BUSINESS ASSOCIATE AGREEMENT

This Business Associate Agreement ("Agreement"), dated , is entered into by and Between ("Covered Person") and Deseret Biologicals, Inc., a Utah corporation (the "Business Associate") (each a "Party" and collectively the "Parties"), and is made a part of that certain Healthcare Practitioner Agreement (the "dbscript Agreement") pursuant to which Business Associate provides a service or services to Covered Person that may involve the use and/or disclosure of Covered Person Protected Health Information ("PHI").

NOW, THEREFORE, for good and valuable consideration, the sufficiency of which we hereby acknowledge, the Parties agree as follows:

I. DEFINITIONS:
A. Terms used but not otherwise defined in this Agreement shall have the same meaning as the meaning ascribed to those terms in the Health Information Portability and Accountability Act of 1996, as codified at 42 U.S.C. § 1320d (“HIPAA”), the Health Information Technology Act of 2009, as codified at 42 U.S.C.A. prec. § 17901 (“HITECH Act”), and any current and future regulations promulgated under HIPAA or the HITECH Act (HIPAA, HITECH Act and any current and future regulations promulgated under either are referred to as the “Regulations”).

B. Protected Health Information or PHI. “Protected Health Information” or “PHI” shall have the same meaning as the term “Protected Health Information” in 45 CFR 160.103, limited to the information created or received by Business Associate from or on behalf of Covered Person, including, but not limited to electronic PHI.

II. OBLIGATIONS OF BUSINESS ASSOCIATE
In order that Covered Person and Business Associate may achieve and maintain compliance with the requirements of HIPAA, Business Associate agrees:

A. To only use and disclose PHI as permitted by this Agreement or as required by law. Business Associate may 1) use and disclose PHI to perform its obligations as set forth in the PAO Agreement; (2) use PHI for the proper management and administration of Business Associate or to carry out its legal responsibilities; (3) disclose PHI for the proper management and administration of Business Associate or to carry out its legal responsibilities, if such disclosure is required by law or if Business Associate obtains reasonable assurances from the recipient that the recipient will keep the PHI confidential, use or further disclose the PHI only as required by law or for the purpose for which it was disclosed to the recipient, and notify Business Associate of any instances of which it is aware in which the confidentiality of the PHI has been breached; (4) use PHI to provide data aggregation services relating to the health care operations of Covered Person; (5) use or disclose PHI to report violations of the law to law enforcement; and (6) use PHI to create de- identified information consistent with the standards set forth at 45 CFR §164.514. Business Associate will not sell PHI or use or disclose PHI for purposes of marketing, as defined and proscribed in the Regulations.

B. To limit its uses and disclosures of, and requests for, PHI (a) when practical, to the information making up a Limited Data Set; and (b) in all other cases subject to the requirements of 45 CFR 164.502(b), to the minimum amount of PHI necessary to accomplish the intended purpose of the use, disclosure or request;

C. To use appropriate administrative, physical and technical safeguards to protect the confidentiality, integrity and availability of the PHI in compliance with the Regulations.

D. To require all of its subcontractors and agents that receive, use or have access to PHI to agree, in writing, to adhere to the same restrictions and conditions on the use or disclosure of PHI that apply to the Business Associate pursuant to this Agreement;

E. Upon reasonable notice and prior written request, to make available during normal business hours at Business Associate’s offices all records, books, agreements, internal practices, policies and procedures relating to the use or disclosure of PHI to the Office of the Secretary, Department of Health and Human Services, in a time and manner designated by the Secretary, for purposes of determining the Covered Person’s compliance with the Regulations, subject to attorney-client and other applicable legal privileges;

F. To provide documentation regarding any disclosures by Business Associate that would have to be included in an accounting of disclosures to an Individual under 45 CFR 164.528 (including without limitation a disclosure permitted under 45 CFR 164.512) and the HITECH Act, within a reasonable amount of time of receipt of a request from Covered Person;

G. If, and to the extent that Business Associate possesses an applicable Designated Record Set, within a reasonable amount of time of receipt of a request from the Covered Person for the amendment of an individual's PHI contained in the Designated Record Set, Business Associate shall provide such information to the Covered Person for amendment and shall also incorporate any such amendments in the PHI maintained by Business Associate as required by 45 C.F.R. 164.526.

H. Subject to Section III.C.2. of this Agreement, return to the Covered Person or destroy, within thirty (30) days of the termination of this Agreement, any and all PHI in its possession and retain no copies (which for purposes of this Agreement shall include without limitation destroying all backup tapes and permanently deleting all electronic PHI).

I. To mitigate, to the extent practicable, any harmful effects from any use or disclosure of PHI by Business Associate not permitted by this Agreement.

J. Business Associate agrees to notify the designated Privacy Official of the Covered Person of any use or disclosure of PHI by Business Associate not permitted by this Agreement, any Security Incident involving electronic PHI, and any Breach of Unsecured Protected Health Information within five (5) business days.

1. Business Associate shall provide the following information to Covered Person within ten (10) business days of discovery of a breach except when despite all reasonable efforts by Business Associate to obtain the information required, circumstances beyond the control of the Business Associate necessitate additional time. Under such circumstances Business Associate shall provide to Covered Person the following information as soon as possible and without unreasonable delay, but in no event later than thirty (30) calendar days from the date of discovery of a breach:
a. the date of the breach;
b. the date of the discovery of the breach;
c. a description of the types of unsecured PHI that were involved;
d. identification of each individual whose unsecured PHI has been, or is reasonably believed to have been, accessed, acquired, or disclosed; and
e. any other details necessary to complete an assessment of the risk of harm to the individual.

