BAA

Business Associate Agreement This Business Associate Agreement (“The BAA”) is made and entered into as of ________________ by and between ______________________________, a ______________________ (the “Covered Entity”, in accordance with the meaning given to those terms at 45 CFR 160.103), and Juniper Solutions, Inc., a Delaware C-Corporation (the “Business Associate”, in accordance with the meaning given to those terms at 45 CFR 160.103). In this BAA, Covered Entity and Business Associate are each a “Party” and, collectively, are the “Parties”. Definitions Catch-all definition: The following terms used in this Agreement shall have the same meaning as those terms in the HIPAA Rules: Breach, Data Aggregation, Designated Record Set, Disclosure, Health Care Operations, Individual, Minimum Necessary, Notice of Privacy Practices, Protected Health Information, Required By Law, Secretary, Security Incident, Subcontractor, Unsecured Protected Health Information, and Use. “HIPAA Rules” shall mean the Privacy, Security, Breach Notification, and Enforcement Rules at 45 CFR Part 160 and Part 164. Obligations and Activities of Business Associate Business Associate agrees to: (a) Not use or disclose protected health information other than as permitted or required by the Agreement or as required by law; (b) Use appropriate safeguards, and comply with Subpart C of 45 CFR Part 164 with respect to electronic protected health information, to prevent use or disclosure of protected health information other than as provided for by the Agreement; (c) Report to Covered Entity any use or disclosure of protected health information not provided for by the Agreement of which it becomes aware, including breaches of unsecured protected health information as required at 45 CFR 164.410, and any security incident of which it becomes aware; (d) In accordance with 45 CFR 164.502(e)(1)(ii) and 164.308(b)(2), if applicable, ensure that any subcontractors that create, receive, maintain, or transmit protected health information on behalf of the business associate agree to the same restrictions, conditions, and requirements that apply to the business associate with respect to such information; (e) Make available protected health information in a designated record set to the Covered Entity as necessary to satisfy Covered Entity’s obligations under 45 CFR 164.524; (f) Make any amendment(s) to protected health information in a designated record set as directed or agreed to by the Covered Entity pursuant to 45 CFR 164.526, or take other measures as necessary to satisfy Covered Entity’s obligations under 45 CFR 164.526; (g) Maintain and make available the information required to provide an accounting of disclosures to the Covered Entity as necessary to satisfy Covered Entity’s obligations under 45 CFR 164.528; (h) To the extent the business associate is to carry out one or more of Covered Entity's obligation(s) under Subpart E of 45 CFR Part 164, comply with the requirements of Subpart E that apply to the Covered Entity in the performance of such obligation(s); and (i) Make its internal practices, books, and records available to the Secretary for purposes of determining compliance with the HIPAA Rules. Permitted Uses and Disclosures by Business Associate (a) Business associate may use or disclose protected health information as reasonably necessary to perform or provide products, software, and/or services to Covered Entity, and to undertake any other activities of Business Associate permitted or required of Business Associate by this BAA or as required by law. (b) Business associate may de-identify protected health information in accordance with 45 CFR 164.514(b) and may use or disclose such de-identified data unless prohibited by applicable law. (c) Business associate may use or disclose protected health information as required by law. (d) Business associate agrees to make uses and disclosures and requests for protected health information consistent with Covered Entity’s minimum necessary policies and procedures. (e) Business associate may not use or disclose protected health information in a manner that would violate Subpart E of 45 CFR Part 164 if done by Covered Entity, except for the specific uses and disclosures set forth below. (f) Business associate may use protected health information for the proper management and administration of the business associate or to carry out the legal responsibilities of the business associate. (g) Business associate may disclose protected health information for the proper management and administration of business associate or to carry out the legal responsibilities of the business associate, provided the disclosures are required by law, or business associate obtains reasonable assurances from the person to whom the information is disclosed that the information will remain confidential and used or further disclosed only as required by law or for the purposes for which it was disclosed to the person, and the person notifies business associate of any instances of which it is aware in which the confidentiality of the information has been breached. (h) Business associate may provide data aggregation services relating to the health care operations of the Covered Entity. Term and Termination (a) Term. The Term of this Agreement shall be effective as of ______________, and shall terminate upon the termination of any master services agreement or on the date Covered Entity terminates for cause as authorized in paragraph (b) of this Section, whichever is sooner. 