← Back to Home

IrisMD Assistant Terms & Conditions

Last Modified: March 3, 2025

This IRISMD Assistant Service Agreement (this “Agreement”) is a binding agreement between iris medical technologies, inc. (“Iris” OR “WE”) and you or the entity you represent (“Customer” OR “YOU”). Iris and Customer may be referred to herein collectively as the ”Parties” or individually as a ”Party”.

Iris provides AI-powered software that listens to provider-patient conversations and creates medical SOAP notes (the “Services ”). THIS AGREEMENT DEFINES THE TERMS AND CONDITIONS APPLICABLE TO CUSTOMER's ACCESS TO AND USE OF THE SERVICES.

THIS AGREEMENT TAKES EFFECT AT THE EARLIEST OF WHEN YOU CLICK THE ”I AGREE” BUTTON OR EXECUTE AN ORDER THAT INCORPORATES THIS AGREEMENT BY REFERENCE (THE “EFFECTIVE DATE”). BY CLICKING ON THE ”I AGREE” BUTTON OR EXECUTING AN ORDER THAT INCORPORATES THIS AGREEMENT BY REFERENCE YOU: (A) ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTAND THIS AGREEMENT; (B) REPRESENT AND WARRANT THAT YOU HAVE THE RIGHT, POWER, AND AUTHORITY TO ENTER INTO THIS AGREEMENT AND IF ENTERING INTO THIS AGREEMENT FOR AN ENTITY, THAT YOU HAVE THE LEGAL AUTHORITY TO BIND THAT ENTITY; AND (C) ACCEPT THIS AGREEMENT ON YOUR BEHALF OR ON BEHALF OF THE ENTITY YOU REPRESENT IF YOU ARE ENTERING INTO THIS AGREEMENT FOR AN ENTITY AND AGREE THAT YOU OR SUCH ENTITY, AS APPLICABLE, ARE LEGALLY BOUND BY ITS TERMS.

IF YOU DO NOT AGREE TO THESE TERMS, YOU MAY NOT ACCESS OR USE THE SERVICES.

  1. Definitions.
    1. Authorized User” means (i) Customer if s/he is an individual, or (ii) if Customer is an entity, Customer's employees, contractors, and agents (1) who are authorized by Customer to access and use the Services under the rights granted to Customer pursuant to this Agreement and (2) for whom access to the Services has been purchased hereunder.
    2. Customer Data” means information, data, and other content, in any form or medium, that is submitted, posted, or otherwise transmitted by or on behalf of Customer or an Authorized User through the Services.
    3. De-Identified Data” means PHI (including PHI within Encounter Data) that has been de-identified pursuant to this Agreement in accordance with HIPAA requirements for de-identification. De-Identified Data shall be considered as excluded from the definition of Confidential Information under this Agreement.
    4. Documentation” means Iris's user guides or other written information provided by Iris relating to the Services either electronically or in hard copy form.
    5. Encounter Data” means, with respect to each health care encounter for which Iris provides the Services, the Recordings, transcriptions of the Recordings, and any medical records, metadata, or other data related to Encounter Data that are associated with each patient for whom a Recording is made.
    6. Iris IP” means the Services, the Documentation, and any and all intellectual property provided to Customer or any Authorized User in connection with the foregoing.
    7. Participant” means any patient, Authorized User, associated care team member or other individual person(s) whose personal information is included in any Recording, or who is present during that Recording and provides such information during that Recording.
    8. Recording” means any and all audio recorded or created during or otherwise in connection with a health care encounter.
    9. Required Authorization” means any consent required under applicable law to (ii) use the Services, (ii) collect, capture, make and/or store Recordings relating to Participants, (iii) use a Recording, an individual's PHI or other personally identifiable information for the purposes described in Section 2.3, or (iv) to disclose any of the foregoing information for such purposes to Iris.
    10. Third-Party Materials” means materials and information, in any form or medium, including any open-source or other software, documents, data, content, specifications, products, equipment, or components of or relating to the Services that are not proprietary to Iris. Including third- party AI technology.
  2. Access and Use.
    1. Provision of Access. Subject to the terms and conditions of this Agreement, Iris hereby grants Customer a limited, royalty-free, non-exclusive, non-sublicensable, non-transferable right and license to access and use the Services during the Term, solely for use by Authorized Users in accordance with the terms and conditions herein. Such use is limited to Customer's internal use.
    2. Order Process. If Customer is an entity with multiple Authorized Users, Customer shall subscribe its Authorized Users to the Services by entering into an order (“Order”) with Iris.
    3. Documentation License. Subject to the terms and conditions contained in this Agreement, Iris hereby grants to Customer a limited, royalty-free, non-exclusive, non-sublicensable, non-transferable license to use the Documentation during the Term solely for Customer's internal business purposes in connection with its use of the Services.
    4. Use Restrictions. Customer shall not use the Services for any purposes beyond the scope of the access granted in this Agreement, and, in the case of Third-Party Materials, the applicable third-party license agreement. Customer shall not at any time, directly or indirectly, and shall not permit any Authorized Users to: (i) copy, modify, or create derivative works of the Services or Documentation, in whole or in part; (ii) rent, lease, lend, sell, license, sublicense, assign, distribute, publish, transfer, or otherwise make available the Services or Documentation; (iii) reverse engineer, disassemble, decompile, decode, adapt, or otherwise attempt to derive or gain access to any software component of the Services, in whole or in part; (iv) remove any proprietary notices from the Services or Documentation; or (v) use the Services or Documentation in any manner or for any purpose that infringes, misappropriates, or otherwise violates any intellectual property right or other right of any person, or that violates any applicable law.
