Skip to main content

MURJ, INC. MASTER LICENSE AGREEMENT

This Master License Agreement (the “Agreement“) is effective on the last date of signature below (the “Effective Date”), between                           , a                     having offices at                       (“Customer”) and MURJ, INC., a Delaware corporation having offices at 3912 Portola Drive, Suite 9, Santa Cruz, CA 95062 (“Murj”). Murj and Customer are hereinafter referred to individually or collectively, (as “Party” or “Parties”).

AGREEMENT

NOW, THEREFORE, the Parties agree as follows:

  1. TERM OF AGREEMENT. This Agreement begins on the Effective Date1 and remains valid for the duration of the Term2 as set forth in the Sales Order3, unless terminated earlier in accordance with the Agreement or the Sales Order.

    1. License Grant. Pursuant to a validly executed Sales Order, Murj grants Customer a fee-bearing, non-exclusive, non-transferable, non-sublicensable license for Authorized Users4 to use the Product,5 and other materials commercially available to Customer by Murj, and as enumerated in a Sales Order. Murj may release new Products from time to time and such new Products may be sold separately under a subsequent, valid Sales Order for purposes of this Agreement, subject to the same restrictions described in this Agreement. Unless specified in a Sales Order, this license is not contingent upon the delivery of any future functionality or features, nor is this license contingent upon any oral or written public comments made by Murj with respect to future functionality.

  2. REPRESENTATIONS, WARRANTIES, AND COVENANTS.

    1. Authority. The Parties represent and warrant that: (i) each has the full right, power, and authority to enter into and fully perform this Agreement; (ii) the person signing this Agreement on its behalf is a duly authorized representative of such party who has been authorized to execute this Agreement; (iii) each party’s acceptance of this Agreement does not violate any other agreement by which it is bound; and (iv) each party is a legal entity in good standing in the jurisdiction of its formation and shall continuously be an entity in good standing in the jurisdiction of its formation or any other United States jurisdiction.

    2. Compliance with Laws. The Parties represent and warrant each will comply with all applicable laws relating to its performance or use of the Product, specifically as it relates to Protected Health Information.6

    3. Products’ Warranty. Murj represents and warrants to Customer the Products will perform the material functions described in the applicable Exhibits. If Customer reports the Products do not conform to the warranty in writing, then Murj will use commercially reasonable efforts to correct Product errors causing the nonconformity. Remedies may include repair, replacement, or refund at Murj’s discretion.

    4. Limitation on Products’ Warranty. Murj is not liable nor obligated to correct errors resulting from, but not limited to: (i) any Customer Data Files7 or any customer-provided data, instructions, information, designs, specifications, or materials; (ii) use of an outdated or modified versions of the Products; (iii) any modifications or changes made to the Products by unauthorized personnel; (iv) the Product being used in combination with non-Murj software; (v) misuse of the Product(s) by the Customer or Authorized Users in violation of this Agreement; or (vi) any general malfeasance with regard to the Product or compliance with these terms.

    5. Services Warranty. Murj represents and warrants to Customer it shall perform the Services,8 using personnel of required skill, experience, and qualifications and in a professional and workmanlike manner in accordance with generally recognized medical industry standards of care for similar services. If Customer reports the Services do not conform to the warranty in writing, then Murj will use commercially reasonable efforts to reperform those Services.

    6. NO IMPLIED WARRANTIES. EXCEPT AS EXPRESSLY SET FORTH HEREIN, MURJ HEREBY DISCLAIMS ALL WARRANTIES, WHETHER EXPRESS, IMPLIED, OR STATUTORY, INCLUDING ANY AND ALL WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, LOSS OF DATA, ACCURACY OF RESULTS, OR OTHERWISE ARISING FROM A COURSE OF DEALING WITH THIS AGREEMENT.

    7. DISCLAIMER. EXCEPT AS EXPRESSLY SET FORTH IN THE BAA OR UNDER THIS AGREEMENT, MURJ DOES NOT WARRANT THAT ANY OF THE SERVICES WILL MEET CUSTOMER’S REQUIREMENTS, THAT THE PRODUCT(S) WILL OPERATE IN THE COMBINATIONS WHICH CUSTOMER MAY SELECT FOR USE OR WITH ANY NON-MURJ PROGRAMS USED BY CUSTOMER, THAT THE OPERATION OF ANY OF MURJ TECHNOLOGIES WILL BE UNINTERRUPTED OR ERROR-FREE, THE FEATURES OR FUNCTIONALITIES OF THE SERVICE WILL BE AVAILABLE AT ANY TIME IN THE FUTURE, OR THAT ALL ERRORS IN THE PRODUCT(S) WILL BE CORRECTED. MURJ SHALL HAVE NO RESPONSIBILITY FOR DETERMINING THAT CUSTOMER’S PROPOSED USE OF THE SERVICE COMPLIES WITH APPLICABLE LAWS IN CUSTOMER’S JURISDICTION(S).

      PRODUCTS AND SERVICES OFFERING

  3. LAUNCH SERVICES. The objective of Launch Services is to successfully configure and deploy Murj Products for

    Customer’s successful adoption and use. Launches services includes the following:

    1. Offering. Murj personnel will configure Murj Products, train, and support the Customer’s appropriate usage of such Products.

    2. Murj Responsibilities. Murj shall assign personnel, coordinate regular status meetings, deliver status reports to Customer and Murj management, notify Customer if there are any issues, and provide a training to all available Authorized Users.

    3. Customer Responsibilities. The Customer must ensure their systems meet Murj’s requirements, make sure Authorized Users are available for meetings to facilitate the launch by the Live Date,9 and allocate appropriate resources to address issues arising from the Customer’s environment or staff. Customer will follow Murj Launch Services’ best practices, which includes a decision on platform billing model, data configuration, and cooperation with Murj personnel as described in EXHIBIT CS STATEMENT OF WORK. Customer must notify Murj of any credentialing requirements at least one month in advance of the Training10 or any other similar requirements that could impact the Training. Customer acknowledges that if it fails to follow Murj’s best practices or responsibilities specified herein, there could be consequences regarding Patient11 safety, potential lost reimbursement, and usage of the Murj products. This failure will constitute a breach of this Agreement.

    4. Online Training Assets. Murj offers unlimited remote and self-service training courses for Authorized Users, including any items that may be specified in EXHIBIT SALES ORDER.

    5. Customer In-Person Training. If specified in any Sales Order and EXHIBIT CS STATEMENT OF WORK, Murj shall offer training sessions at an identified Customer site. Murj will visit Customer at a mutually agreed upon site for in-person training occurring over one (1) to three (3) days. Additional in-person training can be provided for in a Sales Order.

    6. Advance Notice of Training. Murj requires 21-day advance notice for in-person training. Once training is scheduled, cancellation of training by the Customer with less than (21) days advance notice may result in forfeiture of a Customer In-Person Training at the discretion of Murj.

    7. Patient Upload Service. Murj will verify data integrity and upload device Patient data using common data file types. At the discretion of Murj, this service may include removal of duplicates, correction of manual data entry errors, and pre-live testing validation on Murj Products. Murj exclusively reserves right to decline such upload service in the event the data is deemed unreliable.

