This Service Agreement (“SA”), effective as of today (“Effective Date”) is entered into by and between The Live Network, Inc. DBA Student.Health  (“Service Provider”, “we”, “our”, “us”, “TLN”, or the “Company”) and you on behalf of yourself/itself and your/its subsidiaries (“Healthcare Provider” or “Provider” or  “you”) For purposes of this SA, Provider and TLN may each be referred to as a “Party” and collectively as “Parties.”

TLN as service provider, will have the role of providing services through the Student.Health Platform so that the Provider can provide assessment, prevention, and support and education services to their clients. The Site includes collection, using, storing, and disclosing PHI (as defined below) as required for the Provider to provide assessment and support services  and the user to receive appropriate consent based on their institutional expectations and in accordance with their local law. This SA also applies to any and all additional services provided by TLN to Provider via platforms not directly accessible to Users via the Site but that involve collecting, using, storing, processing or disclosing PHI in any manner. The services include all of the following: 

1. 256-Bit Elliptical Encryption
2. Encrypted Messaging
3. Appointment Scheduling
4. Encrypted Client Storage 
5. Electronic Student/health Records 
6. Client Contact/Session Notes
7. Assessment and Data Collection
8. Public Facing Webpage and Blog

Providers may choose to use one or more of the services outlined above.

RECITALS

This SA is an addendum to the Provider Terms of Service, and Sitewide Terms of Use and Privacy Policy found on the Site. The other documents referenced above detail the basic practices of the Site. This SA applies only to the use of the Assessment and PHI  and other services in the Statement of Work entered between TLN and Provider and does not apply to the Public Engagement portions of the Site or any current or future services not explicitly intended to receive, store, or transmit PHI. The use of any public and/or unsecured portions of the Site to receive, store, or transmit PHI in any form is prohibited and constitutes a material breach of this SA.

WHEREAS, Provider has retained TLN to provide certain services to be performed for or on behalf of Provider, which are described above and, in connection with those services, TLN may use or disclose certain PHI in accordance with the consents provided where required by law, and applicable privacy laws;

WHEREAS, the Parties desire to establish the terms related to the services provided by TLN to assist Provider in providing Assessment Services to users of the Site and/or such additional services provided by TLN as outlined in any Statements of Work entered by the Parties; and

NOW THEREFORE, in consideration of these premises and the mutual promises and agreements hereinafter set forth, Provider and TLN hereby agree as follows:

1. DEFINITIONS 

1.1. “Breach” means the acquisition, access, use, or disclosure of PHI in a manner not permitted by Applicable Privacy Laws that compromises the security or privacy of the PHI. 

1.2 “Applicable Privacy Laws” means privacy laws applicable to Provider in the jurisdiction in which it is providing services. 

1.3. “PHI” means “personal health information” as, and is defined to include all personal information that is considered personal health information/health information under applicable privacy laws and that is provided or generated limited to the information received from, or received or created on behalf of, Provider by TLN in the course of providing Assessment and Prevention Services or any additional services outlined in Statements of Work entered by the Parties. 

1.4. “Security Incident” means an attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or interference with system operations in an information system and involving PHI that is created, received, maintained, or transmitted by or on behalf of Provider in electronic form. 

2. APPLICABILITY 

This SA shall be applicable solely to PHI received by TLN from Provider/Client with the consent of the User, where required by applicable law, and created, received, processed or maintained by TLN in connection with Provider’s use of Assessment and Prevention Services or any additional services outlined in Statements of Work entered by the Parties. It is further understood and agreed that this SA does not apply to the Public Engagement portions of the Site or any current or future services not explicitly intended to receive, store, or transmit PHI. Provider agrees that it will not create, submit or store PHI in connection with any services not specifically designed for the receiving, storing, or transmitting or PHI. The use of any public and/or unsecured portions of the Site to receive, store, or transmit PHI in any form is prohibited and constitutes a material breach of this SA.

3. RESPONSIBILITIES OF TLN    

3.1 Permitted Uses and Disclosures.  TLN agrees to use PHI in accordance with the User consent obtained for the Assessment and Prevention Services and Site Terms and Conditions only as necessary to provide the Assessment, Support and Prevention Services set forth in this SA or any additional services outlined in Statements of Work entered by the Parties and TLN agrees to limit uses and disclosure of PHI to the minimum necessary to accomplish the intended purpose of such use, disclosure, or request.  TLN will not use or further disclose PHI other than as permitted or required by this SA, User consent, or Statements of Work or as required by applicable law.  TLN shall comply with all applicable laws at all times.

