Murj License Agreement Terms & Conditions
1.1. Agreement means the Agreement to which these terms and conditions relate, which shall be made effective by an Agreement execution page to be signed by both Murj and the Customer, and by which the Customer shall have a license to use the Application.
1.2. Application means the software Application developed and delivered by Murj as described on a Sales Order, the related Documentation and updates and enhancements made to the foregoing, as and when made available by Murj.
1.3. BAA means the Business Associate Agreement that enables HIPAA compliant access by Murj of the Customer’s PHI patient data, attached hereto as EXHIBIT B or as separately executed between the parties.
1.4. DAA means the Data Access Approval agreement, attached as EXHIBIT C, that authorizes Murj to access the PHI data that resides within device manufacturer systems or that may be uploaded by Customer to Murj.
1.5. Data Files means that discrete non-aggregated data, documents and reports that may be created by, or received and retained for, the Customer in the Application.
1.6. Documentation means any text, video, written or presented materials that describe, instruct or otherwise describe the Application, including additional, updated or revised documentation, if any, provided by Murj to Customer for Customer’s own internal business purposes.
1.7. PHI is defined in the BAA executed between the parties hereto and may include protected health information and data associated with patients with medical devices that generate and/or transmit Data Files that may be received by, stored or otherwise available on, the Application.
1.8. Fees means the license fees due to Murj from the Customer for the use of the Products during the Term. Fees are payable “Net 30” unless otherwise provided in the Sales Order.
1.9. Patients means those individuals under the care of a Customer from which a medical device, worn or implanted, may generate or transmit PHI that is to be accessed and reviewed by the Customer.
1.10. Patient Counts means the number of active (non-deceased and non-archived) patients on the Application. Patient Counts form the basis for license fees that may be due for use of the Application and Products. Patient Counts can be triggered by a remote transmission, an in-office interrogation upload, or a Patient File Upload.
1.11. Patient File Upload means a database produced by the Customer that contains patient records. Customer may provide this database to Murj for upload of bulk patient names and details to Murj. Such upload requests shall be made in writing via email or similar electronic messaging.
1.12. Product means individually or together any of the Murj Application, Murj Services, and Murj produced Documentation as provided by Murj hereunder.
1.13. Sales Order means the document that specifies the quantity and Fees for the Products and Services contemplated herein. A Sales Order by Murj and the Customer may be used to modify the Agreement terms herein.
1.14. Services means the Murj launch and Support Services and other services described in EXHIBIT A: Support Services, or on a Sales Order, or as may be described at www.murj.com.
1.15. User means an individual who is authorized by Customer to use, has access to, or receives exposure to the specified Applications and Products. Murj allows for unlimited Users.
2.1. Use of Electronic Patient Data. Murj delivers an Application that require access to and utilization of PHI of patients under the care of the Customer. The Customer is the authorized care provider for the Patients and authorizes Murj to access and utilize the PHI to enable the Customer to provide and administer health care services to and for the Patient.
2.2. Business Associate Agreement / HIPAA Compliance. A Business Associate Agreement must be executed by and between the parties for this Agreement to become effective.
2.3. Data Access Approval. Customer must grant Murj access to the medical device servers that will send remote transmission data to Murj. The acceptance of the License Agreement provides acceptance of the attached DAA, Exhibit C.
2.4. Customer System Requirements. Customer shall provide users with personal computer access, internet connectivity and web-browser capability via the Google Chrome web browser. Subject to reasonable and periodic updates by Murj at https://murj.com/systemrequirements/
2.5. Customer Responsibilities. Customer will use good faith efforts to minimize any undue burdens that may impede Application deployment at Customer site and to facilitate a launch of the Application within 30 days of Contract execution. Customer responsibilities in this regards shall include industry standard practices and the following: (a) Customer resources available to test the Application prior to live usage, (b) a review of Customer procedures prior to launch of Murj products to identify, manage and minimize change management concerns or disruption, (c) to make sure all Customer Application users are available for training by Murj on a reasonable and efficient basis, (d) insuring that Customer system requirements are met, (e) insuring that the Products meet the needs of the Customer and Customer Application users prior to Murj deploying Launch and Support services, and (f) insuring that adequate resources are available to define, configure and test any integrations that Murj may facilitate to and between the Application and Customer’s systems (i.e., electronic health record systems).
2.6. Professional Ethics and Disclosures. The parties hereto agree to make full and complete disclosure of their relationship as may be required by, and to comply in all respects to, all applicable laws and the ethical and moral canons, standards and rules of conduct of the medical profession generally and all applicable medical organizations or societies. Report unethical activity by Murj or a Murj representative to: firstname.lastname@example.org
3. PRODUCTS AND LICENSE
3.1. License Grant. Murj grants Customer a fee-bearing non-exclusive, non-transferable, non-sublicensable license to use the Products for Customer’s internal business purposes, which includes the internal business purposes of any subsidiaries that Customer controls either directly or indirectly. Customer’s use may be subject to field of use and other restrictions described on the Sales Order. Unless otherwise provided for in the Sales Order, if Customer uses the Products in excess of the specified metrics, Customer agrees immediately to report such additional usage to Murj and pay all additional fees that may be due for periods when Customer exceeded the scope of its license.
3.2. License Term. The Application and Products license is granted for the time period term as specified in the Sales Order pursuant to which the Application and Products are provided to Customer, or if no such term is stated, then for one (1) year, in either case subject to the provisions of this Agreement.
3.3. Renewal. Unless otherwise provided in the Sales Order, the term shall be renewed automatically for subsequent 12-month terms.