  4. SUPPORT SERVICES. After Launch Services are performed, Murj personnel will deliver Support Services to aid the Customer in the successful use of the Murj Products.

    1. Scope of Support Services. Murj Support Services shall be delivered in a remote manner by phone and online. Murj is not obligated to provide technical assistance if: (i) the Products have not been used in a manner consistent with this Agreement; (ii) the Murj Products are integrated with a non-Murj system that doesn’t meet Murj’s published specifications; (iii) the Products have been altered or modified by any party other than Murj; (iv) Customer is not in compliance with Murj’s Customer requirements; (v) Murj is not able, after commercially reasonable efforts, to replicate any error or problem in the Product(s) within Murj’s support environment; or (vi) for third party applications or hardware.

    2. Support Hours. Murj customer service representatives are available 5:00 AM to 6:00 PM Pacific Standard Time, Monday – Friday (excluding United States public holidays).

    3. Availability. The Murj software is available 24 hours a day, seven (7) days a week, subject to Product(s) Updates.12 Uptime shall be no less than 99.95%. Murj is not responsible for downtime associated with lack of availability of the device manufacturer systems or any other third-party system.

    4. Product(s) Updates. During the Term, Murj will notify the Customer of Product(s) Updates and releases as they are made available. Customer agrees its License is not contingent upon the delivery of any Product Updates nor is it dependent upon any oral or written statements made by Murj or Murj personnel. Murj will perform Product Updates during designated upgrade windows which shall be (i) conducted 5 days after notice to Customer and (ii) between 7:00 PM and 12:00 AM Pacific Standard Time. Murj is not responsible for any third-party systems to comply with these Product Updates requirements.

    5. Issue Management and Response Times. Murj monitors all its Products 24 hours a day, seven (7) days a week. All issues are addressed based on their severity and urgency, as outlined in the table below. Customer must notify Murj, in writing, of any issues for Murj to address Customer’s issues.

      Severity

      Priority

      Description

      Business Hour Response Time

      Non-Business Hour Response Time

      S1

      Highest

      Critical production issue affecting all customers, including system unavailability and data integrity issues, with no workaround available.

      2

      4

      S2

      High

      Production issue impacting one or more Murj customers, loss of functionality and/or significantly degraded performance, issue is persistent with no workaround available.

      4

      6

      S3

      Medium

      Any system issue that affects functionality or impacts performance, workaround may be possible but not

      24

      36

      Severity

      Priority

      Description

      Business Hour Response Time

      Non-Business Hour Response Time

      sustainable. Any updates to PHI13 that customers are unable to change.

      S4

      Low

      Any information request for Product(s) capability, implementation assistance, data changes or system issue that impacts a small number of users with an acceptable workaround available.

      As Needed

      N/A

      S5

      Lowest

      Any information request for Product(s) capability, implementation assistance, data changes or system issue that impacts a small number of users with an acceptable workaround available.

      120

      N/A

      Business hours are 5:00 AM to 6:00 PM Pacific Standard Time, Monday – Friday, excluding the following holidays: New Year’s Day, January 1, Memorial Day, May 27, Independence Day, July 4, Labor Day, September 2, Thanksgiving Day, November 28, Christmas Day, December 25th.

      Non-business hours are 5:00 PM to 9:00 AM Pacific Standard Time and weekends and holidays listed above.

  5. INTEGRATION SERVICES. Murj offers cloud-based, encrypted connectivity by and between Murj and 3rd party systems, including Customer Electronic Health Record13 (“EHR”) systems and cardiac device manufacturers. With regards to Integration Services, these terms include:

    1. Scope. Within 30 days of contract execution, Murj shall provide up to 20 hours of consultative meetings with Murj resources to scope, plan, and deploy the integration. If Customer requests supplemental changes to the EHR beyond the initial scope, Customer may be subject to additional fees itemized in a supplemental Sales Order.

    2. Schedule. Murj will have an identified start date as specified in the EXHIBIT EHR STATEMENT OF WORK. Murj will notify Customer that EHR is ready, and Customer will have a two (2) week period to test. After this period, Murj can begin to reallocate resources to other Customers.

    3. Acceptance. Customer accepts the integration by written acceptance, Product usage, benefit, or payment after the Customer testing period.

    4. Rejection. Customer may only reject an integration after Murj is properly notified and fails to cure an alleged defect such that the defect excludes the integration from meeting Murj’s Product Warranties. Any notice of rejection must specifically describe alleged defect(s).

    5. Limitation. Murj is not responsible for fees that may be charged to Customer by EHR vendor(s) for integration with Murj. EHR integration completion not a requirement for the Live Date.

  6. REMOTE CLINICAL SERVICES. Murj may offer Remote Clinical Services14 in which Murj’s trained personnel access the Customer’s account to review remote device transmissions, ensuring compliance with the established Care Protocol.15 Services may include the following:

    1. Murj Staffing Services. Murj will assign qualified Murj personnel, or contracted resources, (together and separately, “Resources”) to review and document CIED remote transmissions. Murj reports or Dockets16 will be drafted by Murj Resources using the Customer configuration of the Murj Platform, and work-flowed to the Customer per a documented and executed Care Protocol.

    2. Limitation. Customer acknowledges that Murj is not liable or responsible for any damages to Customer’s Patients caused by any act or omission within the scope of their work to manage and review remote device transmissions outside of its Services Warranty.

    3. Murj Backlog Services. Murj will assign qualified Murj personnel, or contracted resources, to review and document CIED remote transmissions that are unread and at least 7 days past the date of receipt. Murj reports or Dockets will be drafted by Murj Resources using the Customer configuration of the Murj Platform, and work-flowed to the Customer per a documented and executed Care Protocol.

    4. Availability. Murj’s Remote Clinical Services are available to the Customer during regular business hours.

      Business hours are 5:00 AM to 6:00 PM Pacific Standard Time, Monday – Friday, excluding US public holidays.

  7. OPTIMIZATION SERVICES. Murj personnel with meet with the Customer to ensure their success on use and configuration of the Product(s). With regards to Optimization Services, these terms include:

    1. Scope. Murj personnel will begin Optimization Services within six (6) months of Customer Live Date and meet with the Customer at a regular cadence.

    2. Customer Responsibilities. The Customer is to ensure their personnel are available for meetings to collaborate with Murj Optimization Services to achieve best results.

    3. Best Practices. In good faith, Customer will follow Murj Optimization Services’ best practices.

      COMMERCIAL OBLIGATIONS

  8. INVOICING, PAYMENT, AND TAXES.

    1. Invoicing and Payment. The Sales Order(s) will define the invoice timing in which the Customer pays for all fees associated with this Agreement and subsequent Sales Orders.17 The License Fee18 and all other Fees are payable to Murj, in U.S. Dollars. Any amounts not paid when due shall bear the greater of the maximum legal rate or 1.5% (one-and-one-half percent) per month. Customer’s failure to make any payment by the due date shall give Murj the right to discontinue or suspend all access to the Product for Customer and Authorized Users. Further, if Murj has given Customer notice of non-payment and 30 business days to cure, Murj has the right to terminate this Agreement and all corresponding Sales Orders.