3.2 Safeguards.  TLN agrees to implement and use appropriate administrative, organizational, physical and technical safeguards to (a) prevent unauthorized use or disclosure of PHI; and (b) reasonably protect the confidentiality, integrity, and availability of the PHI that TLN creates, receives, processes, maintains, or transmits on behalf of Provider.  Such safeguards include a written information security policy, a response plan for Security Incidents/Breaches, periodic security awareness training, and confidentiality/nondisclosure agreements with those independent subcontractors and consultants with which TLN has delegated duties under this SA. TLN’s physical and technical safeguards are described in Schedule A.

3.3 Reporting a Breach.  TLN agrees to promptly report to Provider any unauthorized access, use, disclosure, loss or theft of PHI not provided for by this SA of which it becomes aware and any Security Incident of which TLN becomes aware. Provider will be responsible for notifying their Users federal or territorial privacy commissioners in accordance with their obligations under Applicable Privacy Laws.

3.4 Assistance with Breach Investigation.  In the event of a Breach, TLN will provide reasonable assistance to, and cooperate with, Provider in investigating the Breach and TLN agrees to provide the following information in writing to Provider: (a) Identification of each individual who is the subject of PHI that has been, or is reasonably believed by TLN to have been accessed, acquired, or disclosed; (b) a brief description of the events; (c) date of the potential Breach; (d) date of discovery; (e) type of PHI involved; (f) any preliminary steps taken to mitigate the damage; and (g) a description of the investigatory steps taken. 

3.5 Availability of Information.  TLN agrees to provide access to Provider, within twenty (20) days after receiving a written request from Provider, to PHI about an Individual, sufficient to allow Provider to provide access to such Individual to his or her PHI, in compliance with the requirements of applicable privacy laws.  

3.6 Amendment of Information.  Within twenty (20) days after a written request by Provider, TLN will make PHI available to Provider as reasonably required to fulfill Provider’s   obligations to amend such PHI pursuant to applicable privacy law and TLN  will, as directed by Provider, incorporate any amendments to PHI into copies of such PHI maintained by TLN.

3.7 Requests by Individuals. For PHI held by TLN, in the event that any Individuals request access or amendment to PHI, TLN will promptly notify Provider so that Provider may respond directly to the Individual. 

3.8 Management and Administration.  TLN agrees to only use or disclose PHI if the use relates to the proper management and administration of the provision of Assessment, Support and Prevention Services or any additional services outlined in Statements of Work entered by the Parties, or to carry out the legal responsibilities of TLN; 

3.9 Data Aggregation Services.  TLN may use PHI to provide data aggregation services to Provider on the instructions of and strictly in accordance with the written instructions of the Provider.

3.10 Prohibited Communications.  TLN will not knowingly make or cause to be made any communication about a product or service that is prohibited by applicable privacy law. 

3.11 Mitigation of Damages. TLN   agrees to mitigate, to the extent practical, any harmful effect that is known to TLN of the use or disclosure of PHI by TLN in violation of the requirements of this SA.

3.12 TLN shall make all reasonable efforts to ensure the availability of the Services at all times.  

3.13 TLN shall provide technical support where as required in a timely fashion through email, chat support or by phone if required..

4. RESPONSIBILITIES OF PROVIDER

4.1 Identification of Records.  With respect to the records Provider furnishes to TLN, Provider will identify those records that it considers to be PHI for purposes of this SA. The Parties mutually agree that portions of the site specifically and explicitly identified as a part of the Assessment, Support and Prevention Services, and that the entering of data into any fields within platforms or sites associated with any additional services outlined in any Statements of Work entered into by the Parties, will constitute such identification of records. 

4.2 Minimum Necessary.  Provider will provide to TLN only the minimum PHI necessary to perform the services set forth in a Service Agreement. 

Users must agree to enter appropriate consent or guardian consent for minors as deemed necessary for the user to engage in assessment or additional services not listed  prior to accessing Assessment and Prevention Services via the Site. For any additional services outlined in Statements of Work entered by the Parties, Provider will ensure that it has consent of the User/patient/client to collect, use, disclose and/or transfer PHI to TLN, as required by applicable law.

4.3 Increased Privacy Protections.  In the event that Provider honors a request to restrict the use or disclosure of PHI, Provider will notify TLN of any restriction to the extent any such restriction may limit TLN ’s ability to use and/or disclose PHI as permitted or required under this SA or impose obligations on TLN additional to or inconsistent with the obligations assumed under this SA. However, should such revisions materially increase TLN’s cost of providing services under this SA, Provider shall reimburse TLN  for such increase in cost. 

4.4 Privacy Notice Limitations.  Provider will notify TLN of any limitations in its Notice of Privacy Practices/Privacy Policies, to the extent that any such limitation may affect TLN’s use or disclosure of PHI or impose obligations on TLN additional to or inconsistent with the obligations assumed under this SA or the user’s consent.  In the event that any such limitation materially increases TLN’s cost of providing services under this SA, Provider agrees to reimburse TLN for such increase in cost. 

4.5 Changes in Permission.  Provider will notify TLN of any changes in or revocation of permission by a User/patient/client  to use or disclose PHI, to the extent that such changes may affect TLN’s use or disclosure of PHI or impose obligations on TLN additional to or inconsistent with the obligations assumed under this SA or the User’s consent. In the event that any such change in or revocation of permission materially increases TLN’s cost of providing services under this SA, Provider agrees to reimburse TLN for such increase in cost. 

4.6 Breach Notification.  In the event of a Breach or Security Incident arising from the actions or inactions of TLN or through the back-end portions of the Site (hacking, successful server intrusion, etc.), the parties will cooperate to determine whether notice is to be given to any individuals, regulators, law enforcement agencies, consumer reporting agencies, media outlets, information and privacy commissioners , or others as required by law or as deemed advisable by the parties.  TLN will be solely responsible for the costs of providing such notice.

In the event of a Breach or Security Incident arising from the actions or inactions of the Provider or through the front-end portions of the Site (unsecured password, grant of access to unauthorized third parties, malware on the Provider’s computer, loss of laptop, etc.), Provider will have the sole responsibility to determine whether notice is to be given to any individuals, regulators, law enforcement agencies, consumer reporting agencies, media outlets, the Information and Privacy Commissioner, or others as required by law or in Provider’s discretion.  Provider will be solely responsible for providing such notice and for the costs thereof.  In addition, TLN may, at its discretion, and at its cost, also provide notice, though doing so shall not be construed as relieving the Provider of their responsibilities or the assumption of any liability whatsoever for the Provider’s actions or inactions, unless explicitly agreed to in writing. 

In the event of a Breach or Security Incident arising from indeterminate origins, TLN and Provider will work to collaboratively determine whether notice is to be given to any individuals, regulators, law enforcement agencies, consumer reporting agencies, media outlets, information and privacy commissioners, or others as required by law or in the Parties’ discretion.  Both Parties will share responsibility for providing such notice and will share the costs thereof. In the event that the Parties cannot come to a timely agreement about how to proceed, each Party will be responsible for taking reasonable actions and each Party will assume the costs thereof. In the event that later investigation indicates that the Breach or Security Incident occurred through the actions, inactions, or negligence of the other Party, a Party may request, and is entitled to receive, compensation for any costs incurred in the notification process.

4.7 Other Agents.  Provider agrees to be solely responsible for ensuring that any contractual relationships it has with other individuals or entities comply with applicable privacy laws. 

4.8 Permissible Uses Only.  Except as otherwise provided under this SA or with the user’s consent, Provider will not ask TLN to use or disclose PHI in any manner that would not be permissible under applicable privacy laws. 

4.9 Encryption. TLN offers and requires encryption related to the transmission of data for the provision of services set forth in a Service Agreement. If Provider does not use encryption available on the site for the collection, use, disclosure or storage of PHI (for example by publicly posting PHI), Provider is fully responsible for any resulting liability caused by failing to encrypt information such as PHI. Provider acknowledges that such an action will constitute a material breach of this SA and that the Provider will assume full liability and hold TLN and its employees and officers harmless for any damages resulting from such a failure to encrypt PHI,

4.10 Passwords. TLN requires the use of strong passwords related to the provision of services set forth in a Service Agreement. Provider agrees that it is responsible for maintaining the integrity of such passwords and must take reasonable measures to prevent them from being disclosed to third parties. Any actions taken by third parties given such a password by the Provider shall be as if the Provider had taken the action. In such a case, the TLN agrees to assume full liability and to hold TLN and its employees and officers harmless for any damages resulting from such a grant of access.

4.11 Privacy. TLN requires that Provider and its subcontractors or designees maintain privacy with regard to PHI. Provider agrees that any remote access of the portions of the Site or areas that have any PHI or can be reasonably expected to have PHI be done in a manner that does not compromise privacy or the integrity of the PHI. This includes, but is not limited to: only engaging in Assessment and Prevention Services sessions or reviewing charts in a secure (non-public) environment, logging out of sessions when done, taking precautions against spyware and malware, only logging in from trusted devices and locations, avoidance of negligent privacy practices, resetting of passwords if there is any concern about them being compromised, the selection of strong passwords, and general professional comportment.

4.12 Professional Qualifications. Providers are obligated to comply with all of their individual obligations under the applicable laws or territory where they are practicing including that they are qualified and licensed or have the legal authority to offer Assessment, Support and Prevention services. Providers are solely responsible for ensuring that they are duly authorized to providing Assessment and Prevention services to Users and in the jurisdiction in which Users are receiving Assessment and Prevention services.

4.13 This Service Agreement grants you a non-exclusive subscription license to use the Student.Health platform. Your membership fee will recur monthly or annually based on the payment option you have chosen. Additional credits for further assessments can be purchased at any time.

4.14 Should you wish to increase your support members or sites, the associated fees will be billed pro rata for an annual subscription or monthly based on your initial cost. If your subscription is not renewed, your credits will remain active on your account for a period of 12 months from the date of your last activation. These credits can be used during this period.If you do not utilize your credits within this 12-month period, they will be forfeited without the possibility of reimbursement. Partial refunds for annual membership fees will be considered only within three business days of first activating subscription, and shall  be granted at the sole discretion of the Live Network.

4.15 It is incumbent upon you the client to secure proper consents and to comply with the Health Insurance Portability and Accountability Act (HIPAA), the Family Educational Rights and Privacy Act (FERPA), and any other pertinent student/client privacy regulations. Furthermore, you are obligated to use any information obtained through the use of the site responsibly and ethically, adhering to the principle of 'do no harm.'

5. PERMITTED USES AND DISCLOSURES OF PHI   

Unless otherwise explicitly limited in this SA or user consent, in addition to any other uses and/or disclosures permitted or required by this SA, TLN may:  

5.1 Make any and all uses and disclosures of PHI necessary to provide the Assessment and Prevention services or any additional services as set out in a Statement of Work entered by the Parties or to carry out the legal responsibilities of TLN.

5.2 Use and disclose to subcontractors and agents the PHI in its possession for its proper management and administration of the provision of Assessment and Prevention Services or any additional services outlined in Statements of Work entered by the Parties . 

6. TERM AND TERMINATION  

6.1 Term.  This SA will continue in full force and effect for as long as Provider makes use of Assessment and Prevention Services and/or a Statement of Work remains in full force and effect.  The term of this SA will be effective as of the Effective Date and will continue in effect unless terminated as authorized in Section 6.2.   In addition, certain provisions and requirements of this SA will survive expiration or termination in accordance with Section 7.3 herein. 

6.2 Termination for Cause.  Without limiting the rights of the Parties as set out in the SA, each Party will have the right to terminate this SA and the Statement of Work if the other Party has engaged in a pattern of activity or practice that constitutes a material violation or breach of its obligations regarding PHI under this SA.  Prior to terminating this SA, the terminating Party will provide the other Party with an opportunity to cure the material violation or breach.  If the breaching Party fails to cure the violation or breach within [thirty (30) days], or, with respect to a breach that cannot be remedied within the [thirty (30) day] period, such longer period of time as may be required to remedy the breach in the circumstances, as determined by the terminating Party, then this SA and any additional the Statement of Work entered by the Parties shall be terminated as soon as administratively feasible. 

6.3 Termination for Convenience. Provider may terminate this SA without cause by providing thirty (30) days written notice to TLN.  TLN may terminate this SA without cause by providing ninety (90) days written notice to Provider.