    5. Reservation of Rights. Iris reserves all rights not expressly granted to Customer in this Agreement. Except for the limited rights and licenses expressly granted under this Agreement, nothing in this Agreement grants, by implication, waiver, estoppel, or otherwise, to Customer or any third party any intellectual property rights or other right, title, or interest in or to the Iris IP.
    6. Suspension. Notwithstanding anything to the contrary in this Agreement, Iris may temporarily suspend Customer's and any Authorized User's access to any portion or all of the Services if: (i) Iris reasonably determines that (A) there is a threat or attack on any of the Iris IP; (B) Customer's or any Authorized User's use of the Iris IP disrupts or poses a security risk to the Iris IP or to any other customer or vendor of Iris; (C) Customer, or any Authorized User, is using the Iris IP for fraudulent or illegal activities; (D) subject to applicable law, Customer has ceased to continue its business in the ordinary course, made an assignment for the benefit of creditors or similar disposition of its assets, or become the subject of any bankruptcy, reorganization, liquidation, dissolution, or similar proceeding; or (E) Iris's provision of the Services to Customer or any Authorized User is prohibited by applicable law; (ii) any vendor of Iris has suspended or terminated Iris's access to or use of any Third-Party Materials or other third-party services or products required to enable Customer to access the Services; or (iii) in accordance with Section 4(a)(iii) (any such suspension described in subclause (i), (ii), or (iii), a “Service Suspension”). Iris shall use commercially reasonable efforts to provide written notice of any Service Suspension to Customer and to provide updates regarding resumption of access to the Services following any Service Suspension. Iris shall use commercially reasonable efforts to resume providing access to the Services as soon as reasonably possible after the event giving rise to the Service Suspension is cured. Iris will have no liability for any damage, liabilities, losses (including any loss of data or profits), or any other consequences that Customer or any Authorized User may incur as a result of a Service Suspension.
    7. Third-Party Materials. The Services may permit access to Third-Party Materials. For purposes of this Agreement, these Third-Party Materials are subject to their own terms and conditions which may be presented to you for acceptance by website link or otherwise. The Services may also include or incorporate Third-Party Materials licensed or provided by third parties that require us to pass through additional terms to you. You shall comply with all such applicable pass-through terms as made available by us through the Documentation, or otherwise, as such terms may be updated, modified, or added from time to time. We may add or remove Third-Party Materials from time to time. If you do not agree to abide by the applicable terms for any Third-Party Materials, then you should not install, access, or use these Third-Party Materials or any Services that include or incorporate these Third-Party Materials.
  3. Customer Responsibilities.
    1. General. Customer is responsible and liable for all uses of the Services and Documentation resulting from access provided by Customer, directly or indirectly, whether such access or use is permitted by or in violation of this Agreement. Without limiting the generality of the foregoing, Customer is responsible for all acts and omissions of Authorized Users, and any act or omission by an Authorized User that would constitute a breach of this Agreement if taken by Customer will be deemed a breach of this Agreement by Customer. Customer shall use reasonable efforts to make all Authorized Users aware of this Agreement's provisions as applicable to such Authorized User's use of the Services and shall cause Authorized Users to comply with such provisions.
    2. Review of Encounter Data. Customer is solely responsible for (i) evaluating (including by human review) Encounter Data for accuracy, completeness, and other relevant factors before using, distributing, or relying on the Encounter Data and (ii) Customer's decisions, actions, and omissions in reliance or based on the Encounter Data.
    3. Compliance with Law. Customer shall comply with applicable law and regulation relevant to Customer's use of the Services and the Encounter Data, including but not limited to ensuring that only duly trained and qualified individuals who maintain licenses, certifications or other authorizations required to perform healthcare activities will use the Services or use or disclose the Encounter Data in connection with such healthcare activities.
    4. Required Authorizations. Prior to using the Services, Customer shall be responsible for ensuring that it has obtained any Required Authorizations from Participants. All Required Authorizations will be maintained by Customer for a period as required by Applicable Law. Customer shall provide evidence of Requirement Authorization upon Iris's request. Customer will notify Iris immediately if it receives notice at any time that a Participant has revoked his/her Required Authorization.
    5. Use of Data. Customer grants Iris the right to access and use the Recordings and Encounter Data for the purposes of or in connection with: (i) providing the Services; (ii) generating De-Identified Data; and (iii) analyzing, testing, developing, maintaining, refining, training, tuning, improving, enhancing, optimizing, automating, and expanding the insights, processes, methods, and tools relating to, the Services. The uses allowed under this Section 3(d) shall be considered as allowed uses under the BAA, and under the provisions of the Agreement relating to confidentiality and nondisclosure of Confidential Information. Customer acknowledges and agrees that Iris receives, uses and/or maintains only copies of official medical records or portions thereof, the originals of which must continue to be maintained by Customer or its contractors. Accordingly, the foregoing the Services shall not be deemed an electronic health record and Iris-maintained data shall not be deemed a medical record, health record or a designated record set (as defined under HIPAA), for any patient.