    2. Taxes. All fees are exclusive of applicable sales, use, value-added and other taxes, duties, tariffs, assessments, export and import fees, and other similar charges. The Customer is responsible for their payment, including any related penalties and interest. In the event Murj incurs any tax in Customer’s state as a result of this Agreement or Murj makes a payment on behalf of the Customer for any tax, Murj shall invoice the Customer for said fees and Customer shall promptly reimburse Murj. The Customer must provide official receipts or other evidence of tax payments upon request. Customer will make all payments of Fees to Murj free and clear of, and without reduction for, any withholding taxes; any such taxes imposed on payments of Fees to Murj will be Customer’s sole responsibility, and Customer will provide Murj with official receipts issued by the appropriate taxing authority, or such other evidence as Murj may request, to establish that such taxes have been paid. If Customer claims tax exempt status with respect to any taxes that would otherwise be payable by Customer hereunder, Customer agrees to provide documentation of tax-exempt status. Customer shall indemnify and defend Murj in connection with any proceedings brought by any taxing authorities in connection with this Agreement.

  9. CUSTOMER INFORMATION AND PATIENT DATA.

    1. General. Customer represents it is the authorized care provider for each of its Patients. The Product(s) require Murj to access and use Customer Information, Data Files, and PHI of Patients for the following purposes: (i) to make the Product available to Customer; (ii) to provide the Services to Customer as described in this Agreement; and (iii) to enable Customer to administer health care Services for its Patients.

    2. Access. Customer authorizes Murj to access and utilize its Customer Information, Data Files, and Patient PHI for the term of this Agreement for the appropriate feeds including the device manufacturer websites, EHR Integration, and any other third-party sources of Customer Information, including information that is uploaded to Murj. Customer shall provide Murj with a list of all sources of device data and, in a secure manner, provide Murj a secure log-in approval and/or credentials to enable Murj access to such device data. The Parties agree to complete all such documentation as necessary to secure data access.

    3. Data Aggregation. Murj may compile, aggregate, distribute, and/or disclose statistical analyses and reports utilizing Murj for Customer’s Data Files customer data pursuant to this Agreement for the purposes of (i) product development and (ii) preparing statistical analyses and reports for Murj customers, including Customer. Murj acknowledges all data aggregation will comply with the corresponding Business Associate Agreement (“BAA”)19associated with this Agreement.

    4. Customer Data Export. Customer may request Murj to export a readable .csv copy of the Customer Data Files that may reside in the software at any point during the Term of this Agreement and up to 30 days after Termination. Customer Data Export requests may be made no more than once annually on a no-fee basis. If a request for Data Export is made more frequently, Murj reserves the right to charge the Customer for such Data Export at a commercially reasonable rate.

  10. MUTUAL RESPONSIBILITIES AND OBLIGATIONS.

    1. Business Associate Agreement / HIPAA Compliance. As incorporated with this Agreement, Parties will execute a BAA.

    2. Professional Ethics and Disclosures. The parties hereto agree to make full and complete disclosure of any relationship that is required by any local, state, or federal law, rule, regulation or necessary to comply with any ethical codes, moral canons, standards, or rules of conduct of the medical profession, including all medical organizations or societies. Further, the Customer is required to report any perceived unethical activity by Murj or a Murj representative to: report@murj.com

  11. MURJ OBLIGATIONS

    1. Insurance. Murj shall maintain insurance coverage for claims made during and after termination of the Agreement based on conduct or events having occurred during the Term of the Agreement, with policy limits at a minimum of the following: (i) Workers Compensation. Statutory limits containing a waiver of subrogation against Customer, with Employer’s Liability of One Million Dollars ($1,000,000) per each accident and One Million Dollars ($1,000,000) per each employee disease with a One Million Dollars ($1,000,000) policy limit. (ii) Employer’s Liability. One Million Dollars ($1,000,000) per each occurrence. (iii) Commercial General Liability (CGL). Bodily injury and property damage combined to include Blanket Contractual coverage with combined single limit, bodily injury, and property damage liability or at least One Million Dollars ($1,000,000) per each occurrence and Three Million Dollars ($3,000,000) in the annual aggregate. (iv) Professional Liability. One Million Dollars ($1,000,000) per each occurrence and Three Million Dollars ($3,000,000) in the annual aggregate or, to the extent that the Services are provided in a jurisdiction with statutory limitations on medical malpractice liability, then limits shall be not less than the current statutory limits per each occurrence and three times such amount in the annual aggregate; provided however, that, if the Services are of the nature that Professional Liability insurance would be customary and appropriate and Murj does not have professional liability coverage, Murj may substitute Errors and Omissions coverage in the amount of not less than One Million Dollars ($1,000,000) per each occurrence and Three Million ($3,000,000) in the annual aggregate. (v) Cyber Liability, also known as Data Breach Coverage. At least Five Million Dollars ($5,000,000) per each occurrence, and Fifteen Million Dollars ($15,00,000) in aggregate; and (viii) such other coverages as maybe required by Customer based on the nature of the Services provided (e.g., pollution, legal liability, fidelity).

  12. CUSTOMER OBLIGATIONS.

    1. Authorized Users. Customer will ensure only Authorized Users will access Murj Products. To become an Authorized User, Customer is required to have an executed Sales Order with Murj.

    2. Product Use Restrictions. Customer shall not, and shall not permit any Authorized User or other third party entity, to: (i) knowingly interfere with or disrupt the integrity or performance of the Product; (ii) reverse engineer, disassemble, or decompile, duplicate, or otherwise seek to copy any portion of any Product; (iii) remove any copyright notices or other proprietary notices or restrictions from the Product; (iv) use or knowingly disclose the results of the Product(s) for competitive bench marking or analysis for purposes of any unaffiliated third party; (v) develop any similar or competing software or products, including, but not limited to: distribution, sale, sublicense, rent, lease, or for any other purpose of competing with Murj; (vi) use the Product to provide services to third parties (other than Patients) or in any other manner wherein a third party is given access to the Product; (vii) transfer or redistribute the Product to any third party, except in connection with a permissible assignment as specified in this Agreement; (viii) misappropriate Murj intellectual property or inventions; or (ix) otherwise use the Product in any manner not expressly permitted hereunder that would allow for the development of any similar product in the healthcare technology industry. In the event Customer or any personnel associated with Customer breaches this clause, Murj may seek the following remedies: injunction, damages, including lost profit and damage to the value of the intellectual property, specific performance, termination, attorney fees, and liquidated damages.

    3. Third Party Restriction. Customer shall not allow third party access to the Product(s). In the event the Customer does, Customer will be fully responsible for all actions associated with the Customer.

    4. Limited Responsibilities. Customer is solely responsible for its use of the Product, including: (i) making appropriate use of the Products to ensure a level of security appropriate to the risk posed by processing Customer Information;20 (ii) securing the account with proper authentication log-in credentials, systems, and devices that Customer uses to access the Products; (iii) securing Authorized User’s computers, computer systems, networks, databases, servers, communication systems, Intranet(s), devices that Murj uses to provide the Products, and means of access to such systems; (iv) backing up Customer Data Files; and (v) ensuring each Authorized User’s proper use of the Products. Customer shall be liable hereunder for any action or inaction of Authorized Users in breach of this Agreement. Customer ensures that Authorized Users meet all obligations imposed on the Customer in this Agreement.

