list and honor unsubscribe requests; (f) send unsolicited email of a commercial or non-commercial nature; (g) to send mail that Client knows or should know will threaten Dyn’s ability to maintain positive working relationships with the networks and/or entities are responsible for accepting email sent by Dyn on behalf of its clients. 5. If, in Dyn’s reasonable discretion, Client and/or its end users, if any, (i) use the Dyn Services in a manner that, directly or indirectly, intentionally or unintentionally, negatively effects Dyn or its systems or networks (including without limitation, overloading servers on the Dyn network or causing portions of the Dyn network to be blocked) or (ii) attempts or succeeds in penetrating Dyn’s security, then Dyn may terminate or suspend the Dyn Services. 6. A cleanup fee of $100.00/hour (minimum 4 hours) may be assessed by Dyn to Client for violation of these terms by Client or its end users. 7. Dyn reserves the right to change these terms and conditions as it, in its reasonable discretion, deems prudent or necessary. Revised versions, if any, of these terms will be available at www.dynect.com, where such revised terms will be posted with a modification date. Dyn will notify Client sixty (60) days before the effective date of any revision so that Client has time to revise its own end user terms of service and otherwise comply with the revisions. Dyn expects Client to ensure that it complies with the then current terms. In the event that Dyn revises these terms, and such revision materially and negatively affects Client’s ability to use the Dyn Services, Client may terminate the agreement (including any order) without penalty by notifying Dyn within thirty (30) days of receiving notice of a change in the revised terms. 8. Dyn assumes no responsibility for the content of any material located on the hosts provided from the Dyn Services. Client acknowledges that Dyn has no control over these websites or other material hosted on external hosts. 9. Dyn may immediately terminate the Dyn Services and the agreement (including any order) should it determine, in its sole discretion, that Client’s conduct fails to conform to these terms and conditions or the spirit of its terms and conditions in a fashion that critically impacts Dyn or its systems or networks. If Dyn determines that Client’s conduct fails to conform to these terms and conditions in a fashion that does not critically impact Dyn or its systems or networks, Dyn shall still have the right to terminate the agreement (including any order) and/or suspend provision of the Dyn Services to Client; provided however that Dyn shall provide Client with five (5) business days advanced electronic notice of such impending termination and/or suspension. Client’s failure to come into compliance with these terms within five (5) business days of Dyn’s transmission of said electronic notice, will entitle Dyn to terminate the agreement and/or suspend the Dyn Services immediately. 1.8. Healthwise Products and Services If Client utilizes Healthwise products and services, Client hereby acknowledges and agrees that: A. Disclaimer (i) HEALTHWISE DOES NOT GIVE MEDICAL ADVICE. Healthwise content is based on current medical literature and physician review. Healthwise content is intended to help people make better health care decisions and take greater responsibility for their own health. However, use of Healthwise content is not intended to replace the advice of a doctor. Healthwise products have been developed and are intended for use by consumers in the United States. (ii) HEALTHWISE AND ITS SUPPLIERS ARE NOT RESPONSIBLE FOR THE RESULTS OF THE HEALTHWISE CONTENT, INCLUDING BUT NOT LIMITED TO, USERS’ CHOOSING TO SEEK OR NOT TO SEEK PROFESSIONAL MEDICAL CARE, OR USERS’ CHOOSING OR NOT CHOOSING SPECIFIC TREATMENT BASED ON THE HEALTHWISE CONTENT. B. Disclaimer of Warranties (i) Except for the warranties expressly made by Healthwise, Healthwise provides its Licensed Product, including, without limitation, Healthwise content to Client “AS-IS” and Healthwise makes no representation or warranty as to the accuracy or completeness of the information. HEALTHWISE’S EXPRESS WARRANTIES ARE IN LIEU OF ALL OTHER WARRANTIES OR OBLIGATIONS, EXPRESS OR IMPLIED. HEALTHWISE EXPRESSLY DISCLAIMS ALL IMPLIED WARRANTIES OF MERCHANTABILITY, NONINFRINGEMENT, OR FITNESS FOR A PARTICULAR PURPOSE. Client’s exclusive remedy for breach of the warranty is termination of the Healthwise Agreement and a refund of fees pre-paid by Client for the period following the date of the termination. (ii) NEITHER PARTY SHALL HAVE ANY LIABILITY TO THE OTHER PARTY FOR THE RESULTS OF CLIENT’S