3.4. Restrictions. Customer shall not, and shall not allow others to: (a) cause or permit the reverse engineering, disassembly, or decompilation of any portion of any Products; (b) remove any copyright notices or other proprietary notices or restrictions from any of the Products; (c) knowingly disclose results of any benchmark or other performance tests of the Products to any third party without Murj’s prior written consent; (d) distribute, sell, sublicense, rent, lease or use the Products (or any portion thereof) for time sharing, hosting, service provider or similar purposes; or (e) use in a multi-tenant environment wherein Customer sells, re-sells the Product or otherwise uses the Product to provide services to other non-related parties wherein a non-customer is given access to the Product. Read-only access to non-Customers is allowed when so enabled by Product features designed and intended for such sharing with non-customers.
3.5. Ownership. The Products constitute proprietary works of Murj and its licensors, protected by copyright and other intellectual property laws. Except for the rights granted herein, Murj and its licensors retain all rights, title and interest, including all intellectual property rights, in the Products. The terms “purchase” and “sale” in reference to the Products notwithstanding, it is expressly agreed by the parties that title to the Products does not pass to Customer and Customer’s rights with respect to the Products will only be that of a licensee.
3.6. No Transfers. The Products may not be transferred or redistributed to any third party, except in connection with a permissible assignment as specified in this Agreement. Customer may not permit access or use of the Products by any third party, except Customer’s employees and contractors performing services for Customer’s benefit.
3.7. Customer Data and Exports. Customer shall have the ability to view, download and export Data Files in PDF and at least one common database format.
4. MURJ SERVICES.
4.1. Support Terms. Murj will provide the Support Services as provided on the Sales Order and as specified in EXHIBIT A attached hereto. Unless otherwise specified in the Sales Order, a term of Support Services is coterminous with the applicable License Term.
4.2. Post-Launch Training. Murj will provide online and phone-based support and training tools to all Customer Users. Unless otherwise provided in a Sales Order, Murj will provide one-time initial launch training to new Users at the Customer site. Training thereafter shall be performed remotely.
5. INVOICING, PAYMENT AND RECORDS.
5.1. Fees, Taxes and Payment. Customer shall pay to Murj in U.S. Dollars the Fees in the amount and at the times specified on the Sales Order. Unless otherwise stated, all fees are non-cancelable and non-refundable. Customer’s failure to make any payment due hereunder by the due date shall give Murj the right to terminate this Agreement provided that Murj gives Customer notice of non-payment and thirty (30) business days opportunity to cure.
5.2. Compliance. On Murj’s written request, but not more frequently than annually, Customer will furnish Murj with a signed statement verifying that the Products are being used in full compliance with the provisions of this Agreement.
6. CONFIDENTIAL INFORMATION.
6.1. Confidential Information. “Confidential Information” means (a) any information disclosed by either party to the other party, either directly or indirectly, in writing, orally or by inspection of tangible objects, including, without limitation, algorithms, business plans, customer data, customer lists, customer names, designs documents, drawings, engineering information, financial analysis, forecasts, formulas, hardware configuration information, know-how, ideas, inventions, market information, marketing plans, processes, products, product plans, research, specifications, Application, source code, trade secrets or any other information which is designated as “confidential,” “proprietary” or some similar designation and (b) any information otherwise obtained, directly or indirectly, by a receiving party through inspection, review or analysis of the materials described in clause (a). Information disclosed orally shall be considered Confidential Information only if such information is confirmed in writing as being Confidential Information within a reasonable time after the initial disclosure. Confidential Information may also include information of a third party that is in the possession of one of the parties and is disclosed to the other party under this Agreement. Confidential Information shall remain the sole property of the disclosing party or its licensors. Notwithstanding any other provision in this Agreement to the contrary, or any prior understanding or agreement between the parties, Customer shall have the right to disclose all pricing and other terms stated in or relating to this Agreement to any of Customer’s attorneys, accountants, consultants, group purchasing organizations, and other third parties retained by Customer.
6.2. Nondisclosure. Information will not be considered as Confidential Information if the receiving party can establish by documentary evidence that the information is or was: (a) lawfully available to the public through no act or omission of the receiving party; (b) in the receiving party’s lawful possession prior to disclosure by the disclosing party and not obtained either directly or indirectly from the disclosing party; (c) lawfully disclosed to the receiving party by a third party without restriction on disclosure; or (d) independently developed by the receiving party. The parties agree, both during the term of this Agreement and for a period of five (5) years (or, as applicable, with respect to Confidential Information that is a trade secret, for an indefinite period) after its termination, to hold each other’s Confidential Information in confidence and not to disclose such information in any form to any third party without the express written consent of the disclosing party, except to employees and consultants performing services for the benefit of the receiving party who are bound to secure and protect the Confidential Information in a manner no less restrictive than this Agreement. Each party agrees to take all reasonable steps to ensure that Confidential Information is not disclosed or distributed by its employees or agents in violation of this Agreement. A receiving party facing legal action to disclose Confidential Information of the disclosing party shall promptly notify and provide the disclosing party the opportunity to oppose such disclosure or obtain a protective order and shall continue to treat such information as Confidential Information. Information considered part of a designated legal medical record is not covered by the preceding sentence. This Section shall not be construed as granting or conferring any rights to either party by license or otherwise, expressly or implicitly, to any Confidential Information.