2 (b) Termination for Cause. Business associate authorizes termination of this Agreement by Covered Entity, if Covered Entity determines business associate has violated a material term of the Agreement and business associate has not cured the breach or ended the violation within 30 days. (c) Obligations of Business Associate Upon Termination. Upon termination of this Agreement for any reason, business associate shall destroy all protected health information received from Covered Entity, or created, maintained, or received by business associate on behalf of Covered Entity, that the business associate still maintains in any form. Business associate shall retain no copies of the protected health information. (d) Survival. The obligations of business associate under this Section shall survive the termination of this Agreement. Miscellaneous (a) Regulatory References. A reference in this Agreement to a section in the HIPAA Rules means the section as in effect or as amended. (b) Amendment. The Parties agree to take such action as is necessary to amend this Agreement from time to time as is necessary for compliance with the requirements of the HIPAA Rules and any other applicable law. (c) Interpretation. Any ambiguity in this Agreement shall be interpreted to permit compliance with the HIPAA Rules. In light of the mutual agreement and understanding described above, the Parties execute this BAA as of the date first written above. By: ______________________________________ By: ______________________________________ Name: ___________________________________ Name: ___________________________________ Title: ____________________________________ Title: ____________________________________ 3 MUTUAL NON-DISCLOSURE AGREEMENT This Non-Disclosure Agreement (this “Agreement”) is entered into and made effective as of ______________________, (the “Effective Date”) between __________________, a ______________________corporation (“Client”), and Juniper Solutions, Inc., a Delaware corporation, whose address is 2261 Market Street, #4180, San Francisco, CA 94114 (“Company”). Client and Company desire to engage in discussions regarding a potential agreement or other transaction between the parties (the “Purpose”). In connection with such discussions, the parties may disclose to each other certain confidential information or materials. In consideration of the foregoing, the parties agree as follows: 1. Confidential Information. For purposes of this Agreement, “Confidential Information” of a party means any information or materials disclosed by or on behalf of that party to the other party before, on or after the Effective Date that: (a) if disclosed in writing or in the form of tangible materials, is marked “confidential” or “proprietary” or with a similar designation at the time of such disclosure; (b) if disclosed orally or presented visually, is identified as “confidential” or “proprietary” at the time of such disclosure, and is summarized in a writing sent by the disclosing party to the receiving party within thirty (30) days after any such disclosure; or (c) due to its nature or the circumstances of its disclosure, a person exercising reasonable business judgment would understand to be confidential or proprietary. 2. Obligations and Restrictions. Each party agrees: (a) to maintain the other party's Confidential Information in strict confidence, and protect and safeguard it using at least the same degree of care as it uses to protect the confidentiality of its own confidential information of similar importance, but no less than a commercially reasonable degree of care; (b) not to disclose such Confidential Information to any third party; and (c) not to use such Confidential Information for any purpose other than the Purpose. Each party may disclose the other party’s Confidential Information to its employees and consultants who have a bona fide need to know such Confidential Information solely for, and only to the extent necessary to pursue, the Purpose; provided that each such employee and consultant is bound by a written agreement that contains non-use and confidentiality obligations at least as protective of the other party’s Confidential Information as those set forth in this Agreement. 3. Exceptions. The obligations and restrictions in Section 2 will not apply to any information or materials that: (a) were, at the date of disclosure, or have subsequently become, generally known or available to the public through no act or failure to act by the receiving party; (b) were rightfully known by the receiving party without restriction as to use or disclosure prior to receiving such information or materials from the disclosing party; (c) are rightfully acquired by the receiving party from a third party who has the right to disclose such information or materials without breach of any obligation of confidentiality or restricted use to the disclosing party; or (d) are independently developed by the receiving party without access to any Confidential Information of the disclosing party. 