    5. System Configuration. Prior to Live Date of the Products, Customer will: (i) make Customer resources available to Murj to test the Customer configuration of the Product(s) and (ii) provide its Authorized Users with access to a computer, internet connectivity and web-browser capability via the Google Chrome web browser v74 or newer, and Windows 7 or newer, and OS X 10.7 (Lion) or newer.

  13. TERMINATION AND DAMAGES.

    1. Termination for Breach. Either Party may terminate this Agreement with written notice to the other Party if the other Party: (i) fails to cure any “Material Breach”21 of this Agreement within 30 days after written notice of such breach to the extent the breach is incapable of cure; (ii) ceases operation without a valid successor; or (iii) seeks protection under any bankruptcy, receivership, trust deed, creditors arrangement, composition, or comparable proceeding, or if any such proceeding is instituted against such party and not dismissed within 60 days. Termination is not an exclusive remedy and the exercise by either Party of any remedy under this Agreement will be without prejudice to any other remedies it may have under this Agreement, by law, or otherwise. Murj is entitled to all remedies available.

    2. Effect of Termination. Immediately upon termination or expiration of this Agreement, Murj may terminate access to the Product(s) by the Customer. Customer shall be responsible for payment of then outstanding amounts due, including partial period usage not yet invoiced to Customer.

    3. LIMIT ON DAMAGES. MURJ’S CUMULATIVE LIABILITY, INCLUDING THAT OF ITS REPRESENTATIVES AND AGENTS, IS CAPPED AT THE LESSER OF THE TOTAL FEES PAID BY THE CUSTOMER IN THE 12 MONTHS PRECEDING ANY CLAIM AND $1,000,000 PER ANY INCIDENT. THIS LIMIT APPLIES TO ALL CAUSES OF ACTION AND CLAIMS OF ANY KIND.

    4. NO  INDIRECT  DAMAGES. IN NO EVENT SHALL EITHER PARTY OR ITS LICENSORS (INCLUDING THEIR DIRECTORS, OFFICERS, EMPLOYEES, REPRESENTATIVES, AGENTS, AND SUPPLIERS) BE LIABLE FOR ANY INDIRECT, EXEMPLARY, PUNITIVE, INCIDENTAL, SPECIAL, OR CONSEQUENTIAL DAMAGES, INCLUDING WITHOUT LIMITATION PROCUREMENT OF SUBSTITUTE PRODUCTS OR SERVICES OR COSTS DUE TO LOSS OF PROFITS, REVENUE, DATA, OR DATA USE, EVEN IF SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

    5. ALLOCATION OF RISK. THE PROVISIONS OF THIS AGREEMENT FAIRLY ALLOCATE THE RISKS BETWEEN MURJ AND THE CUSTOMER. CUSTOMER ACKNOWLEDGES AND AGREES THAT THE PRICING REFLECTS THIS ALLOCATION OF RISK AND THE LIMITATION OF LIABILITY SPECIFIED HEREIN.

    6. EXCEPTIONS. SECTIONS ON DAMAGES SHALL NOT APPLY TO: EITHER PARTY’S (i) INDEMNIFICATION OBLIGATIONS; (ii) LIABILITY FOR GROSS NEGIGLENCE OR WILLFUL MISCONDUCT; (iii) BREACH OF CONFIDENTIALITY, PRIVACY, SECURITY, AND/OR BUSINESS ASSOCIATE AGREEMENT OBLIGATIONS; AND/OR DPA OBLGIATIONS; CUSTOMER’S OR ANY AUTHORIZED USER’S (iv) INFRINGEMENT OR MISAPPROPRIATION OF MURJ’S INTELLECTUAL PROPERTY RIGHTS AND/OR (v) REVERSE ENGINEERING OF ANY MURJ PRODUCTS.

  14. INDEMNIFICATION AND LIABILITY.

    1. Indemnification by Murj. Murj shall defend or, at its option, settle, any claim brought against Customer by a third party alleging that the use by or on behalf of Customer of the Customer Information in accordance with this Agreement infringes or misappropriates any third party’s rights or violates any laws. Murj will pay all damages finally awarded against Customer (or the amount of any settlement entered or approved in writing by Murj) with respect to such a claim, assuming Murj is at fault for the settlement. Customer shall provide Murj with: (i) prompt written notice of; (ii) sole control over the defense and settlement of; and (iii) all information and assistance reasonably requested by Murj in connection with the defense or settlement of, any such claim.

    2. Indemnification by Customer. Customer shall defend or, at its option, settle, any claim brought against Murj by a third party alleging that the use by or on behalf of Murj of the Customer Information in accordance with this Agreement infringes or misappropriates any third party’s rights or violates any laws. Customer will pay all damages finally awarded against Murj (or the amount of any settlement entered or approved in writing by Customer) with respect to such a claim. Murj shall provide Customer with: (i) prompt written notice of; (ii) sole control over the defense and settlement of; and (iii) all information and assistance reasonably requested by Customer in connection with the defense or settlement of, any such claim.

    3. Impact of Indemnification to Murj. If any such claim is brought or threatened, Murj may, at its sole option and expense: (i) determine the Customer’s continued usage of the Products (ii) modify or replace the Products to make it non-infringing; or (iii) if none of the foregoing is commercially practicable, terminate this Agreement.

    4. Limitation on Liability. Notwithstanding the foregoing, Murj will have no liability to Customer for: (i) any Customer Information or Customer materials or any instruction, other information, designs, specifications, or other materials provided by Customer to Murj; (ii) use of an outdated or altered version of the Products, but only to the extent that such infringement would have been avoided by use of a current, unaltered version thereof which had been made available to Customer free of charge; (iii) any use of the Products in combination with software, products or services not provided by Murj to the extent that the Products would not be infringing but for such combination or modification; (iv) Customer’s failure to use the Products in accordance with this Agreement; or (v) any modifications or changes made to the Products by or on behalf of any person other than Murj. Murj’s liability is limited to the total fees associated with this Agreement and subsequent Sales Orders. Murj is not liable for any legal costs incurred by the Customer.

    5. ENTIRE LIABILITY. THIS AGREEMENT STATES THE ENTIRE LIABILITY OF MURJ AND ITS LICENSORS AS WELL AS CUSTOMER’S EXCLUSIVE REMEDY WITH RESPECT TO ANY INFRINGEMENT OR ALLEGED INFRINGEMENT CLAIM BY A THIRD PARTY.

      GENERAL

  15. RELATIONSHIP. Nothing in this Agreement shall be construed to create a partnership, joint venture, or agency relationship between Customer and Murj. Customer’s relationship to Murj is that of an independent contractor, and neither Party is an agent or partner of the other.

  16. NOTICES. All notices required or permitted under this Agreement must be delivered in writing to the specified email address and the official business address provided by either Party.