6.4 Effect of Termination.  Except as otherwise provided herein or explicitly agreed to in writing, the Parties agree that upon termination of this SA for any reason, TLN will provide the ability to return to Provider in a .csv format to Provider and at reasonable cost to Provider and within twenty-one (21) business days of the request, all PHI received by TLN from Provider or created, maintained or received by TLN on behalf of Provider, or, if agreed to by Provider, destroy all PHI received from Provider or created, maintained, or received by TLN on behalf of Provider by the later of one (1) year after the termination of this SA or one (1) year after the account deactivation of a User/client of the Provider. In the event that TLN reasonably determines return or destruction of the PHI by such a date is not feasible, TLN will notify Provider of the conditions that make return or destruction not feasible.  In the event of the continued maintenance above or upon mutual agreement of the Parties, TLN may retain the PHI and will continue to extend all protections, limitations, and restrictions contained in this SA to TLN’s use and/or disclosure of PHI for so long as TLN maintains such PHI.

6.5 Cooperation.  Each Party shall cooperate in good faith in all respects with the other Party in connection with any request by a federal, territorial or state governmental authority for additional information and documents or any governmental investigation, complaint, action, or other inquiry. 

7. INDEMNIFICATION/LIABILITY/INSURANCE

7.1 Provider agrees to indemnify, defend, and hold harmless TLN, its officers, directors and its employees for any amounts claimed by a user against TLN, its officers, directors and its employees arising out of or in connection with the negligence, default in performance, breach of this Agreement, wilful misconduct or any statutory or regulatory offenses committed by Provider with respect to the collection, use, storage, or disclosure of PHI, provided that TLN shall provide prompt written notice of any claim that might give rise to such liability; co-operate in the defense of such claim; and that TLN shall at its option require the Provider to assume responsibility for the defense of or response to such third party claim. Provider and or Provider’s organization is responsible for maintaining their own liability insurance reflective of the services that they are authorized to provide.

7.2 No Party shall be liable to the other Party or Parties in any way for any indirect, punitive, incidental, special or consequential damages, including, but not limited to, loss of savings or profit, nor for any lost revenue.  

8. MISCELLANEOUS

8.1 Interpretation and References.  Any ambiguity in this SA or a Service Agreement shall be resolved to maintain compliance with applicable privacy law.  

8.2 Survival.  Sections, 7.1, 7.2, and Section 8.2 shall survive the expiration or termination for any reason of this SA or a Service Agreement.

8.3 Contact. TLN may send discrete contact reminders via SMS or email to Users/clients/patients of the Provider, provided that such Users/clients/patients have agreed and not opted-out to the same and that information is substantially limited in that it only contains a prompt to log in to the system to read a pending message or to view a pending event or similar, substantially limited purpose and that such reminders contain no PHI or identifiers beyond the number or email given by a User/client/patient for such a purpose.

8.4 Governing Law.  This SA shall be governed by and construed in accordance with the laws of the the State of Michigan and the federals and the State of Michigan shall have exclusive jurisdiction in disputes arising.

8.5 Independent Contractor.  TLN, including its directors, officers, employees and agents, is an independent contractor and not an agent of Provider or a member of its workforce.  Without limiting the generality of the foregoing, Provider will have no right to control, direct, or otherwise influence TLN’s conduct in the course of performing the services, other than through the enforcement of this SA or a Service Agreement, or the mutual amendment of the same. Likewise, no portion of this SA should be construed as implying that the Provider is in some way employed by TLN or engaging the provision of services on behalf of TLN. Without limiting the generality of the foregoing, TLN will have no right to control, direct, or otherwise influence Provider’s conduct in the course of performing their services, other than through the enforcement of this SA or a Service Agreement, or the mutual amendment of the same.

8.6 No Third Party Beneficiaries.  The Parties agree there are no intended third party beneficiaries under this SA.   Nothing expressed or implied in this SA is intended to confer upon any person, other than the Parties and their respective successors or assigns, any rights, remedies, obligations, or liabilities whatsoever.  This provision shall survive termination of this SA and a Service Agreement. 

8.7 European Union. While the TLN consistently strives to meet or exceed the best practices in the areas of privacy, reliability, and ethical conduct, the Site was not specifically designed for use within the European Union or its jurisdictions.

8.8 Amendments. No amendment of this SA will be effective unless notice is sent to Provider.

8.9 Assignment. This SA cannot be assigned by the Provider unless written consent from TLN is received.

8.10 Execution and Delivery. This SA is considered executed upon agreeing to the terms on the site.

8.11 Independent Legal Advice. Each of the Parties acknowledge having read and understood this SA, having had the opportunity to obtain independent legal advice regarding this SA and having done so or refused to do so of their own volition.

IN WITNESS WHEREOF, the Parties acknowledge and agree to this SA on the Effective Date.