GENERAL TERMS

1. INTRODUCTION

(a) This web site, web-based portal, associated mobile app and the services provided hereby (the “Service”) is owned by and under the control of Cambalt Solutions, Inc. (d/b/a Bento) (“Bento”). Use and access of the Service is subject to the following terms and conditions of use (the “EULA”) and all applicable laws and regulations. Please read this EULA carefully. By accessing, viewing or otherwise using the Service you, on behalf of yourself and all of your authorized representatives (collectively, the “User”) agree to the terms and conditions of this EULA. User and Bento are individually hereinafter referred to as a “Party” and collectively as the “Parties.”

(b) From time to time, Bento may without advance notice: (a) supplement or make changes to this EULA and other rules or access and use procedures, documentation, security procedures and standards for equipment, (b) change the type and location of Bento’s system equipment, facilities or software, or (c) modify or withdraw any particular service or product referred to in the Service or any Bento database, material, service or system. Any updates to this EULA shall be posted on the log-in page for the Service, from time to time. User acknowledges its responsibility to review the EULA’s terms and conditions from time to time and to be aware of any such changes.

BENTO DOES NOT GUARANTEE THE SPEED IN WHICH ANY MESSAGE SENT THROUGH, OR PROCESSED, BY THE SERVICE WILL BE DELIVERED TO ITS INTENDED RECIPIENT. IF A PATIENT USER IS EXPERIENCING AN EMERGENCY, YOU MUST DIAL 911 OR CONTACT YOUR DENTAL AND/OR MEDICAL PROVIDER DIRECTLY.

BENTO DOES NOT PROVIDE MEDICAL OR DENTAL ADVICE OR DIAGNOSIS. USE OF THE SERVICE DOES NOT CREATE A DENTIST-PATIENT RELATIONSHIP. YOU ARE SOLELY RESPONSIBLE FOR YOUR DECISION TO OBTAIN TREATMENT FROM A MEDICAL AND/OR DENTAL PROCESSIONAL.

NOT INSURANCE.  The Service is health insurance and neither this EULA nor any other agreement entered into between Bento and User constitute agreements to provide insurance (collectively, the “User Agreements”). Neither the Service nor any of the User Agreements qualify as minimum essential coverage to satisfy the individual shared responsibility provision of the Patient Protection and Affordable Care Act, 26 U.S.C. s. 5000A.

2. SERVICES

(a) Subject to the terms and conditions of this EULA, Bento shall provide the Service to User, and User may access and use the Service for the sole purpose of utilizing Bento’s dental benefits management platform for its intended purpose, provided, however, that Bento shall have no obligation to support User’s use of the Service in the event that: (i) User modifies the Service (or any component thereof) without Bento’s prior written consent; (ii) any error is caused in whole or in part by persons other than Bento, including without limitation, User’s failure to properly enter or transmit data; or (iii) any error is caused in whole or in part by User’s installation or use of the Service in association with operating environments and platforms other than those specified, and supported, by Bento.

(b) To the extent that the Service incorporates any third-party software licensed by Bento, then, in addition to the terms set forth herein, User must comply with any additional terms, restrictions, or limitations applicable to such third-party software, to the extent that Bento has notified User of such terms, restrictions, or limitations. Additionally, User acknowledges that Bento shall have the right to subcontract performance of its hosting services, in which event the service levels provided by any third-party hosting provider (including, without limitation, any service levels that are stricter than the service levels offered by User) will be incorporated herein by reference.

(c) Bento does not provide Users with the equipment to use the Service. User shall procure, install and maintain all equipment, Internet connections and other hardware (other than the hardware constituting the support center maintained at Bento’s facilities) necessary for User to connect to and access the Service. Additionally, User is responsible for all fees charged by third parties to access and use the Service (e.g., charges by mobile carriers). Without limiting the foregoing, User is solely responsible for the payment of all applicable fees associated with any Internet service provider or carrier service plan User uses in connection with its use of the Service (such as voice, data, SMS, MMS, roaming, other applicable fees charged by the carrier).

3. USER IDS

User will comply with all of Bento’s rules and regulations and security restrictions in connection with use of the Service. Each User will be assigned a unique User identification name and password for access to and use of the Service (“User ID”). User shall be solely responsible for ensuring the security and confidentiality of all User IDs. User acknowledges that it will be fully responsible for all liabilities incurred through its inappropriate use of any User ID and that any transactions under a User ID will be deemed to have been performed by User, except where the User ID information was acquired by a third party from Bento. Use or disclosure of any User ID by User, other than as provided in this EULA, shall be considered a breach of this EULA by User. User may not share its User ID with any other user of the Service.