7. LIMITED WARRANTIES AND EXCLUSIVE REMEDIES.
7.1. Authority. Each of Murj and Customer represents and warrants that: (a) it has the full right, power and authority to enter into and fully perform this Agreement, (b) the person signing this Agreement on its behalf is a duly authorized representative of such party who has in fact been authorized to execute this Agreement, (c) its entry herein does not violate any other agreement by which it is bound, and (d) it is a legal entity in good standing in the jurisdiction of its formation and shall continuously be an entity in good standing in the jurisdiction of its formation.
7.2. Compliance with Laws. Each of Murj and Customer covenants that, at its sole respective cost and expense, it shall comply with all present and future national, state and local laws, ordinances, rules, regulations, directives and guidelines applicable to its performance or use, as applicable, of the Application (collectively “Laws”) including, without limitation, all data privacy and processing Laws.
7.3. Application Warranty. Murj warrants to Customer that Application will perform the material functions described in the applicable Documentation when operated on the hardware and operating system platform generally supported by Murj and indicated on the Sales Order pursuant to which it was provided. If Customer reports an Application nonconformity during the first ninety (90) days of this Agreement that results in a breach of the foregoing warranty then as Customer’s sole and exclusive remedy and Murj’s entire liability: (a) Murj will correct Application errors causing the nonconformity and refund fees paid, or reduce amounts due, with regard to the period of non-conformity to the extent such non-conformity prevents use of Murj for at least 24 hours, or (b) if Murj determines that it is unable to make the Application operate as warranted using commercially reasonable efforts, Murj will refund the fees paid for the nonconforming Application and terminate this Agreement.
7.4. Warranty Exclusions. Murj is not obligated to correct errors caused by unauthorized modification to Application, by using Application other than as intended, instructed, documented or provided for herein, by a non-Murj Application, or by combining Application with any hardware or Application not authorized by Murj in writing.
7.5. Support Services Warranty. For breach of its Support Services obligations, Customer’s exclusive remedy and Murj’s entire liability will be timely re-performance of the applicable Support Services at issue.
7.6. NO IMPLIED WARRANTIES. THE WARRANTIES ABOVE ARE THE EXCLUSIVE WARRANTIES REGARDING THE PRODUCTS, SUPPORT SERVICES AND SERVICES AND ARE GIVEN IN LIEU OF ALL OTHER WARRANTIES OF MURJ, WHETHER EXPRESS OR IMPLIED, INCLUDING NON-INFRINGEMENT AND THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
7.7. DISCLAIMER. EXCEPT AS SET FORTH IN THE BAA, MURJ DOES NOT WARRANT THAT ANY PRODUCT SUPPORT SERVICES, OR SERVICE WILL MEET CUSTOMER’S REQUIREMENTS, THAT THE PRODUCTS WILL OPERATE IN THE COMBINATIONS WHICH CUSTOMER MAY SELECT FOR USE OR WITH ANY NON-MURJ PROGRAMS USED BY CUSTOMER, THAT THE OPERATION OF ANY PRODUCT WILL BE UNINTERRUPTED OR ERROR-FREE, THE FEATURES OR FUNCTIONALITIES OF THE SERVICE WILL BE AVAILABLE AT ANY TIME IN THE FUTURE, OR THAT ALL ERRORS IN PRODUCTS OR DOCUMENTATION WILL BE CORRECTED. MURJ SHALL HAVE NO RESPONSIBILITY FOR DETERMINING THAT CUSTOMER’S PROPOSED USE OF THE SERVICE COMPLIES WITH APPLICABLE LAWS IN CUSTOMER’S JURISDICTION(S).
8. INFRINGEMENT INDEMNITY.
8.1. Indemnification. Murj at its own expense shall defend, indemnify and hold Customer, its affiliates, successors, assigns, members, shareholders, officers, directors and agents harmless against any third party claim or suit brought against Customer for damages to the extent due to any actual or alleged infringement of any trademark, trade secret, copyright or patent arising under the laws of the United States (collectively, “Intellectual Property Rights”) by Application (“Indemnified Application”) pursuant to the terms of this Agreement. The foregoing indemnity is subject to the following conditions: that (a) Customer promptly notifies Murj in writing of each such claim or suit and provides Murj with all information known to Customer relating thereto, (b) Murj at its option has sole control of the defense and/or settlement; and (c) Customer cooperates with Murj in the settlement and/or defense. Customer will be reimbursed for its reasonable out-of-pocket expenses incurred in providing any cooperation requested by Murj.
8.2. Indemnification Process. If Indemnified Application is, or in the opinion of Murj may become, the subject of any claim or suit for infringement of any Intellectual Property Rights, or if required by settlement, Murj at its expense and option may: (a) procure for Customer the right to continue using the Indemnified Application or affected part; (b) replace the Indemnified Application or affected part with Application of equivalent functionality; (c) modify the Indemnified Application or affected part to make it non-infringing while providing equivalent functionality; or (d) if Murj determines that none of the foregoing remedies are commercially feasible, refund the fees Customer paid for the Indemnified Application for periods during which Customer is unable to use the Indemnified Application due to such claim, suit or settlement.
8.3. Indemnification Exclusions. Murj shall not have any obligation under this section to the extent a claim is based upon (a) use of any version of Indemnified Application other than the then-current, unaltered version, if infringement would have been avoided by use of a current, unaltered version thereof which had been made available to Customer free of charge; (b) combination, operation or use of Indemnified Application with Application not supplied by Murj; (c) use of the Product in violation of this Agreement.
