Physician Log In

Last updated: September 9, 2023

Practice Services Agreement Additional Terms and Conditions

These terms and conditions set forth below shall be incorporated into the Practice Services Agreement Cover Sheet between SiteRx, Inc. and its Affiliates (collectively “SiteRx”) and Practice (the “Cover Sheet,” and together, the “Agreement”). Capitalized terms not defined here shall have the meanings assigned to them on the Cover Sheet. The Agreement is effective as of the Effective Date on the Cover Sheet.

1.    Definitions.

  1. “Accounts” means all accounts created by or on behalf of Practice, including accounts created by or for any Administrator or Authorized User, to access or use the Platform.

  2. “Administrator(s)” means the person(s) designated by Practice to (i) communicate with SiteRx regarding the performance of Services; and (ii) create and manage Accounts.

  3. “Authorized User” means Practice’s officers, directors, employees, contractors, and other authorized users who will have access to the Platform as determined by Practice.

  4. “Clinical Research Trial” means a clinical research trial identified on the Platform to which Practice may match patients.

  5. “Clinical Site” means a third party that administers Contact, Screening and Enrollment of Eligible Patients for Clinical Research Trials.

  6. “Contact” means the date an Eligible Patient was first contacted by the Clinical Site.

  7. “Deidentified Data” shall mean Protected Health Information (as defined by HIPAA) that has been de-identified in accordance with 45 C.F.R. § 164.514 and any other identifiable information not otherwise governed by HIPAA that has been de-identified, pseudonymized or anonymized in accordance with applicable laws or regulations.

  8. “Documentation” means any manuals or specifications concerning the use of the Platform that SiteRx furnishes or makes available to Practice, its Administrators or its Authorized Users.

  9. “Eligible Patients” means patients, matched by Practice, who may be eligible for participating in a Clinical Research Trial based on their diagnosis and/or condition, and the applicable Trial Protocol.

  10. “Enrolled Patients” means Eligible Patients that enroll in a Clinical Research Trial.

  11. “Enrollment” means the date an Eligible Patient is enrolled in a Clinical Research Trial after the Screening and being determined to be eligible for the Clinical Research Trial by a Clinical Site in accordance with the applicable Trial Protocol.

  12. “HIPAA” means collectively, the Health Insurance Portability and Accountability Act of 1996 as amended by the Health Information Technology for Economic and Clinical Health (HITECH) Act, enacted as part of the American Recovery and Reinvestment Act of 2009 and its implementing regulations, as amended and in effect.

  13. “Platform” means the software as a service solution provided by SiteRx under this Agreement which uses data analytics to identify potential matches of Eligible Patients with Clinical Research Trials for review and assessment by the Practice and is known as the “SiteRx™” platform.

  14. “Practice Data” means information made available by Practice to SiteRx for the purposes of this Agreement prior to being Processed by SiteRx and generated by Practice through the performance of the Practice Services.

  15. “Practice Services” means the services Practice provides to SiteRx related to: (i) reviewing the eligibility criteria for patients who appear eligible to participate in a Clinical Research Trial; (ii) reviewing information displayed in the Platform, including but not limited to excerpts of the patients’ medical records otherwise present in the Practice’s EMR, in order to assess whether the Eligible Patients satisfy the eligibility criteria for a Clinical Research Trial; (iii) meeting with SiteRx representatives to review potential matches for Eligible Patients identified through the Platform and the Practice’s medical record review; and (iv) ongoing data reporting and validation by Practice of data collected regarding such patient, but for the avoidance of doubt, not as a part of a Clinical Research Trial, and not in response to any request or requirement of a Clinical Site.

  16. “Pre-Qualification Services” means certain diagnostic tests and/or related services including, but not limited to, cognitive testing, genetic testing, and clinical fitness and suitability reviews, performed by SiteRx or its vendors, on behalf of Practice, to determine an Eligible Patient’s suitability and potential eligibility for a Clinical Research Trial prior to determining an Eligible Patient’s interest in participating in a Clinical Research Trial. For the avoidance of doubt, Pre-Qualification Services do not constitute screening or other research activities.

  17. “Process” or “Processing” means to use, modify, adapt, enhance, reproduce, aggregate, create derivative works and/or other improvements (including, without limitation, to create pseudonymized data, anonymized data, De-Identified Data, and Limited Data Sets), import, export, perform, display, execute, transmit, process and distribute any Practice Data or improvements based thereon, and copies of any of the foregoing.

  18. “Rematching Services” means, pursuant to the approval provided by a physician under this Agreement to identify potential matches of Eligible Patients with Clinical Research Trials, SiteRx’s services to re-match such Eligible Patient to another Clinical Research Trial (if available) and notify such physician of the rematched Clinical Research Trial through the Platform if an Eligible Patient declines, is not suitable, or is otherwise not eligible for a Clinical Research Trial matched by a physician.

  19. “Screening” means the date that the Eligible Patient is screened by the Clinical Site as measured by the date that the Eligible Patient signs an informed consent form as provided by such Clinical Site and in accordance with the applicable Trial Protocol.

  20. “Services” means, collectively, SiteRx’s services to facilitate Practice’s consideration of alternate treatment options for its patients, including but not limited to clinical research opportunities, diagnostic testing, and other prospective and in-market treatments and other care-related interventions through the Platform, the Pre-Qualification Services, the Rematching Services, Support Services (defined herein), any other services delegated by the Practice to SiteRx and accepted by SiteRx, pursuant to a business associate agreement between the Parties, or otherwise described in this Agreement. Services delegated to SiteRx may include, without limitation, informing Eligible Patients of the opportunity to participate in a Clinical Research Trial if appropriate in a physician’s independent professional judgment, obtaining from the Eligible Patients an authorization in accordance with HIPAA authorizing the Practice to submit the Eligible Patients’ information through the Platform to SiteRx and the Clinical Sites, and obtaining treatment-related information and progress updates from the Clinical Sites as requested or authorized by the Practice pursuant to SiteRx’s role as a business associate conducting care coordination and healthcare operations activities.

  21. “Sponsor” means an entity that sponsors Clinical Research Trials and provides the Trial Protocols.