  17. ASSIGNMENT. Customer shall not assign, subcontract, delegate, or otherwise transfer this Agreement, or its rights and obligations herein, without obtaining the prior written consent of Murj. Murj may assign this Agreement in its entirety (including any Sales Orders) without consent of Customer with proper notice to (i) any entity that directly or indirectly controls, is controlled or under common control with Murj; or (ii) any successor in connection with a merger, acquisition, or sale of all or substantially all the assets of such Party or an applicable business unit.

  18. AMENDMENT. No supplement, modification, or amendment of this Agreement shall be binding, unless approved in writing by a duly authorized representative of the opposite Party. An amendment may be implied from conduct but will require to be stated in a writing signed by a duly authorized representative.

  19. VENUE. This Agreement shall be governed by the laws of the State of Delaware, United States of America without regard to its conflict of laws provisions. Each Party hereby expressly consents and submits to the exclusive personal jurisdiction and venue in the state and federal courts located in Santa Clara County for any lawsuit filed there against Customer by Murj arising from or related to this Agreement. This Agreement shall not be governed by the United Nations Convention on Contracts for the International Sale of Goods or the Uniform Computer Information Transactions Act.

  20. FORCE MAJEURE. Neither party shall be liable to the other for its failure to perform its obligations under this Agreement, except for payment obligations, during any period in which such performance is rendered impracticable or impossible due to unforeseen circumstances beyond its reasonable control, including, but not limited to, an Act of God.

  21. INTELLECTUAL PROPERTY, CONFIDENTIAL INFORMATION AND PRIVACY.

    1. Ownership. As between Customer and Murj, Murj retains all right, title, interest, and all associated intellectual property rights in and to the Product and Services developed either prior to or during the Term of this Agreement, including all Documentation, ideas, suggestions, and feedback on Murj Products, visual representations, user-interfaces, source code, object code, design(s), specifications, configurations, workflows, or any other information relating to the Product that constitute proprietary works of Murj and its licensors. Customer retains all worldwide right, title, and interest including all associated intellectual property rights in and to Customer Information and Customer’s trademarks and logos. The terms “purchase” and “sale” in reference to the Products notwithstanding, it is expressly agreed by the parties that title to the Products does not pass to Customer and Customer’s rights with respect to the Products will be limited only to the license conferred in this MSA.

    2. Confidential Information. “Confidential Information”22 shall remain the sole property of the Disclosing Party. Information will not be considered as Confidential Information if the information is or was: (i) lawfully available to the public through no act or omission of the Receiving Party; (ii) in the Receiving Party’s lawful possession prior to disclosure by the Disclosing Party; (iii) lawfully disclosed to the Receiving Party by a third party without restriction on disclosure; and/or (iv) independently developed by the Receiving Party without any attribution of the idea to the Disclosing Party.

    3. Nondisclosure. Each Party, as Receiving Party, agrees to forever hold the Disclosing Party’s Confidential Information in confidence and not to use such Confidential Information, except as expressly permitted under this Agreement or with written consent of the Disclosing Party. Both parties commit to maintaining the confidentiality of each other’s information, using it exclusively as permitted under this Agreement. The Receiving Party agrees to protect the Disclosing Party’s Confidential Information in the same manner it protects its own confidential information. This commitment to confidentiality is perpetual and each party agrees to take all reasonable steps to protect the other’s Confidential Information. In the event of a breach of this provision, the Disclosing Party may seek equitable relief, including injunctive relief, against the receiving party and its agent to prevent the breach of this Section.

      Any Authorized Users or third parties operating on behalf of this Agreement or performing services for the benefit of the Receiving Party are bound to secure and protect the Confidential Information in a manner no less restrictive or protective of the Confidential Information than the terms of this Agreement.

    4. Legal Proceeding. A Receiving Party facing a legal obligation to disclose Confidential Information to a court or other governmental entity shall promptly notify the Disclosing Party of that fact, unless such notification is not legally permissible. The Receiving Party shall give the Disclosing Party the opportunity to oppose such disclosure or obtain a protective order and shall continue to treat such information as Confidential Information until permission to disclose is granted. In the event of a breach of this provision, the affected Party may seek equitable relief against the opposing Party and its agents to prevent any future, further, or continued breach or threatened breach of this provision.

    5. Return or Destroy Confidential Information at Termination. On termination of the Agreement, at no additional cost, the Receiving Party shall promptly return all the Disclosing Party’s Confidential Information upon request, except as required by law. The Receiving Party shall certify in writing the Confidential Information has been destroyed within 30 days of the termination of the Agreement.

    6. Privacy and Security. Customer shall ensure it has given all notices, and obtained all permissions and consents, as may be required under all applicable, local, state, and federal laws or rulings in which Services will be performed for Murj to process Customer Information as contemplated by this Agreement.

  22. CUSTOMER INFORMATION. Murj may publicly list Customer as a customer of the Product and use Customer’s trademark, trade name, and logo for marketing or promotional purposes and in other communications with existing or potential Murj customers or investors.

  23. EXHIBITS. The terms and provisions of the attached exhibits are incorporated in this Agreement by reference.

  24. HEADINGS. Headings in this Agreement are intended solely for convenience of reference and shall be given no effect in the construction or interpretation of this Agreement.

  25. INTEGRATION. This Agreement is the final, complete, and exclusive agreement of the Parties. This Agreement may only be superseded by an executed Sales Order or subsequent Agreement. If any provision of this Agreement is adjudicated invalid or unenforceable, the remaining provisions will remain in effect and the Agreement will be amended to the minimum extent necessary to achieve the same legal and commercial effect originally intended by the Parties.

  26. SURVIVAL. All clauses and any other terms intended by context to survive past the termination of this Agreement, shall survive any termination of this Agreement, except Term of Agreement, Invoicing, Payment, and Taxes, Termination, Venue, Indemnity, Force Majeure, Section Integration, and Headings.

THE AFOREMENTIONED materials contain warranty disclaimers, liability limitations, and use limitations. There shall be no force or effect to any different terms of any related Sales Order or license terms unless signed in writing by all the parties hereto.

IN WITNESS WHEREOF, the Parties have executed this Master License Agreement as of the day and year last set forth below.

Murj, Inc.:

Customer:

By: _________________________________

By: _________________________________

Name: _________________________________

Name: _________________________________

Title: _________________________________

Title: _________________________________

Date: _________________________________

Date: _________________________________

___________

1 Effective Date shall be the date of the last signature of the agreement and will default to the first date of the subsequent month, unless otherwise specified in the Sales Order.

2 Term shall be the sum of the Annual Period(s) as specified in a Sales Order and any renewal thereof. If no term is stated, then the term is for one year from the Effective Date of this Agreement.

3 Sales Order means the document that specifies the quantity and Fees for the licensed Products and Services contemplated herein, the Sales Order shall be attached hereto as EXHIBIT SALES ORDER.

4 Authorized Users are the authorized employees, agents, consultants, suppliers, service companies, contractors, and affiliates of Customer or Permitted Affiliates authorized by Customer to access the Product under the terms herein. All Authorized Users are subject to the terms of this Agreement.

5 Product(s) are the Software Platform(s), Services, including Clinical Services, Launch Services, Support Services, Documentation, and other materials commercially sold to or made available to Customer by Murj, and as shall be specifically enumerated in a Sales Order. Murj may release new Products from time to time and such new Products may be sold separately from Products that may be provided for under a valid Sales Order.