    6. De-Identified Data. Iris will be permitted to generate, use, disclose and retain De-Identified Data during the term of, and after termination of, this Agreement solely for the purpose of exercising its rights under the foregoing subsections (ii) and (iii) of Section 3(d) above, and in accordance with the HIPAA de-identification requirements of 45 C.F.R. §164.514(b). Customer acknowledges and agrees that the rights set forth in this Section 3(e) are necessary for the continued improvement of the Services and constitute a critical component of Services to the benefit of Customer. Accordingly, the Parties agree that, as it relates to PHI, the rights and permitted uses of Encounter Data set forth herein supplement and are hereby incorporated into the above-referenced terms of the BAA.
  4. Fees and Payment.
    1. Fees. Customer shall pay IrisMD the fees ( “ Fees”) as set forth in Exhibit A without offset or deduction. Customer shall make all payments hereunder in US dollars on or before the due date set forth in Exhibit A. If Customer fails to make any payment when due, without limiting IrisMD's other rights and remedies: (i) IrisMD may charge interest on the past due amount at the rate of 1.5% per month calculated daily and compounded monthly or, if lower, the highest rate permitted under applicable law; (ii) Customer shall reimburse IrisMD for all costs incurred by IrisMD in collecting any late payments or interest, including attorneys' fees, court costs, and collection agency fees; and (iii) if such failure continues for ten (10) days or more, IrisMD may suspend Customer's and its Authorized Users' access to any portion or all of the Services until such amounts are paid in full.
    2. Taxes. All Fees and other amounts payable by Customer under this Agreement are exclusive of taxes and similar assessments. Customer is responsible for all sales, use, and excise taxes, and any other similar taxes, duties, and charges of any kind imposed by any federal, state, or local governmental or regulatory authority on any amounts payable by Customer hereunder, other than any taxes imposed on IrisMD's income.
  5. Confidential Information. From time to time during the Term, either Party may disclose or make available to the other Party information about its business affairs, products, confidential intellectual property, trade secrets, third-party confidential information, and other sensitive or proprietary information, whether or not marked, designated, or otherwise identified as ”confidential” (collectively, ”Confidential Information”). Confidential Information does not include information that, at the time of disclosure is: (a) in the public domain; (b) known to the receiving Party at the time of disclosure; (c) rightfully obtained by the receiving Party on a non-confidential basis from a third party; or (d) independently developed by the receiving Party. The receiving Party shall not disclose the disclosing Party's Confidential Information to any person or entity, except to the receiving Party's employees who have a need to know the Confidential Information for the receiving Party to exercise its rights or perform its obligations hereunder. Notwithstanding the foregoing, each Party may disclose Confidential Information to the limited extent required (i) in order to comply with the order of a court or other governmental body, or as otherwise necessary to comply with applicable law, provided that the Party making the disclosure pursuant to the order shall first have given written notice to the other Party and made a reasonable effort to obtain a protective order; or (ii) to establish a Party's rights under this Agreement, including to make required court filings. On the expiration or termination of the Agreement, the receiving Party shall promptly return to the disclosing Party all copies, whether in written, electronic, or other form or media, of the disclosing Party's Confidential Information, or destroy all such copies and certify in writing to the disclosing Party that such Confidential Information has been destroyed. Each Party's obligations of non-disclosure with regard to Confidential Information are effective as of the Effective Date and will expire five years from the date first disclosed to the receiving Party; provided, however, with respect to any Confidential Information that constitutes a trade secret (as determined under applicable law), such obligations of non-disclosure will survive the termination or expiration of this Agreement for as long as such Confidential Information remains subject to trade secret protection under applicable law.
  6. Intellectual Property Ownership; Feedback.
    1. Iris IP. Customer acknowledges that, as between Customer and Iris, Iris owns all right, title, and interest, including all intellectual property rights, in and to the Iris IP. With respect to Third-Party Materials, the applicable third-party providers own all right, title, and interest, including all intellectual property rights, in and to the Third-Party Materials
    2. Customer Data. Iris acknowledges that, as between Iris and Customer, Customer owns all right, title, and interest, including all intellectual property rights, in and to the Customer Data. Customer hereby grants to Iris a non-exclusive, royalty-free, worldwide license to reproduce, distribute, and otherwise use and display the Customer Data and perform all acts with respect to the Customer Data as may be necessary for Iris to provide the Services to Customer.
    3. Feedback. If Customer or any other Authorized User sends or transmits any communications or materials to us by mail, email, telephone, or otherwise, suggesting or recommending changes to the Services, including without limitation, new features or functionality relating thereto, or any comments, questions, suggestions, or the like ( “Feedback”), Iris is free to use that Feedback. All Feedback is and will be treated as non-confidential. Customer hereby assigns to Iris on its behalf, and shall cause all Authorized Users to assign to Iris, all right, title, and interest in, and Iris is free to use, without any attribution or compensation to you or any third party, any ideas, know-how, concepts, techniques, or other intellectual property rights contained in the Feedback, for any purpose whatsoever, although we are have no obligation to acknowledge receipt of or use any Feedback.