  22. “Support Services” means the implementation, configuration, training, and other assistance that may be provided by SiteRx to Practice for (i) Practice to access and use the Platform; or (ii) SiteRx to access, use, and transmit the Practice Data.

  23. “Trial Protocol” means the protocol for a Clinical Research Trial describing Eligible Patient, Screening and Enrollment criterion and processes, specifying the data or information that must be collected from Eligible Patients.

2.    Access to and Use of Platform.

  1. License Grant. Subject to the terms and conditions of this Agreement, SiteRx hereby grants to Practice a limited, non-exclusive, non-transferable (except as specified herein) license to: (i) access and use, and permit Administrators and Authorized Users to access and use, the Platform during the Term (as defined herein) for the purposes contemplated in this Agreement; and (ii) access and use the Documentation as necessary to enable Administrators and Authorized Users to access and use the Platform for purposes consistent with this Agreement.

  2. Restrictions on Use. Practice will use commercially reasonable efforts to ensure that its Administrators and Authorized Users do not: (i) use the Platform in any manner or for any purpose other than as expressly permitted by this Agreement or any Documentation; (ii) use the Platform in violation of any local, state, or federal law or regulation; (iii) sell, lend, rent, resell, lease, sublicense or otherwise transfer any of the rights granted to Practice herein to any third party; (iv) modify, alter, tamper with, repair or otherwise create derivative works of any software included in or used to provide the Platform; (v) reverse engineer, disassemble or decompile the Platform or any software contained therein, or attempt to discover or recreate the source code to the Platform; (vi) remove, obscure or alter any proprietary rights notices related to the Platform; (vii) access or use the Platform in a way intended to avoid incurring fees or exceeding usage limits or quotas; or (viii) use the Platform to (a) send unauthorized commercial communications or messages; (b) store or transmit any file or Practice Data containing: (1) unlawful, defamatory, threatening, pornographic, abusive, libelous or otherwise objectionable material of any kind or nature, (2) any material that encourages conduct that could constitute a criminal offense, (3) any code or material that violates any law or regulation, or (4) any code or material that violates the intellectual property rights or rights to the publicity or privacy of others; (c) transmit any Practice Data or materials that contain software viruses or other harmful or deleterious computer code, files or programs such as Trojan horses, worms, time bombs or cancelbots; (d) interfere with or disrupt servers or networks that provide or support the Platform or other SiteRx customers’ access to or use of the same; (e) access or attempt to access SiteRx’s other accounts, computer systems or networks not covered by this Agreement, through password mining or any other means; or (f) cause, as determined in SiteRx’s sole discretion, an inordinate burden on SiteRx’s system resources or capacity.

  3. Suspension. SiteRx reserves the right to temporarily suspend or disable Practice’s or an Administrator’s or Authorized User’s access to or use of the Platform in the following circumstances: (i) if SiteRx reasonably believes that any use of the Platform represents a direct or indirect threat to the Platform, or SiteRx’s systems or network function or integrity; (ii) if reasonably necessary to prevent unauthorized access to or harm to Practice Data or data of other SiteRx customers; (iii) if SiteRx reasonably believes that Practice’s use of the Platform is in violation of any local, state or federal law or regulation; or (iv) to the extent reasonably necessary to comply with SiteRx’s legal obligations. Any suspension pursuant to this section will only be in effect for as long as reasonably necessary to address the issues giving rise to the suspension. SiteRx will provide advance notice before suspending access to the Platform, unless SiteRx reasonably believes an immediate suspension is required.

  4. Updates. Notwithstanding anything to the contrary in this Agreement, SiteRx reserves the right, in its sole discretion, to modify the functionality or features or release a new version of the Platform from time to time.

3.    SiteRx Obligations.

  1. Services. SiteRx shall use reasonable efforts to provide the Services as described in this Agreement, and to pay Compensation for Practice Services performed by Practice. Notwithstanding anything to the contrary in Section 3 of the Cover Sheet, Practice shall perform data reporting and validation services, which may be requested by SiteRx in multiple phases via the Platform and SiteRx shall pay Compensation for such data reporting and validation services after completion by Practice of the final assessment. All payments hereunder are intended to reflect the fair market value to compensate Practice for performance of the Practice Services solely for the benefit of SiteRx, and no payment is being exchanged hereunder (i) at the request, direction, or instruction of, or as a pass-through payment from, any Sponsor or other party that may constitute an “applicable manufacturer” as such term is defined by 42 U.S.C. §1320a-7h et seq. and 42 C.F.R. §403.900 et seq., or (ii) as part of any sale of Protected Health Information as such term is defined by HIPAA (as defined in the Additional Terms, as defined below) or in exchange for the use and disclosure of Protected Health Information for “marketing” purposes as defined in HIPAA.

  2. Practice Services. SiteRx may, itself or through a subcontractor, use reasonable efforts to perform Data Integration, Processing, Services, and other mutually agreed upon activities necessary to enable Practice to perform the Practice Services.

  3. Maintenance and Support. SiteRx shall use reasonable efforts to provide maintenance and Support Services, on an “as-needed” and “as-requested” basis.

4.    Practice Obligations; Instructions.

  1. Practice Data Integration. Practice shall use reasonable efforts to transmit to SiteRx and otherwise enable the integration, extraction, and/or export by SiteRx, by itself or through a subcontractor, of all mutually agreed upon Practice Data from the Practice’s electronic medical records system into SiteRx’s Platform (“Data Integration”) that SiteRx deems necessary to (i) provide the Services; and (ii) enable Practice to perform the Practice Services.

  2. Accounts. Practice will appoint one or more Administrators who will have sole responsibility for the assignment and management of Authorized Users’ Accounts. As between Practice and SiteRx, Practice will be solely responsible for providing the login and password information that will permit Administrators and Authorized Users to access and use the Platform (“Account Credentials”). Practice will protect Account Credentials from unauthorized use or disclosure. Practice will ensure that Administrators and Authorized Users do not share their Account Credentials with any other person and do not permit any other person to access and use the Platform through their Accounts. Practice will ensure that each Administrator and Authorized User accessing or using the Platform complies with this Agreement, the Statement(s) of Work and any Documentation. Practice is fully responsible for any authorized or unauthorized use of the Platform via Account Credentials.

  3. Rematching Services. SiteRx shall provide Rematching Services on behalf of Practice to support Practice in carrying out Practice Services unless Practice instructs SiteRx otherwise in writing.

  4. Pre-Qualification Services. The Pre-Qualification Services are performed on behalf of, and at the request of, Practice, and Practice acknowledges that it is hereby instructing SiteRx to procure such Pre-Qualification Services and such other additional medical or other testing or services as the applicable physician of the Practice, in consultation with SiteRx, may consider appropriate for determining their patient’s suitability and/or potential eligibility for clinical research, or as may otherwise be required for consideration for recruitment in a Clinical Research Trial.

  5. Compliance with Laws. Practice shall perform the Practice Services in conformance with all applicable laws, standards, rulings, policies, regulations, and ethical rules and guidelines. Practice will comply with and cause its employees and contractors (including physicians), as well as Administrators and Authorized Users, to comply with, all laws, rules, regulations and ethical rules and guidelines applicable to Practice’s and its employees’, contractors’, Administrators’, and Authorized Users’ access and use of the Platform.

  6. Cooperate. Practice shall cooperate with SiteRx, in order to transmit Practice Data to SiteRx including, without limitation, by providing to SiteRx such information and reasonable access (including information regarding and access to Practice’s electronic medical records system) as is requested by SiteRx.

  7. Practice Services. Practice shall provide the Practice Services described above for the applicable Clinical Research Trials as requested by SiteRx in accordance with applicable law, industry best practices, and the terms of this Agreement. Practice acknowledges and agrees that nothing contained in this Agreement shall be construed to require or induce Practice or physicians to enroll patients in any Clinical Research Trial, or to generate business for SiteRx, a Sponsor, a Clinical Site, or any of their respective affiliates. Further, nothing contained in this Agreement shall be construed to interfere with Practice or its clinicians’ independent professional judgment in rendering clinical decisions for Eligible Patients or Enrolled Patients.

  8. No Data Backup. The Services are not, and do not include, backup services and do not replace the need for Practice to maintain regular data, information and records backups and archives. SiteRx has no obligation or liability for any loss, alteration, destruction, damage, corruption, or recovery activities related to failure or Practice to back up its data, information or records.

  9. Notification of Unauthorized Use. Practice will immediately notify SiteRx in writing of any actual or reasonably suspected unauthorized use of any Account, Account Credentials, Practice Data or the Platform by an Authorized User or third party that comes to Practice’s attention. In the event of any such unauthorized use, Practice will take all steps necessary to terminate such unauthorized use in cooperation with SiteRx’s Information Security personnel and will provide SiteRx with such cooperation and assistance related to any such unauthorized use as SiteRx may reasonably request.

  10. Training. Practice shall participate in any training made available to the Practice by SiteRx.

  11. Phone Emulation. Practice agrees that, to facilitate SiteRx’s contact with Eligible Patients as necessary for SiteRx’s performance hereunder, SiteRx may emulate Practice’s phone number. To facilitate such phone calls, Practice shall provide SiteRx with a phone number which Practice uses to contact Eligible Patients for similar calls. SiteRx shall (i) notify Practice in advance when SiteRx intends to make such phone calls; and (ii) make such phone calls using live persons only, unless otherwise authorized by the applicable Eligible Patient in which case SiteRx may make such phone calls using pre-recorded messages. Practice consents to SiteRx’s use of Practice’s phone number in accordance with the foregoing and a third-party phone emulation service provider to facilitate the foregoing. Practice may opt out of this phone number emulation at any time by providing written notice to SiteRx, upon receipt of which SiteRx shall promptly cease emulating Practice’s phone number.

  12. Electronic Communications. Practice consents to receive electronic communications from SiteRx concerning or related to the Services, including phone calls, e-mails, and text messages to phone numbers and e-mail addresses provided by Practice or its personnel to SiteRx, as well as messages or prompts via the Platform. Practice acknowledges and agrees that communications between SiteRx and Practice may be monitored or recorded by SiteRx for quality assurance, training, and compliance purposes, subject to applicable law.

5.    Termination.

  1. Term. This Agreement shall commence on the Effective Date and remain in effect unless terminated pursuant to the provisions below (the “Term”).

  2. Termination. Either Party may terminate this Agreement upon breach by the other Party of any material provision of this Agreement, provided that the breaching Party is provided with written notice of the breach and such breach is not cured within the thirty (30) days after the breaching Party’s receipt of notice. SiteRx may terminate this Agreement immediately following written notice to Practice upon the occurrence of any of the following events: (i) conduct by Practice or any physician which, in the sole discretion of SiteRx, could affect the reputation of SiteRx; and (ii) cessation of the Clinical Research Trial or termination by a Clinical Site of SiteRx’s services. Either Party may terminate this Agreement without cause upon one hundred eighty (180) days’ written notice to the other, and the Practice must continue to provide Practice Services to all Eligible Patients who have, as of the termination notice date, executed a HIPAA authorization to disclose their health records to Clinical Site(s).

  3. Effect of Termination. The expiration or termination of this Agreement shall not relieve either Party of any obligation pursuant to this Agreement which arose on or before the date of expiration or termination, and those sections of this Agreement which by their terms extend beyond termination or expiration of this Agreement shall survive, except that in the event that Practice terminates this Agreement without cause, or SiteRx terminates it with cause, Practice shall refund any pre-paid amounts attributable to Eligible Patients with respect to whom, the Practice did not complete the Practice Services prior to such termination.

6.    Sole Similar Relationship.

Nothing in this Agreement or in this Section shall be interpreted as precluding the Practice from performing its health care functions and offering clinical research opportunities to its patients without relying on the Platform or any similar products or services, or from matching patients to clinical research opportunities that are not made available through the Platform. The Practice agrees that during the term of this Agreement and for six (6) months after its termination for any reason, SiteRx shall be the exclusive corporate recipient of services similar to the Practice Services, as provided by Practice; and the Practice shall not, directly or indirectly hire, engage, contract, or enter into an arrangement with a third party where the Practice is the recipient of services that are similar to the Services. 

7.    Confidentiality and Proprietary Information.

  1. Practice Data. Subject to the terms of this Agreement, the Business Associate Addendum, and applicable laws and regulations, Practice hereby grants to SiteRx a perpetual, irrevocable, worldwide, non-exclusive, assignable, no-charge, royalty-free right and license to the Practice Data and intellectual property rights therein in order to perform the Services.

  2. SiteRx Data Intellectual Property. Practice acknowledges and agrees that the Platform and all derivative works, improvements, or modifications of the Practice Data created hereunder are the intellectual property of, and owned solely and exclusively by, SiteRx (“SiteRx Data Intellectual Property”). To the extent Practice has any right, title or interest in or to any SiteRx Data Intellectual Property, Practice hereby irrevocably assigns all rights, title, and interests, including all copyright and other intellectual property and proprietary rights, in and to such SiteRx Data Intellectual Property to SiteRx.

  3. Statistical Data. Notwithstanding anything herein to the contrary, SiteRx may compile de-identified statistical information related to the use and performance of the Services (“Statistical Information,” and together with the Deidentified Data, “Statistical Data”). Such Statistical Data will not be considered confidential information, will be SiteRx’s property, and may be used by SiteRx for any purpose.

  4. Physician Privacy. SiteRx may collect physician personal information (“PPI”) in connection with Practice’s use of the Services and performance of Practice Services in accordance with the Privacy Policy accessible via the Platform, which governs how SiteRx collects, processes, discloses and maintains PPI. Practice represents that it has complied with all applicable data privacy laws concerning its collection and disclosure of PPI to SiteRx. With respect to the PPI that it receives from Practice or Authorized Users, SiteRx represents that it has and will independently comply with all obligations imposed by applicable data privacy laws upon controllers, that it will not consider itself to be a joint controller with Practice, and that it will not rely upon Practice to perform any of SiteRx’s obligations as a controller.

8.    HIPAA Obligations.

By agreeing to these Additional Terms, the Parties agree to the Business Associate Addendum attached hereto as Exhibit A, the terms of which are incorporated herein by reference as if recited herein. Practice shall obtain an authorization meeting the requirements of 45 C.F.R. § 164.508, as may be amended from time to time, and any applicable state laws to permit the disclosure of protected health information (as defined HIPAA) to SiteRx, SiteRx’s subsequent disclosure of such protected health information to Clinical Sites, and use of such protected health information by Clinical Sites for clinical trial eligibility and screening purposes.

9.    Reporting.

Practice acknowledges that SiteRx has certain informational disclosure and reporting obligations under applicable federal and state laws, on behalf of itself or to third parties. Therefore, upon reasonable request by SiteRx, Practice agrees to promptly provide all information reasonably necessary for SiteRx to comply with such reporting obligations, and Practice represents and warrants that any such information shall be accurate and complete. Practice acknowledges that SiteRx will rely on information provided by Practice in meeting its reporting obligations and therefore, Practice agrees to indemnify SiteRx from any claims and expenses arising out of or related to any failure by Practice to comply with any of the foregoing provisions.

10.    Setoff.

Notwithstanding anything to the contrary herein, in the event that it is discovered that the Practice Services rendered were non-compliant with applicable law, industry best practices, or the terms of this Agreement, SiteRx shall have the right to set off any payment, either in whole or in part, against any other payment it is otherwise required to make under this Agreement, without obligation or liability to Practice.

11.    Insurance.

Practice shall maintain for such length of time as necessary to cover any and all claims arising out of or relating to the Services performed under this Agreement, professional liability insurance in the following minimum coverage amounts: $250,000 per occurrence and $750,000 in the aggregate covering each physician providing the Services. Upon SiteRx’s request, Practice shall furnish a copy of the certificate of insurance evidencing such coverage.

12.    Audit Rights.

SiteRx on behalf of itself, and the Clinical Sites and Sponsors with which it contracts, shall have the right, during regular business hours and with reasonable notice, to perform monitoring and/or auditing activities on-site and/or off-site with respect to Practice’s performance hereunder, the proper use of the Platform and the quality of Practice Services, and/or to confirm the Practice is in compliance with this Agreement. 

13.    Warranties.

  1. Mutual Warranties. Each Party represents and warrants to the other Party that (i) this Agreement has been duly executed and delivered and constitutes a valid and binding agreement enforceable against such Party in accordance with its terms; (ii) no authorization or approval from any third party is required in connection with such Party’s execution, delivery or performance of this Agreement; and (iii) the execution, delivery and performance of this Agreement does not violate the terms or conditions of any other agreement to which it is a party or by which it is otherwise bound.

  2. Practice Warranties. Practice represents and warrants the following, and shall notify SiteRx in writing within two (2) days of any such representation and warranty becoming untrue: (i) it shall perform the Practice Services in a professional and workmanlike manner, and in accordance with applicable law, industry best practices, and the terms and conditions of this Agreement; (ii) that any physician associated with the Practice is, and shall remain throughout the Term, properly licensed and qualified to perform all actions hereunder, including but not limited to, providing the Practice Services, and that no such physician’s professional license in any jurisdiction has ever been denied, suspended, revoked, terminated, voluntarily relinquished under threat of disciplinary action or restricted in any way; (iii) that no physicians and other Practice employees are: (a) currently excluded, debarred or otherwise ineligible to participate in one or more of the federal healthcare programs or excluded from participation in any federal or state procurement or non-procurement programs; (b) convicted of a criminal offense related to the provision of healthcare items or services but have not yet been excluded, debarred or otherwise declared ineligible to participate in one or more of the federal healthcare programs; or (c) under investigation or otherwise aware of any circumstances which may result in any physician or any other Practice employee being excluded from participation in one or more of the federal healthcare programs; (iv) Practice or its licensors own all right, title and interest in and to the Practice Data; (v) Practice has the necessary rights in the Practice Data to provide the Practice Data to SiteRx and grant the rights to SiteRx contemplated by this Agreement; (vi) use of the Practice Data or the Platform by Practice will not violate any law, rule or regulation, including HIPAA, or otherwise violate the rights of any third party; (vii) to Practice’s knowledge, Practice represents and warrants that any phone number provided by Practice pursuant to section 4K shall be complete, accurate and up-to-date; (viii) Practice has or will obtain all consents, and made or will provide notice to applicable Eligible Patients, as required by law to facilitate SiteRx’s performance under section 4K; and (ix) any and all Practice Data or information provided by Practice was or shall be collected and transferred to SiteRx, Clinical Site, or Sponsor in accordance with all applicable privacy and data protection laws, and that Practice has or will obtain all consents, and made or will provide notice to the data subjects, as required by law.

  3. Any breach of this Section shall give SiteRx the right to immediately terminate this Agreement.

14.    Indemnification. 

  1. SiteRx shall defend Practice from and against any and all loss, damage or expense, including reasonable attorneys’ fees (“Losses”), that Practice may sustain or incur as a result of any third-party claim, suit or proceeding (“Third Party Claims”), arising out of or in connection with a third-party allegation that Practice’s use or access to the Platform infringes upon any domestic or foreign third-party copyright or trade secret rights. In the event of any such claim for indemnification, as Practice’s sole indemnification remedy, SiteRx may (a) modify the Platform to remove the actual or alleged infringement or violation, (b) suspend or terminate access to the Platform, or (c) procure a license to the rights alleged to be infringed.

  2. Practice shall defend, indemnify and hold SiteRx harmless from and against any and all Losses that SiteRx may sustain or incur as a result of any Third Party Claims arising out of or in connection with: (i) any use of or access to the Services by Practice; (ii) the negligent, grossly negligent, or wrongful performance by Practice of the Practice Services; (iii) any actual or alleged negligent, intentional or willful act or omission, or criminal conduct, of Practice, or any of its employees (including physicians), agents or subcontractors; (iv) any actual or alleged violation by Practice, or any of its employees, agents or subcontractors, of any applicable law, statute, ordinance or regulation; (v) any failure by Practice to obtain necessary consents, authorizations, approvals or releases relating to the Practice Services, or any infringement or alleged infringement upon any patent right, copyright, trade secret right, or other proprietary right of any third-party; or (vi) any failure by Practice to perform any obligation under this Agreement. For the avoidance of doubt, breaches of applicable law or the material terms of this Agreement shall constitute intentional actions for the purposes of this Section. 

15.    DISCLAIMER; LIMITATION OF LIABILITY.

  1. DISCLAIMER. EXCEPT AS EXPRESSLY OTHERWISE PROVIDED HEREIN, THE SERVICES ARE PROVIDED “AS IS” AND “AS AVAILABLE.” EXCEPT TO THE EXTENT PROHIBITED BY LAW, OR TO THE EXTENT ANY STATUTORY RIGHTS APPLY THAT CANNOT BE EXCLUDED, LIMITED OR WAIVE, SITERX (i) MAKE NO REPRESENTATIONS OR WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE REGARDING THE SERVICES, THE PRACTICE DATA, THE TRIAL PROTOCOLS OR OTHER INFORMATION PROVIDED ON THE PLATFORM; AND (ii) DISCLAIM ALL WARRANTIES, INCLUDING ANY IMPLIED OR EXPRESS WARRANTIES (a) OF MERCHANTABILITY, SATISFACTORY QUALITY, FITNESS FOR A PARTICULAR PURPOSES, NON-INFRINGEMENT, OR QUIET ENJOYMENT, (b) ARISING OUT OF ANY COURSE OF DEALING OR USAGE OF TRADE, (c) THAT THE SERVICE, PRACTICE DATA, TRIAL PROTOCOLS OR OTHER INFORMATION PROVIDED ON THE PLATFORM WILL BE UNINTERRUPTED, ERROR FREE, COMPLETE, OR FREE OF HARMFUL COMPONENTS, (d) THAT ANY PRACTICE DATA, TRIAL PROTOCOLS OR OTHER INFORMATION ON THE PLATFORM WILL BE COMPLETE, SECURE OR NOT OTHERWISE LOST OR ALTERED, AND (e) THAT ANY CLINICAL RESEARCH TRIALS PROVIDED TO THE PRACTICE FOR REVIEW IS A COMPLETE LIST OF ALL POSSIBLE OR ALL AVAILABLE OPTIONS, OR THAT THE LIST OF OPTIONS WILL NOT BE SUBJECT TO ADDITIONS, DELETIONS AND ALTERATIONS OVER TIME.

  2. DISCLAIMER. PRACTICE ACKNOWLEDGES AND AGREES THAT, AS BETWEEN PRACTICE AND SITERX, PRACTICE’S AND ITS PHYSICIANS’ DUTY TO ITS PATIENTS IN PROVIDING HEALTHCARE SERVICES LIES SOLELY WITH PRACTICE AND ITS PHYSICIANS, AND ANY INFORMATION PROVIDED BY OR OBTAINED THROUGH THE SERVICES ARE NOT A SUBSTITUTE FOR PRACTICE’S INDEPENDENT CLINICAL JUDGMENT IN PROVIDING PATIENT CARE. SITERX DISCLAIMS ALL LIABILITY FOR ANY CLINICAL DECISIONS MADE USING INFORMATION OR RESULTS PROVIDED BY OR OBTAINED THROUGH THE SERVICES.

  3. LIMITATION OF LIABILITY; EXCLUSION OF CONSEQUENTIAL AND RELATED DAMAGES. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, NEITHER PARTY WILL BE LIABLE (WHETHER BASED IN CONTRACT, TORT, WARRANTY OR OTHERWISE, INCLUDING FOR NEGLIGENCE, WHETHER ACTIVE, PASSIVE OR IMPUTED) TO THE OTHER PARTY FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL OR EXEMPLARY DAMAGES ARISING OUT OF OR IN RELATION TO THIS AGREEMENT (INCLUDING DAMAGES FOR LOSS OF PROFIT, GOODWILL, AND USE OR LOSS OF DATA), EVEN IF SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

  4. LIMITATION ON LIABILITY; LIABILITY CAP. THE ENTIRE LIABILITY OF EITHER PARTY TO THE OTHER PARTY ARISING OUT OF OR IN RELATION TO THIS AGREEMENT FOR ANY LOSS OR DAMAGE, REGARDLESS OF THE FORM OF ACTION, SHALL BE LIMITED TO ACTUAL DIRECT DAMAGES THAT ARE REASONABLY INCURRED, AND IN NO EVENT SHALL SITERX’S ENTIRE LIABILITY EXCEED THE AMOUNTS ACTUALLY PAID TO PRACTICE UNDER THIS AGREEMENT DURING THE SIX (6) MONTHS PRECEDING THE FIRST CLAIM ARISING UNDER THIS AGREEMENT.

  5. EXCEPTIONS. THE LIABILITY LIMITATIONS IN THIS SECTION WILL NOT APPLY TO VIOLATIONS OF A PARTY’S INTELLECTUAL PROPERTY RIGHTS, OR INDEMNIFICATION OBLIGATIONS HEREUNDER.

16.    Miscellaneous.

  1. Independent Contractors. Practice and its participating physicians shall act at all times as independent contractors and not as employees, agents, partners or joint venturers of SiteRx. The Parties agree that SiteRx shall not have and shall not exercise any control or direction over the manner or method by which Practice or its physicians provide Services. 

  2. Publicity. Practice shall permit SiteRx to use or reference in any advertising, sales promotion, press release or other communication the name of the Practice, the fact that the Practice is performing Services under this Agreement and/or contributing data to the Platform, and any testimonials provided by physicians of the Practice regarding the Services. SiteRx shall use commercially reasonable efforts to provide advance notice of such publication.

  3. Entire Agreement; Modification. This Agreement contains the entire understanding of the Parties with respect to the subject matter hereof and supersedes all prior agreements, oral or written, and all other communications between the Parties relating to such subject matter. This Agreement may not be amended or modified by Practice except by mutual written agreement. This Agreement may be amended or modified by SiteRx at any time by posting the revised Agreement on the Platform and/or otherwise making Practice aware of the changes. Practice’s continued use of or access to the Platform after the posting of an updated Agreement (or other method of legal acceptance) constitutes acceptance of the updated Agreement.

  4. Dispute Resolution. All claims, controversies or disputes arising hereunder shall be submitted to arbitration. Such arbitration shall take place in New York, New York, United States of America and shall proceed in accordance with the laws of such jurisdiction and the Commercial Arbitration Rules of the American Arbitration Association. A record and transcript of the proceedings shall be maintained. Any award shall be made in writing and in reasonable detail, setting forth the findings of fact and conclusion of law supporting the award. The determination of a majority of the panel of arbitrators shall be the decision of the arbitrators, which shall be binding regardless of whether one of the parties fails or refuses to participate in the arbitration. The decision shall be enforceable by a court of law, provided that the decision is supported by substantial fact and is without material error of law. All costs of such arbitration, except expert fees and attorneys’ fees, shall be shared equally by the Parties. Notwithstanding the foregoing, arbitration shall not be required to the extent that (i) a statute of limitations is reasonably likely to expire during the pendency of the arbitration; or (ii) for a matter seeking injunctive or equitable relief or seeking contribution or indemnification.

  5. Governing Law; Venue. This Agreement shall be interpreted, construed and enforced pursuant to and in accordance with the laws of the State of New York without giving effect to its conflict of laws provisions; and, except as expressly otherwise provided herein, federal and state courts of New York shall be the sole and exclusive venue for any litigation or other proceeding between the Parties concerning this Agreement.

  6. Counterparts. This Agreement may be executed in two or more counterparts, each of which shall be an original, but all of which together shall constitute one and the same instrument. The Parties agree to accept and be bound by facsimile or PDF transmitted copies of this Agreement and its counterparts, including facsimile or PDF signatures of the Parties.

  7. Notices. Any notice, demand or communication required, permitted or desired to be given hereunder shall be deemed given when delivered either (i) personally, (ii) by overnight mail, (iii) by prepaid certified mail, return receipt requested, or (iv) in the case of notice from SiteRx to Practice, by email or by SiteRx communication via the Platform, addressed as follows:

    If to SiteRx:
    SiteRx, Inc.
    101 6th Avenue, 10th Floor
    New York, NY 10013
    Attn: General Counsel

    If to Practice, then to the address or email address listed at the end of the Practice’s signature block in the Cover Sheet, or via general user communication or communication sent specifically to Practice on the Platform. Notice shall be deemed given three (3) days after mailing if notice is given via mail or immediately upon receipt if notice is given via email or Platform communications.

  8. Waiver. A waiver by either Party of a breach or failure to perform hereunder shall not constitute a waiver of any subsequent breach or failure.

  9. Assignment; Binding Effect. Practice shall not assign or transfer, in whole or in part, this Agreement or any of Practice’s rights, duties or obligations under this Agreement without the prior written consent of SiteRx, and any assignment or transfer by Practice without such consent shall be null and void. This Agreement is assignable by SiteRx without consent or notice. This Agreement shall inure to the benefit of and is binding upon the Parties and their respective heirs, representatives, successors and permitted assigns.

  10. Change in Law. In the event that any provision of this Agreement becomes impermissible or unlawful as a result of any law; any rule, ruling or regulation enacted or promulgated by any federal, state or other governmental administrative body; or any court or governmental administrative agency decision (“Change in Law”), based on the advice of legal counsel, SiteRx may determine that such provision, as well as any other provisions, of this Agreement must be modified for this Agreement to remain permissible or otherwise in compliance with law.

  11. Partial Invalidity. If any term or provision of this Agreement is found by a court of competent jurisdiction to be invalid, illegal or unenforceable, such invalidity, illegality or unenforceability shall not affect any other term or provision of this Agreement or invalidate or render unenforceable such term or provision in any other jurisdiction.

  12. Headings. The sections and other headings contained in this Agreement are for reference purposes only and shall not affect in any way the meaning or interpretation of this Agreement.

  13. Additional Assurances. The provisions of this Agreement shall be self-operative and shall not require further agreement by the Parties except as may be herein specifically provided to the contrary; provided, however, at the request of SiteRx, Practice shall execute such additional instruments and take such additional acts as are reasonably necessary to effectuate this Agreement.

EXHIBIT A: BUSINESS ASSOCIATE AGREEMENT

This BUSINESS ASSOCIATE ADDENDUM (this “BAA”) is entered into as of the Effective Date by and between the Practice (for purposes of this BAA, the “Covered Entity”) and SiteRx (for purposes of this BAA, the “Business Associate”).

RECITALS

WHEREAS, the Business Associate performs healthcare operations services (for purposes of this BAA, the “Services”) on behalf of Covered Entity pursuant to the Agreement.

WHEREAS, the Agreement involves the Use and/or Disclosure of Protected Health Information (defined below); and

WHEREAS, the parties desire to enter into this BAA in order to comply with HIPAA.

NOW, THEREFORE, the parties do hereby agree as follows:

1. Definitions. Capitalized terms not otherwise defined in this BAA shall have the same meaning as those terms in the Agreement or in the Privacy Rule and the Security Rule (defined below).

    1. “Breach” when capitalized, shall have the meaning set forth in 45 CFR § 164.402 (including all of its subsections); with respect to all other uses of the word “breach” in this Agreement, the word shall have its ordinary contract meaning.

    2. “Electronic Protected Health Information” or “EPHI” shall have the same meaning as the term “electronic protected health information” in 45 CFR § 160.103, limited to information that Business Associate creates, accesses or receives on behalf of Covered Entity.

    3. “Privacy Rule” means the Standards for Privacy of Individually Identifiable Health Information, codified at 45 CFR parts 160 and 164, Subparts A, D, and E, as currently in effect.

    4. “Protected Health Information” or “PHI” shall have the meaning set forth in the Privacy Rule, limited to information that Business Associate creates, accesses or receives on behalf of Covered Entity. PHI includes EPHI.

    5. “Security Rule” means the Standards for Security for the Protection of Electronic Protected Health Information, codified at 45 CFR parts 160 and 164, Subpart C.

    6. “Unsecured Protected Health Information” shall have the same meaning as the term “unsecured protected health information” in 45 CFR § 164.402, limited to the information created or received by Business Associate from or on behalf of Covered Entity.

2. Business Associate Obligations.

    1. Uses and Disclosures. Business Associate shall not Use or further Disclose PHI other than as permitted or required by this BAA, to perform Services or as Required By Law, provided that:

      1. Such Use or Disclosure would not violate HIPAA if done by Covered Entity; and

      2. Such Use or Disclosure shall be limited to the minimum necessary to accomplish the permissible purpose(s) of the Use or Disclosure.

    2. Uses and Disclosures Permitted By Law. As permitted by the Privacy Rule, Business Associate may:

      1. Use PHI: as is necessary for the proper management and administration of Business Associate’s organization; to provide data aggregation services; and to carry out the legal responsibilities of Business Associate.

      2. Disclose PHI if the disclosure is Required By Law; or is subject to reasonable assurances obtained by Business Associate from the third party to whom the PHI is disclosed that PHI will be held confidentially, securely, and Used or Disclosed only as Required By Law or for the purposes for which it was disclosed to such third party, and any breaches of confidentiality of PHI which become known to such third party will be promptly reported to Business Associate.

    3. Privacy Rule. To the extent Business Associate carries out one or more of Covered Entity’s obligations under the Privacy Rule, Business Associate shall comply with the requirements of HIPAA that apply to Covered Entity in the performance of such obligation(s).

    4. Safeguards. Business Associate shall use reasonable and appropriate safeguards to prevent Use or Disclosure of PHI other than the Uses and Disclosures permitted or required by this BAA. Business Associate shall comply with the Security Rule with respect to EPHI, including implementing Administrative Safeguards, Physical Safeguards, and Technical Safeguards that reasonably and appropriately protect the Confidentiality, Integrity and Availability of EPHI.

    5. Reporting. Business Associate shall report to Covered Entity any Use or Disclosure of PHI not permitted or required by this Agreement and any Security Incident of which it becomes aware in accordance with HIPAA. The parties agree that this section constitutes notice by Business Associate to Covered Entity of the ongoing existence and occurrence of attempted Unsuccessful Security Incidents. “Unsuccessful Security Incidents” shall include, but not be limited to, pings and other broadcast attacks on Business Associate’s firewall, port scans, unsuccessful log-on attempts, denials of service and any combination of the above, so long as no such incident results in unauthorized access, use or disclosure of PHI.

    6. Agents and Subcontractors. Business Associate shall ensure that any and all Subcontractors that create, receive, maintain or transmit PHI on behalf of Business Associate agree, in writing prior to the Subcontractors’ receipt of such PHI, to the same terms and conditions of this BAA with respect to PHI. Each subcontract agreement must contain the same restrictions and conditions applying to Business Associate with respect to PHI, including without limitation the provisions of this BAA.

    7. Patient Rights.

      1. Access and Amendment. Business Associate does not expect to maintain a Designated Records Set under the Services. However, to the extent that Business Associate maintains a Designated Record Set, Business Associate shall:
        1. Notify Covered Entity as promptly as reasonably practicable upon receipt of a request from an Individual for access to or a copy of such Individual’s PHI or to amend such Individual’s PHI;

        2. Make PHI available to Covered Entity, as reasonably requested by Covered Entity and in accordance with 45 C.F.R. § 164.524 to enable Covered Entity to respond to the Individual’s request for access; and

        3. Upon receipt of notice from Covered Entity, promptly amend any portion of the PHI so that Covered Entity may meet its amendment obligations under 45 C.F.R. § 164.526.

      2. Patient Right to Request Accounting. Business Associate shall maintain and make available the information required to provide an accounting of disclosures to Covered Entity as necessary to satisfy Covered Entity’s its obligations under 45 C.F.R. § 164.528. If any Individual requests an accounting from Business Associate, Business Associate shall notify Covered Entity of the details of such request to enable Covered Entity to respond to any such Individual in compliance with its obligations under 45 C.F.R. § 164.528. Business Associate agrees to implement an appropriate record keeping process to enable it to comply with the requirements of this Section.

    8. Audit. To the extent required by law and subject to attorney-client and other applicable legal privileges, Business Associate shall make its internal practices, books, and records relating to the Use and Disclosure of PHI received from or created or received by Business Associate on behalf of Covered Entity available to the Secretary of Health and Human Services, upon request, solely for purposes of determining and facilitating Covered Entity’s compliance with HIPAA.