6 Protected Health Information or PHI is any information created, received, maintained, or transmitted by Murj on behalf of Customer, which reasonably identifies an individual and relates to: (i) the individual’s past, present or future physical or mental health; (ii) the provision of health care to the individual; or (iii) the past, present, or future payment for health care.

7 Data Files means that discrete non-aggregated data, documents and reports that may be created by, or received and retained for, the Customer in the Product(s).

8 Services shall be the activities or tasks performed by Murj for Customer, typically for a specified fee or compensation. These activities can encompass professional, consulting, maintenance, or support services, and are tailored to meet the specific needs outlined in the applicable Exhibits.

9 Live Date shall be the date upon which Murj has (i) established data feeds from CIED device manufactures to the Murj product, (ii) made the Products available to the Customer, and (iii) made Training available to Customer.

10 Training shall be the period of time designated for Murj personnel to train Customer personnel on Murj product(s) .

11 Patient(s) are individuals who wear or have an implanted cardiac medical device that may generate or transmit PHI data that may be accessed on the Product(s).

12 Product(s) Updates means when the Murj Product(s) will undergo enhancements to add new functionality and/or features to the Product(s) and Services of the Murj environment. During this time, the Murj Product(s) may not be available for usage by the Customer.

13 EHR(s) is any Electronic Health Records system that is cloud-based with encrypted directional connectivity from Murj to Customer.

14 Remote Clinical Services means when Murj staff, or contracted staffing resources, principally process the review of remote cardiac device transmissions on behalf of a Customer.

15 Care Protocol means a written statement signed and dated by the Customer and Murj approved by the Customer that lists and describes the steps within the applicable scope of practice that Murj personnel shall use to deliver Remote Clinical Services in assessing and treating a Patient.

16 Docket means the (i) a 31-day period with respect to remote monitoring of a cardiac implantable device for diagnostic monitoring, and (ii) a 91-day period with respect to remote monitoring of a cardiac implantable device for cardiac rhythm management monitoring created in the Murj Platform in accordance with the Care Protocol.

18 License Fee is the money paid for the right to access the Product(s); the calculations for which are specified in a Sales Order by an individual or entity. The License Fee covers the License Grant from Murj to Customer and pays for the right to use, access, or distribute intellectual property, software, or other proprietary assets owned by the licensor. This fee encompasses all restriction as defined in the License Grant.

19 BAA means the Business Associate Agreement that enables HIPAA compliant access by Murj of the Customer’s PHI Patient data.

20 Customer Information is any data, metadata, materials, or information, regardless of form, or source, provided or made available or accessible to Murj by, or that are otherwise owned by or relate to, Customer or to any of its customers, end-users, Patients, health care providers, payers, employees, agents, Authorized Users, Permitted Affiliates, or created by Murj, to facilitate its performance of Services for Customer under this Agreement.

21 Material Breach is a breach in which a Party fails to perform a critical aspect of this Agreement and such failure prevents proper adherence to the obligations under this Agreement.

22 Confidential Information means any information disclosed by one Party (the “Disclosing Party”) to the other Party (the “Receiving Party”), either directly or indirectly, in writing, orally, or by the Receiving Party’s inspection of tangible objects, including, without limitation, Murj Products, algorithms, business plans, customer information, customer lists, customer names, design(s) documentation, drawings, engineering information, financial analysis, pricing terms, Sales Order(s), forecasts, formulas, hardware configuration information, inventions, market information, marketing plans, processes, Product(s) plans, research, Services, specifications, source code, or trade secret information that is designated as “confidential,” “proprietary,” or some similar designation or that should reasonably be considered confidential based on the nature of the information or the circumstances surrounding its disclosure.

EXHIBIT HIPAA BUSINESS ASSOCIATE AGREEMENT

This HIPAA Business Associate Agreement is made by and between Murj and the Customer (together, the “Parties”).

  1. PURPOSE. This Business Associate Agreement (BAA) is established to ensure compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its implementing regulations, including the Privacy, Security, and Breach Notification Rules (“Rules”). It outlines the distinct responsibilities of both the Customer and Murj to achieve and maintain this compliance.

  2. DEFINITIONS.1 (see footnote for definitions)

  3. RELATIONSHIP.

    1. Murj and Customer have entered into an Agreement whereby Murj provides its Products and Services, which may create, receive, maintain, and transmit PHI from or on behalf of Customer in the course of providing the Products to Customer.

    2. As provided in the Agreement, PHI shall include, when applicable, Electronic Protected Health Information (“EPHI”, which is a subset of “PHI). Murj’s access of EPHI will include access of EPHI by doctors and care providers at Customer and of Customer’s Patients. Murj will be involved with developing, maintaining, and supporting the Products related to the usage of EPHI.

    3. Murj shall be responsible for the protection of the Products via web-based access by Customer to the EPHI and the associated Products’ technical infrastructure, including hosting, hosted security, encryption, and password protection.

    4. Customer shall be responsible for managing Authorized User access to the Products and for providing an appropriate level of protection for the confidentiality, availability, and integrity of the EPHI by choosing appropriate administrative, physical, and technical safeguards to protect access to the Products and implementing these choices by specific direction to Murj as necessary.

  4. MURJ’S OBLIGATIONS. Murj commits to the following regarding PHI and EPHI:

    1. Not use or disclose PHI other than as permitted or required by this BAA, the Agreement, or as required by law;

    2. Use appropriate safeguards, and comply with Subpart C of 45 CFR 164 with respect to PHI, to prevent use or disclosure of PHI other than as provided for by the Contracts;

    3. Report to Customer any use or disclosure of PHI not provided for by the Contracts of which it becomes aware, including breaches of unsecured PHI as required at 45 CFR 164.410, and any security incident of which it becomes aware, such notification to take place within five (5) business days of Murj’s discovery of such reportable event. As a business associate of Customer, Murj shall only have the responsibility of notifying Customer. Customer shall then conduct further notification of others as may be required by law;

    4. In accordance with the Rules, ensure any subcontractors who create, receive, maintain, or transmit PHI on behalf of Murj agree to the same restrictions, conditions, and requirements that apply to Murj with respect to such information;

    5. Perform any of the services in the Agreement to facilitate Customer making available PHI in a designated

      record set as necessary to satisfy Customer’s obligations under the Rules;

    6. Allow any of the Product(s) in the Agreement to facilitate Customer making any amendment(s) to PHI in a designated record set as pursuant to the Rules, or take other measures as necessary to satisfy covered entity’s obligations under HIPAA;

    7. Maintain and make available the information required to provide an accounting of disclosures to the

      Customer as necessary to satisfy Customer’s obligations under HIPAA;

    8. To the extent Murj is to carry out one or more of Customer’s obligation(s) under HIPAA, comply with the requirements of the Rules that apply to the Customer in the performance of such obligation(s); and make its internal practices, books, and records available to the Secretary for purposes of determining compliance with the HIPAA Rules.

    9. Murj may not use or disclose PHI in a manner that would violate the Rules except for the specific uses and disclosures set forth below.