OR PERMITTED USERS’ USE OF THE LICENSED PRODUCT, INCLUDING, BUT NOT LIMITED TO, PERMITTED USERS CHOOSING TO SEEK OR NOT TO SEEK PROFESSIONAL MEDICAL CARE, OR USERS CHOOSING OR NOT CHOOSING SPECIFIC TREATMENT ON THE LICENSED PRODUCT. C. Limitation on Liability EXCEPT FOR LIABILITY FOR VIOLATION OF COPYRIGHTS, TRADEMARKS, OR PATENTS, OR AS SET FORTH IN 1.8.B (ABOVE) NEITHER HEALTHWISE NOR CLIENT SHALL HAVE ANY LIABILITY TO THE OTHER PARTY FOR ANY CONSEQUENTIAL, EXEMPLARY, PUNITIVE, OR INCIDENTAL DAMAGES RESULTING FROM THE INTERRUPTION OF BUSINESS, LOSS OF DATA, SUBSTITUTE SERVICES, OR ANY OTHER INDIRECT DAMAGES CAUSED BY OR OTHERWISE ASSOCIATED WITH THE USE OF THE LICENSED PRODUCT OR PERFORMANCE OF THE HEALTHWISE AGREEMENT. D. As used in this Section 1.8 to this Exhibit E only, the following terms have the following meanings: i. “Licensed Product” means the Healthwise products which Client is licensing as described in the product schedules that are part of Client’s agreement with Healthwise (the “Healthwise Agreement”) and/or any future product schedules entered into between the parties and incorporated into the Healthwise Agreement (collectively, the “Product Schedules”). The Product Schedules will be governed by the terms of the Healthwise Agreement. The Licensed Product shall also include all Updates. “Updates” means new versions of the Licensed Product, bug fixes, error corrections and other upgrades which Healthwise will provide to Client on the same schedule it supplies Updates to other licenses. Updates do not include any new release, content, 5 Rev. October 2020 software, or module that Healthwise develops and/or licenses separate and apart from the Licensed Product licensed under the Healthwise Agreement. 1.9. Jive Services If Client uses Jive Services, Client agrees to be bound by the terms and conditions of the Acceptable Use Policy available here: https://www.jivesoftware.com/legal, which may be modified from time to time by Jive as described therein. 1.10. Twilio Services If Client uses Twilio Services, Client agrees to be bound by the terms of use available here: https://www.twilio.com/legal/tos, and the acceptable use policy available here: http://www.twilio.com/legal/aup, both of which may be modified from time to time by Twilio as described therein. 1.11. Zoom Services If Client uses Zoom Services, Client agrees to be bound by the terms of use available here: https://zoom.us/terms, which may be modified from time to time by Zoom as described therein. 1.12. Ephox Services If Client uses Ephox Services, Client hereby acknowledges and agrees that: A. As used in this Section 1.12 of this Exhibit E only, “Licensed Software” shall mean executable code versions of Ephox’s software and all updates or successor software products that Ephox may provide to AdvancedMD that is used by Client. B. Client is granted a nonexclusive, nontransferable right to use the Licensed Software solely in connection with the business of the Client. C. Client may use the Licensed Software only in a Subscription Service provided by the Client. As used in this Section 1.12 of this Exhibit E only, “Subscription Service” means software‐as‐a‐service that is an application that is provided in a hosted environment and provided to users via the Internet or a private network. D. CLIENT IS PROVIDED THE LICENSED SOFTWARE AS IS AND EPHOX DISCLAIMS ALL WARRANTIES, WHETHER EXPRESS OR IMPLIED, CONCERNING THE LICENSED SOFTWARE, INCLUDING, WITHOUT LIMITATION, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, NON-INFRINGEMENT, OR ANY WARRANTIES ARISING OUT OF CONDUCT OR INDUSTRY PRACTICE. E. Title to the Licensed Software remains with Ephox. F. Client’s right to use Licensed Software will terminate if the Client breaches any of the terms set out in the Terms of Service and is unable to cure such breach within the cure period specified therein. G. Client shall not copy, manufacture, adapt, rent, lease, lend, trade-in, create derivative works from, translate, reverse engineer, disassemble, decompile, or modify the Licensed Software, nor shall the Client take any action to circumvent or defeat the security or content usage rules provided, deployed or enforced by any functionality (including without limitation digital rights management functionality) contained in the Licensed Software. H. Client will not remove, obscure, or alter Ephox’s copyright notices, trademarks, or other proprietary rights affixed to, contained in, or accessed in conjunction with or through the Licensed Software. I. Ephox is an express third party beneficiary of the license as it pertains to the Licensed Software. J. The Licensed Software is subject to certain