8.4. ENTIRE LIABILITY. THIS SECTION STATES THE ENTIRE LIABILITY OF MURJ AND ITS LICENSORS AS WELL AS CUSTOMER’S EXCLUSIVE REMEDY WITH RESPECT TO ANY INFRINGEMENT OR ALLEGED INFRINGEMENT CLAIM BY A THIRD PARTY.
9. LIMITATION OF WARRANTIES AND LIABILITIES.
9.1. NO INDIRECT DAMAGES. EXCEPT AS SET FORTH IN THE BAA, IN NO EVENT SHALL EITHER PARTY OR ITS LICENSORS (INCLUDING THEIR DIRECTORS, OFFICERS, EMPLOYEES, REPRESENTATIVES, AGENTS AND SUPPLIERS) BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL OR CONSEQUENTIAL DAMAGES, INCLUDING WITHOUT LIMITATION PROCUREMENT OF SUBSTITUTE PRODUCTS OR SERVICES OR LOSS OF PROFITS, REVENUE, DATA OR DATA USE, EVEN IF MURJ AND/OR ITS LICENSORS HAS/HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
9.2. LIMIT ON DAMAGES. EXCEPT FOR MURJ’S INDEMNIFICATION AND CONFIDENTIALITY OBLIGATIONS IN THIS AGREEMENT, AND EXCEPT AS SET FORTH IN THE BAA, THE DIRECT AND AGGREGATE, CUMULATIVE LIABILITY (INCLUDING ITS DIRECTORS, OFFICERS, EMPLOYEES, REPRESENTATIVES, AGENTS AND SUPPLIERS) UNDER THIS AGREEMENT SHALL BE LIMITED TO MURJ’S LIABILITY INSURANCE POLICIES THAT PROVIDES AS FOLLOWS: (i) insurance coverages required by federal and state law, including workers’ compensation with statutory minimum limits, (ii) employer’s liability insurance with no less than a $1,000,000 limit; (iii) commercial general liability insurance with limits of not less than $2,000,000 per occurrence, providing coverage for bodily injury, personal injury, or death of any persons and injury to or destruction of property, including loss of use resulting therefrom, and also including contractual liability covering Murj’s liability under this agreement; (iv) professional liability or errors and omissions insurance covering failure of the products to conform to specifications or documentation with limits of at least $2,000,000, which provides coverage on an occurrence basis; (v) automobile (or other motor vehicle) liability insurance with not less than a $1,000,000 limit covering the use of any auto (or other motor vehicle) in the rendering of products to be provided under this agreement; (vi) cyber liability insurance with limits of not less than $2,000,000 for each occurrence and an annual aggregate of not less than $5,000,000, covering privacy, media, information theft, damage to or destruction of electronic information, intentional and unintentional release of private information, alteration of electronic information, extortion and network security which provides coverage on an occurrence basis; and (vii) excess liability insurance with not less than a $10,000,000 limit for the commercial general liability policy required in subsection (iii) above. All insurance required of Murj shall be through insurance carriers rated “a, x” or better by a.m. best. The insurance requirements under this agreement will not limit or relieve Murj of its duties, responsibilities or liabilities under this agreement.
9.3. Allocation of Risk. The provisions of this Agreement fairly allocate the risks between Murj, on the one hand, and Customer on the other. Customer acknowledges and agrees that the pricing reflects this allocation of risk and the limitation of liability specified herein, and that Murj would not enter into this Agreement without such allocation and limitation.
10.1. Termination for Convenience. Unless otherwise specified in a Sales Order, either party may terminate this Agreement without cause effective thirty (30) days after having provided written notice to the non-terminating party.
10.2. Termination for Breach. Either party may terminate this Agreement (including all related Sales Orders) if the other party: (a) fails to cure any material breach of this Agreement within thirty (30) days after written notice of such breach; (b) ceases operation without a successor; (c) seeks protection under any bankruptcy, receivership, trust deed, creditors arrangement, composition or comparable proceeding, or if any such proceeding is instituted against such party (and not dismissed within sixty (60) days)); or (d) for any reason by providing one hundred and twenty (120) days’ notice to the other Party. Termination is not an exclusive remedy and the exercise by either party of any remedy under this Agreement will be without prejudice to any other remedies it may have under this Agreement, by law, or otherwise.
10.3. Effect of Termination. Immediately on termination of this Agreement, Customer shall cease use of the Application and Murj may terminate access to the Application by the Customer. Customer shall be responsible for payment of then outstanding amounts due, including partial period usage not yet invoiced to Customer.
10.4. Data File Export Pre-Termination. Prior to termination, Customer may request that Murj export or otherwise deliver to Customer a readable copy of the Data Files that may reside in the Murj Product (a “Data Export”). Customer may also use such Application features as may be made available by Murj to generate a readable Data Export. Data Exports shall be provided in at least one common database format. Data Export requests of Murj may be made no more than once annually on a no-fee basis. If a request for Data Export is made more frequently, Murj reserves the right to charge the Customer for such Data Export, such charge to be based on reasonable industry standard hourly rates for said work and an approved Sales Order between the Parties.
10.5. Data Files Post Termination. Per the BAA, post-termination, Murj shall confirm and/or assist the Customer such that the Customer has the opportunity to perform a Data Export free of charge. Murj shall retain a copy of the Data Files in a secure HIPAA-compliant manner according to the HIPAA guidelines.
10.6. Survival. Sections 2.4 and 5 through 12, and any other terms intended by context to survive past the termination of this Agreement, shall survive any termination of this Agreement.