    10. Murj agrees to make uses and disclosures and requests for PHI consistent with Customer’s minimum

      necessary policies and procedures.

    11. Murj shall not be responsible to respond directly to an individual request for access to PHI, an amendment to PHI, or an accounting of disclosures of PHI received directly by Murj but shall make such PHI or information available to Customer in a manner consistent with the Product(s) in the Agreement and Customer shall respond to the individual request as may be required by law.

  5. CUSTOMER’S OBLIGATIONS. Customer agrees to and is responsible for the following:

    1. Examine and understand the characteristics of the Products provided by Murj and to consider how the Product(s) will appropriately contribute to the Customer’s overall protection of the confidentiality, availability and integrity of the Customer’s PHI;

    2. Maintain overall responsibility for ensuring appropriate administrative, physical and technical security safeguards are implemented on a “system wide” basis to appropriately protect all PHI accessed, manipulated or maintained by Murj or at an Murj facility on the behalf of Customer;

    3. Implement appropriate encryption and other media handling and protection measures for all computer, storage, and transmission media located on the Products that is exposed or otherwise used to handle PHI including hard drives, backup tapes, network transmission media, Internet access and private line access;

    4. Maintain appropriate administrative controls to ensure Murj is notified immediately using Murj’s then standard procedures of additions to, changes to or deletions from the list of Customer personnel authorized to, physically or electronically, access Customer’s infrastructure containing PHI at Murj;

    5. If the Products include the use of computers, firewalls, or other devices provided by Murj for the use of Customer in the maintenance, use, or storage of PHI, give Murj specific instructions concerning the operating systems, settings, automatic updating (or manual updating) and other configuration details to appropriately protect the PHI contained, manipulated or protected by those systems;

    6. Ensure all devices that access the Products comply with Murj’s Systems Requirements;

    7. Ensure proper electronic authentication procedures are implemented on any devices utilized in providing the Products by Murj to Customer;

    8. Create and maintain systems to discriminate between authorized and unauthorized electronic users of Murj Products and PHI;

    9. Ensure proper encryption of PHI is performed during transmission of PHI through Murj’s network or other

      media located in or transmitting from a Murj facility or Murj provided infrastructure;

    10. Ensure all PHI stored on Customer’s behalf on Murj infrastructure, to include servers, Storage Area Networks, and backup media is encrypted appropriately as required by law;

    11. Ensure all PHI is encrypted appropriately before Murj performs backups for storage;

    12. Notify Murj of any limitation in any applicable notice of privacy practices in accordance with HIPAA, to the extent that such limitation may affect Murj’s use or disclosure of PHI;

    13. Notify Murj of any changes in, or revocation of, permission by an Individual to use or disclose PHI, to the extent that such changes may affect Murj’s use or disclosure of PHI;

    14. Notify Murj of any restriction to the use or disclosure of PHI that Customer has agreed to in accordance with HIPAA, to the extent that such restriction may affect Murj’s use or disclosure of PHI; and

    15. Not request Murj to use or disclose PHI in any manner that would violate applicable federal and state laws if such use or disclosure were made by Customer. Customer may request Murj to disclose PHI directly to a third party only for the purposes allowed by HIPAA.

  6. PERMITTED USES BY MURJ.

    1. Murj may use or disclose PHI to perform functions or activities necessary to deliver the Product(s) for, or on behalf of, Customer as specified in the Agreement.

    2. Murj may use or disclose PHI as required by law.

    3. Murj may use EPHI for the proper management and administration of the Product(s) or to carry out the legal responsibilities of Murj.

    4. Murj is permitted, for data aggregation purposes to the extent permitted under HIPAA, to use, disclose, and combine PHI created or received on behalf of Customer pursuant to this Agreement with PHI, as defined by HIPAA, received by Murj in its capacity as a business associate of other covered entities, to permit data analyses that relate to the health care operations of the respective covered entities and/or Customer and for Product development purposes.

    5. Murj may de-identify any and all PHI retain data PHI derived data only after it is de-identified in a manner that complies with HIPAA such that the de-identified data no longer conforms to the definition of PHI and is not subject to this BAA.

    6. Murj is permitted to disclose PHI for its proper management, administration, or to fulfill its legal obligations, under the condition that such disclosures are mandated by law. Additionally, Murj must obtain assurances of confidentiality from the recipient, ensuring the PHI is only used or disclosed as legally required or initially intended. The recipient must promptly notify Murj of any breaches in confidentiality.

  7. CONTRACTUAL TERMS.

    1. Term and Termination. This BAA will become effective on the date the Agreement is executed by both Parties. Unless terminated sooner pursuant to this Section, this BAA shall remain in effect for the duration in which the Product(s) are provided by Murj and for as long as Murj shall remain in possession of any PHI received from Customer or created or received by Murj on behalf of Customer, unless Customer has agreed it is infeasible to return or destroy all PHI.

    2. Termination for Cause. If Customer determines a material term of this BAA has been violated, it will give written notice detailing such violation to Murj. Murj shall have 30 days to provide a remedy for the listed violations. Customer may terminate this BAA if Murj has not remedied the violation after 30 days from the issuance of the written notice.

    3. Effect of Termination. Within 30 days of termination of this BAA, Murj will recover any PHI relating to this BAA in the possession of its subcontractors, agents, or representatives and provide Customer the right for a Data Export as described in the Contract. Murj will make available and/or return to Customer all PHI and,

      upon Customer receipt, destroy all such PHI. Murj shall notify Customer in writing if Murj believes it is not feasible to return or destroy the PHI. The notification shall include: (i) a statement Murj has determined it is infeasible to return or destroy the PHI in its possession, and (ii) the specific reasons for such determination. If Customer agrees Murj cannot feasibly return or destroy the PHI, Murj will ensure that any and all protections, requirements and restrictions contained in this BAA will be extended to any PHI retained after the termination of the BAA, and that any further uses and/or disclosures will be limited to the purposes that make the return or destruction of the PHI infeasible. If Customer’s PHI is contained on a Murj managed backup service, Customer agrees that it is infeasible to immediately destroy the PHI and that Murj shall be allowed to maintain the PHI until the backup media is appropriately overwritten or destroyed in the normal course of maintaining the backup media. Murj may retain a copy of PHI received from, or created or received by Murj for or on behalf of Customer which is necessary for Murj to continue its proper management and administration or to carry out its legal responsibilities, provided Murj extends the protections of this BAA to such information.

    4. Survival. The respective rights and obligations of the Parties under sections Permitted Uses by Murj and Contractual Terms will survive termination of the BAA indefinitely.

    5. Amendments. This BAA and the Contracts constitute the entire agreement between the Parties with respect to its subject matter. It may not be modified, nor will any provision be waived or amended, except in a writing duly signed by authorized representatives of the Parties.

    6. No Third-Party Beneficiaries. Nothing express or implied in this BAA is intended to confer, nor shall anything herein confer, upon any person other than the Parties and the respective successors and permitted assigns of the Parties, any rights, remedies, obligations, or liabilities whatsoever.