4. PROPRIETARY RIGHTS

User acknowledges Bento’s proprietary rights in the Service and associated documentation and shall protect the proprietary nature thereof. If User suggests any new features, functionality or performance for the Service that Bento subsequently incorporates into the Service (or any other software or service), User hereby acknowledges that (i) Bento shall own, and has all rights to use, such suggestions and the Service (or any other service) incorporating such new features, functionality, or performance shall be the sole and exclusive property of Bento; and (ii) all such suggestions shall be free from any confidentiality restrictions that might otherwise be imposed upon Bento.

5. USER INFORMATION; DATA RETENTION AND COLLECTION

(a) User grants to Bento a non-exclusive license to copy, use and display any and all personally identifiable data, information or communications sent, or entered by Users while accessing the Service (“User Information”) solely to the extent necessary for Bento to provide the Service. User acknowledges that Bento exercises no control whatsoever over the content of the User Information. Bento is under no obligation, however, to review User Information for accuracy, potential liability or for any other reason.

(b) Bento shall have the right to utilize data capture, syndication and analysis tools, and other similar tools, to extract, compile, synthesize, and analyze any non-personally identifiable data or information (including, without limitation, User Information) resulting from User’s access and use of the Service (“Blind Data”). To be considered Blind Data, information must be fully de-identified in compliance with HIPAA’s regulations. To the extent that any Blind Data is collected by Bento, such Blind Data shall be solely owned by Bento and may be used by Bento for any lawful business purpose without a duty of accounting to User, provided that the Blind Data is used only in an aggregated, fully de-identified form, without specifically identifying the source of the Blind Data. Bento agrees to comply with the applicable U.S. laws and regulations respecting the dissemination and use such Blind Data.

(c) Bento has appropriate security measures in place to protect personally identifiable information and sensitive data that is generated by User’s use of the Service and received by Bento. While no computer system or server is completely secure, Bento believes the measures it has implemented reduce security problems. Accordingly, Bento’s Privacy Policy located at https://bento.net is hereby incorporated into this EULA be reference.

(d) Bento will not alter any information received from User through User’s use of the Service if such alteration would render the information inaccurate.

6. USER RESTRICTIONS

User agrees not to: (i) copy, decompile, reverse engineer, disassemble, attempt to derive the source code, modify or create derivative works of the Service or any Service related documentation; (ii) upload or distribute in any way files that contain viruses, Trojan horses, worms, time bombs, logic bombs, corrupted files, or any other similar software or programs that may damage the operation of the Service or another’s computer; (iii) use the Service for illegal purposes; (iv) violate or attempt to violate the security of the Service or use the Service to violate the security of other web sites by any method; (v) access data not intended for User or log into a server or account which User is not authorized to access; (vi) interfere or disrupt networks connected to the Service; (vii) upload, post, promote or transmit through the Service any unlawful, harassing, libelous, abusive, threatening, harmful, vulgar, obscene, hateful, racially, ethnically or otherwise objectionable material of any kind or nature; (viii) upload amounts of data and/or materials in excess of any limits specified by Bento from time to time and not to create large numbers of accounts or otherwise transmit large amounts of data so as to clog the Service or comprise a denial of service attack or otherwise so as to have a detrimental effect on the Service; or (ix) upload, promote, transmit or post any material that encourages conduct that could constitute a criminal offence or give rise to civil liability.

7. PAYMENT PROCESSING

(a) Bento processes payment transactions on behalf of Users, as the agent of the User, through the appropriate bank, credit card or debit card network, as applicable. When a User chooses to use the Service to facilitate a payment (either to make or receive a payment hereby), the User hereby consents to Bento facilitating and/or processing payments made or received through the Service, including, without limitation, the consent to access, charge or debit a User’s credit card, debit card, bank account or other payment mechanism. Users agree that Users shall be responsible for the cost of any credit card payment processing fees and that Bento may deduct such credit card processing fees from any payments made to Users through the Service.

(b) Each User acknowledges and agrees that a payment transaction made through the Service is a transaction between Users and not with Bento. Bento is not a party to any payment transaction for the purchase of medical services and Bento is not a buyer or seller in connection with any payment transaction.