11. U.S. GOVERNMENT RIGHTS.
The Application, and any related documentation contain commercial computer Application and documentation which are proprietary data belonging solely to Murj and its licensors. Pursuant to DFARS 227.7202 or FAR 12.212, as applicable, the U.S. Government’s right to use, reproduce or disclose the Application and any related documentation acquired under this Agreement is subject to the restrictions of this Agreement. The terms and conditions of this Agreement are fully applicable to the Government’s use and disclosure of the Application and any related documentation and shall supersede any conflicting terms or conditions. No license of any kind is granted in the case of acquisitions which contain or are subject to the clause FAR 52-227.19 COMMERCIAL COMPUTER APPLICATION-RESTRICTED RIGHTS (JUNE 1987) or DFARS 252.227-7013 RIGHTS IN TECHNICAL DATA AND COMPUTER APPLICATION (OCT 1988) or any other clause which purports to grant to the government rights greater than, or additional to those, set forth in this Agreement.
12.1. Integration. This Agreement is the complete and exclusive statement of the mutual understanding of the parties and may only be superseded by an executed Sales Order. If any provision of this Agreement is adjudicated invalid or unenforceable, the remaining provisions will remain in effect and the Agreement will be amended to the minimum extent necessary to achieve, to the maximum extent possible, the same legal and commercial effect originally intended by the parties. This Agreement shall supersede the terms of any purchase order or other business form.
12.2. Assignment. This Agreement is personal to the Customer originally licensed and may not be assigned, whether by operation of law or otherwise, except that either party may assign this Agreement to its successor in the event of a merger, acquisition or sale of all or substantially all of the assets of such party or an applicable business unit. Any other purported assignment shall be void.
12.3. Force Majeure. Neither party shall be liable to the other for its failure to perform its obligations under this Agreement, except for payment obligations, during any period in which such performance is delayed or rendered impracticable or impossible due to unforeseen circumstances beyond its reasonable control.
12.4. Amendment; Counterparts. No supplement, modification, or amendment of this Agreement shall be binding, unless executed in writing by a duly authorized representative of each party. No waiver will be implied from conduct or failure to enforce or exercise rights under this Agreement, nor will any waiver be effective unless in a writing signed by a duly authorized representative on behalf of the party claimed to have waived. This Agreement may be executed by written signature or electronically and delivered in multiple counterparts, including facsimile, PDF, or other electronic counterparts, all of which will constitute one and the same instrument and agreement.
12.5. Governing Law and Venue. This Agreement shall be governed by the laws of the County of Santa Cruz in the State of California, United States of America without regard to its conflict of laws provisions. This Agreement shall not be governed by the United Nations Convention on Contracts for the International Sale of Goods or the Uniform Computer Information Transactions Act. Any legal action relating to this Agreement will be brought in Santa Cruz, California, U.S.A., and the parties agree to the exercise of jurisdiction by a state or federal court in such counties. In the event of any action, suit or proceeding related to this Agreement, the prevailing party, in addition to its rights and remedies otherwise available, shall be entitled to receive reimbursement of reasonable attorney’s fees and expenses and court costs.
12.6. Notices. All notices under this Agreement shall be sent in writing and shall be delivered by e-mail or overnight mail by recognized commercial carrier with tracking receipt to the address first listed above or to such other address that has been properly noticed.
12.7. Customer Identification. Customer agrees that Murj may identify customer as a user of Murj products and may use Customer’s name and logo in Murj customer lists for general marketing activities.
12.8. Open Source Notice. Murj may distribute third party open source Application programs with the Application either incorporated into the Application or provided separately. These third-party programs are subject to their own additional license terms, none of which require notice, attribution, payment, disclosure or license back of any Customer information.
12.9. No Agency Relationship. Nothing in this Agreement shall be construed to create a partnership, joint venture or agency relationship between Customer and Murj.
12.10. Access to Records. In accordance with Section 952 of the Omnibus Reconciliation Act of 1980, Murj agrees that the books and records of Murj will be available to the Secretary of Department of Health and Human Services and the Comptroller General of the United States, or their duly authorized representatives, for four (4) years after termination of this Agreement. In the event that any of the Services to be performed under this Agreement are performed by any subcontractor of Murj at a value or cost of $10,000 or more over a twelve (12) month period, Murj shall comply and assure that such subcontractor complies with the provisions of Section 952 of the Omnibus Reconciliation Act of 1980.
12.11. Other Assurances. To its knowledge, neither Murj nor its employees performing Services under this Agreement have been excluded from participation in federal or state healthcare programs. If an employee performing services under this Agreement is excluded, Murj will replace that employee immediately. If Murj is excluded, this Agreement will terminate automatically.
12.12. Headings. The headings in this Agreement are intended solely for convenience of reference and shall be given no effect in the construction or interpretation of this Agreement.
EXHIBIT A | Murj Services
The objective of the Launch Services is to help the customer rapidly learn to use Murj. Murj will assign a Customer Success representative to assess the customer’s needs, then help configure, train and support the Customer in the launch and initial utilization of Murj.
Murj will provide subject matter expertise, working under the direction of Customer project managers and technical staff, as part of Customer project teams. Murj representatives will work to ensure the best application of Murj technology within these projects. Murj Launch Services are delivered remotely or onsite at the discretion of Murj.
- Launch of a new Customer relationship will consist of the following activities: Kick-off Meeting, Set-Up Requirements Review, Confirmation of receipt of HIPAA BAA and Data Access Agreement, Customer Workflow Review, System Configuration (by Murj and, where possible, Customer), User Training. Training shall be predominantly via remote tools such as screen share, video conference, email, chat, text, and other similar modalities. Unless otherwise provided in a Sales Order, one-time on-site launch training will be provided by Murj.