  7. Warranty Disclaimer.
    1. THE IRIS IP IS PROVIDED ”AS IS” AND IRIS HEREBY DISCLAIMS ALL WARRANTIES, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE. IRIS SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT, AND ALL WARRANTIES ARISING FROM COURSE OF DEALING, USAGE, OR TRADE PRACTICEIRIS MAKES NO WARRANTY OF ANY KIND THAT THE SERVICES OR IRIS IP, OR ANY PRODUCTS OR RESULTS OF THE USE THEREOF, WILL MEET CUSTOMER'S OR ANY OTHER PERSON'S REQUIREMENTS, OPERATE WITHOUT INTERRUPTION, ACHIEVE ANY INTENDED RESULT, BE COMPATIBLE OR WORK WITH ANY SOFTWARE, SYSTEM, OR OTHER SERVICES, OR BE SECURE, ACCURATE, COMPLETE, FREE OF HARMFUL CODE, OR ERROR FREE.
    2. CUSTOMER ACKNOWLEDGES AND AGREES THAT (I) IRIS IS A TECHNOLOGY COMPANY AND THAT IT DOES NOT PROVIDE HEALTHCARE SERVICES OR MEDICAL ADVICE; (II) THE ENCOUNTER DATA PRODUCED BY THE SERVICES ARE BASED ON CUSTOMER DATA; (III) THE SERVICES MAY PRODUCE INACCURATE RECORDINGS OR ENCOUNTER DATA; AND (IV) THE SERVICES AND ENCOUNTER DATA ARE NOT INTENDED TO REPLACE THE PROFESSIONAL SKILLS, JUDGMENT OR ADVICE OF A HEALTHCARE PROVIDER. USE OF THE ENCOUNTER DATA SHOULD BE COUPLED WITH OTHER INFORMATION USED BY COMPETENT MEDICAL PROFESSIONALS IN MAKING HEALTHCARE DECISIONS. CUSTOMER ACKNOWLEDGES AND AGREES THAT IRIS IS UNABLE TO TEST THE SERVICES UNDER ALL POSSIBLE CIRCUMSTANCES, THAT IRIS CANNOT CONTROL THE MANNER IN WHICH AND THE PURPOSE FOR WHICH THE CUSTOMER SHALL USE THE SERVICES, AND THAT THE ALLOCATIONS OF RISKS UNDER THIS SCHEDULE ARE REASONABLE AND APPROPRIATE UNDER THE CIRCUMSTANCES.
    3. ALL THIRD-PARTY MATERIALS ARE PROVIDED ”AS IS” AND ANY REPRESENTATION OR WARRANTY OF OR CONCERNING ANY THIRD-PARTY MATERIALS IS STRICTLY BETWEEN CUSTOMER AND THE THIRD-PARTY OWNER OR DISTRIBUTOR OF THE THIRD-PARTY MATERIALS.
  8. Indemnification.
    1. Iris Indemnification.
      1. Iris shall indemnify, defend, and hold harmless Customer from and against any and all losses, damages, liabilities, costs (“Losses”) incurred by Customer resulting from any third-party claim, suit, action, or proceeding (“ Third-Party Claim”) that the Services, or any use of the Services in accordance with this Agreement, infringes or misappropriates such third party's US intellectual property rights, provided that Customer promptly notifies Iris in writing of such Third-Party Claim, cooperates with Iris, and allows Iris sole authority to control the defense and settlement of such Third-Party Claim.
      2. If a Third Party-Claim is made or appears possible, Customer agrees to permit Iris, at Iris's sole discretion, to (A) modify or replace the Services, or component or part thereof, to make it non-infringing, or (B) obtain the right for Customer to continue use. If Iris determines that neither alternative is reasonably available, Iris may terminate this Agreement, in its entirety or with respect to the affected component or part, effective immediately on written notice to Customer.
      3. This Section 8(a) will not apply to the extent that the alleged infringement arises from: (A) use of the Services in combination with data, software, hardware, equipment, or technology not provided by Iris or authorized by Iris in writing; (B) modifications to the Services not made by Iris; (C) Customer Data; or (D) Third-Party Materials.
    2. Customer Indemnification. Customer shall indemnify, hold harmless, and, at Iris's option, defend Iris from and against any Losses resulting from any Third-Party Claim that the Customer Data, or any use of the Customer Data in accordance with this Agreement, infringes or misappropriates such third party's intellectual property rights and any Third-Party Claims based on Customer's or any Authorized User's: (i) negligence or willful misconduct; (ii) use of the Services in a manner not authorized by this Agreement; (iii) use of the Services in combination with data, software, hardware, equipment, or technology not provided by Iris or authorized by Iris in writing; or (iv) modifications to the Services not made by Iris, provided that Customer may not settle any Third-Party Claim against Iris unless Iris consents to such settlement, and further provided that Iris will have the right, at its option, to defend itself against any such Third-Party Claim or to participate in the defense thereof by counsel of its own choice.
    3. Sole Remedy. THIS SECTION 9 SETS FORTH CUSTOMER'S SOLE REMEDIES AND IRIS'S SOLE LIABILITY AND OBLIGATION FOR ANY ACTUAL, THREATENED, OR ALLEGED CLAIMS THAT THE SERVICES INFRINGE, MISAPPROPRIATE, OR OTHERWISE VIOLATE ANY INTELLECTUAL PROPERTY RIGHTS OF ANY THIRD PARTY. IN NO EVENT WILL IRIS'S LIABILITY UNDER THIS SECTION 8 EXCEED THE FEES PAID BY CUSTOMER TO IRIS UNDER THIS AGREEMENT IN THE TWELVE (12) MONTHS PRIOR TO THE ACT THAT GAVE RISE TO THE LIABILITY.