    9. De-identified Data. Business Associate may de-identify PHI in accordance with 45 C.F.R. § 164.514(b).

    10. Mitigation. Business Associate shall mitigate promptly, to the extent practicable, any harmful effect that is known to Business Associate of a Use or Disclosure of PHI by Business Associate in violation of this BAA, the Privacy Rule, the Security Rule, or other applicable federal or state law.

    11. Breach. If Business Associate has knowledge or a reasonable belief a Breach of Unsecured Protected Health Information has occurred, Business Associate shall notify the Covered Entity as required by 45 C.F.R. § 164.410. Such notification shall include, to the extent possible, the identification of each Individual whose PHI has been or is reasonably believed to have been accessed, acquired, Used or Disclosed during the Breach, along with any other information that the Covered Entity will be required to include in its notification to the Individual, the media and/or the Secretary and a description of the Business Associate’s investigation, mitigation, and prevention efforts.

3. Covered Entity Obligations.

    1. Notice of Privacy Practices. Covered Entity shall notify Business Associate of limitation(s) in its notice of privacy practices to the extent such limitation affects Business Associate’s permitted Uses or Disclosures.

    2. Individual Permission. Covered Entity shall notify Business Associate of changes in, or revocation of, permission by an Individual to Use or Disclose PHI, to the extent such changes affect Business Associate’s permitted Uses or Disclosures.

    3. Restrictions. Covered Entity shall notify Business Associate of restriction(s) in the Use or Disclosure of PHI that Covered Entity has agreed to, to the extent such restriction affects Business Associate’s permitted Uses or Disclosures. Covered Entity will not agree to any restriction requests or place any restrictions in any notice of privacy practices that would cause Business Associate or one of its Subcontractors to violate this BAA or any applicable law.

    4. Authorizations. Covered Entity shall obtain any authorization or consents as may be Required by Law for any of the uses or disclosures of PHI necessary for Business Associate to provide the Services.

    5. Compliance with Laws. Covered Entity will not request or cause Business Associate to make a Use or Disclosure of PHI in a manner that does not comply with HIPAA or this BAA.

4. Term & Termination.

    1. Term. The Term of this BAA shall begin on the Effective Date and shall continue until all PHI provided by Covered Entity to Business Associate is destroyed or returned to Covered Entity. If it is infeasible to return or destroy all PHI, this BAA shall continue for so long as PHI is maintained by Business Associate, which maintenance shall be in accordance with Section 4.c) herein.

    2. Termination.

      1. By Covered Entity. Upon determination by Covered Entity, in its reasonable discretion, of a material breach by Business Associate of this BAA, Covered Entity may terminate this BAA upon thirty (30) days’ notice; provided however, Covered Entity shall not terminate if Business Associate takes reasonable steps to mitigate harm resulting from the breach and otherwise agrees to comply with the terms of this BAA on a forward-looking basis within such thirty (30) day notice period.

      2. By Business Associate. Upon determination by Business Associate, in its reasonable discretion, of a material breach by Covered Entity of this Agreement, Business Associate may terminate this BAA upon thirty (30) days’ notice; provided however, Business Associate shall not terminate if Covered Entity takes reasonable steps to mitigate harm resulting from the breach and otherwise agrees to comply with the terms of this BAA on a forward-looking basis within such thirty (30) day notice period.

    3. Obligations of Business Associate Upon Termination. At termination of this BAA or the Agreement, to the extent feasible, Business Associate shall return or destroy all PHI Business Associate maintains in any form and shall retain no copies of PHI, except for PHI that has been De-identified such that it no longer protected under HIPAA. Notwithstanding anything herein to the contrary, if Business Associate determines, in its reasonable discretion, the return or destruction of such PHI is not feasible, Business Associate shall extend the protections of this BAA to the remaining information and limit further Uses and Disclosures of PHI to those purposes that make the return or destruction of PHI infeasible.

    4. Survival. The terms of this Section shall survive the termination or expiration of this BAA.

5. Required Disclosure. If Business Associate is confronted with legal action to disclose any PHI, Business Associate shall, to the extent permitted, promptly notify Covered Entity of such action. Thereafter, upon request by Covered Entity, Business Associate shall use reasonable efforts to assist Covered Entity in obtaining a protective order or other similar order and shall disclose only the minimum amount of PHI that is required to be disclosed in order to comply with the legal action, whether or not a protective order or other order has been obtained.

6. Compliance with LawsBusiness Associate shall comply with all applicable federal, state and local laws, rules and regulations. To the extent that Covered Entity’s operations constitute a “Part 2 Program” as defined in the federal alcohol and drug rehabilitation regulations at 42 C.F.R. Part 2 (“Part 2”), and PHI provided to Business Associate contains “records” as defined in 42 C.F.R. § 2.11 (“Substance Use Disorder Records”), Business Associate acknowledges that, with respect to Substance Use Disorder Records and in receiving, storing, processing, or otherwise dealing with Substance Use Disorder Records, Business Associate is fully obligated and bound to comply with Part 2. Business Associate (i) shall use, disclose, and release Substance Use Disorder Records in accordance with Part 2, and (ii) if necessary, will resist in judicial proceedings any efforts to obtain access to Substance Use Disorder Records and patient identifying information related to substance use disorder diagnosis, treatment, or referral for treatment except as permitted by Part 2. With respect to the Part 2 Program, Business Associate also will be a qualified service organization as defined under Part 2.

7. Conflict. Except as specifically required to implement the purposes of this BAA, and except to the extent inconsistent with this BAA, all terms of the Agreement shall remain in full force and effect. In the event of a conflict between the terms of the Agreement and this BAA, this BAA shall control. This BAA supersedes any and all other agreements between the parties related to this subject matter.

8. No Third-Party BeneficiariesNothing express or implied in this BAA is intended to confer, nor shall anything herein confer, upon any person other than the Covered Entity, Business Associate and their respective successors or assigns, any rights, remedies, obligations or liabilities whatsoever.

9. AmendmentThe parties shall amend this BAA from time to time by mutual written agreement in order to keep this BAA consistent with any changes made to the HIPAA laws or regulations in effect as of the Effective Date and with any new regulations promulgated under HIPAA. Covered Entity may terminate this BAA in whole or in part if the parties are unable to agree to such changes by the compliance date for such new or revised HIPAA laws or regulations.

© 2025 SiteRx

Physician Log In