- Murj Responsibilities. Murj shall assign a Customer Success Representative, coordinate regular status meetings, deliver weekly status reports to Customer and Murj management, notify Customer immediately if there are any issues, and provide a training to all Customer users.
- Customer Responsibilities. Customer shall ensure that the Customer systems are in compliance with Murj system requirements, ensure that users and personnel with appropriate skills and experience are available to meet with Murj as reasonably necessary and at scheduling meeting times, so the launch can be completed as soon as possible after the contract date. Customer shall ensure that appropriate resources are engaged to resolve an issue if Murj determines the issue is due to a problem in Customer’s environment or staffing.
Murj provides support services for the Murj application, access to training tools, tips and resources, and training on new feature enhancements as follows:
- Technical Assistance. Murj Customer Success staff provides technical assistance to support the administration of Murj Products.
- Support Availability. Murj Customer Success staff are available between 5:00 AM to 6:00 PM Pacific Standard Time, Monday – Friday (excluding United States public holidays).
- Location and Language of Support. Unless specific arrangements are made in writing in advance, all customer support will be provided by Murj in the United States of America in English.
- Scope of Support Services. Murj support shall be delivered in a remote or online manner. Murj is not obligated to provide technical assistance if (a) the Application has not been used in a manner consistent with its documentation; (b) a non-Murj system on which Application is installed is not functioning properly or doesn’t meet Murj’s published specifications; (c) Application has been altered or modified by any party other than Murj; (d) Customer is not in compliance with Murj Customer requirements; (e) Murj is not able, after commercially reasonable efforts, to replicate any error or problem in the Application within Murj Support laboratory environment. Murj does not provide support for third-party Application or hardware.
- ISSUE REPORTING
Issue Severity and Prioritization. The Customer should determine the severity of a support issue based on the following classifications:
- Severity 1 Highest: Critical production issue affecting all customers, including system unavailability and data integrity issues, with no workaround available.
- Severity 2 High: Production issue impacting one or more Murj customers, loss of functionality and/or significantly degraded performance, issue is persistent with no workaround available.
- Severity 3 Medium: Any system issue that affects functionality or impacts performance, workaround may be possible but not sustainable. Any updates to PHI that customers are unable to change.
- Severity 4 Low: Any information request for application capability, implementation assistance, data changes or system issue that impacts a small number of users with an acceptable workaround available.
- Severity 5 Lowest: Any information request for application capability, implementation assistance, data changes or system issue that impacts a small number of users with an acceptable workaround available.
Murj may reclassify the priority level upward or downward and modify the order, classifications and method of responding to and/or addressing such issues, if any, at any time.
- Issue Responses
During normal business hours, Murj will respond to S1 issues within 2 business hours, S2 issues within 4 business hours.
Outside of normal business hours, Murj will respond to S1 issues within 4 hours and S2 issues within 6 business hours, in each case after the start of the next business day.
Murj shall respond to S3 issues within 72 hours, and S4 within 10 business days.
Murj response consists of either (i) Murj remediation of the issue, or (ii) confirmation that Murj is aware of the issue and indication of active remediation efforts and estimated time of remediation.
- APPLICATION UPDATES
During the Term, Murj will notify the Customer of new Application releases if and when they are made available. Application releases may include Application version updates, new functionality, maintenance releases, and patches, which will be made available to Customer free of charge.
Murj is a cloud-based service hosted by Murj. Murj will perform upgrade releases during designated upgrade windows as follows:
- Planned updates shall be conducted 5 days after notice to Customer
- Planned updates shall take place between 7PM and 12AM PST
Murj reserves the right that certain new Products and/or features may be released which will be considered new and sold separately for additional fees. Customer may add such new functionality and/or features to the Products and Services upon payment of the additional Fees that shall be provided for in a Sales Order. Customer agrees that its License is not contingent upon the delivery of any future functionality or features nor is it dependent upon any oral or written public comments made by Murj with respect to future functionality.
- Scope of Work
The scope of the Service is limited to the elements listed herein or in a Sales Order.
EXHIBIT B | Business Associate Agreement
THIS HIPAA Business Associate Agreement (“BAA“) is made by and between Murj and the Customer (the Customer together with Murj, the “Parties”).
The purpose of this BAA is to comply with the business associate requirements of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA“) and implementing regulations, 45 C.F.R. Part 160 and Part 164, as may be amended, including the Privacy Rule, the Security Rule and the Breach Notification Rule (together, the “Rules”) and to identify the specific responsibilities of Customer and Murj in achieving this compliance.
Business Associate “Business Associate” shall generally have the same meaning as the term “business associate” at 45 CFR 160.103.
Catch-All The following terms used in this Agreement shall have the same meaning as those terms in the HIPAA Rules: Breach, Data Aggregation, Designated Record Set, Disclosure, Health Care Operations, Individual, Minimum Necessary, Notice of Privacy Practices, Protected Health Information, Required By Law, Secretary, Security Incident, Subcontractor, Unsecured Protected Health Information, and Use.
Contract “Contract” or “Contracts” shall mean those business agreements that set forth the business relationship between Murj and the Customer.
Covered Entity “Covered Entity” shall generally have the same meaning as the term “covered entity” at 45 CFR 160.103.
Customer “Customer” shall be the named entity with which Murj has a contractual business relationship. Customer may be also be referenced in contractual documentation as a “Customer”.