    4. Limitations of Liability. IN NO EVENT WILL IRIS BE LIABLE UNDER OR IN CONNECTION WITH THIS AGREEMENT UNDER ANY LEGAL OR EQUITABLE THEORY, INCLUDING BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, AND OTHERWISE, FOR ANY: (a) CONSEQUENTIAL, INCIDENTAL, INDIRECT, EXEMPLARY, SPECIAL, ENHANCED, OR PUNITIVE DAMAGES; (b) INCREASED COSTS, DIMINUTION IN VALUE OR LOST BUSINESS, PRODUCTION, REVENUES, OR PROFITS; (c) LOSS OF GOODWILL OR REPUTATION; (d) USE, INABILITY TO USE, LOSS, INTERRUPTION, DELAY, OR RECOVERY OF ANY DATA, OR BREACH OF DATA OR SYSTEM SECURITY; OR (e) COST OF REPLACEMENT GOODS OR SERVICES, IN EACH CASE REGARDLESS OF WHETHER IRIS WAS ADVISED OF THE POSSIBILITY OF SUCH LOSSES OR DAMAGES OR SUCH LOSSES OR DAMAGES WERE OTHERWISE FORESEEABLE. IN NO EVENT WILL IRIS'S AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT UNDER ANY LEGAL OR EQUITABLE THEORY, INCLUDING BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, AND OTHERWISE EXCEED THE FEES PAID BY CUSTOMER TO IRIS UNDER THIS AGREEMENT IN THE TWELVE (12) MONTHS PRIOR TO THE ACT THAT GAVE RISE TO THE LIABILITY.
  9. Term and Termination.
    1. Term. The term of this Agreement begins on the Effective Date and continues until terminated (the “Term ”). Services that are specified in the Order to automatically renew will renew for successive one-year terms unless earlier terminated pursuant to this Agreement's express provisions or either party gives the other party written notice of non-renewal at least ninety (90) days prior to the expiration of the then-current services period.
    2. Termination. In addition to any other express termination right set forth in this Agreement:
      1. Iris may terminate this Agreement, effective on written notice to Customer, if Customer: (A) fails to pay any amount when due hereunder, and such failure continues more than ten (10) days after Iris's delivery of written notice thereof; or (B) breaches any of its obligations undersection 2(d) or Section 5;
      2. either Party may terminate this Agreement, effective on written notice to the other Party, if the other Party materially breaches this Agreement, and such breach: (A) is incapable of cure; or (B) being capable of cure, remains uncured thirty (30) days after the non-breaching Party provides the breaching Party with written notice of such breach; or
      3. either Party may terminate this Agreement, effective immediately upon written notice to the other Party, if the other Party: (A) becomes insolvent or is generally unable to pay, or fails to pay, its debts as they become due; (B) files or has filed against it, a petition for voluntary or involuntary bankruptcy or otherwise becomes subject, voluntarily or involuntarily, to any proceeding under any domestic or foreign bankruptcy or insolvency law; (C) makes or seeks to make a general assignment for the benefit of its creditors; or (D) applies for or has appointed a receiver, trustee, custodian, or similar agent appointed by order of any court of competent jurisdiction to take charge of or sell any material portion of its property or business.
    3. Effect of Expiration or Termination. Upon expiration or earlier termination of this Agreement, Customer shall immediately discontinue use of the Iris IP and, without limiting Customer's obligations under Section 6, Customer shall delete, destroy, or return all copies of the Iris IP and certify in writing to the Iris that the Iris IP has been deleted or destroyed. No expiration or termination will affect Customer's obligation to pay all Fees that may have become due before such expiration or termination or entitle Customer to any refund.
    4. Survival. This Section 9(d) and Sections 1, 4, 5, 6, 7, 8, 9, and 11 survive any termination or expiration of this Agreement. No other provisions of this Agreement survive the expiration or earlier termination of this Agreement.
  10. Miscellaneous.
    1. Business Associate Agreement. The Parties shall comply with the applicable provisions of HIPAA, as embodied in the Business Associate Addendum (“BAA”) between the parties attached hereto as Exhibit B and incorporated herein by reference (or any superseding BAA thereof). In the event of a conflict between this Agreement and the BAA regarding use and handling of Protected Health Information, the BAA shall control.
    2. Entire Agreement. This Agreement, together with any other documents incorporated herein by reference and all related Exhibits, constitutes the sole and entire agreement of the Parties with respect to the subject matter of this Agreement and supersedes all prior and contemporaneous understandings, agreements, and representations and warranties, both written and oral, with respect to such subject matter. In the event of any inconsistency between the statements made in the body of this Agreement, the related Exhibits, and any other documents incorporated herein by reference, the following order of precedence governs: (i) first, this Agreement, excluding its Exhibits; (ii) second, the Exhibits to this Agreement as of the Effective Date; and (iii) third, any other documents incorporated herein by reference.
    3. Notices. Any notices to us must be sent to contact@irismd.com or our corporate headquarters address available at irismd.com and must be delivered either in person, by email, certified or registered mail, return receipt requested and postage prepaid, or by recognized overnight courier service, and are deemed given upon receipt by us. Notwithstanding the foregoing, you hereby consent to receiving electronic communications from us. These electronic communications may include notices about applicable fees and charges, transactional information, and other information concerning or related to the Services. You agree that any notices, agreements, disclosures, or other communications that we send to you electronically will satisfy any legal communication requirements, including that such communications be in writing.