export restrictions of the United States Government. If Client is in (a) a country to which export from the United States is restricted for anti-terrorism reasons, or a national of any such country, wherever located, (b) in a country to which the United States has embargoed or restricted the export of goods and services, or a national of any such country, wherever located, or (c) a person or entity who has been prohibited from participating in United States export transactions by any agency of the United States Government, then Client may not install, download, access, or use the Licensed Software. Client warrants and represents to Ephox that (1) Client does not match the criteria set forth in (a), (b), or (c) above, (2) that Client will not export or reexport the Licensed Software to any country, person, or entity subject to U.S. export restrictions, including those persons and entities that match the criteria set forth in (a), (b), or (c) above, and (3) that neither the United States Bureau of Industry and Security, nor any other U.S. federal agency, has suspended, revoked, or denied Client’s export privileges. Ephox understands that AdvancedMD product that Client has licensed is web based and accessible from anywhere there is an internet connection, and as such, mere access of the Licensed Software from outside the United States does not violate this Section 1.12. 1.13. Rand Health If Client uses the Rand Health 36-Item Short Form Survey (“SF-36”), Client hereby acknowledges and agrees that: A. Any changes to SF-36 may be made without the written permission of Rand Health. However, all such changes shall be clearly identified as having been made by the Client. B. Client accepts full responsibility, and agrees to indemnify and hold Rand Health harmless, for the accuracy of any translations of the SF-36 into another language and for any errors, omissions, misinterpretations, or consequences thereof. C. Client accepts full responsibility, and agrees to indemnify and hold Rand Health harmless, for any consequences resulting from the use of the SF-36. D. Client will provide a credit line when printing and distributing the SF-36 document acknowledging that it was developed at Rand health as part of the Medical Outcomes Study. E. For the avoidance of doubt, no written permission is needed for use of SF-36. 1.14. Dynamsoft Services If Client uses the Dynamsoft Services, Client hereby acknowledges and agrees that: A. Client must not distribute the DyanmicWebTwain.lic file under any circumstances. B. Client is prohibited from using the Dynamsoft software to develop another tool designed to be used for creating other end user applications. C. Client may not use the Dynamsoft software, in whole or in part, for software development, copying or distribution. Client is not permitted to directly or indirectly expose the properties and methods of the Dynamsoft software. D. Dynamsoft reserves all rights. Client shall not use, copy, modify, reverse engineer, decompile, disassemble, sell, transfer, hire, lend or otherwise distribute the Dynamsoft software or any accompanying materials in whole or in part, except as expressly provided. 1.15. IBM Embedded Solution Services If Client uses the IBM Embedded Solution Services, Client hereby acknowledges and agrees that: A. IBM DISCLAIMS ANY AND ALL LIABILITY FOR CONSEQUENTIAL AND OTHER INDIRECT DAMAGES AND IMPLIED WARRANTIES, INCLUDING THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. B. The collective liabilities of AdvancedMD and IBM are subject to the limitations of liability in the Terms of Service. C. Client shall not use the IBM Embedded Solution Services separately from the Hosted Programs. D. Client shall maintain all IBM Embedded Solution Services documents, books and records if any, and, Client shall permit AdvancedMD to audit any such documentation as necessary for AdvancedMD to confirm compliance with Applicable Laws and regulations. 1.16. Heartland Services If Client uses the Heartland Services, Client hereby acknowledges and agrees that: A. AdvancedMD will charge, and Client will be liable for, a connection maintenance fee for the connection between the Hosted Programs and the Heartland Service as set forth on a mutually agreeable sales order or other written agreement. B. Before deploying and using the Heartland Service, Client must enter into a separate agreement with Heartland that sets for the terms of use of the Heartland Service. In no event shall AdvancedMD be liable for any direct, indirect, consequential, punitive or other special categories of damages as a result of any act or omission of Heartland Payment Systems, Inc. or the Heartland Services.