(c) Users may only use the Service to process a payment transaction for a dental care related product or service provided by another User through a legitimate, bona fide sale of such product or service. The Service may not be used to process a payment transaction, or otherwise transfer money between Users, that is unrelated to a dental care related purchase. Users may not use the Service to purchase any illegal goods or services or for any other underlying illegal transaction.

(d) All payment transactions processed through the Service are non-refundable to a User by Bento and are non-reversible by a User through the Service. Users may have additional refund or charge-back rights under the agreement a User has with the issuer of the User’s payment instrument (i.e., its credit or debit card agreement) or applicable state and federal laws. User should review its periodic statement received from the issuer of its payment instrument which will reflect all purchase transactions through the Service.

(e) Payment processing services for Users on Bento are provided by Stripe and are subject to the Stripe Connected Account Agreement, which includes the Stripe Terms of Service (collectively, the “Stripe Services Agreement”). By agreeing to this agreement or continuing to operate as a User on Bento, you agree to be bound by the Stripe Services Agreement, as the same may be modified by Stripe from time to time. As a condition of Bento enabling payment processing services through Stripe, you agree to provide Bento accurate and complete information about you and your business, and you authorize Bento to share it and transaction information related to your use of the payment processing services provided by Stripe.

(f) If Users receiving payments from Bento in connection with the Service desires to receive payment by check, such Users agree that Bento shall be entitled to assess a check fee of $1.00 per check and that Bento may deduct check fees from any payments by Bento to such Users.

8. CONDUCT WITHIN PUBLIC AREAS OF SITE

(a) The Service may contain e-mail services, bulletin board services, forums, communities or other message or communication facilities designed to enable Users to communicate and interact with other Users (the “Public Areas”). User agrees to use the Public Areas only to post, send and receive messages and materials that are proper and, when applicable, related to the particular Public Area. Bento has no obligation to monitor the Public Areas, provided, however, Bento reserves the right to review materials posted to the Public Areas and to remove any materials at any time, without notice, for any reason and in our sole discretion. Bento reserves the right to terminate or suspend User’s access to any or all of the Public Areas at any time, without notice, for any reason whatsoever. User acknowledges that postings and other communications posted in the Public Areas by other Users are not controlled or endorsed by Bento, and such communications shall not be considered reviewed, screened or approved by Bento Statements made in postings, forums, bulletin boards and other Public Areas reflect only the views of their respective authors. Bento specifically disclaims any liability with regard to the Public Areas and any actions resulting from a User’s participation in any Public Areas.

(b) User acknowledges and agrees that User’s communications with other Users via the Public Area or otherwise are public and not private communications, and that User has no expectation of privacy concerning User’s use of the Public Areas. User acknowledges that personal information that User communicates on the Public Areas may be seen and used by others and result in unsolicited communications; therefore, BENTO STRONGLY ENCOURAGES USERS NOT TO DISCLOSE ANY PERSONAL INFORMATION ABOUT THEMSELVES THROUGH THE PUBLIC AREAS. Bento is not responsible for information that User chooses to communicate via the Public Areas, or for the actions of other Users. Further, User grants Bento a non-exclusive, transferable, sub-licensable, royalty-free, worldwide license to use, in the promotion of Bento or the Service, any content that User posts on or in connection with a Public Area, including, without limitation, the posting of such content on Bento’s social media accounts.

9. DISCLAIMER OF WARRANTIES

THE SERVICE IS PROVIDED “AS IS” AND “AS AVAILABLE” WITH ALL FAULTS AND WITHOUT WARRANTY OF ANY KIND. BENTO MAKES NO REPRESENTATION OR WARRANTY (EXPRESS, IMPLIED OR STATUTORY) WITH RESPECT TO THE SERVICE, INCLUDING, WITHOUT LIMITATION, ANY WARRANTY OF FITNESS FOR A PARTICULAR PURPOSE, ACCURACY (OTHER THAN ERRORS INTRODUCED BY BENTO) MERCHANTABILITY, OR NON-INFRINGEMENT. BENTO DOES NOT WARRANT THAT THE SERVICE WILL OPERATE UNINTERRUPTED OR ERROR-FREE. USER ASSUMES THE RESPONSIBILITY TO TAKE ADEQUATE PRECAUTIONS AGAINST DAMAGES TO USER’S SYSTEMS OR OPERATIONS WHICH COULD BE CAUSED BY DEFECTS OR DEFICIENCIES IN THE SERVICE. USER ALSO ACKNOWLEDGES THAT ELECTRONIC COMMUNICATIONS AND DATABASES ARE SUBJECT TO ERRORS, TAMPERING AND BREAK- INS AND THAT WHILE BENTO WILL IMPLEMENT REASONABLE AND APPROPRIATE SECURITY PRECAUTIONS TO ATTEMPT TO PREVENT SUCH OCCURRENCES, BENTO DOES NOT GUARANTEE THAT SUCH EVENTS WILL NOT TAKE PLACE. USER SHALL IMPLEMENT AND TAKE RESPONSIBILITY FOR (I) BACKING UP ALL USER DATA AND (II) INSTITUTING APPROPRIATE REVIEW AND CONFIRMATION PROCEDURES TO VERIFY AND CONFIRM TRANSACTIONS THROUGH THE SERVICE.

