Common use of HIPAA and Privacy Laws Clause in Contracts

HIPAA and Privacy Laws. Except as would not reasonably be expected to have a Material Adverse Effect, the Company Parties: (a) are currently conducting the Business in material compliance with HIPAA; (b) have, since January 1, 2013, conducted the Business in material compliance with HIPAA; (c) are currently conducting the Business in material compliance with all applicable Laws governing the privacy, security or confidentiality, including data breach notification, of Personal Data (or similar terms such as “personally identifiable information”, as defined by applicable state and federal Laws), to the extent not preempted by HIPAA (collectively, the “Privacy Laws”); and (d) have, since January 1, 2013, conducted the Business in material compliance with the Privacy Laws. No material Action by any Governmental Authority is currently pending or, to the Seller’s Knowledge, threatened in writing against a Company Party, since January 1, 2013, which is related to compliance by the Company Parties with HIPAA or the Privacy Laws. To the Seller’s Knowledge, and except as would not reasonably be expected to have a Material Adverse Effect, no Company Party has, since January 1, 2013, experienced any (i) material breach of data security, as defined by applicable Privacy Laws, including HIPAA, with respect to Personal Data, (ii) Breach of Unsecured Protected Health Information as “Breach,” “Unsecured Protected Health Information,” and “Protected Health Information” are defined by HIPAA, or (iii) any Security Incident as “Security Incident” is defined by HIPAA, except, with respect to (iii), for those Security Incidents which would not, individually or in the aggregate, reasonably be likely to have a Material Adverse Effect. Except as would not reasonably be expected to have a Material Adverse Effect, neither (A) the execution, delivery or performance of this Agreement or any of the other Transaction Documents, nor (B) any of the transactions contemplated by this Agreement or any such other agreement, document or instrument, will result in any violation of any applicable Law or contractual obligations pertaining to the confidentiality or non-disclosure of Company Data and/or User Data.

HIPAA and Privacy Laws. Except as would not reasonably be expected to have a Material Adverse Effect, the The Company Parties: (a) are currently conducting the Business in material compliance with HIPAA; (b) have, since January 1, 20132015, conducted the Business in material compliance with HIPAA; (c) are currently conducting the Business in material compliance with all applicable Laws governing the privacy, security or confidentiality, including data breach notification, of Personal Data (or similar terms such as “personally identifiable information”, ,” as defined by applicable state and federal Laws), to the extent not preempted by HIPAA (collectively, the “Privacy Laws”); and (d) have, since January 1, 20132015, conducted the Business in material compliance with the Privacy Laws. No material Action by any Governmental Authority is currently pending or, to the Seller’s Company Parties Knowledge, threatened in writing against a Company Party, since January 1, 20132015, which is related to compliance by the Company Parties with HIPAA or the Privacy Laws. To the Seller’s Company Parties’ Knowledge, and except as would not reasonably be expected to have a Material Adverse Effect, no Company Party has, has since January 1, 2013, 2015 experienced any (i) material breach of data security, as defined by applicable Privacy Laws, including HIPAA, with respect to Personal Data, (ii) material Breach of Unsecured Protected Health Information as “Breach,” “Unsecured Protected Health Information,” and “Protected Health Information” are defined by HIPAA, or (iii) any material Security Incident as “Security Incident” is defined by HIPAA, except, with respect to clause (iii), for those Security Incidents which would not, individually or in the aggregate, reasonably be likely to have a Material Adverse Effect. Except as would not reasonably be expected to have a Material Adverse Effect, neither (A) the execution, delivery or performance of this Agreement or any of the other Transaction Documents, nor (B) any of the transactions contemplated by this Agreement or any such other agreement, document or instrument, will result in any violation of any applicable Law or contractual obligations pertaining to the confidentiality or non-disclosure of Company Data and/or User Data. Except as set forth in Schedule 3.21, each Company Party has executed current and valid “Business Associate Agreements” (as described in 45 C.F.R. §§ 164.502(e) and 164.504(e)) with each (i) “covered entity” (as defined at 45 C.F.R. § 160.103) for which such Company Party provides functions or activities that render such Company Party a “business associate” (as defined at 45 C.F.R. § 160.103), and (ii) “subcontractor” (as defined at 45 C.F.R. § 160.103) of such Company Party that is a business associate (pursuant to paragraph (3)(iii) of the definition of “business associate” at 45 C.F.R. § 160.103). No Company Party has breached any such Business Associate Agreement and, to the Company Parties’ Knowledge, no covered entity or subcontractor has breached any such Business Associate Agreement with any Company Party, which breach, in either case, would have a Material Adverse Effect.