    4. Force Majeure. In no event shall either Party be liable to the other Party, or be deemed to have breached this Agreement, for any failure or delay in performing its obligations under this Agreement (except for any obligations to make payments), if and to the extent such failure or delay is caused by any circumstances beyond such Party's reasonable control, including but not limited to acts of God, flood, fire, earthquake, pandemic, explosion, war, terrorism, invasion, riot or other civil unrest, strikes, labor stoppages or slowdowns or other industrial disturbances, or passage of law or any action taken by a governmental or public authority, including imposing an embargo.
    5. Amendment and Modification; Waiver. We may modify this Agreement at any time without notice. By using the Services after a change in the terms, you are agreeing to be bound by the then current version of this Agreement.
    6. Severability. If any provision of this Agreement is invalid, illegal, or unenforceable in any jurisdiction, such invalidity, illegality, or unenforceability will not affect any other term or provision of this Agreement or invalidate or render unenforceable such term or provision in any other jurisdiction. Upon such determination that any term or other provision is invalid, illegal, or unenforceable, the Parties shall negotiate in good faith to modify this Agreement so as to effect their original intent as closely as possible in a mutually acceptable manner in order that the transactions contemplated hereby be consummated as originally contemplated to the greatest extent possible.
    7. Governing Law; Submission to Jurisdiction. This Agreement is governed by and construed in accordance with the internal laws of the State of Georgia without giving effect to any choice or conflict of law provision or rule that would require or permit the application of the laws of any jurisdiction other than those of the State of Georgia. Any legal suit, action, or proceeding arising out of this Agreement or the licenses granted hereunder will be instituted in the federal courts of the United States or the courts of the State of Georgia in each case located in the city of Marietta and Cobb County, and each Party irrevocably submits to the exclusive jurisdiction of such courts in any such suit, action, or proceeding.
    8. Assignment. Customer may not assign any of its rights or delegate any of its obligations hereunder, in each case whether voluntarily, involuntarily, by operation of law or otherwise, without the prior written consent of Iris. Any purported assignment or delegation in violation of this Section will be null and void. No assignment or delegation will relieve the assigning or delegating Party of any of its obligations hereunder. This Agreement is binding upon and inures to the benefit of the Parties and their respective permitted successors and assigns.
    9. Export Regulation. Customer shall comply with all applicable federal laws, regulations, and rules, and complete all required undertakings (including obtaining any necessary export license or other governmental approval), that prohibit or restrict the export or re-export of the Services or any Customer Data outside the US.
    10. Equitable Relief. Each Party acknowledges and agrees that a breach or threatened breach by such Party of any of its obligations under Section 6 would cause the other Party irreparable harm for which monetary damages would not be an adequate remedy and agrees that, in the event of such breach or threatened breach, the other Party will be entitled to equitable relief, including a restraining order, an injunction, specific performance, and any other relief that may be available from any court, without any requirement to post a bond or other security, or to prove actual damages or that monetary damages are not an adequate remedy. Such remedies are not exclusive and are in addition to all other remedies that may be available at law, in equity, or otherwise.

Exhibit A - Fees

Reserved.

Exhibit B - Business Associate Addendum

This Business Associate Addendum (“BAA”) is entered into by and between Customer (“Covered Entity”) and Iris Medical Technologies, LLC (“Business Associate”) and the customer agreeing to the terms (“Covered Entity”) and supplements, amends and is incorporated into the Iris Services Agreement (“Agreement”).

  1. DEFINITIONS
    1. Breach” shall have the meaning given to such term in 45 C.F.R. § 164.402.
    2. Breach Notification Rule” shall mean the rule related to breach notification for Unsecured Protected Health Information codified at 45 C.F.R. Parts 160 and 164, Subpart D.
    3. Designated Record Set” shall have the meaning given to such term under the Privacy Rule at 45 C.F.R. § 164.501.
    4. Electronic Protected Health Information” or (“EPHI”) shall have the same meaning given to such term under the Security Rule, including, but not limited to, 45 C.F.R. § 160.103, limited to the information created or received by Business Associate from or on behalf of Covered Entity.
    5. Privacy Rule” shall mean the Standards for Privacy of Individually Identifiable Health Information, codified at 45 C.F.R. Parts 160 and 164, Subparts A and E.
    6. Protected Health Information” or “PHI ” shall have the meaning given to such term under the Privacy and Security Rules at 45 C.F.R. § 160.103, limited to the information created or received by Business Associate from or on behalf of Covered Entity.
    7. Security Rule” shall mean the Security Standards for the Protection of Electronic Protected Health Information, codified at 45 C.F.R. Parts 160 and 164, Subparts A and C.
    8. Other capitalized terms used, but not otherwise defined in this BAA, shall have the same meaning as those terms in the Privacy, Security or Breach Notification Rules.
  2. PRIVACY RULE PERMITTED USES AND DISCLOSURES OF BUSINESS ASSOCIATE
    1. Permitted Uses and Disclosures of PHI. Except as provided in Paragraphs (b), (c), (d), (e) and (f) below, Business Associate may only use or disclose PHI to perform functions, activities or services for, or on behalf of Covered Entity, as specified in the Agreement.
    2. Use for Management and Administration. Business Associate may, consistent with 45 C.F.R. § 164.504(e)(4), use PHI if necessary (i) for the proper management and administration of Business Associate, or (ii) to carry out the legal responsibilities of Business Associate.