AS PART OF THE SERVICE, BENTO MAY INCLUDE THIRD PARTY PRODUCTS AND SERVICES WITH THE SERVICE. BENTO HEREBY DISCLAIMS ANY AND ALL LIABILITY, INCLUDING ANY EXPRESS OR IMPLIED WARRANTIES, WHETHER ORAL OR WRITTEN, FOR SUCH THIRD PARTY PRODUCTS AND SERVICES. USER ACKNOWLEDGES THAT NO REPRESENTATION HAS BEEN MADE BY BENTO AS TO THE MERCHANTABILITY OR THE FITNESS OF SUCH THIRD PARTY PRODUCTS AND SERVICES FOR USER’S INTENDED PURPOSE. ANY WARRANTIES RELATED TO ANY THIRD PARTY PRODUCTS AND SERVICES WITH THE SERVICE, IF ANY, WILL PROVIDED BY THE PROVIDER OF SUCH THIRD PARTY PRODUCTS AND SERVICES.

10. LIMITATION OF LIABILITY

TO THE MAXIMUM EXTENT PERMITTED BY LAW, IN NO EVENT WILL BENTO OR ITS SUPPLIERS/LICENSORS BE LIABLE TO USER OR ANY THIRD PARTY FOR ANY SPECIAL, INCIDENTAL, CONSEQUENTIAL, PUNITIVE, OR INDIRECT DAMAGES (WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE), OR OTHERWISE), WHICH INCLUDE, WITHOUT LIMITATION, DAMAGES FOR PERSONAL INJURY, LOST PROFITS, LOST DATA AND BUSINESS INTERRUPTION, ARISING OUT OF THE USE OF, OR INABILITY TO USE, THE SERVICE, ITS CONTENT OR PRODUCTS, OR ANY OF ITS THIRD PARTY CONTENT AVAILABLE THROUGH THE SERVICE, EVEN IF BENTO HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. IN ANY CASE, THE ENTIRE LIABILITY OF BENTO AND ITS SUPPLIERS/LICENSORS UNDER THIS EULA FOR ALL DAMAGES, LOSSES, AND CAUSES OF ACTION (WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE), OR OTHERWISE) IS LIMITED TO THE AMOUNT PAID BY USER, IF ANY, FOR ACCESS TO THE SERVICE.

11. TERM; TERMINATION

(a) This EULA shall commence upon Bento providing User with access to the Service and shall continue until terminated in accordance with the terms hereof. This EULA will automatically terminate in the event User breaches any of these terms. Termination will be effective without notice. User may terminate thus EULA at any time by ceasing to use the Service. Additionally, Bento reserves the right to terminate access to this Service or take other actions it reasonably believes necessary to comply with the law or to protect its rights or those of its Users.

(b) Upon termination of the EULA for any reason, User’s right to use the Service shall immediately cease. The terms and provisions of this EULA, other than the continued use of the Service, shall survive any termination of this EULA. Termination of this EULA shall not relieve either party of any obligation accrued prior to the termination date.

(c) User acknowledges and agrees that in the event of a material breach of this EULA by User, Bento shall be entitled to seek injunctive relief against User.

(d) If a User enrolled in any dentist sponsored in-office dental plan administered by Bento (“In-Office Plans”) cancels his or her membership within the first 30 days after the effective date of enrollment in such In-Office Plan and User has not received any services from the provider sponsoring the In-Office Plan, such User will receive a full refund of any enrollment fees after notification of cancellation is provided to Bento.  Any cancellation of membership in an In-Office Plan more than 30 days after enrollment shall be subject to the terms and conditions of the policies of the dental provider sponsoring the In-Office Plan.

12. CONFIDENTIAL INFORMATION

(a) “Confidential Information” means the Service, its associated documentation, Bento’s pricing for the Service, and other information disclosed by Bento under this EULA that is designated as confidential or that by its nature would reasonably be expected to be kept confidential.

