Sikka API License Agreement Terms and Conditions

SIKKA SOFTWARE CORPORATION
API LICENSE AGREEMENT
TERMS AND CONDITIONS

These terms and conditions apply to any document or agreement (“Agreement”) made by and between Sikka Software Corporation (“Sikka”), a Delaware corporation, and its licensee (“Licensee”) that incorporates these terms and conditions by reference. References to the “Agreement” include these terms and conditions. The effective date of the Agreement is referred to herein as the “Effective Date.” The order form, cover page or other document or agreement that incorporates these terms and conditions by reference is referred to as the “Order Form.”

1. Definitions
   1. “API Data” means the Sikka Platform Software data and information more fully identified or described on the Order Form.
   2. “API Documentation” means the documentation and information that Sikka provides under this Agreement regarding the use of the Licensed API.
   3. “App” means a Licensee-branded software application, website or product that uses the Licensed API to obtain and use the API Data, more fully identified or described on the Order Form.
   4. “Confidential Information” means any non-public information of either of the parties disclosed under this Agreement that the recipient knows or reasonably should know is confidential to the discloser.
   5. "Customer" collectively means a Practice Location and all Providers associated with that location. Upon installation, customers become joint Sikka and Licensee customers for Business Associate Agreement, HIPAA compliance and marketing/co-marketing purposes.
   6. “Licensed API” means Sikka’s proprietary application programming interface that enables a software application to access and display the API Data.
   7. “Licensed Materials” means the Licensed API and API Data.
   8. “Near Real Time Refresh” is as little as 15 minutes from posted activity.
   9. “Practice Location” means each physical or administrative, as determined by practice management system records, office or location in which either the Licensee installs the Sikka SPU or Sikka installs the Sikka SPU on behalf of the Licensee. Sikka’s support fees under this Agreement are determined by multiplying the number of Practice Locations by the number of Apps.
   10. “Sikka Platform Software” means the Sikka “SPU” software.
   11. “Sikka Support Portal” means Sikka’s software online administrator.
2. Access to Sikka API
   1. Your Applications Subject to the restrictions below, limited license to access our APIs and documentation only as necessary to develop, test and support an integration of your application (an "Application" or "App") with the Services. You may charge for your Application; however, you may not sell, rent, lease, sublicense, redistribute, or syndicate access to any of our APIs.Here Are the Rules :
      Your license to access our APIs and documentation is limited and subject to compliance with the Sikka API Developer Policy and Guidelines. Further, you will not:
      