4. Compelled Disclosure. Nothing in this Agreement will be deemed to restrict a party from disclosing the other party’s Confidential Information to the extent required by any order, subpoena, law, statute or regulation, provided that the party required to make such a disclosure uses reasonable efforts to give the other party sufficient advance notice to enable the other party to prevent or limit such disclosure. 4 The receiving party shall disclose no more than that portion of the Confidential Information which such order, subpoena, law, statute or regulation specifically requires the receiving party to disclose. 5. Return of Confidential Information. Upon the completion or abandonment of the Purpose, or earlier upon the disclosing party’s written request, the receiving party will promptly return to the disclosing party or, at the disclosing party’s option, destroy, all tangible items and embodiments containing or consisting of the disclosing party’s Confidential Information and all copies thereof (including electronic copies), and any notes, analyses, compilations, studies, interpretations, memoranda or other documents (regardless of the form thereof) prepared by or on behalf of the receiving party that contain or are based upon the disclosing party’s Confidential Information. 6. No Obligations. Each party retains the right, in its sole discretion, to determine whether to disclose any Confidential Information to the other party. This agreement imposes no obligation on either party to negotiate or enter into any other agreements or arrangements with the other party, whether or not related to the Purpose. 7. No License. All Confidential Information remains the sole and exclusive property of the disclosing party. Each party acknowledges and agrees that nothing in this Agreement will be construed as granting any rights to the receiving party, by license or otherwise, in or to any Confidential Information of the disclosing party, or any patent, copyright or other intellectual property or proprietary rights of the disclosing party, except for the limited right of use solely for the Purpose as specified in this Agreement. 8. No Warranty. ALL CONFIDENTIAL INFORMATION IS PROVIDED BY THE DISCLOSING PARTY “AS IS” WITHOUT EXPRESS OR IMPLIED WARRANTIES OF ANY KIND. Neither party shall have any liability to the other party resulting from the Confidential Information disclosed to the other party or for its use or any errors or omissions in it. 9. Term. ThetermofthisAgreementwillcommenceontheEffectiveDateandexpirethree(3) years thereafter; provided that either party may terminate this Agreement prior to expiration by giving written notice to the other party. Notwithstanding anything to the contrary herein, each party’s rights and obligations under this Agreement shall survive any expiration or termination of this Agreement for a period of three (3) years thereafter except that, as to any Confidential Information that the disclosing party maintains as a trade secret, the receiving party’s obligations under Section 2 will remain in effect for as long such Confidential Information remains a trade secret. 10. Equitable Relief. Each party hereby agrees that the unauthorized use or disclosure of the disclosing party’s Confidential Information may cause the disclosing party to incur irreparable harm and significant damages for which there may be no adequate remedy at law. Accordingly, each party agrees that the disclosing party will have the right to seek immediate equitable relief to enjoin any unauthorized use or disclosure of its Confidential Information, in addition to any other rights and remedies that it may have at law or otherwise. 11. Miscellaneous. This Agreement will be governed and construed in accordance with the laws of the State of California, without giving effect to any principles of conflict of laws that would lead to the application of the laws of another jurisdiction. This Agreement is the complete and exclusive agreement between the parties with respect to its subject matter and supersedes all prior or contemporaneous agreements, communications and understandings, both oral and written, between the parties with respect to its subject matter. This Agreement may be amended or modified only by a written document executed by duly authorized representatives of both parties. If any provision of this Agreement is held invalid, illegal or unenforceable, that provision will be enforced to the maximum extent permitted by law, given the fundamental intentions of the parties, and the remaining provisions of this Agreement will remain in full force and effect. Neither party may assign or transfer any rights or obligations under this Agreement, by operation of law or otherwise, without the other party’s prior written consent, and any attempted assignment 5 without such consent will be void. Subject to the foregoing, this Agreement is binding upon and will inure to the benefit of each of the parties and their respective successors and permitted assigns. This Agreement may be executed in counterparts, each of which will be deemed an original, and all of which together will constitute one and the same instrument. IN WITNESS WHEREOF, the parties hereto have executed this Mutual Non-Disclosure Agreement by their duly authorized officers or representatives. CLIENT: Signature: Name: Title: COMPANY: Signature: Name: Title:

Business Associate Agreement

This Business Associate Agreement (“The BAA”) is made and entered into as of ________________ by and between ______________________________, a ______________________ (the “Covered Entity”, in accordance with the meaning given to those terms at 45 CFR 160.103), and Juniper Solutions, Inc., a Delaware C-Corporation (the “Business Associate”, in accordance with the meaning given to those terms at 45 CFR 160.103). In this BAA, Covered Entity and Business Associate are each a “Party” and, collectively, are the “Parties”.

Definitions

Catch-all definition: The following terms used in this Agreement shall have the same meaning as those terms in the HIPAA Rules: Breach, Data Aggregation, Designated Record Set, Disclosure, Health Care Operations, Individual, Minimum Necessary, Notice of Privacy Practices, Protected Health Information, Required By Law, Secretary, Security Incident, Subcontractor, Unsecured Protected Health Information, and Use. “HIPAA Rules” shall mean the Privacy, Security, Breach Notification, and Enforcement Rules at 45 CFR Part 160 and Part 164.

Obligations and Activities of Business Associate

Business Associate agrees to:

(a) Not use or disclose protected health information other than as permitted or required by the Agreement or as required by law;

(b) Use appropriate safeguards, and comply with Subpart C of 45 CFR Part 164 with respect to electronic protected health information, to prevent use or disclosure of protected health information other than as provided for by the Agreement;

(c) Report to Covered Entity any use or disclosure of protected health information not provided for by the Agreement of which it becomes aware, including breaches of unsecured protected health information as required at 45 CFR 164.410, and any security incident of which it becomes aware;

(d) In accordance with 45 CFR 164.502(e)(1)(ii) and 164.308(b)(2), if applicable, ensure that any subcontractors that create, receive, maintain, or transmit protected health information on behalf of the business associate agree to the same restrictions, conditions, and requirements that apply to the business associate with respect to such information;

(e) Make available protected health information in a designated record set to the Covered Entity as necessary to satisfy Covered Entity’s obligations under 45 CFR 164.524;

(f) Make any amendment(s) to protected health information in a designated record set as directed or agreed to by the Covered Entity pursuant to 45 CFR 164.526, or take other measures as necessary to satisfy Covered Entity’s obligations under 45 CFR 164.526;

(g) Maintain and make available the information required to provide an accounting of disclosures to the Covered Entity as necessary to satisfy Covered Entity’s obligations under 45 CFR 164.528;

(h) To the extent the business associate is to carry out one or more of Covered Entity's obligation(s) under Subpart E of 45 CFR Part 164, comply with the requirements of Subpart E that apply to the Covered Entity in the performance of such obligation(s); and

(i) Make its internal practices, books, and records available to the Secretary for purposes of determining compliance with the HIPAA Rules.

Permitted Uses and Disclosures by Business Associate

(a) Business associate may use or disclose protected health information as reasonably necessary to perform or provide products, software, and/or services to Covered Entity, and to undertake any other activities of Business Associate permitted or required of Business Associate by this BAA or as required by law.

(b) Business associate may de-identify protected health information in accordance with 45 CFR 164.514(b) and may use or disclose such de-identified data unless prohibited by applicable law.

(d) Business associate agrees to make uses and disclosures and requests for protected health information consistent with Covered Entity’s minimum necessary policies and procedures.

(e) Business associate may not use or disclose protected health information in a manner that would violate Subpart E of 45 CFR Part 164 if done by Covered Entity, except for the specific uses and disclosures set forth below.

(f) Business associate may use protected health information for the proper management and administration of the business associate or to carry out the legal responsibilities of the business associate.

(g) Business associate may disclose protected health information for the proper management and administration of business associate or to carry out the legal responsibilities of the business associate, provided the disclosures are required by law, or business associate obtains reasonable assurances from the person to whom the information is disclosed that the information will remain confidential and used or further disclosed only as required by law or for the purposes for which it was disclosed to the person, and the person notifies business associate of any instances of which it is aware in which the confidentiality of the information has been breached.