(b) Notwithstanding the previous paragraph, Bento’s Confidential Information shall not include information that (i) is or becomes publicly available through no act or omission of User; or (ii) was in User’s lawful possession prior to the disclosure and had not been obtained by User either directly or indirectly from Bento; or (iii) is lawfully disclosed to User by a third party not bound by a duty of non-disclosure; or (d) is independently developed by User without access to or use of the Confidential Information.

(c) User agrees to hold the Confidential Information in confidence. User agrees not to make the Confidential Information available in any form to any third party or to use the Confidential Information for any purpose other than performing its obligations or enjoying its rights under this EULA. User agrees to use the same degree of care that it uses to protect its own confidential information of a similar nature and value, but in no event less than a reasonable standard of care, to ensure that Confidential Information is not disclosed or distributed by its employees or agents in violation of the provisions of this EULA.

(d) Notwithstanding the foregoing, User may disclose the Confidential Information to the extent that such disclosure is required by law or court order, provided, however, that User provides to Bento prior written notice of such disclosure and reasonable assistance in obtaining an order protecting the Confidential Information from public disclosure.

(e) After termination or expiration of this EULA, User shall return to Bento any Confidential Information in User’s possession or control.

 

MISCELLANEOUS TERMS

1. RELATIONSHIP BETWEEN THE PARTIES

This EULA shall not be construed as creating any agency, partnership, joint venture, or other similar legal relationship between the Parties; nor will either Party hold itself out as an agent, partner, or joint venture party of the other party.

2. COMPLIANCE WITH LAW

Each Party shall comply with all applicable laws and regulations of governmental bodies or agencies in its performance under this EULA.

3. NOTICE

Bento may direct all notices intended for a User to the User’s email address provided upon registration of the Service (which a User may update from time to time in the User settings available within the Service). All notices required to be delivered to Bento shall be delivered to Bento via the Service.

4. WAIVER

No waiver shall be implied from conduct or failure to enforce rights. No waiver shall be effective unless in a writing signed by both Parties.

5. SEVERABILITY

If any provision of this EULA is held to be invalid, void or unenforceable, such provision shall be deemed to be restated to reflect as nearly as possible the original intentions of the parties in accordance with applicable law, and the remaining provisions of this EULA shall remain in full force and effect.

6. ASSIGNMENT

User may not assign or delegate any of its rights, interest or obligations hereunder, whether by operation of law or otherwise, without the prior written consent of Bento. The sale of a controlling interest in User through a single transaction or a series of transactions shall be deemed an assignment hereunder for which Bento’s consent is required. Bento may assign and delegate this EULA to successors in the event of a merger, acquisition or other change in control. This EULA shall bind and inure to the benefit of the parties and their respective successors and permitted assigns.

7. GOVERNING LAW; ARBITRATION

This EULA and all claims related to it, its execution or the performance of the parties under it, shall be construed and governed in all respects according to the internal laws of the State of Delaware without regard to the conflict of law provisions thereof. User hereby waives any right to bring any claim against Bento in court (including any right to a trial by jury), except as provided by the rules of the arbitration forum in which a claim is filed. User waives any right it may have to start or participate in, and agrees to opt out of, any class action against Bento arising from or relating to the Service or this EULA. Any controversy or claim arising out of or relating to an alleged breach of this EULA or the operation of this Service shall be settled by binding arbitration in accordance with the commercial arbitration rules of the American Arbitration Association before a single arbitrator. Any such controversy or claim shall be arbitrated on an individual basis, and shall not be consolidated in any arbitration with any claim or controversy of any other party. The arbitration shall be conducted in Boston, Massachusetts and the language of such arbitration shall be English. Bento may seek any interim or preliminary relief from a court of competent jurisdiction necessary to protect Bento’s rights or property pending the completion of arbitration. The arbitrator shall not have the authority, power, or right to alter, change, amend, modify, add, or subtract from any provision of this EULA. The arbitrator shall have the power to issue mandatory orders and restraining orders in connection with the arbitration. The award rendered by the arbitrator shall be final and binding on the parties, and judgment may be entered thereon in any court of competent jurisdiction.