    7. Limitation of Liability; No Warranty. Nothing express or implied in this BAA shall modify the limitation of liability, indemnification clauses, insurance requirements, warranties offered, or other terms and conditions contained in the Contracts. If there is any ambiguity or conflict between this BAA and the Contracts, the meaning expressed in the Contracts shall prevail.

      1 Business Associate shall generally have the same meaning as the term “business associate” at 45 CFR 160.103.

      Catch-All: the following terms used in this Agreement shall have the same meaning as those terms in the HIPAA Rules: Breach, Data Aggregation, Designated Record Set, Disclosure, Health Care Operations, Individual, Minimum Necessary, Notice of Privacy Practices, Protected Health Information, Required By Law, Secretary, Security Incident, Subcontractor, Unsecured Protected Health Information, and Use.

      Contract(s) shall mean those business agreements that set forth the business relationship between Murj and the Customer.

      Covered Entity shall have the same meaning as the term “covered entity” at 45 CFR 160.103.

      Customer shall be the named entity with which Murj has a contractual business relationship. Customer may also be referenced in contractual documentation as a Customer.

      HIPAA means the Health Insurance Portability & Accountability Act of 1996, P.L. 104-191, as amended from time to time, together with its implementing regulations promulgated under HIPAA and under the Health Information Technology for Economic and Clinical Health Act (the “HITECH Act”), Title XIII of Division A and Title IV of Division B of the American Recovery and Reinvestment Act of 2009 (“ARRA”), by the U.S. Department of Health and Human Services, including, but not limited to, the Privacy Rule, the Security Rule and the Breach Notification Rule, as amended from time to time.

      HIPAA Rules or Rules shall mean the HIPAA Privacy, Security, Breach Notification, and Enforcement Rules at 45 CFR Part 160 and Part 164, as amended from time to time.

      Protected Health information or PHI is any information created, received, maintained, or transmitted by Murj for or on behalf of Customer, reasonably identifying an individual and relates to: (i) the individual’s past, present or future physical or mental health; (ii) the provision of health care to the individual; or (iii) the past, present, or future payment for health care.

    EXHIBIT CUSTOMER SUCCESS CHANGE ORDER REQUEST FORM

    This exhibit outlines the Change Order Request form, which is a document used to request and record changes to the previously agreed-upon project scope. The Change Order Request form will include information about the requested change, impact on the project timeline and budget. Both a representative from Murj and Customer will need to fully execute this Exhibit in order for it to apply to the Agreement.

    TERMS OF CUSTOMER SUCCESS CHANGE ORDER FORM

    Project Name

    Project Manager

    Date of Request

    Description of Change

    Impact on Project: Budget, Schedule

    Murj Approved, By:

    Customer Approved, By:

    Customer acknowledges and approves the requested change outlined in this Change Order Request Form. Customer understands the impact on the project schedule, budget, and scope.

    Murj, Inc.:

    Customer:

    By: _________________________________

    By: _________________________________

    Name: _________________________________

    Name: _________________________________

    Title: _________________________________

    Title: _________________________________

    Date: _________________________________

    Date: _________________________________

    EXHIBIT CALIFORNIA DATA PROCESSING ADDENDUM

    (Applies only to California businesses)

    1. This California Data Processing Addendum (“DPA”) forms an integral part of the Agreement and applies to the extent the Customer is a “business” under the California Consumer Privacy Act of 2018 and any binding regulations promulgated thereunder as applicable (together and as amended from time to time, (the “CCPA”) or the California Privacy Rights Act of 2020 and any binding regulations promulgated thereunder as applicable (together and as amended from time to time, (the “CPRA”), and the CCPA and CPRA together, “California Privacy Laws”) with respect to Product(s)’ User Data. Capitalized terms used in this DPA but not defined in the DPA or the Agreement shall have the meanings given in applicable California Privacy Laws. “Personal Information” means Product(s)’ User Data that constitutes “Personal Information” under applicable California Privacy Laws.

    2. It is the Parties’ intent that Murj is a Service Provider with respect to its processing of Personal Information. Murj (a) acknowledges that Personal Information is disclosed by Customer only for limited and specified purposes described in the Agreement; (b) shall comply with applicable obligations under the CPRA and shall provide the same level of privacy protection to Personal Information as is required by the CPRA; (c) agrees that Customer has the right to take reasonable and appropriate steps to help to ensure that Murj’s use of Personal Information is consistent with Customer’s obligations under the CPRA; (d) shall notify Customer in writing of any determination made by Murj that it can no longer meet its obligations under the CPRA; and (e) agrees that Customer has the right, upon notice, including pursuant to the preceding clause, to take reasonable and appropriate steps to stop and remediate unauthorized use of Personal Information.

    3. Murj shall not (a) Sell or Share Personal Information; (b) retain, use, or disclose any Personal Information for any purpose other than for the Business Purposes specified in the Agreement, including retaining, using, or disclosing Personal Information for a Commercial Purpose other than the Business Purpose specified in the Agreement; (c) retain, use or disclose Personal Information outside of the direct business relationship between Murj and Customer; or (d) combine Personal Information received pursuant to the Agreement with Personal Information (i) received from or on behalf of another person or (ii) or collected from Murj’s own interaction with any Consumer to whom such Personal Information pertains, provided that Murj may combine Personal Information to perform any Business Purpose as defined in regulations described in California Civil Code 1798.140(ag)(1)(D). Murj hereby certifies that it understands the obligations under this Section and will comply with them.

    4. The parties acknowledge that Murj’s retention, use and disclosure of Personal Information authorized by Customer’s instructions as stated in the Agreement are integral Murj’s provision of the Product and services under the Agreement and the business relationship between the Parties. Any exchange of Personal Information between the parties does not form part of the consideration exchanged in respect of the Agreement or any other business dealings.

    5. Murj shall promptly notify Customer if it receives a request from an Authorized User to exercise rights under California Privacy Laws in relation to Personal Information (“Data Subject Request”) and not respond to any Data Subject Request other than to advise the Data Subject to submit the request to Customer, except as required by Applicable laws.

    6. Customer may, subject Murj’s prior written agreement on terms acceptable to Customer in its reasonable discretion, at Customer’s sole cost and expense, monitor Murj’s compliance with the terms of this DPA through measures, including, but not limited to, ongoing manual reviews and automated scans and regular assessments, audits, or other technical and operational testing at least once every 12 months.

    7. If Customer requests and Murj provides support, cooperation or assistance pursuant to this DPA or otherwise in support of Customer’s efforts to comply with Data Subject Requests or its other obligations under California Privacy Laws, Customer shall compensate Murj therefor at Murj’s then-current professional services rates in accordance with the payment terms of the Agreement, except that this clause does not apply to Murj’s provision or Customer’s use of any self-service tools that Customer can use to obtain information or take action necessary for its compliance with such laws.

    EXHIBIT CARE PROTOCOL

    BOTH PARTIES MUST SIGN CARE PROTOCOL, ANY CHANGES REQUIRE NEW SIGNATURES

    MURJ:

    CUSTOMER:

    By:

    _________________________________

    By: _________________________________

    Name:

    _________________________________

    Name: _________________________________

    Title:

    _________________________________

    Title: _________________________________

    Date:

    _________________________________

    Date: _________________________________