(h) Business associate may provide data aggregation services relating to the health care operations of the Covered Entity.

Term and Termination

(a) Term. The Term of this Agreement shall be effective as of ______________, and shall terminate upon the termination of any master services agreement or on the date Covered Entity terminates for cause as authorized in paragraph (b) of this Section, whichever is sooner.

(b) Termination for Cause. Business associate authorizes termination of this Agreement by Covered Entity, if Covered Entity determines business associate has violated a material term of the Agreement and business associate has not cured the breach or ended the violation within 30 days.

Upon termination of this Agreement for any reason, business associate shall destroy all protected health information received from Covered Entity, or created, maintained, or received by business associate on behalf of Covered Entity, that the business associate still maintains in any form. Business associate shall retain no copies of the protected health information.

(d) Survival. The obligations of business associate under this Section shall survive the termination of this Agreement.

Miscellaneous

(a) Regulatory References. A reference in this Agreement to a section in the HIPAA Rules means the section as in effect or as amended.

(b) Amendment. The Parties agree to take such action as is necessary to amend this Agreement from time to time as is necessary for compliance with the requirements of the HIPAA Rules and any other applicable law.

In light of the mutual agreement and understanding described above, the Parties execute this BAA as of the date first written above.

By: ______________________________________ By: ______________________________________ Name: ___________________________________ Name: ___________________________________ Title: ____________________________________ Title: ____________________________________

MUTUAL NON-DISCLOSURE AGREEMENT

This Non-Disclosure Agreement (this “Agreement”) is entered into and made effective as of ______________________, (the “Effective Date”) between __________________, a ______________________corporation (“Client”), and Juniper Solutions, Inc., a Delaware corporation, whose address is 2261 Market Street, #4180, San Francisco, CA 94114 (“Company”).

Client and Company desire to engage in discussions regarding a potential agreement or other transaction between the parties (the “Purpose”). In connection with such discussions, the parties may disclose to each other certain confidential information or materials.

In consideration of the foregoing, the parties agree as follows:

1. Confidential Information. For purposes of this Agreement, “Confidential Information” of a party means any information or materials disclosed by or on behalf of that party to the other party before, on or after the Effective Date that: (a) if disclosed in writing or in the form of tangible materials, is marked “confidential” or “proprietary” or with a similar designation at the time of such disclosure; (b) if disclosed orally or presented visually, is identified as “confidential” or “proprietary” at the time of such disclosure, and is summarized in a writing sent by the disclosing party to the receiving party within thirty (30) days after any such disclosure; or (c) due to its nature or the circumstances of its disclosure, a person exercising reasonable business judgment would understand to be confidential or proprietary.

2. Obligations and Restrictions. Each party agrees: (a) to maintain the other party's Confidential Information in strict confidence, and protect and safeguard it using at least the same degree of care as it uses to protect the confidentiality of its own confidential information of similar importance, but no less than a commercially reasonable degree of care; (b) not to disclose such Confidential Information to any third party; and (c) not to use such Confidential Information for any purpose other than the Purpose. Each party may disclose the other party’s Confidential Information to its employees and consultants who have a bona fide need to know such Confidential Information solely for, and only to the extent necessary to pursue, the Purpose; provided that each such employee and consultant is bound by a written agreement that contains non-use and confidentiality obligations at least as protective of the other party’s Confidential Information as those set forth in this Agreement.

3. Exceptions. The obligations and restrictions in Section 2 will not apply to any information or materials that:

(a) were, at the date of disclosure, or have subsequently become, generally known or available to the public through no act or failure to act by the receiving party;

(b) were rightfully known by the receiving party without restriction as to use or disclosure prior to receiving such information or materials from the disclosing party;

(c) are rightfully acquired by the receiving party from a third party who has the right to disclose such information or materials without breach of any obligation of confidentiality or restricted use to the disclosing party; or

(d) are independently developed by the receiving party without access to any Confidential Information of the disclosing party.