    3. Disclosure for Management and Administration. Business Associate may, consistent with 45 C.F.R. § 164.504(e)(4), disclose PHI for the proper management and administration of Business Associate or to carry out the legal responsibilities of Business Associate, provided (i) the disclosure is Required by Law, or (ii) Business Associate obtains reasonable assurances from the person to whom the PHI is disclosed (“Person”) that it will be held confidentially and will be used or further disclosed only as Required by Law or for the purpose for which it was disclosed to the Person, and that the Person agrees to immediately notify Business Associate in writing of any instances of which it becomes aware in which the confidentiality of the information has been breached or is suspected to have been breached.
    4. Data Aggregation. Business Associate may use and disclose PHI to provide Data Aggregation services to Covered Entity as permitted by 42 C.F.R. § 164.504(e)(2)(i)(B).
    5. De-Identification. Business Associate may de-identify PHI in accordance with 45 C.F.R. § 164.514(b).
    6. Reporting Violations. Business Associate may use and disclose PHI to report violations of law to appropriate Federal and State authorities, consistent with 45 C.F.R. § 164.502(j)(1).
    7. Required by Law. Business Associate may use and disclose PHI as required or permitted by law.
  3. PRIVACY RULE OBLIGATIONS AND ACTIVITIES OF BUSINESS ASSOCIATE
    1. Limitations on Disclosure. Business Associate shall not use or disclose PHI other than as permitted or required by this BAA, the Agreement, or as Required by Law. Business Associate shall not use or disclose PHI in a manner that would violate the Privacy Rule if done by Covered Entity, unless expressly permitted to do so pursuant to the Privacy Rule, the Agreement, and this BAA.
    2. Appropriate Safeguards. Business Associate shall use appropriate safeguards to prevent use or disclosure of PHI other than as permitted by the Agreement, this BAA, or as Required by Law.
    3. Obligations on Behalf of Covered Entity. To the extent Business Associate carries out an obligation for which Covered Entity is responsible under the Privacy Rule, Business Associate must comply with the requirements of the Privacy Rule that apply to Covered Entity in the performance of such obligation.
    4. Mitigation. Business Associate shall mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of PHI by Business Associate in violation of the requirements of HIPAA, the Agreement, or this BAA.
    5. Reporting of Improper Use or Disclosure. Business Associate shall report to Covered Entity in writing any use or disclosure of PHI not permitted by this BAA promptly after becoming aware of such use or disclosure.
    6. Business Associate's Subcontractors. Business Associate shall ensure, consistent with 45 C.F.R. § 164.502(e)(1)(ii), that any Subcontractor that creates, receives, maintains, or transmits PHI on behalf of Business Associate agrees in writing to substantially the same restrictions and conditions that apply through this BAA to Business Associate with respect to such PHI.
    7. Access to PHI. Business Associate shall provide access, at the request of Covered Entity, and in the time and manner reasonably designated by Covered Entity, to PHI in a Designated Record Set, to Covered Entity in order for Covered Entity to meet the requirements under the Privacy Rule at 45 C.F.R. § 164.524. If an Individual requests access to PHI directly from Business Associate, Business Associate shall notify Covered Entity in writing promptly after receiving such request. Any denial of access to PHI maintained by Business Associate shall be the responsibility of Covered Entity.
    8. Amendment of PHI. Business Associate shall make any PHI contained in a Designated Record Set available to Covered Entity for purposes of amendment pursuant to 45 C.F.R. § 164.526. If an Individual requests an amendment of PHI directly from Business Associate, Business Associate shall notify Covered Entity in writing promptly after receiving such request. Any denial of amendment of PHI maintained by Business Associate shall be the responsibility of Covered Entity.
    9. Accounting/Documentation of Disclosures. To the extent applicable, Business Associate agrees to document disclosures of PHI and information related to such disclosures as would be required for Covered Entity to respond to a request by an Individual for an accounting of disclosures of PHI in accordance with the Privacy Rule at 45 C.F.R. § 164.528. Business Associate shall provide Covered Entity with such documentation upon the request of Covered Entity. If Business Associate receives a request for an accounting directly from an Individual, Business Associate shall notify Covered Entity of such request and subsequently provide Covered Entity the aforementioned documentation.
    10. Governmental Access to Records. Business Associate shall make its internal practices, books and records, including policies and procedures, relating to the use and disclosure of PHI received from, or created or received by Business Associate on behalf of Covered Entity available to the Secretary for purposes of determining Covered Entity's compliance with the Privacy Rule as applicable.
    11. Minimum Necessary. Business Associate shall only request, use and disclose the Minimum Necessary amount of PHI necessary to accomplish the purpose of the request, use or disclosure.
  4. SECURITY RULE OBLIGATIONS OF BUSINESS ASSOCIATE
    1. Compliance with the Security Rule. Business Associate agrees to comply with the Security Rule with respect to EPHI and have in place reasonable and appropriate Administrative, Physical, and Technical Safeguards to protect the Confidentiality, Integrity, and Availability of EPHI and to prevent the use or disclosure of EPHI other than as permitted by the Agreement and this BAA or as Required by Law.
    2. Subcontractors. Business Associate shall ensure that any Subcontractor that creates, receives, maintains, or transmits EPHI on behalf of Business Associate agrees in writing to comply with the Security Rule with respect to such EPHI.