      1. access our APIs or documentation in violation of any law or regulation;
      2. access our APIs in any manner that
         1. compromises, breaks or circumvents any of our technical processes or security measures associated with the Services,
         2. poses a security vulnerability to customers or users of the Services, or
         3. tests the vulnerability of our systems or networks;
      3. access our APIs or documentation in order to replicate or compete with the Services;
      4. attempt to reverse engineer or otherwise derive source code, trade secrets, or know-how of our APIs or Services;
      5. attempt to use our APIs in a manner that exceeds rate limits, or constitutes excessive or abusive usage.
3. License Grants
   1. License. Subject to the terms and conditions of this Agreement, Sikka hereby grants to Licensee a limited, non-exclusive, non-transferable license to
      1. use internally the API Documentation and Licensed API for the sole purpose of developing the App,
      2. incorporate the Licensed API with an App, and
      3. use the Licensed API, as incorporated within an App, for the purpose of accessing, analyzing and receiving the API Data and otherwise accessing, receiving and utilizing information available from the Sikka Platform Software.
   2. Authorized Users. Licensee shall identify to Sikka the Licensee employees that will be provided password protected access to the Sikka Support Portal (the “Authorized Users”). For any prospective Authorized User that is not a Licensee employee, Licensee shall, prior to allowing the prospective Authorized User access to the Sikka Support Portal, have the person or entity sign an agreement with Licensee containing an equivalent level of protection for Sikka and its intellectual property as this Agreement (the “Access Terms”). Without limitation, the Access Terms must contain provisions that:
      1. provide the employee may only use the Sikka Support Portal solely for the Licensee’s internal business purposes and only for the benefit of the Licensee,
      2. disclaim all express and implied warranties on behalf of Sikka,
      3. disclaim and exclude all liability on the part of Sikka for direct, indirect, consequential, incidental and special damages,
      4. prohibit the copying, modification, reverse engineering, decompiling and disassembly of Sikka’s software, and
      5. the prospective Authorized User’s access to the Sikka Support Portal will terminate upon any termination, expiration or cancellation of this Agreement. Licensee is responsible for compliance by each Authorized User with the terms of this Agreement and the Access Terms.
   3. Restrictions. Use of the Licensed Materials is subject to any restrictions indicated in the Order Form, which may include, without limitation, restrictions on the number of APIs that may be utilized, the number of Applications, the number of Practice Locations, and the amount of data that may be accessed per day through the Licensed API and the refresh frequency of the Licensed Data, and restrictions on the number of Authorized Users and number of practices included in the base fee for the Licensed Materials.
   4. Prohibitions. Licensee shall not, directly or indirectly, do, nor permit anyone to do, any of the following:
      1. reverse engineer, decompile, disassemble or otherwise attempt to discover the source code or underlying ideas or algorithms of any of the Licensed API or any other Sikka software;
      2. transfer, sublicense, distribute, re-transmit, disseminate, re-sell, loan, lease, share, give, or otherwise make available in any format the Licensed API on a stand-alone basis or as part of any software application other than an App,
      3. make available or provide the API Data to any third party as a reseller, service bureau, service provider or similar basis,
      4. modify or create derivative works (as defined under U.S. Copyright laws) based on any of the Licensed API or any related documentation;
      5. rent, lease, distribute, sell, resell, assign, or otherwise transfer its rights to use the Licensed API;
      6. use the Licensed Materials for timesharing or service bureau purposes or otherwise for the benefit of any third party;
      7. remove any proprietary notices from any of the Licensed API or any other Sikka materials furnished or made available hereunder;
      8. publish or disclose to third parties any negative evaluation of the Licensed API or related services without Sikka's prior written consent; or
      9. use any of the Licensed API to develop a similar product or service, or other information resource of any kind (print, electronic or otherwise) or otherwise create or attempt to create a substitute or similar service or product. In addition, Licensee shall not, nor shall Licensee permit any third party to, in any non-transitory manner store or cache the API Data or any other information or proprietary content obtained from or through the Licensed API.
   5. Registration and API Key. In order to access the Licensed API, Licensee is required to register and provide accurate user identification with a password (“Registration Information”) and to inform Sikka immediately of any updates or other changes to such information. The Licensee is responsible for ensuring the number of practices/locations under their respective practices are accurate at all times and Sikka is informed of any changes before next billing. Retrospective billing changes will not be acceptable. In addition, Licensee must obtain a security key or identifier to use the Licensed Materials and Sikka Support Portal (“API Key”). The API Key is Sikka’s Confidential Information. Licensee agrees to neither share Licensee API Key with any third party nor use an API Key issued to a third party by Sikka. Licensee is responsible for any acts or omissions of any third party that uses the API Key issued to Licensee.
4. Delivery
   1. Sikka will deliver the API Data to Licensee electronically. A party will promptly notify the other if it becomes aware of any unavailability or other problems associated with the Licensed Materials or the Sikka Platform Software.
5. Consideration/Fees
   1. Fees and Charges. Licensee shall immediately upon signing, pay Sikka the amounts specified on the Order Form. All subsequent payments are due and payable within 30 days of the invoice date. Payment shall be made by check or ACH withdrawal, as instructed by Sikka. All amounts paid are non-refundable. Invoices not paid when due will bear interest at rate of 1.5% per month (18% per annum) or the maximum rate permitted by law, whichever is less, from the due date until paid. Licensee shall also pay all sums expended (including reasonable legal fees) in collecting overdue payments.
   2. Taxes. Licensee will pay sales, use or similar state or local taxes with respect to the Licensed Materials, Sikka Support Portal or otherwise arising out of or in connection with this Agreement or payments to be made under this Agreement, excluding taxes based on Sikka’s net income.
6. Mutual Warranty and Indemnity
   1. Mutual Warranties. Each party represents and warrants to the other that:
      1. it is organized and validly existing under the laws of the state of its formation and has full corporate power and authority to enter into this Agreement and to carry out its obligations hereunder;
      2. this Agreement is a legal and valid obligation binding upon it and enforceable according to its terms, except to the extent such enforceability may be limited by bankruptcy, reorganization, insolvency or similar laws of general applicability governing the enforcement of the rights of creditors or by the general principles of equity (regardless of whether considered in a proceeding at law or in equity); and
      3. its execution, delivery and performance of this Agreement does not conflict with any agreement, instrument or contract, oral or written, to which it is bound.
   2. Indemnification
      1. By Sikka. Subject to the limitations herein, Sikka shall defend Licensee from any third party claim, suit or proceeding (“Claim”) alleging that the Licensed API provided to Licensee by Sikka under this Agreement infringes or violates any valid U.S. copyright other U.S. intellectual property right of that third party, and shall indemnify and hold harmless Licensee from all resulting damages, losses, liabilities, settlements, judgments, costs and expenses (including attorneys’ fees, filing fees and expert witness fees). If use of the Licensed API is enjoined, Sikka may, at its option, do one or more of the following:
         1. procure for Licensee the right to use the Licensed API,
         2. replace the Licensed API with other suitable services, software or products, or
         3. refund the unearned prepaid portion of the fees paid by Licensee for the affected part thereof and terminate this Agreement.
      2. Sikka will have no liability under this Section if the Claim is based upon
         1. use of the Licensed API in combination with data, software, hardware, equipment or technology not provided by Sikka, if infringement would have been avoided in the absence of the combination,
         2. modifications to any of the Licensed Materials not made by Sikka, if infringement would have been avoided by the absence of the modifications,
         3. use of any version other than a current release of the Licensed API, as applicable, if infringement would have been avoided by use of a current release, or
         4. any action or omission of Licensee for which Licensee is obligated to indemnify Sikka herein.

      THIS SECTION STATES SIKKA’S ENTIRE LIABILITY AND LICENSEE’S SOLE AND EXCLUSIVE REMEDY FOR INTELLECTUAL PROPERTY INFRINGEMENT OR MISAPPROPRIATION CLAIMS.

      3. By Licensee. Licensee shall defend Sikka from any
         1. breach of this Agreement by Licensee, its affiliates, employees, agents, successors and assigns; or
         2. Claim arising out of, relating to or based on the provision, processing, access or use of the API Data or Licensed API as contemplated by this Agreement (including, without limitation, any Claim that doing so violates any law or obligation applicable to Licensee), and shall indemnify and hold harmless Sikka from all resulting damages, losses, liabilities, settlements, judgments, costs and expenses (including attorneys’ fees, filing fees and expert witness fees).
      4. Conditions to Indemnity. As a condition to indemnification under this Section, the indemnified party shall
         1. promptly notify the indemnifying party in writing of the Claim,
         2. provide the indemnifying party with sole control of the defense and all related settlement negotiations, and
         3. give information and assistance as reasonably requested by the indemnifying party.
7. Term and Termination

   7.1 Term

   This Agreement is effective on the date set forth on the Order Form (the "Effective Date") for the term specified in the Order Form (the "Term").

   7.2 Renewal

   Unless otherwise stated in the Order Form, this Agreement will renew automatically for successive renewal terms equal in length to the initial Term, unless Licensee gives Sikka written notice of non-renewal at least 30 days before the end of the then-current Term.

   7.3 Termination for Cause

   Either party may terminate this Agreement if the other party materially breaches this Agreement and does not cure the breach within 30 days after receipt of written notice of the breach, except that the cure period for non-payment is five days.

   7.4 Termination for Insolvency

   Either party may terminate this Agreement if the other party terminates its business activities, is adjudicated insolvent, admits in writing its inability to pay its debts as they mature, makes an assignment for the benefit of creditors, or becomes subject to direct control of a trustee, receiver, or similar authority.

   7.5 Termination for Convenience

   After the initial Term, either party may terminate this Agreement for convenience upon 60 days' written notice. Notwithstanding the foregoing, Sikka may terminate this Agreement at any time upon written notice to Licensee.

   7.6 Effect of Termination

   Upon any termination or expiration of this Agreement:

   1. all rights and licenses granted to Licensee under this Agreement will immediately terminate;
   2. Licensee shall immediately cease all access to and use of the Licensed API, API Documentation, API Data, Licensed Materials, Sikka Platform Software, and Sikka Support Portal;
   3. all payment obligations will accelerate, and all amounts that would have become due and payable during the remainder of the then-current Term will immediately become due and payable to Sikka;
   4. Licensee shall pay all fees and charges accrued through the effective date of termination or expiration; and
   5. each party shall, to the extent practicable, return or destroy the other party's Confidential Information in its possession, custody, or control, at the other party's option, except that a party may retain one archival copy for legal, compliance, and business recordkeeping purposes. Upon request, the party destroying Confidential Information shall provide written certification of destruction.

   7.7 Survival

   The definitions and all provisions that by their nature should survive termination or expiration will survive, including provisions relating to ownership, warranty disclaimers, indemnification, limitation of liability, confidentiality, payment obligations, restrictions on use, remedies, and general provisions.

   7.8 No Liability for Termination or Non-Renewal

   The rights of termination and non-renewal in this Agreement are absolute. The parties have considered the possibility of termination or non-renewal and any resulting loss or damage in making expenditures and performing under this Agreement. Neither party will be liable to the other for damages or otherwise by reason of termination, expiration, or non-renewal of this Agreement in accordance with its terms. The parties agree that the notice periods in this Agreement are reasonable under the contemplated circumstances.

8. Ownership

   As between the parties and except for the license granted by this Agreement, Sikka and its licensors own all right, title, and interest, including all intellectual property rights, in and to the API Documentation, Licensed Materials, Sikka Platform Software, API Data, and Sikka Support Portal. Licensee owns all right, title, and interest in and to the App, excluding the Licensed API incorporated therein and any other Sikka software, data, API Data, documentation, or information. All rights not expressly granted to a party by the other party are reserved. There are no implied rights.

9. Disclaimer

   EXCEPT AS EXPRESSLY PROVIDED HEREIN, SIKKA MAKES NO WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE, AND SPECIFICALLY DISCLAIMS AND EXCLUDES ALL OTHER WARRANTIES, INCLUDING ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT OF THIRD PARTY RIGHTS.

   SIKKA DOES NOT WARRANT THAT THE API DOCUMENTATION, LICENSED API, API DATA, LICENSED MATERIALS, SIKKA PLATFORM SOFTWARE, OR SIKKA SUPPORT PORTAL WILL MEET LICENSEE'S NEEDS OR REQUIREMENTS, BE UNINTERRUPTED, BE AVAILABLE AT ANY PARTICULAR TIME, BE ERROR-FREE, OR REMAIN UNCHANGED. SIKKA DOES NOT WARRANT THAT ANY ERRORS WITH THE LICENSED MATERIALS, SIKKA PLATFORM SOFTWARE, OR SIKKA SUPPORT PORTAL ARE CORRECTABLE OR WILL BE CORRECTED, OR THAT ANY OF THE LICENSED MATERIALS, SIKKA PLATFORM SOFTWARE, OR SIKKA SUPPORT PORTAL IS SUITED OR SUITABLE FOR LICENSEE'S COMPUTERS, SYSTEMS, OR COMPUTING ENVIRONMENT.

10. Confidentiality

    10.1 Confidentiality Obligations

    Each party agrees, during and after the Term, to hold the Confidential Information of the other party in confidence and not to use or disclose such Confidential Information to any third party except as expressly permitted by this Agreement. Each party may disclose relevant aspects of Confidential Information to its officers, employees, contractors, accountants, advisors, financing sources, and legal counsel on a need-to-know basis, provided that such recipients are subject to confidentiality obligations that require them to protect the Confidential Information to at least the same extent required under this Agreement.

    Each party shall use reasonable steps to protect Confidential Information from unauthorized or inadvertent disclosure or use, including the steps it uses to protect its own information of like kind. The recipient shall promptly notify the discloser upon learning of any unauthorized use or disclosure of the discloser's Confidential Information.

    10.2 Exclusions

    The obligations in Section 10.1 do not apply to any portion of Confidential Information where the recipient establishes that:

    1. the recipient already possessed the information at the time of disclosure, other than API Data;
    2. the recipient received the information in good faith on a non-confidential basis from a third party lawfully in possession of the information;
    3. the information was publicly known or available at the time of receipt by the recipient or becomes publicly known or available other than through breach of this Agreement or violation of any confidentiality obligation applicable to the information;
    4. the information was independently developed by the recipient without use of, or reference to, the discloser's Confidential Information; or
    5. the information was rightfully provided or made available to a third party free of any obligation of confidentiality.

    10.3 Required Disclosure

    Disclosure of Confidential Information required by applicable statute, regulation, judicial process, or administrative process will not be considered a breach of this Section 10, provided that, to the extent legally permitted, the recipient gives the discloser prompt advance notice of the requirement so the discloser may seek a protective order, confidential treatment, or other limitation on disclosure.

    10.4 Confidential Nature of Agreement

    The parties agree that the terms and conditions of this Agreement are Confidential Information of both parties and shall not be disclosed to any third party, except that a party may disclose a copy of this Agreement and information about this Agreement:

    1. as required by any court or governmental body;
    2. as otherwise required by law, including filings with the Securities and Exchange Commission;
    3. to its accountants, advisors, and legal counsel who have a need to know;
    4. as required in connection with a public offering or securities filing;
    5. in confidence, to accountants, banks, financing sources, and their advisors in connection with due diligence for prospective debt or equity financing;
    6. in connection with enforcement of this Agreement or rights under this Agreement, or any defenses or claims hereunder, including counterclaims; and
    7. in confidence, in connection with due diligence for a bona fide prospective merger, acquisition, sale of assets, financing, or similar transaction.
11. Limitation of Liability

    11.1 Consequential Damages Waiver

    IN NO EVENT WILL SIKKA BE LIABLE FOR ANY LOST PROFITS, LOST SAVINGS, LOSS OF DATA, LOSS OF USE OF SOFTWARE, COSTS OF RECREATING LOST DATA, OR ANY INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, PUNITIVE, OR CONSEQUENTIAL DAMAGES, EVEN IF SIKKA HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES AND NOTWITHSTANDING ANY FAILURE OF ESSENTIAL PURPOSE OF ANY LIMITED REMEDY HEREUNDER.

    11.2 Cap on Liability

    IN NO EVENT WILL SIKKA'S AGGREGATE LIABILITY ARISING OUT OF OR RELATING TO THIS AGREEMENT EXCEED THE AMOUNTS PAID BY LICENSEE TO SIKKA UNDER THIS AGREEMENT IN THE 12 MONTHS BEFORE THE EVENT FIRST GIVING RISE TO THE CLAIM.

12. General

    12.1 Amendment; Waiver

    This Agreement, including the Order Form, may be amended or supplemented only by a writing signed by duly authorized representatives of Licensee and Sikka that identifies itself as an amendment to this Agreement. No term or provision will be considered waived by a party, and no breach excused by a party, unless the waiver or consent is in writing signed on behalf of the party against whom the waiver is asserted. No consent by a party to, or waiver of, a breach by the other party, whether express or implied, will constitute a consent to, waiver of, or excuse of any other, different, or subsequent breach.

    12.2 Severability

    If any provision of this Agreement is held invalid or unenforceable for any reason, the remainder of the provision shall be amended to achieve as closely as possible the economic effect of the original term, and all other provisions shall continue in full force and effect.

    12.3 Governing Law

    The laws of the State of California govern all matters arising out of or relating to this Agreement, without regard to conflicts of laws principles.

    12.4 Assignment

    Except in connection with a merger, acquisition, reorganization, or sale of all or substantially all assets to which this Agreement relates, where the successor or acquirer agrees in writing to be bound by this Agreement, a party may not assign its rights under, or delegate any performance of, this Agreement without the prior written consent of the other party. Any attempted assignment or delegation in violation of this Section is void. This Agreement will bind and inure to the benefit of the parties and their respective successors and permitted assigns.

    12.5 Relationship of the Parties

    The parties are independent contractors. There is no relationship of agency, partnership, joint venture, employment, or franchise between the parties. Neither party has authority to bind the other party or incur any obligation on the other party's behalf.

    12.6 Construction

    The parties agree that this Agreement has been fully negotiated between them and that no rule of construction will be applied against either party in law or equity as the drafter of this Agreement. The titles and headings are for reference only and will not limit the construction of this Agreement, which shall be considered as a whole. As used in this Agreement, the words "include" and "including" and variations thereof will not be deemed terms of limitation and will be deemed followed by "without limitation." In the event of a conflict between this Agreement and the Order Form, this Agreement will control unless the Order Form expressly identifies the specific section and terms of this Agreement that are being overridden.

    12.7 Force Majeure

    Except for the payment of money, a party will not be deemed in default of this Agreement to the extent any delay or failure in performance results from any cause beyond its reasonable control, including acts of God, acts of civil or military authority, embargoes, epidemics, pandemics, war, riots, insurrections, fires, explosions, earthquakes, floods, unusually severe weather conditions, failure of suppliers, acts of terrorism, or widespread internet, telecommunications, or hosting provider outages. If the delay or failure continues for more than 30 days, the other party may terminate this Agreement upon written notice.

    12.8 Export Control

    Licensee acknowledges that the Licensed API and API Data are subject to U.S. export control laws and agrees to comply with those laws. Licensee shall not access, use, export, re-export, or transfer the Licensed API or API Data in violation of applicable export control or sanctions laws.

    12.9 Marketing

    Sikka may use Licensee's name as part of a general list of its API licensees and may refer to Licensee as a licensee of the Licensed Materials in Sikka's advertising, marketing, customer lists, and investor materials. Sikka may use Customers' names and contact information to market its own or approved third-party products and services using email, direct mail, Sikka SPU messaging, marketplace channels, and other customary marketing channels, subject to applicable law and any applicable Business Associate Agreement.

    12.10 Entire Agreement

    This Agreement constitutes the entire agreement between the parties with respect to its subject matter. All prior and contemporaneous negotiations, understandings, and agreements between the parties about the matters contained in this Agreement are merged into and superseded by this Agreement.

    12.11 Near Real Time Refresh

    For clarity, Near Real Time Refresh is a target and does not create any service level commitment, warranty, or guarantee of availability, latency, completeness, or performance.

---

Business Associate Data Access Addendum

This Business Associate Data Access Addendum ("Addendum") is incorporated into and forms part of the Sikka API License Agreement Terms and Conditions, including any applicable Order Form, between Sikka Software Corporation ("Sikka") and Licensee. This Addendum applies only to the extent Licensee accesses, receives, creates, maintains, or transmits PHI through the Sikka API.

1. Definitions

Capitalized terms used but not defined in this Addendum have the meanings given to them in the API License Agreement or HIPAA.

"Authorized Purpose" means the specific purpose for which the applicable Covered Entity has authorized Licensee to access or use PHI through the Sikka API.

"Covered Entity" means a healthcare provider, health plan, healthcare clearinghouse, or other entity that has authorized Licensee to access PHI through the Sikka API.

"HIPAA" means the Health Insurance Portability and Accountability Act of 1996, the HITECH Act, and their implementing regulations, as amended.

"Licensee's CE BAA" means the business associate agreement between Licensee and the applicable Covered Entity authorizing Licensee to access or use PHI.

"PHI" means protected health information, as defined under HIPAA, that is made available to Licensee through the Sikka API.

"Sikka's CE BAA" means the business associate agreement between Sikka and the applicable Covered Entity authorizing Sikka to make PHI available through the Sikka API.

"Unsecured PHI" has the meaning given to that term under HIPAA.

2. Independent Business Associate Relationship

Sikka and Licensee are independent Business Associates. Nothing in this Addendum makes either party a subcontractor, agent, employee, or representative of the other. Each party is independently responsible for its own obligations under HIPAA, its applicable business associate agreements, and applicable law.

Licensee's access to PHI through the Sikka API is conditioned on the applicable Covered Entity's authorization, Licensee's CE BAA, and Sikka's confirmation of enrollment for that Covered Entity.

This Addendum does not replace, amend, or satisfy either party's separate business associate agreement with any Covered Entity. Each party remains solely responsible for maintaining its own applicable Covered Entity authorization and business associate agreement.

3. Licensee Obligations

Licensee shall:

1. access, use, and disclose PHI only for the Authorized Purpose, as permitted by Licensee's CE BAA, this Addendum, and applicable law;
2. not access PHI for any Covered Entity unless Licensee has a current and valid Licensee's CE BAA with that Covered Entity;
3. not use PHI for the benefit of any third party or for any purpose not authorized by the applicable Covered Entity;
4. not combine or commingle PHI from multiple Covered Entities except as expressly authorized by each applicable Covered Entity;
5. implement and maintain appropriate administrative, physical, and technical safeguards to protect PHI, including compliance with the HIPAA Security Rule for Electronic PHI;
6. encrypt PHI transmitted from or through the Sikka API and not store PHI in unencrypted form;
7. ensure that any subcontractor or agent that receives PHI from Licensee agrees in writing to restrictions and protections at least as protective as those in this Addendum;
8. remain responsible for the acts and omissions of its subcontractors and agents involving PHI;
9. document disclosures of PHI as required to permit the applicable Covered Entity to respond to requests for an accounting of disclosures; and
10. not exchange PHI for remuneration except as permitted by HIPAA and applicable law.

Licensee may de-identify PHI only to the extent permitted by HIPAA, Licensee's CE BAA, and the applicable Covered Entity's authorization. Properly de-identified information is not PHI under this Addendum.

4. Reporting and Mitigation

Licensee shall notify Sikka without unreasonable delay, and in any event within five days after discovery, of any unauthorized use or disclosure of PHI, Breach of Unsecured PHI, or security incident involving PHI accessed through the Sikka API.

Licensee shall also notify the applicable Covered Entity as required by HIPAA, Licensee's CE BAA, and applicable law.

Licensee shall mitigate, to the extent practicable, any harmful effect known to Licensee resulting from any unauthorized use or disclosure of PHI by Licensee, its subcontractors, or its agents.

Notice is deemed provided for routine unsuccessful security events, such as pings, port scans, failed login attempts, denial-of-service attempts, and similar unsuccessful attacks, unless notice is required by HIPAA or applicable law.

5. Sikka Obligations

Sikka shall:

1. make PHI available to Licensee through the Sikka API only to the extent authorized by the applicable Covered Entity and Sikka's CE BAA;
2. use appropriate administrative, physical, and technical safeguards to protect PHI transmitted through the Sikka API; and
3. notify Licensee without unreasonable delay of any Breach of Unsecured PHI or unauthorized use or disclosure of PHI that Sikka becomes aware of, to the extent the incident relates to PHI of a Covered Entity for which Licensee is enrolled.

6. Suspension or Revocation of Access

Sikka may suspend or terminate Licensee's access to PHI for a Covered Entity if:

1. the Covered Entity revokes or modifies Licensee's authorization;
2. Licensee's CE BAA with the Covered Entity expires or terminates;
3. Sikka's CE BAA with the Covered Entity expires, terminates, or requires suspension or termination of access;
4. Sikka reasonably believes Licensee has violated this Addendum, HIPAA, or applicable law; or
5. suspension or termination is reasonably necessary to protect the privacy or security of PHI.

Sikka will provide reasonable notice of suspension or termination unless immediate action is required to protect PHI, comply with law, or comply with Sikka's obligations to the applicable Covered Entity.

7. Effect of Termination

Upon termination or expiration of the API License Agreement, Licensee's access to PHI through the Sikka API will terminate.

Licensee shall return or destroy all PHI received through the Sikka API, including PHI held by Licensee's subcontractors or agents, in accordance with the API License Agreement, Licensee's CE BAA, and applicable law. Licensee shall retain no copies of such PHI except to the extent return or destruction is infeasible or retention is required by law.

If return or destruction is infeasible or retention is required by law, Licensee shall continue to protect such PHI under this Addendum and limit further uses and disclosures to the purposes that make return, destruction, or retention infeasible or legally required.

8. Documentation

Upon Sikka's reasonable request, Licensee shall provide documentation reasonably sufficient to verify Licensee's compliance with this Addendum, including evidence of Licensee's CE BAA, Covered Entity authorization, relevant security certifications or summaries, and remediation records relating to any Breach or security incident involving PHI accessed through the Sikka API.

9. Indemnification

Licensee shall indemnify, defend, and hold harmless Sikka and its officers, directors, employees, affiliates, and agents from and against all claims, damages, losses, penalties, fines, costs, and expenses, including reasonable attorneys' fees, arising out of or related to:

1. Licensee's breach of this Addendum;
2. Licensee's violation of HIPAA or applicable privacy or security laws;
3. Licensee's unauthorized access, use, disclosure, retention, or transmission of PHI;
4. Licensee's failure to maintain a valid Licensee's CE BAA or Covered Entity authorization; or
5. acts or omissions of Licensee's subcontractors or agents involving PHI.

10. Conflicts; Survival; Interpretation

If this Addendum conflicts with the API License Agreement with respect to PHI, HIPAA, or privacy or security obligations involving PHI, this Addendum controls. In all other respects, the API License Agreement controls.

The obligations that by their nature should survive termination will survive, including obligations relating to PHI protection, return or destruction of PHI, restricted use and disclosure, documentation, indemnification, and interpretation.

Any ambiguity in this Addendum will be interpreted to permit the parties to comply with HIPAA and applicable law.