4. Compelled Disclosure. Nothing in this Agreement will be deemed to restrict a party from disclosing the other party’s Confidential Information to the extent required by any order, subpoena, law, statute or regulation, provided that the party required to make such a disclosure uses reasonable efforts to give the other party sufficient advance notice to enable the other party to prevent or limit such disclosure.

The receiving party shall disclose no more than that portion of the Confidential Information which such order, subpoena, law, statute or regulation specifically requires the receiving party to disclose.

5. Return of Confidential Information. Upon the completion or abandonment of the Purpose, or earlier upon the disclosing party’s written request, the receiving party will promptly return to the disclosing party or, at the disclosing party’s option, destroy, all tangible items and embodiments containing or consisting of the disclosing party’s Confidential Information and all copies thereof (including electronic copies), and any notes, analyses, compilations, studies, interpretations, memoranda or other documents (regardless of the form thereof) prepared by or on behalf of the receiving party that contain or are based upon the disclosing party’s Confidential Information.

6. No Obligations. Each party retains the right, in its sole discretion, to determine whether to disclose any Confidential Information to the other party. This agreement imposes no obligation on either party to negotiate or enter into any other agreements or arrangements with the other party, whether or not related to the Purpose.

7. No License. All Confidential Information remains the sole and exclusive property of the disclosing party. Each party acknowledges and agrees that nothing in this Agreement will be construed as granting any rights to the receiving party, by license or otherwise, in or to any Confidential Information of the disclosing party, or any patent, copyright or other intellectual property or proprietary rights of the disclosing party, except for the limited right of use solely for the Purpose as specified in this Agreement.

8. No Warranty. ALL CONFIDENTIAL INFORMATION IS PROVIDED BY THE DISCLOSING PARTY “AS IS” WITHOUT EXPRESS OR IMPLIED WARRANTIES OF ANY KIND. Neither party shall have any liability to the other party resulting from the Confidential Information disclosed to the other party or for its use or any errors or omissions in it.

9. Term. ThetermofthisAgreementwillcommenceontheEffectiveDateandexpirethree(3) years thereafter; provided that either party may terminate this Agreement prior to expiration by giving written notice to the other party. Notwithstanding anything to the contrary herein, each party’s rights and obligations under this Agreement shall survive any expiration or termination of this Agreement for a period of three (3) years thereafter except that, as to any Confidential Information that the disclosing party maintains as a trade secret, the receiving party’s obligations under Section 2 will remain in effect for as long such Confidential Information remains a trade secret.

10. Equitable Relief. Each party hereby agrees that the unauthorized use or disclosure of the disclosing party’s Confidential Information may cause the disclosing party to incur irreparable harm and significant damages for which there may be no adequate remedy at law. Accordingly, each party agrees that the disclosing party will have the right to seek immediate equitable relief to enjoin any unauthorized use or disclosure of its Confidential Information, in addition to any other rights and remedies that it may have at law or otherwise.

11. Miscellaneous. This Agreement will be governed and construed in accordance with the laws of the State of California, without giving effect to any principles of conflict of laws that would lead to the application of the laws of another jurisdiction. This Agreement is the complete and exclusive agreement between the parties with respect to its subject matter and supersedes all prior or contemporaneous agreements, communications and understandings, both oral and written, between the parties with respect to its subject matter. This Agreement may be amended or modified only by a written document executed by duly authorized representatives of both parties. If any provision of this Agreement is held invalid, illegal or unenforceable, that provision will be enforced to the maximum extent permitted by law, given the fundamental intentions of the parties, and the remaining provisions of this Agreement will remain in full force and effect. Neither party may assign or transfer any rights or obligations under this Agreement, by operation of law or otherwise, without the other party’s prior written consent, and any attempted assignment

without such consent will be void. Subject to the foregoing, this Agreement is binding upon and will inure to the benefit of each of the parties and their respective successors and permitted assigns. This Agreement may be executed in counterparts, each of which will be deemed an original, and all of which together will constitute one and the same instrument.

IN WITNESS WHEREOF, the parties hereto have executed this Mutual Non-Disclosure Agreement by their duly authorized officers or representatives.

CLIENT:

Signature:

Name:

Title:

COMPANY:

Signature:

Name:

Title: