End-user License Agreement

Nautilus Medical, Inc TeleRay Software End-User License Agreement

This TeleRay software or TeleRay branded derivatives thereof(“Software”) may not, in whole or in any part, be copied, reproduced, transmitted, translated (into any language, natural or computer), stored in a retrieval system, reduced to any electronic medium or machine readable format, or by any other form or means without prior consent, in writing, from Nautilus Medical, Inc (“Nautilus Medical”).You are granted a limited license to use this software. The software may be used or copied only in accordance with the terms of that license, which is described in the following paragraphs.

TRADEMARKS: Software logos, icons, and Trademarks such as the TeleRay or Nautilus Medical name or logo may not be reproduced or used without permission of NAUTILUS MEDICAL.

LICENSE: ”THE SOFTWARE” SHALL BE TAKEN TO MEAN THE NAUTILUS MEDICAL TELERAY SOFTWARE HOWSOEVER COMMERCIALLY ACQUIRED BY YOU (EITHER ON A SUBSCRIPTION OR PAY PER CALL BASIS OR AS A PATIENT) AND ANY SUBSEQUENT VERSIONS OR UPGRADES RECEIVED AS A RESULT OF HAVING ACQUIRED THIS PACKAGE. “BUYER” SHALL BE TAKEN AS ANY USER OF THE SOFTWAREAS DESCRIBED IN THIS PARAGRAPH. BUYER HAS THE NON-EXCLUSIVE RIGHT TO USE THE SOFTWARE ON SINGLE OR MULTIPLE DEVICES. HOWEVER, BUYER MAY NOT DISTRIBUTE COPIES OF THE SOFTWARE OR THE ACCOMPANYING DOCUMENTATION TO OTHERS EITHER FOR A FEE OR WITHOUT CHARGE. BUYER MAY NOT MODIFYOR TRANSLATE THE PROGRAM OR DOCUMENTATION. USER MAY NOT DISASSEMBLE THE PROGRAM OR ALLOW IT TO BE DISASSEMBLED INTO ITS CONTITUENT SOURCE CODE. BUYER’S USE OF THE SOFTWARE INDICATES HIS/HER ACCEPTANCE OF THESE TERMS AND CONDITIONS. IF BUYER DOES NOT AGREE TO THESE CONDITIONS, RETURN THE DISTRIBUTION MEDIA, DOCUMENTATION, AND ASSOCIATED MATERIALS TO THE VENDOR FROM WHOM THE SOFTWARE WAS PURCHASED, AND ERASE THE SOFTWARE FROM ANY AND ALL STORAGE DEVICES UPON WHICH IT MAY HAVE BEEN INSTALLED.THIS LICENSE AGREEMENT SHALL BE GOVERNED BY THE LAWS OF THE UNITED STATES OF AMERICA, STATE OF ILLINOIS, AND SHALL INURE TO THE BENEFIT OF NAUTILUS MEDICAL OR ITS ASSIGNS.

DISCLAIMER / LIMITATION OF LIABILITY: BUYER ACKNOWLEDGES THAT THE SOFTWARE MAY NOT BE FREE FROM DEFECTS AND MAY NOT SATISFY ALL OF BUYER’S NEEDS. NAUTILUS MEDICAL WARRANTS ALL MEDIA ON WHICH THE SOFTWARE IS DISTRIBUTED FOR 60 DAYS TO BE FREE FROM DEFECTS IN MATERIALS AND WORKMANSHIP UNDER NORMAL USE.

THE SOFTWARE AND ANY ACCOMPANYING WRITTEN MATERIALS ARE LICENSED “AS IS”. BUYER’S EXCLUSIVE REMEDY DURING THE WARRANTY PERIOD SHALL CONSIST OF REPLACEMENT OF SOFTWARE IF DETERMINED TO BE FAULTY. IN NO EVENT WILL NAUTILUS MEDICAL BE LIABLE FOR DIRECT, INDIRECT, INCIDENTAL OR CONSEQUENTIAL DAMAGE OR DAMAGES RESULTING FROM LOSS OF USE, OR LOSS OF ANTICIPATED PROFITS RESULTING FROM ANY DEFECT IN THE PROGRAM, EVEN IF IT HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. SOME LAWS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF IMPLIED WARRANTIES OR LIABILITIES FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THE ABOVE LIMITATIONS OR EXCLUSION MAY NOT APPLY.

SPECIFIC RESTRICTIONS IN ACCORDANCE WITH THE COMPUTER SOFTWARE RENTAL ACT OF 1990: THIS SOFTWARE MAY NOT BE RENTED, LENT OR LEASED. THE SOFTWARE AND ACCOMPANYING DOCUMENTATION MAY NOT BE PROVIDED BY A “BACKUP SERVICE” OR ANY OTHER VENDOR WHICH DOES NOT PROVIDE AN ORIGINAL AGREEMENT TO DO SO AS COMPOSED AND EXECUTED BY NAUTILUS MEDICAL.

MISCELLANEOUS: If you acquired or use this SOFTWARE in the United States, this EULA is governed by the laws of the State of Illinois. If this SOFTWARE was acquired and is used exclusively outside of the United States, then local law may also apply. Should you have any questions concerning this EULA, or if you desire to contact NAUTILUS MEDICAL for any reason, please contact NAUTILUS MEDICAL at 117 South Cook St #247,Barrington, IL 60010 or info@nautilusmedical.com.

LIMITED WARRANTY: Nautilus represents and warrants that its SOFTWARE will perform the Services to a workable, acceptable degree and that any services or materials provided by Nautilus to the Client under the terms and conditions of this Agreement will not infringe on or violate the intellectual property rights or any other right of any third party. EXCEPT AS EXPLICITLY SET FORTH HEREIN, NAUTILUS MEDICAL SERVICES ARE DELIVERED “AS IS,” AND NAUTILUS MEDICAL MAKES NO REPRESENTATIONS OR WARRANTIES, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, TITLE AND NON-INFRINGEMENT WITH RESPECT TO THE NAUTILUS SERVICES. NAUTILUS DOES NOT WARRANT THAT THE NAUTILUS SERVICES WILL BE SUITABLE FOR ANY PURPOSE – INCLUDING PATIENT DIAGNOSIS OR RESULTING TREATMENT – OR ARE ERROR-FREE. CLIENT ASSUMES THE SOLE RESPONSIBILITY FOR DETERMINING THE SUITABILITY OF THE NAUTILUS MEDICAL PROPERTY FOR ITS INTENDED USE.

Nautilus Medical represents and warrants that TeleRay operates under the “Information Conduit” rule of 45 Code of Federal Regulations §160.103, and, as defined, is referenced in Section 13400 of
Subtitle D (‘Privacy’) of the The Health Information Technology for Economic and Clinical Health (HITECH) Act 2009. Further, support services provided by NAUTILUS MEDICAL shall be substantially as described in applicable online materials provided to you by NAUTILUS MEDICAL. TeleRay support engineers will make commercially reasonable efforts to solve any problem issues with the SOFTWARE. To the extent that implied warranties on the PRODUCTS are disclaimable, they are disclaimed herein below. Some states and jurisdictions do not allow disclaimers of or limitations on the duration of an implied warranty, so the above limitation may not apply to you. To the extent implied warranties may not be entirely disclaimed but implied warranty limitations are allowed by applicable law, implied warranties on the PRODUCTS, if any, are limited to thirty (30) days.

CUSTOMER REMEDIES: NAUTILUS MEDICAL and its suppliers’ entire liability and your exclusive remedy shall be, at NAUTILUS MEDICAL’S option, replacement of the SOFTWARE that do not meet NAUTILUS MEDICAL’S Limited Warranty. This Limited Warranty is void if failure of the SOFTWARE has resulted from accident, abuse, or misapplication. Any replacement SOFTWARE will be warranted for the remainder of the original warranty period or thirty (30) days, whichever is longer. Outside of the United States, neither of these remedies nor any product support services offered by NAUTILUS MEDICAL are available without proof of purchase which includes, but is not limited to, the original SOFTWARE ordering information provided to NAUTILUS MEDICAL at the time of ordering the SOFTWARE package. This information is required for owner/rights verification. IN ANY CASE, NAUTILUS MEDICAL’S ENTIRE LIABILITY UNDER ANY PROVISION OF THIS EULA SHALL BE LIMITED TO THE GREATER OF THE AMOUNT ACTUALLY PAID BY YOU FOR THE PRODUCT OR TEN UNITED STATES DOLLARS (U.S. $10.00). BECAUSE SOME STATES AND JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY, THE ABOVE LIMITATION MAY NOT APPLY TO YOU

Page Break

TELERAY SERVICE AGREEMENT

This Service Agreement (“Agreement”) and associated Business Associate Agreement (“BAA” – attached hereunder as Appendix A) by and between the following, hereinafter “Party” individually or “Parties” collectively:

Nautilus Medical Technologies, Inc of 117 South Cook Street #247, Barrington IL 60010 (“Nautilus”) on the one part

and

Registrant with the name and address provided at the time of registration on TeleRay.com (“Client”) on the other.

This Agreement is entered into on the date of TeleRay registration by Client (“Effective Date”)

RECITALS:

WHEREAS, Client wishes to retain the Services (as defined below) of Nautilus;

WHEREAS, Nautilus has the skills, qualifications, and expertise required to provide the Services to the Client;

WHEREAS, Nautilus wishes to render such Services to Client.

NOW, therefore, in consideration of the promises and covenants contained herein, as well as other good and valuable consideration (the receipt and sufficiency of which is hereby acknowledged), the Parties do hereby agree as follows:

Article 1 – DEFINITIONS:

As used in this Agreement:

1.1 “Services” shall be used to refer to the following specific services that Nautilus shall provide to the Client under the terms and conditions set forth herein:

1.1.1 “TeleRay” refers to a range of HIPAA–compliant telemedicine software solutions which allow for video-based remote medical consultations or reviews between Client and Client’s patients.

1.1.2 “Hardware” refers to office-based equipment such as but not limited to video monitors, microphones and headsets in order to facilitate the use of TeleRay from Client’s premises.

1.1.3 “Support” refers to assistance of Nautilus in the implementation and maintenance of TeleRay at the Client’s premises – including to the extent reasonably possible scheduling integration, advice regarding billing and reimbursement policies and their applicability.

1.1.4 “Customer Service” refers to general telephone or web-based support from Nautilus to the end-user of TeleRay (“Patient”) in the downloading of their TeleRay Application (“App”), its use and charging policies.

(Note: Nautilus Medical shall not be responsible for the support of end user devices and equipment, which must be furnished by Patient and be compatible with the use of TeleRay as per the App End User License Agreement “EULA”)

1.2 “Commencement Date” shall be used to refer to the date Nautilus begins providing Services to Client.

1.3 “Completion Date” shall be used to refer to the date that Nautilus will complete or cease the provision of Services to the Client in accordance with the Term and Termination provisions set out in Article 14.

1.4 “Consult” shall be used to refer to a successfully connected video–conferencing consultation between Client and Patient. Multiple scheduled video-conferences with the same Patient in any monthly billing period are treated as individual Consult.

1.5 “Fees” shall be used to refer to the payment Client will pay to Nautilus for the provision of Services.

Article 2 – AGREEMENT:

Subject to the terms and conditions of this Agreement, Nautilus hereby agrees to render the Services to Client, beginning on the Commencement Date and ending on the Completion date, and Client agrees to pay Nautilus the Fees required for the Services.

Article 3 – LOCATION:

Nautilus will render the Services anywhere Nautilus considers appropriate to the type and nature of the work required to complete the Services.

Article 4 – STAFF OR EMPLOYEES:

Nautilus may use any staff or employees that Nautilus deems fit and capable in the provision of the Services to the Client.

Article 5 – FEES

Client agrees to pay Nautilus Fees for the following Services:

Three options exist for TeleRay Consult billing, being monthly or annual subscription or pay per use. Pricing for these services are published on the Teleray website and the selection of preferred method is made by Client upon site registration. Billing will be made at the selected time interval at the price agreed at that time of registration.

Article 6 – TERMS OF BUSINESS

The following terms relate only to invoices raised to Client by Nautilus:

6.1 Invoice Interval: Nautilus will be entitled to invoice the client on a calendar month basis

6.2 Payment Terms: Payment within 30 days from date of invoice is required to maintain service.

6.3 Payment Method: Nautilus will accept the following forms of payment:

Check, debit or credit card or ACH

6.4 Late Payment Penalties: If the Client fails to remit invoices to terms or as otherwise provided for in this Agreement, Nautilus shall be entitled to:

6.4.1 require Client to pay for the Services, or any remaining part of the Services, in advance

6.4.2 cease performance of the Services completely or until payment is made, at Nautilus‘s sole and exclusive discretion.

6.5 Expenses: Nautilus is responsible for the management and payment of any and all expenses incurred in the rendering of the Services.

6.6 Tax Statement: Any and all charges payable under this Agreement are exclusive of taxes, surcharges, or other amounts assessed by state or federal governments. Taxes imposed upon or required to be paid by Client or Nautilus shall be the sole and exclusive responsibility of each, respectively.

Article 7 – CLIENT OBLIGATIONS:

During the provision of the Services, the Client hereby agrees to:

7.1 Cooperate with Nautilus for anything Nautilus may reasonably require in the provision of Services such as, but not limited to:

7.1.1 Provision of information and/or documentation needed by Nautilus relevant to the provision of Services or payment for the provision of Services;

7.1.2 Require any staff or agents of the Client to co-operate with and assist Nautilus as Nautilus may reasonably need;

7.1.4 Setting up of the Stripe payment accounts;

7.1.3 Using reasonable efforts to offer TeleRay through the drafting and dissemination of Patient communications.

Article 8 – INTELLECTUAL PROPERTY:

In accordance with the terms and conditions of this Agreement, Nautilus may create certain intellectual property (“Created IP”), including, but not limited to, plans, drawing, specifications, reports, advice, analyses, designs, methodologies, code, artwork, or any other intellectual property as required to render the provision of Services to the Client. Unless the Parties otherwise agree, any such Created IP generated by Nautilus in connection with the provision of Services to the Client shall belong to Nautilus, but Nautilus hereby grants the Client a non-exclusive, irrevocable, royalty-free license use the Created IP for Client’s internal purposes. Client shall not, however, be permitted to copy, modify, disseminate, or otherwise publish the Created IP and shall not allow others to do so.

Any intellectual property provided by the Client to Nautilus to assist in the provision of Services, that was not created by Nautilus pursuant to this Agreement, shall belong to the Client. Any ancillary intellectual property belonging to Nautilus, provided or shown to the Client in any way, that was not created by Nautilus pursuant to this Agreement, shall belong to Nautilus.

Page BreakArticle 9 – CONFIDENTIALITY:

Each Party hereby acknowledges and agrees that they and the other party each possess certain non-public Confidential Information (as hereinafter defined) and may also possess Trade Secret Information (as hereinafter defined) (collectively the “Proprietary Information”) regarding their business operations and development. The Parties agree that the Proprietary Information is secret and valuable to each of their respective businesses and the Parties have entered into a business relationship, through which they will each have access to the other party’s Proprietary Information. Each of the Parties desires to maintain the secret and private nature of any Proprietary Information given. “Receiving Party” refers to the Party that is receiving the Proprietary Information and “Disclosing Party” refers to the Party that is disclosing the Proprietary Information.

9.1 Confidential Information refers to any information which is confidential and commercially valuable to either of the Parties. The Confidential Information may be in the form of documents, techniques, methods, practices, tools, specifications, inventions, patents, trademarks, copyrights, equipment, algorithms, models, samples, software, drawings, sketches, plans, programs or other oral or written knowledge and/or secrets and may pertain to, but is not limited to, the fields of research and development, forecasting, marketing, personnel, customers, suppliers, intellectual property and/or finance or any other information which is confidential and commercially valuable to either of the Parties.

Confidential Information may or may not be disclosed as such, through labeling, but is to be considered any information which ought to be treated as confidential under the circumstances through which it was disclosed.

Confidential Information shall not mean any information which:

9.1.1 is known or available to the public at the time of disclosure or became known or available after disclosure through no fault of the Receiving Party;

9.1.2 is already known, through legal means, to the Receiving Party;

9.1.3 is given by the Disclosing Party to third parties, other than the Receiving Party, without any restrictions;

9.1.4 is given to the Receiving Party by any third party who legally had the Confidential Information and the right to disclose it; or

9.1.5 is developed independently by the Receiving Party and the Receiving Party can show such independent development.

9.2 “Trade Secret Information” shall be defined specifically as any formula, process, method, pattern, design or other information that is not known or reasonably ascertainable by the public, consumers, or competitors through which, and because of such secrecy, an economic or commercial advantage can be achieved.

9.3 Both Parties hereby agree they shall:

9.3.1 Not disclose the Proprietary Information via any unauthorized means to any third parties throughout the duration of this Agreement and the Parties’ relationship with each other;

9.3.2 Not disclose the Confidential Information via any unauthorized means to any third parties for a period of 3 (three) years following the termination of this Agreement;

9.3.3 Not disclose the Trade Secret Information forever, or for as long as such information remains a trade secret under applicable law, whichever occurs first, to any third party at any time;

9.3.4 Not use the Confidential Information or the Trade Secret Information for any purpose except those contemplated herein or expressly authorized by the Disclosing Party.

Article 10 – COMPETITION

Nautilus (and/or their employees, agents, representatives) shall be free to provide services or engage in any form of activity (including, but not limited to, any business, investment or financial activities) whether for themselves or on behalf of or to other organizations, companies or individuals who are or are potentially direct or indirect competitors of the Client.

Article 11 – WARRANTIES & DISCLAIMERS:

Nautilus represents and warrants that its hardware and software will perform the Services to a workable, acceptable degree and that any Services or materials provided by Nautilus to the Client under the terms and conditions of this Agreement will not infringe on or violate the intellectual property rights or any other right of any third party.

EXCEPT AS EXPLICITLY SET FORTH HEREIN, NAUTILUS SERVICES ARE DELIVERED “AS IS,” AND NAUTILUS MAKES NO REPRESENTATIONS OR WARRANTIES, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE, CONTINUITY OF CELLULAR SERVICE BY CELLULAR PROVIDER, MERCHANTABILITY, TITLE AND NON-INFRINGEMENT WITH RESPECT TO THE NAUTILUS SERVICES. NAUTILUS DOES NOT WARRANT THAT THE NAUTILUS SERVICES WILL BE SUITABLE FOR ANY PURPOSE – INCLUDING PATIENT DIAGNOSIS OR RESULTING TREATMENT – OR ARE ERROR-FREE. CLIENT ASSUMES THE SOLE RESPONSIBILITY FOR DETERMINING THE SUITABILITY OF THE NAUTILUS PROPERTY FOR ITS INTENDED USE.

CLIENT IS RESPONSIBLE FOR MONITORING CELLULAR USAGE. NAUTILUS RETAINS THE RIGHT TO CHARGE INCREMENTALLY FOR EXCESSIVE USAGE.

Nautilus represents and warrants that TeleRay operates under the “Information Conduit” rule of 45 Code of Federal Regulations §160.103, and, as defined, is referenced in Section 13400 of Subtitle D (‘Privacy’) of the The Health Information Technology for Economic and Clinical Health (HITECH) Act 2009.

Page BreakArticle 12 – LIMITATION OF LIABILITY

Either party’s liability in contract, tort or otherwise arising through or in connection with this Agreement or through or in connection with the completion of obligations under this Agreement shall be limited to the Fees paid by the Client to Nautilus.

Article 13- NOTICE

Any notice, report or other communication required under this Agreement shall be in writing and shall be delivered personally, sent by facsimile transmission (including e-mail) or sent by U.S. mail, addressed as follows:

If to Client: The Name and Address stated at the head of this agreement if none other stated and/or the email address associated with the account registration

Attn: The representative executing this Agreement (below) if none other stated.

If to Business Associate: Nautilus Medical

117 S. Cook St #247 Barrington, IL 60010

Attn: Timothy Kelley CEO

Email: Tim@NautilusMedical.com

The parties shall hereafter notify each other in accordance herewith of any change of address to which notice is required to be sent.

Article 14 – TERM & TERMINATION:

Unless termination is sought by Nautilus under the provisions set out below, the Term of this Agreement is determined by the continued usage of Services by Client.

14.1 Client may terminate the use of Services at any time without notice or penalty.

14.2 This Agreement may be terminated be Nautilus upon fourteen (14) days written notice if:

14.2.1 Client commits a material breach of any term of this Agreement that is not capable of being remedied within fourteen (14) days or that should have been remedied within fourteen (14) days after a written request and was not;

14.2.2 Client becomes unable to perform its duties hereunder, including a duty to pay or a duty to perform;

14.2.3 Client or its employees or agents engage in any conduct prejudicial to the business of Nautilus, or in the event that either party considers that a conflict or potential conflict of interest has arisen between the parties;

14.2.4 Client fails to pay any requisite Fees within thirty (30) days after the date they are due.

14.3 If this Agreement is terminated by either party, Client hereby agrees to pay for all Services rendered up to the date of termination, and for any and all expenditures due for payment after the date of termination for commitments reasonably made and incurred by Nautilus related to the rendering of Services prior to the date of termination.

14.4 Any termination of under this subpart shall not affect the accrued rights or liabilities of either Party under this Agreement or at law and shall be without prejudice to any rights or remedies either Party may be entitled to. Any provision or subpart of this Agreement which is meant to continue after termination or come into force at or after termination shall not be affected by this subpart.

14.5 Any termination of this Agreement shall not relieve Recipient of its confidentiality and use obligations with respect to Confidential Information disclosed prior to the date of such termination. Except for the right to use Confidential Information for the Purpose, which right terminates when this Agreement terminates, Recipient’s duty to protect Discloser’s Confidential Information expires 1 year from the date on which that Confidential Information was disclosed to Recipient.

Article 15 – RELATIONSHIP OF THE PARTIES:

The Parties hereby acknowledge and agree that nothing in this Agreement shall be deemed to constitute a partnership, joint venture, agency relationship or otherwise between the Parties and that this Agreement is for the sole and express purpose of the rendering of the specific Services by Nautilus to the client under the terms and conditions herein.

Article 16 – GENERAL PROVISIONS:

16.1 GOVERNING LAW: This Agreement shall be governed by and construed in accordance with the laws of the Illinois. All disputes, controversies or claims between the Parties arising out of or in connection with this Agreement (including its existence, validity or termination) shall be finally resolved by arbitration to be held in Illinois and conducted under the Rules of Arbitration of the International Chamber of Commerce; provided, however, that each Party may enforce its or its affiliates’ intellectual property rights in any court of competent jurisdiction, including but not limited to equitable relief. The arbitration tribunal shall consist of one arbitrator to be appointed according to the ICC rules. The arbitral award shall be final and binding on the Parties. Except to the extent entry of judgment and any subsequent enforcement may require disclosure, all matters relating to the arbitration, including the award, shall be held in confidence.

16.2 LANGUAGE: All communications made or notices given pursuant to this Agreement shall be in the English language.

16.3 ASSIGNMENT: This Agreement, or the rights granted hereunder, may not be assigned, sold, leased or otherwise transferred in whole or part by either Party without thirty (30) days written notice to the other Party.

16.4 AMENDMENTS: This Agreement may only be amended in writing signed by both Parties.

16.5 NO WAIVER: None of the terms of this Agreement shall be deemed to have been waived by any act or acquiescence of either Party. Only an additional written agreement can constitute waiver of any of the terms of this Agreement between the Parties. No waiver of any term or provision of this Agreement shall constitute a waiver of any other term or provision or of the same provision on a future date. Failure of either Party to enforce any term of this Agreement shall not constitute waiver of such term or any other term.

16.6 SEVERABILITY: If any provision or term of this Agreement is held to be unenforceable, then this Agreement will be deemed amended to the extent necessary to render the otherwise unenforceable provision, and the rest of the Agreement, valid and enforceable. If a court declines to amend this Agreement as provided herein, the invalidity or unenforceability of any provision of this Agreement shall not affect the validity or enforceability of the remaining terms and provisions, which shall be enforced as if the offending term or provision had not been included in this Agreement.

16.7 PUBLIC ANNOUNCEMENT: Neither Party will make any public announcement or disclosure about the existence of this Agreement or any of the terms herein without the prior written approval of the other Party.

16.8 ENTIRE AGREEMENT: This Agreement constitutes the entire agreement between the Parties and supersedes any prior or contemporaneous understandings, whether written or oral.

16.9 HEADINGS: Headings to this Agreement are for convenience only and shall not be construed to limit or otherwise affect the terms of this Agreement.

16.10 COUNTERPARTS: This Agreement may be executed in counterparts, all of which shall constitute a single agreement. If the dates set forth at the end of this document are different, this Agreement is to be considered effective as of the date that both Parties have signed the agreement, which may be the later date.

16.11 FORCE MAJEURE: Nautilus is not liable for any failure to perform due to causes beyond its reasonable control including, but not limited to, acts of God, acts of civil authorities, acts of military authorities, riots, embargoes, acts of nature and natural disasters, Wireless network outages, ISP outages, and other acts which may be due to unforeseen circumstances.

16.12 NOTICES, ELECTRONIC COMMUNICATIONS PERMITTED: Any notice to be given under this Agreement shall be in writing and shall be sent by first class mail, air mail, or e-mail, to the address of the relevant Party set out at the head of this Agreement, or to the relevant email address as that Party may from time to time notify to the other Party in accordance with this clause.

16.13 ELECTRONIC EXECUTION PERMITTED: Parties agree that by Client checking the TeleRay Terms of Service box during registration, Client and Nautilus execute this Agreement and are bound by the terms herein.

Page Break

APPENDIX A

BUSINESS ASSOCIATE AGREEMENT

THIS BUSINESS ASSOCIATE AGREEMENT (the “BAA”) is entered into as of the date of execution of the Agreement to which this BAA is Appendix A (the “Effective Date”) by and between that Agreement’s Client (“Covered Entity”) and Nautilus (“Business Associate”).

BACKGROUND STATEMENTS

Covered Entity and Business Associate are parties to the Agreement to which this BAA is attached as Appendix A. In connection with Business Associate’s performance of its duties and obligations under the Agreement, Business Associate may have access to certain Protected Health Information (“PHI”) (as further defined below).

This BAA is to made to implement the applicable requirements of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), the Health Information Technology for Economical and Clinical Health Act (“HITECH Act”), and the regulations implementing HIPAA and the HITECH Act, including 45 Code of Federal Regulations (“CFR”) Part 160 and Part 164, Subpart E (the “Privacy Rule”), 45 CFR Part 160 and Part 164, Subpart C (the “Security Rule”) and 45 CFR Part 160 and Part 164, Subpart D (the “Breach Rule”), collectively referred to herein as the “HIPAA Rules,” all as amended from time to time. The purpose of this BAA is to govern Business Associate’s obligations regarding the use and disclosure of PHI that Business Associate receives from, or creates, maintains or transmits on behalf of Covered Entity.

If the Business Associate is a financial institution or a creditor that has access to patient account information and is subject to administrative enforcement, this BAA also is made to implement the FTC Red Flags Regulations (see 16 CFR § 681) to ensure that Business Associate is conducting its activities in accordance with reasonable policies and procedures designed to detect, prevent, and mitigate the risk of identity theft. Business Associate agrees to ensure that any agent, including a subcontractor, to whom it provides PHI, agrees in writing to the same restrictions and conditions that apply through this BAA to Business Associate with respect to such PHI.

IN CONSIDERATION OF THE FOREGOING, and of the desire of each party to provide or receive services under the Agreement, the parties hereto agree as follows:

BAA

Definitions.

“Protected Health Information” (“PHI”) shall have the same meaning as such term as defined in 45 CFR §160.103, except that that PHI subject to this BAA is limited to that PHI that Business Associate receives, creates, maintains or transmits on behalf of Covered Entity.

“Covered Entity Data” includes any data or information that is provided to Business Associate by the Covered Entity (and such data or information in aggregated form or its meta data) or generated expressly for Covered Entity during the use of the Product.

All capitalized terms used in this BAA and not defined herein shall have the same meaning as those terms as used or defined in the HIPAA Rules.

Right and Title to PHI. Business Associate acknowledges that all right, title and interest in and to any PHI vests solely and exclusively with Covered Entity or the Individual to whom such PHI relates.

Obligations of Business Associate with Respect to the Use and Disclosure of Protected Health Information.

Business Associate agrees to comply with the HIPAA Rules that apply to business associates as set forth in the HIPAA Rules. To the extent Business Associate will perform Covered Entity’s obligations under the HIPAA Rules, Business Associate must comply with the requirements applicable to Covered Entity.

Business Associate shall not Use or Disclose PHI except as permitted or required by this BAA or as Required By Law. Subject to the limitations set forth in this BAA, Business Associate may Use and Disclose PHI as necessary to fulfill its duties and obligations in the Agreement.

Except as set forth herein, Business Associate may not Use or Disclose PHI in a manner that would violate the HIPAA Rules if done so by Covered Entity. Subject to the limitations set forth in this BAA, Business Associate may Use PHI as necessary for its proper management and administration or to carry out its legal responsibilities, and may Disclose PHI for such purposes provided that: (i) any such Disclosure is Required By Law; or (ii) Business Associate obtains a written agreement from the person to whom the PHI is Disclosed (the “Recipient”) to assure that Recipient will hold the PHI confidentially and will use or further Disclose the PHI only as Required By Law or for the purpose for which it was Disclosed to the Recipient , and that the Recipient agrees to immediately notify Business Associate of any Use or Disclosure of the PHI in violation of that agreement. Business Associate shall notify Covered Entity of Recipient’s Use or Disclosure of PHI in accordance with Section 5.

Business Associate may not de-identify PHI or Covered Entity Data except as necessary to perform its duties and obligations as described in the Agreement. Business Associate is prohibited from Using or Disclosing such de-identified information for its own purposes without the prior written permission of Covered Entity.

Covered Entity and Business Associate agree to execute amendment(s) to this BAA if there are any applicable changes in, or restrictions to, the permitted Use or Disclosure of PHI.

Business Associate agrees that, to the extent it requests PHI from Covered Entity, or to the extent that Business Associate Uses PHI or Discloses PHI to its affiliates, subsidiaries, agents and subcontractors or other third parties, to limit such request, Use or Disclosure to a Limited Data Set or, if that is not practicable, to the minimum amount of PHI that is necessary to perform or fulfill a specific function required or permitted herein.

Business Associate shall not, directly or indirectly, receive remuneration in exchange for or otherwise sell an Individual’s PHI unless Covered Entity has obtained an authorization from such Individual that complies with the requirements set forth in 45 CFR § 164.508(a)(4) and Covered Entity permits Business Associate to do so in writing.

If Business Associate maintains PHI in a Designated Record Set, within ten (10) calendar days of receipt of a request from Covered Entity, Business Associate shall provide to Covered Entity or, at Covered Entity’s direction to an Individual, PHI relating to that Individual held by Business Associate or its agents or subcontractors in a Designated Record Set, in accordance with 45 CFR §164.524. In the event an Individual requests access to his or her PHI directly from Business Associate, Business Associate shall, within five (5) business days of receipt of such request, forward the request to Covered Entity unless the HIPAA Rules require Business Associate to receive and respond to such requests directly, in which case, Business Associate shall respond directly as required by and in accordance with 45 CFR §164.524, and shall send a copy of such response to Covered Entity.

If Business Associate maintains PHI in a Designated Record Set, within ten (10) calendar days of receipt of a request from Covered Entity, Business Associate agrees to make any requested amendment(s) to PHI held by it or any agent or subcontractor of Business Associate in a Designated Record Set in accordance with 45 CFR §164.526. In the event an Individual requests an amendment to his or her PHI directly from Business Associate, Business Associate shall within five (5) business days of receipt of such request, forward such request to Covered Entity.

If Business Associate maintains PHI in a Designated Record Set, within ten (10) calendar days of receipt of a request from Covered Entity, Business Associate shall make available to Covered Entity, or, at Covered Entity’s direction to an Individual, such information required to be included in an accounting in 45 C.F.R.§164.528. In the event an Individual requests an accounting of his or her PHI directly from Business Associate, Business Associate shall, within five (5) business days of receipt of such request, forward the request to Covered Entity.

In accordance with 45 CFR 164.502(e)(1)(ii) and 164.308(b)(2), if applicable, ensure that any subcontractors of the Business Associate that create, receive, maintain, or transmit protected health information on behalf of the Business Associate agree to the same restrictions, conditions, and requirements that apply to the Business Associate with respect to such information.

Safeguards for the Protection of Protected Health Information.

Business Associate and any subcontractors of the Business Associate shall maintain, and by this BAA warrants that it has implemented, such appropriate safeguards necessary to ensure that PHI is not Used or Disclosed by Business Associate except as provided in this BAA or Required by Law.

Business Associate and any subcontractors of the Business Associate shall maintain, and by this BAA warrants that it has implemented, such appropriate administrative, physical, and technical safeguards, including the use of secure coding practices, as required by the HIPAA Rules, necessary to ensure the protection, confidentiality, integrity, and availability of the PHI it receives, creates, maintains or transmits on behalf of Covered Entity.

Business Associate and any subcontractors of the Business Associate will continue to use appropriate safeguards and comply with Subpart C of 45 CFR Part 164 with respect to electronic protected health information to prevent use or disclosure of the protected health information for as long as the Business Associate and any subcontractors of the Business Associate retains the protected health information.

Business Associate and any subcontractors of the Business Associate shall train Workforce members regarding their responsibilities under HIPAA, including the responsibilities to safeguard PHI and the consequences for failing to do so.

Business Associate may not maintain PHI on a portable electronic device, or transmit PHI over the Internet or any other unsecure or open communication channel, unless the PHI is encrypted in accordance with guidance issued by the Secretary of Health and Human Services under section 13404(h)(2) of Public Law 111-5.

Business Associate acknowledges that Covered Entity is the sole owner of Covered Entity Data. Business Associate represents and warrants that, during the term of the Agreement, any Covered Entity Data will be available to the Covered Entity either through the program without charge to the Covered Entity at any time, or, if special access is needed, a separate agreement or order form will be executed at a mutually agreed rate. Business Associate will use commercially reasonable efforts to maintain and back up Covered Entity Data that are designed to mitigate any disruption in software or services or loss of Covered Entity Data.

Unauthorized Uses and Disclosures and Security Incidents.

Business Associate shall, within five (5) business days, report any Successful Unauthorized Use or Disclosure of PHI of which Business Associate becomes aware that is not permitted under this BAA.

To the extent that Business Associate creates, receives, maintains or transmits Electronic PHI, Business Associate shall report to Covered Entity any Successful Security Incident, without unreasonable delay and in no event later than five (5) business days after Business Associate or any of its employees, agents, or subcontractors learns of the Successful Security Incident. Business Associate and Covered Entity acknowledge the ongoing existence and occurrence of attempted but unsuccessful Security Incidents that are trivial in nature, such as pings and port scans, and Covered Entity acknowledges and agrees that no additional notification to Covered Entity of such unsuccessful Security Incidents is required. However, to the extent that Business Associate becomes aware of an unusually high number of such unsuccessful Security Incidents due to the repeated acts of a single party, Business Associate shall notify Covered Entity of these attempts and provide the name, if available, of said party. At the request of Covered Entity, Business Associate shall identify the date of the Security Incident, the scope of the Security Incident, Business Associate’s response to the Security Incident, and the identification of the party responsible for causing the Security Incident, if known.

Business Associate shall maintain systems to monitor and detect a Breach of Unsecured PHI. Following Business Associate’s discovery of a Breach of Unsecured PHI, Business Associate shall notify Covered Entity of the Breach without unreasonable delay and in no event later than five (5) business days after Business Associate, or any of its employees, agents, or subcontractors learns of the Breach. The notice shall include the identification of each Individual whose Unsecured PHI was, or is reasonably believed to have been, accessed, acquired, used or disclosed as a result of the Breach and any other information known to Business Associate, including but not limited to, the circumstances surrounding the Breach, and all other information which is required to be included in the notification of the Breach provided to the Individual in accordance with 45 CFR §164.404(c). Following the notice, Business Associate shall conduct such further investigation and analysis as is reasonably required, and shall promptly advise Covered Entity of additional information pertinent to the Breach which Business Associate obtains as a result of its investigation. Covered Entity is responsible for determining whether notice will be provided to Individuals, the Department of Health and Human Services, and the media, as applicable. Notwithstanding the foregoing, if Business Associate (or one of its subcontractors, vendors or agents) is responsible for a Breach of Unsecured PHI, Covered Entity may, at its option, require Business Associate to provide any of the notifications required by 45 C.F.R. § 164.404 at Business Associate’s expense.

Subject to the Business Associate’s cyber insurance policy limits (“Limitations”), Business Associate will reimburse Covered Entity for any reasonable expenses Covered Entity incurs in notifying Individuals of a Breach caused by Business Associate or Business Associate’s employees, subcontractors, vendors or agents, or any person or entity under Business Associate’s control, and for reasonable expenses Covered Entity incurs in mitigating harm to those Individuals. In accordance with Section 10 below and subject to the Limitations, Business Associate shall indemnify and defend Covered Entity against all claims and actual costs associated with such Breach, including actual and reasonable costs of notification, which are the result of the actions of the Business Associate or its employees, subcontractors, vendors or agents, or any person or entity under Business Associate’s control.

Business Associate will mitigate, to the maximum extent practicable, any deleterious effect from its or its employees’, subcontractors’, vendors’ or agents’ Use or Disclosure of PHI in a manner that violates this BAA.

Audits and Inspection.

Business Associate agrees to make its internal practices, books and records relating to the use and disclosure of PHI available to the Secretary of the United States Department of Health and Human Services (the “Secretary”) or her/his designees or other government authorities in a time and manner designated by the Secretary or such governmental authorities, for the purposes of determining compliance with the provisions of this BAA and the HIPAA Rules.

Business Associate will make its relevant servers, processors, controls and records available for audit/inspection by Covered Entity during normal business hours. Each party will bear its own expenses for such an audit. If the audit demonstrates that Business Associate is not in compliance with this BAA, Business Associate will immediately submit a plan of action to remediate the non-compliance at its own cost within fifteen (15) days.

Term and Termination.

Term. The term of this BAA shall commence on the Effective Date and shall terminate concurrently with the Agreement or earlier as provided below.

Termination for Cause. Upon either party’s knowledge of a material breach of this BAA by the other party the party not in breach shall send written notice describing the breach to the party in breach.

The notice shall provide an opportunity for the party in breach to cure the breach or end the violation within fifteen (15) business days after receipt of written notice; provided, however, the party not in breach may terminate this BAA if the party in breach does not cure the breach or end the violation within the time specified; or

Immediately terminate this BAA if the party in breach has breached a material term of this BAA and cure is not possible.

Business Associate shall ensure that it maintains the termination rights in this Section in any agreement it enters into with a subcontractor.

Effect of Termination.

Except as provided in paragraph (ii) of this Subsection (c), upon termination of this BAA, for any reason, Business Associate shall return or destroy all PHI. This provision shall apply to PHI that is in the possession of subcontractors or agents of Business Associate. Business Associate shall not retain copies of PHI.

In the event that Business Associate determines that returning or destroying the PHI is not feasible, Business Associate shall provide to Covered Entity notification of the conditions that make the return or destruction not feasible and the measures that Business Associate will take for assuring the continued confidentiality and security of the PHI. Covered Entity promptly will notify Business Associate of whether it agrees that the return or destruction of PHI is infeasible. If Covered Entity agrees that return or destruction of PHI is infeasible, Business Associate may keep the PHI but will extend all protections, limitations and restrictions of this BAA to Business Associate’s Use or Disclosure of PHI retained after termination of this BAA and will limit further Uses or Disclosures to those purposes that make the return or destruction of the PHI infeasible. Business Associate will also ensure that any such extended protections, limitations and restrictions apply to its subcontractors for whom return or destruction of PHI is determined by Covered Entity to be infeasible. If Covered Entity does not agree that the return or destruction of PHI from Business Associate or its subcontractors is infeasible, Covered Entity will provide Business Associate with written notice of its decision, and Business Associate and its Subcontractors will proceed with the return or destruction of the PHI pursuant to the terms of this Section within 30 days of the date of Covered Entity’s notice.

Disclaimer. COVERED ENTITY MAKES NO WARRANTY OR REPRESENTATION THAT COMPLIANCE BY BUSINESS ASSOCIATE WITH THIS BAA OR THE HIPAA RULES WILL BE ADEQUATE OR SATISFACTORY FOR BUSINESS ASSOCIATE’S OWN PURPOSES. COVERED ENTITY MAKES NO WARRANTY OR REPRESENTATION THAT ANY INFORMATION IN BUSINESS ASSOCIATE’S POSSESSION OR CONTROL, OR TRANSMITTED OR RECEIVED BY BUSINESS ASSOCIATE, IS OR WILL BE SECURE FROM UNAUTHORIZED USE OR DISCLOSURE. NOR SHALL COVERED ENTITY BE LIABLE TO BUSINESS ASSOCIATE FOR ANY CLAIM, LOSS OR DAMAGE RELATED TO THE UNAUTHORIZED USE OR DISCLOSURE OF ANY INFORMATION RECEIVED BY BUSINESS ASSOCIATE FROM COVERED ENTITY. BUSINESS ASSOCIATE IS SOLELY RESPONSIBLE FOR ALL DECISIONS MADE BY BUSINESS ASSOCIATE REGARDING THE SAFEGUARDING OF PROTECTED HEALTH INFORMATION.

Indemnification. Notwithstanding any agreement by the parties to the contrary and subject to the Limitations, Business Associate shall indemnify and hold harmless Covered Entity and its directors, officers, affiliates, agents, volunteers, trustees or employees from and against any claim, cause of action, liability, damage, cost or expense, including reasonable attorney’s fees and court or proceeding costs, arising out of or in connection with Business Associate’s material breach of its obligations under this BAA, as well as the actions of its employees, subcontractors, vendors or agents, or any person or entity under the Business Associate’s control. The Business Associate’s obligation to indemnify Covered Entity will survive expiration or termination of this BAA. Covered Entity may, at its option, conduct its defense or settlement of any such action arising as described herein, and Business Associate shall cooperate with such defense and settlement.

Notice. Any notice, report or other communication required under this BAA shall be in writing and shall be delivered personally, sent by facsimile transmission, or sent by U.S. mail, addressed as follows:

If to Covered Entity: The Name and Address stated at the head of the Agreement if none other stated and/or the email address associated with the account registration

Attn: The representative executing the Agreement if none other stated.

If to Business Associate: Nautilus Medical

117 S. Cook St #247 Barrington, IL 60010

Attn: Timothy Kelley CEO

The parties shall hereafter notify each other in accordance herewith of any change of address to which notice is required to be sent.

Miscellaneous.

Regulatory References. A reference in this BAA to a section in the HIPAA Rules means the section as in effect, as amended from time to time.

Independent Contractors. In the performance of the work, duties and obligations described in this BAA or under the Agreement, the parties acknowledge and agree that each party is at all times acting and performing as an independent contractor and at no time shall the relationship between the parties be construed as a partnership, joint venture, employment, principal/agent relationship, or master/servant relationship.

No Third Party Beneficiaries: Nothing in this BAA will confer upon any person other than the parties and their respective successors or assigns, any rights, remedies, obligations, or liabilities whatsoever.

Amendment. No change, amendment, or modification of this BAA shall be valid unless set forth in writing and agreed to by both parties. Notwithstanding the foregoing, the parties acknowledge that state and federal laws relating to electronic data security and privacy are rapidly evolving and that amendment of this BAA may be required to ensure compliance with such developments. The parties specifically agree to take such action as may be necessary from time to time for the parties to comply with the applicable requirements of HIPAA, HITECH, and the HIPAA Rules, all as amended from time to time. Covered Entity shall provide written notice to Business Associate to the extent that any new regulation or amendment to any existing regulation promulgated by the Secretary requires an amendment to this BAA to comply with such regulations. In such event, the parties agree to negotiate an amendment to this BAA in good faith; provided, however, either party may terminate this BAA upon ninety (90) days prior written notice to the other party if the parties are unable to reach an agreement.

Governing Law. The rights, duties and obligations of the parties to this BAA and the validity, interpretation, performance and legal effect of this BAA shall be governed and determined by applicable federal law with respect to the Privacy Rule and the Security Rule and otherwise by the laws of the State of Illinois.

Counterparts. This BAA may be executed in one or more original counterparts and will become operative when each party has executed and delivered at least one counterpart. Each original counterpart will be deemed to be an original for all purposes, and all counterparts will together constitute one instrument.

Signatures. This BAA may be signed electronically and delivered by email, facsimile or similar transmission, and an email, facsimile or similar transmission evidencing execution, including PDF copies of executed counterparts, will be effective as a valid and binding agreement between the Parties for all purposes.

Effect on Agreement. Except as specifically required to implement the purposes of this BAA, or to the extent inconsistent with this BAA, all other terms of the Agreement shall remain in force and effect.

Construction. This BAA shall be construed as broadly as necessary to implement and comply with the applicable HIPAA, HITECH and the HIPAA Rules. The parties agree that any ambiguity in this BAA shall be resolved in favor of a meaning that complies with and is consistent with HIPAA, HITECH and the HIPAA Rules.

IN WITNESS THEREOF, each party has caused this BAA to be executed by its duly authorized representative.

ELECTRONIC EXECUTION PERMITTED: Parties agree that by representative of Covered Entity checking the TeleRay Terms of Service box during registration, Covered Entity and Business Associate execute this BAA and are bound by the terms herein.