8. FORCE MAJEURE

Neither Party shall be in default or otherwise liable for any delay in or failure of its performance under this EULA where such delay or failure arises by reason of any Act of God, or any government or any governmental body, war, insurrection, acts of terrorism, the elements, strikes or labor disputes, or other similar or dissimilar causes beyond Bento’s control. Certain obligations may require the cooperation of third parties outside the control of a Party. In the event such third parties fail to cooperate in a manner that reasonably permits the performance of a Party’s obligations, such failures shall be considered as causes beyond the control of the Party for the purposes of this Section and shall not be the basis for a determination that such Party is in breach of any of its obligations under this EULA or is otherwise liable.

9. ENTIRE AGREEMENT

This EULA together with all the other agreements including the separate BAA shall constitute the complete agreement between the Parties and supersedes all previous agreements or representations, written or oral, with respect to the subject matter hereof.

 

BUSINESS ASSOCIATE AGREEMENT

1. BUSINESS ASSOCIATE

To the extent that, by way of providing the Service to User, (i) Bento is considered a “Business Associate” of User as defined in Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), as amended, including all pertinent regulations set forth in Title 45, Parts 160 and 164 of the Code of Federal Regulations issued by the U.S. Department of Health and Human Service as either have been amended by Subtitle D of the Health Information Technology for Economic and Clinical Health Act of 2009 (“HITECH Act”); and (ii) the Service involves the use and/or disclosure of Protected Health Information

(“PHI”); the parties acknowledge their desire to comply with HIPAA and the Final Rule for Standards for Privacy of Individually Identifiable Health Information adopted by the United States Department of Health and Human Services and codified at 45 C.F.R. part 160 and part 164, subparts A & E (the “Privacy Rule”), the HIPAA Security Rule, codified at 45 C.F.R. Part 164 Subpart C (the “Security Rule”) and the Breach Notification Rule, codified at 45 C.F.R. Sections 164.400 to 164.414. To the extent that (i) User is not a Covered Entity, as defined in HIPAA, or (ii) Bento’s provision of the Service to User does not trigger HIPAA, this Section 13 will not apply to Bento or User.

2. PERMITTED USES AND DISCLOSURES

Bento may use and disclose PHI, if in the course of performing services for or on behalf of User, or as required by law. Bento may also use PHI for the proper management and administration of Bento, or to carry out the legal responsibilities of Bento. Bento may disclose PHI for its proper management and administration, or to carry out its legal obligations, provided that (i) the disclosures are required by law, or (ii) Bento obtains reasonable assurances from the person to whom the PHI is disclosed that the PHI will remain confidential and be used or further disclosed only as required by law or for the purposes for which it was disclosed to the person, and the person notifies Bento of any instances of which it is aware in which the confidentiality of the PHI has been breached. Bento also may use PHI to de-identify the information in accordance with 45 CFR § 164.514.

3. BENTO’S OBLIGATIONS

Bento shall:

(a) not use or disclose PHI other than as permitted by this Section 3 or as required by law;

(b) implement appropriate and reasonable safeguards to prevent use or disclosure of PHI other than as permitted herein, and comply with the applicable provisions of the Security Rule;

(c) report to the User any use or disclosure of PHI not provided for by this Section 13 of which Bento becomes aware, including Breaches of Unsecured PHI as required by 45 CFR § 164.410, and any Security Incident of which it becomes aware, within ten (10) business days of discovery;

(d) ensure that its agents and subcontractors to whom it may provide PHI agree to the same terms and conditions through a written contractual arrangement that complies with 45 CFR § 164.314;

(e) make available to the Secretary of Health and Human Services, Bento’s internal practices, books and records relating to the use or disclosure of PHI for purposes of determining User’s compliance with HIPAA;

(f) mitigate, to the extent practicable, any harmful effect that is known to Bento of any uses or disclosures of PHI that do not comply with the terms herein;

(g) make available PHI in a Designated Record Set to User as necessary to satisfy User’s obligations under 45 CFR 164.524;

(h) make any amendments to PHI in a Designated Record Set as directed or agreed to by the User pursuant to 45 CFR 164.526;

(i) document such uses and disclosures of PHI and, upon User’s request, provide such information as would be required for User to account for disclosures of PHI as required under HIPAA;

(j) upon Bento ceasing to perform services for or on behalf of User, destroy all PHI received or if such destruction of PHI is not feasible, continue to abide by the terms set forth herein with respect to such PHI; and

(k) Bento hereby agrees to comply with applicable state laws relevant to PHI.

4. PRIVACY RULE

To the extent Bento is to carry out one or more of User’s obligation(s) under the Privacy Rule, Bento shall comply with the requirements of the Privacy Rule that apply to the User in the performance of such obligations.