HIPAA “HIPPA” means the Health Insurance Portability & Accountability Act of 1996, P.L. 104-191, as amended from time to time, together with its implementing regulations promulgated under HIPAA and under the Health Information Technology for Economic and Clinical Health Act (the “HITECH Act”), Title XIII of Division A and Title IV of Division B of the American Recovery and Reinvestment Act of 2009 (“ARRA”), by the U.S. Department of Health and Human Services, including, but not limited to, the Privacy Rule, the Security Rule and the Breach Notification Rule, as amended from time to time.
Rules “HIPAA Rules” or “Rules” shall mean the HIPAA Privacy, Security, Breach Notification, and Enforcement Rules at 45 CFR Part 160 and Part 164.
Murj and Customer have entered into a Contract whereby Murj provides products and services (“Products” or “Application”) which may create, receive, maintain, and transmit Protected Health Information (“PHI”) from or on behalf of Customer in the course of providing the Products to Customer.
As provided in the Rules, PHI shall include, when applicable, Electronic Protected Health Information (“EPHI”, which is a subset of PHI). Murj’s access to and manipulation of EPHI will include access of EPHI by doctors and care providers at Customer and of Customer’s patients. Murj will be involved with developing, maintaining and supporting the Application related to the acquisition, presentation and use of EPHI.
As such, Murj shall be responsible, in general, for the maintenance of the presentation layer of the Application via web-based access by Customer to the EPHI and the associated Application technical infrastructure, including hosting, hosted security and encryption and password protection.
Customer shall be responsible, in general, for managing identified user access to the Application and for providing an appropriate level of protection for the confidentiality, availability and integrity of the EPHI by choosing appropriate administrative, physical and technical safeguards to protect access to the Application and implementing these choices by specific direction to Murj as necessary.
- Murj’s Obligations
Murj agrees to treat PHI, inclusive of EPHI, as follows:
- Not use or disclose PHI other than as permitted or required by this BAA, the Contracts, or as required by law;
- Use appropriate safeguards, and comply with Subpart C of 45 CFR Part 164 with respect to PHI, to prevent use or disclosure of PHI other than as provided for by the Contracts;
- Report to Customer any use or disclosure of PHI not provided for by the Contracts of which it becomes aware, including breaches of unsecured PHI as required at 45 CFR 164.410, and any security incident of which it becomes aware, such notification to take place within five (5) business days of Murj’s discovery of such reportable event. As a business associate of Customer, Murj shall only have the responsibility of notifying Customer. Customer shall then conduct further notification of others as may be required by law;
- In accordance with 45 CFR 164.502(e)(1)(ii) and 164.308(b)(2), if applicable, ensure that any subcontractors that create, receive, maintain, or transmit PHI on behalf of Murj agree to the same restrictions, conditions, and requirements that apply to Murj with respect to such information;
- Perform any of the Services in the Contracts to facilitate Customer making available PHI in a designated record set as necessary to satisfy Customer’s obligations under 45 CFR 164.524;
- Perform any of the Application in the Contracts to facilitate Customer making any amendment(s) to PHI in a designated record set as pursuant to 45 CFR 164.526, or take other measures as necessary to satisfy covered entity’s obligations under 45 CFR 164.526;
- Maintain and make available the information required to provide an accounting of disclosures to the Customer as necessary to satisfy Customer’s obligations under 45 CFR 164.528;
- To the extent Murj is to carry out one or more of Customer’s obligation(s) under Subpart E of 45 CFR Part 164, comply with the requirements of Subpart E that apply to the Customer in the performance of such obligation(s); and
- Make its internal practices, books, and records available to the Secretary for purposes of determining compliance with the HIPAA Rules.
- Murj shall not be responsible to respond directly to an individual request for access to PHI, an amendment to PHI, or an accounting of disclosures of PHI received directly by Murj, but shall make such PHI or information available to Customer in a manner consistent with the Application chosen by Customer in the Contracts and Customer shall respond to the individual request as may be required by law.
- Customer’s Obligations
Customer agrees to:
- Examine and understand the characteristics of the Application provided by Murj and to consider how those Application will appropriately contribute to the Customer’s overall protection of the confidentiality, availability and integrity of the Customer’s PHI;
- Maintain overall responsibility for ensuring that appropriate administrative, physical and technical security safeguards are implemented on a “system wide” basis to appropriately protect all PHI accessed, manipulated or maintained by Murj or at an Murj facility on the behalf of Customer;
- Implement appropriate encryption and other media handling and sanitization measures for all compute, storage and transmission media located at Murj that is exposed or otherwise used to handle PHI including hard drives, backup tapes, network transmission media, Internet access and private line access;
- Maintain appropriate administrative controls to ensure that Murj is notified immediately using Murj’s then standard procedures of additions to, changes to or deletions from the list of Customer personnel authorized to physically or electronically access Customer’s infrastructure containing PHI at Murj;
- If the Application includes the use of computers, firewalls or other devices provided by Murj for the use of Customer in the maintenance, use or storage of PHI, give Murj specific instructions concerning the operating systems, settings, automatic updating (or manual updating) and other configuration details to appropriately protect the PHI contained, manipulated or protected by those systems;
- Ensure all devices that access the Application comply with Murj’s Systems Requirements, found at https://www.murj.com/systemrequirements/
- Ensure that proper electronic authentication procedures are implemented on any devices utilized in providing the Application by Murj to Customer;
- Create and maintain systems to discriminate between authorized and unauthorized electronic users of Murj systems and PHI;
- Ensure that proper encryption of PHI is performed during transmission of PHI through Murj’s network or other media located in or transmitting from a Murj facility or Murj provided infrastructure;
- Ensure that all PHI stored on Customer’s behalf on Murj infrastructure, to include servers, Storage Area Networks and backup media is encrypted appropriately as required by law;
- Ensure that all PHI is encrypted appropriately before Murj performs backups for storage.