    3. Security Incident. Business Associate shall report any successful Security Incident promptly upon becoming aware of such incident. Separate from the requirements related to Security Incident reporting, Business Associate shall also make the reports set forth below in Section 5, related to a Breach of Unsecured PHI. For purposes of this BAA, an “unsuccessful” Security Incident is an unsuccessful attempt to breach the security of Business Associate's systems that Business Associate determines was targeted at Business Associate's systems storing Covered Entity's EPHI, and includes general “pinging” or “denial of service” attacks that are not determined to have been directed at such EPHI, and such unsuccessful Security Incidents shall be deemed as having been reported.
  5. BREACH NOTIFICATION RULE OBLIGATIONS OF BUSINESS ASSOCIATE
    1. Notification Requirement. To the extent Business Associate accesses, maintains, retains, modifies, records, stores, destroys, or otherwise holds, uses or discloses Unsecured PHI, it will, following the discovery of a Breach of such information, notify Covered Entity of such Breach without unreasonable delay and in no case later than sixty (60) days after discovery of the Breach.
    2. Contents of Notification. Any notice referenced above in paragraph 5(a) of this BAA will include, to the extent known to the Business Associate, the identification of each individual whose Unsecured PHI has been, or is reasonably believed by Business Associate to have been accessed, acquired, used, or disclosed during such Breach. Business Associate will also provide to Covered Entity other available information that the Covered Entity is required to include in its notification to the individual pursuant to the Breach Notification Rule.
  6. TERM AND TERMINATION
    1. Term. The term of this BAA shall commence as of the Effective Date, and shall terminate when all of the PHI provided by Covered Entity to Business Associate, or created or received by Business Associate on behalf of Covered Entity, is destroyed or returned to Covered Entity or, if it is infeasible to return or destroy PHI, protections are extended to such information, in accordance with the provisions of this Section 6.
    2. Termination for Cause. Upon Covered Entity's knowledge of a material breach of the terms of this BAA by Business Associate, Covered Entity shall:
      1. Provide an opportunity for Business Associate to cure, and, if Business Associate does not cure the breach within sixty (60) days, Covered Entity may immediately terminate this BAA and the Agreement; or
      2. Immediately terminate this BAA if Covered Entity has determined that (a) Business Associate has breached a material term of this BAA, and (b) cure is not possible.
    3. Termination by Business Associate. Business Associate shall have the right to terminate the BAA under the same terms and conditions as set forth above with respect to Covered Entity's right to terminate.
    4. Termination of Agreement. This BAA shall immediately terminate upon termination of the Agreement.
    5. Effect of Termination.
      1. Except as provided in paragraph (ii) of this Section 6(e), upon termination of this BAA for any reason, Business Associate shall return or destroy all PHI received from Covered Entity, or created or received by Business Associate on behalf of Covered Entity, and shall retain no copies of the PHI except as required by the Agreement.
      2. In the event that Business Associate determines that returning or destroying the PHI is infeasible, Business Associate shall provide to Covered Entity notification of the conditions that make return or destruction infeasible. Business Associate shall extend the protections of this BAA to such PHI and limit further uses and disclosures of such PHI to those purposes that make the return or destruction infeasible, for so long as Business Associate maintains such PHI.
  7. COVERED ENTITY OBLIGATIONS
    1. To the extent that Covered Entity has agreed to further limitations on uses and disclosures of PHI, Covered Entity shall notify Business Associate of such additional restrictions, including any limitation(s) in Covered Entity's notice of privacy practices that are produced in accordance with 45 C.F.R. § 164.520 (as well as any changes to that notice), to the extent that such limitation(s) may affect Business Associate's use or disclosure of PHI.
    2. Covered Entity shall promptly provide Business Associate with any changes in, or revocation of, permission by an Individual to use or disclose PHI, to the extent that such changes affect Business Associate's use or disclosure of PHI.
    3. Covered Entity shall promptly notify Business Associate of any restriction to the use or disclosure of PHI that Covered Entity has agreed to in accordance with 45 C.F.R. § 164.522, to the extent that such restriction may affect Business Associate's use or disclosure of PHI.
    4. Covered Entity shall provide Business Associate only the Minimum Necessary amount of PHI for Business Associate to accomplish the intended purpose of the disclosure.
  8. MISCELLANEOUS
    1. Regulatory References. A reference in this BAA to a section in the Privacy, Security, or Breach Notification Rule means the section as in effect or as amended, and for which compliance is required.
    2. Survival. The respective rights and obligations of Business Associate under Section 6(e) of this BAA shall survive the termination of the BAA.
    3. No Third-Party Beneficiaries. Nothing express or implied in this BAA is intended to confer, nor shall anything herein confer, upon any person other than Covered Entity, Business Associate and their respective successors or assigns, any rights, remedies, obligations or liabilities whatsoever.
    4. Amendment. The parties agree to take such action as is necessary to amend this BAA from time to time as is necessary for the parties to comply with the requirements of the Privacy, Security or Breach Notification Rule and HIPAA.
    5. Effect on Agreement. Except as specifically required to implement the purposes of this BAA, or to the extent inconsistent with this BAA, all other terms of the Agreement shall remain in force and effect.
    6. Interpretation. The provisions of this BAA shall prevail over any provisions in the Agreement that may conflict or appear inconsistent with any provision in this BAA. Any ambiguity in this BAA shall be resolved to permit the parties to comply with the Privacy, Security, and Breach Notification Rules, and HIPAA.
    7. Governing Law. This BAA shall be governed by and construed in accordance with the same internal laws as that of the Agreement.