- Permitted Uses by Murj
- Murj may only use or disclose PHI to perform functions or activities necessary to deliver the Application for, or on behalf of, Customer as specified in the Contracts.
- Murj may use or disclose PHI as required by law.
- Murj agrees to make uses and disclosures and requests for PHI consistent with Customer’s minimum necessary policies and procedures.
- Murj may not use or disclose PHI in a manner that would violate Subpart E of 45 CFR Part 164 except for the specific uses and disclosures set forth below.
- Murj may use EPHI for the proper management and administration of the Murj Application or to carry out the legal responsibilities of Murj.
- Murj may retain data PHI derived data only after it is de-identified in a manner that complies with HIPAA such that the data no longer conforms to the definition of PHI.
- Murj may disclose PHI for the proper management and administration of Murj or to carry out the legal responsibilities of Murj, provided the disclosures are required by law, or Murj obtains reasonable assurances from the person to whom the information is disclosed that the information will remain confidential and used or further disclosed only as required by law or for the purposes for which it was disclosed to the person, and the person notifies Murj of any instances of which it is aware in which the confidentiality of the information has been breached.
- Contractual Terms
- Term and Termination. This BAA will become effective on the date it is executed by both Parties. Unless terminated sooner pursuant to this Section, this BAA shall remain in effect for the duration in which the Application is provided by Murj and for so long as Murj shall remain in possession of any PHI received from Customer, or created or received by Murj on behalf of Customer, unless Customer has agreed that it is infeasible to return or destroy all PHI.
- Termination for Cause. If Customer determines that a material term of this BAA has been violated, it will give written notice detailing such violation to Murj. Murj shall have 10 days to provide a remedy for the listed violations. If Customer determines that, after 10 days from the issuance of the written notice, Murj has not remedied the violation, Customer may terminate this BAA.
- Effect of Termination. Within 60 days of termination of this BAA, Murj will recover any PHI relating to this BAA in the possession of its subcontractors, agents, or representatives. Murj will make available and/or return to Customer all PHI and, upon Customer receipt, destroy all such PHI and will retain no copies. If Murj believes that it is not feasible to return or destroy the PHI as described above, Murj shall notify Customer in writing. The notification shall include: (i) a statement that Murj has determined that it is infeasible to return or destroy the PHI in its possession, and (ii) the specific reasons for such determination. If Customer agrees in its sole discretion that Murj cannot feasibly return or destroy the PHI, Murj will ensure that any and all protections, requirements and restrictions contained in this BAA will be extended to any PHI retained after the termination of the BAA, and that any further uses and/or disclosures will be limited to the purposes that make the return or destruction of the PHI infeasible. If Customer’s PHI is contained on a Murj managed backup service, Customer agrees that it is infeasible to immediately destroy the PHI and that Murj shall be allowed to maintain the PHI until the backup media is appropriately overwritten or destroyed in the normal course of maintaining the backup media.
- Survival. The respective rights and obligations of the Parties under sections 6 and 7 will survive termination of the BAA indefinitely.
- Amendments. This BAA and the Contracts constitute the entire agreement between the Parties with respect to its subject matter. It may not be modified, nor will any provision be waived or amended, except in a writing duly signed by authorized representatives of the Parties.
- No Third Party Beneficiaries. Nothing express or implied in this BAA is intended to confer, nor shall anything herein confer, upon any person other than the Parties and the respective successors and permitted assigns of the Parties, any rights, remedies, obligations, or liabilities whatsoever.
- Limitation of Liability; No Warranty. Nothing express or implied in this BAA shall modify the Limitations of Liability, indemnification clauses, insurance requirements, warranties offered, or other terms and conditions contained in the Contracts. If there is any ambiguity or conflict between this BAA and the Contracts, the meaning expressed in the Contracts shall prevail.
- Notices. Any notice to be given under this BAA to a Party shall be made via U.S. Mail, commercial courier or hand delivery to such Party at its Contract address, and/or via facsimile to an appropriate facsimile telephone number, or to such other address or facsimile number as shall hereafter be specified by notice from the Party. Any such notice shall be deemed given when so delivered to or received at the proper address.
EXHIBIT C | Data Access Approval
This Data Access Approval (“DAA“) is made by and between Murj Inc. (“Murj”), a Delaware corporation and Customer (the Customer together with Murj, the “Parties”).
The purpose of this DAA is to provide Murj with authority to act as an agent and on behalf of the Customer in order to access electronic patient records and data (the “Data”) that may reside in remote data repositories managed and controlled by a manufacturer (the “Manufactures”) of a transmitting medical device (the “Device) to the extent necessary for Murj to provide the Products and Services to the Customer.
The Customer hereby grants Murj the right to access the Data at the Manufacturer.
This DAA is conditioned upon a valid and current business relationship, with contractual agreements in place, between Murj and the Customer that provides for and defines the limits and liability of this approval, and protects the security and privacy of the Data.
- method of access
Customer shall, in a secure manner, provide to Murj a secure log-in approval and/or credentials to enable Murj access to the Data contemplated by this DAA.
Each the Parties has caused this DAA to be executed in its name and on its behalf as of the last date of execution.