2. Covered Person will be responsible to provide notification to individuals whose unsecured PHI has been disclosed, as well as the Secretary and the media, as required by Sec. 13402 of the HITECH Act, 42 U.S.C.A.§ 17932;

3. Business associate agrees to pay actual costs for notification and of any associated mitigation incurred by Covered Person, such as credit monitoring, if Covered Person determines that the breach is significant enough to warrant such measures.

4. Business associate agrees to establish procedures to investigate the breach, mitigate losses, and protect against any future breaches, and to provide a description of these procedures and the specific findings of the investigation to Covered Person in the time and manner reasonably requested by Covered Person.

5. The parties agree that this section satisfies any notices necessary by Business Associate to Covered Person of the ongoing existence and occurrence of attempted but Unsuccessful Security Incidents (as defined below) for which no additional notice to Covered Person shall be required. For purposes of this Agreement, “Unsuccessful Security Incidents” include activity such as pings and other broadcast attacks on Business Associate’s firewall, port scans, unsuccessful log-on attempts, denials of service and any combination of the above, so long as no such incident results in unauthorized access, use or disclosure of electronic PHI.

III. RED FLAG RULES COMPLIANCE
The parties understand and agree that in connection with Business Associate’s performance under the dbscript Agreement, Business Associate may maintain Covered Person “Covered Accounts” as defined in the Identity Theft Red Flags rules published by the Federal Trade Commission at 61 CFR part 681 (the “Red Flag Rules”). Each party warrants that it is familiar with the requirements of the Red Flag Rules, and will comply with the Red Flag Rules in connection with their respective performance under the dbscript Agreement. Business Associate agrees to promptly report to Covered Person any incidents of which it becomes aware involving Covered Account of Covered Personthat Business Associate reasonably believes involve identity theft. Business Associate also agrees to provide assistance to Covered Person as reasonably necessary for Covered Person to respond to any identity theft incidents related to Business Associate’s services under the dbscript Agreement.

IV. TERM AND TERMINATION:
A. Term. This Agreement shall become effective on the date of execution of a Service.

B. Agreement, and shall terminate upon the termination or expiration of all dbscript Agreement(s). Notwithstanding the foregoing, obligations imposed on either party pursuant to the HITECH Act must be complied with only when the particular provisions referenced become effective or compliance becomes required, whichever is later.

C. Termination for Cause. Either Party may immediately terminate this Agreement and the dbscript Agreement(s) if such Party makes the determination that the other Party has breached a material term of this Agreement. Alternatively, the terminating Party may choose to provide the other Party with thirty (30) days written notice of the existence of an alleged material breach and an opportunity to cure the breach. If termination is not feasible, the terminating Party shall report the breach to the Secretary.

D. Effect of Termination. 1. Upon termination or expiration of this Agreement, Business Associate agrees to return to Covered Person or destroy all PHI in the possession of Business Associate and/or in the possession of any subcontractor or agent of Business Associate (including without limitation destroying all backup tapes and permanently deleting all electronic PHI) and to retain no copies of the PHI. 2. In the event that returning or destroying the PHI is infeasible, Business Associate shall provide to Covered Person a written statement that it is infeasible to return or destroy the PHI and describe the conditions that make return or destruction of the PHI infeasible. Upon mutual agreement by the Parties that return or destruction of the PHI is infeasible; Business Associate shall extend the protections of this Agreement to such PHI and limit further uses and disclosures of such PHI to those purposes that make the return or destruction infeasible, for so long as Business Associate maintains the PHI.

V. INDEMNIFICATION:
Business Associate agrees to indemnify, defend and hold harmless Covered Person and its respective employees, directors, officers, subcontractors, agents or other members of its workforce (each of the foregoing hereinafter referred to as “Indemnified Party”) against all actual and direct losses suffered by the Indemnified Party and all liability to third parties arising from or in connection with any breach of this Agreement or from any acts or omissions related to this Agreement by Business Associate or its employees, directors, officers, subcontractors, agents or other members of its workforce. Accordingly, on demand, Business Associate shall reimburse any Indemnified Party for any and all actual and direct losses, liabilities, lost profits, fines, penalties, costs or expenses (including reasonable attorneys’ fees) which may for any reason be imposed upon any Indemnified Party by reason of any suit, claim, action, proceeding or demand by any third party which results from the Business Associate’s acts or omissions hereunder. Business Associates’ obligation to indemnify any Indemnified Party shall survive the expiration or termination of this Agreement.

VI. MISCELLANEOUS:
A. Amendments. This Agreement may not be modified, nor shall any provision hereof be waived or amended, except in a writing duly signed by authorized representatives of the Parties. The parties agree to take such action as is necessary to amend this Agreement from time to time as is necessary to achieve and maintain compliance with the requirements of the Regulations.

B. Survival. The respective rights and obligations of Business Associate and Covered Person set forth in Sections III and IV shall survive termination of this Agreement.

C. Regulatory References. Any reference herein to a federal regulatory section within the Code of Federal Regulations shall be a reference to such section as it may be subsequently updated, amended or modified.

D. Interpretation. Any ambiguity in this Agreement shall be resolved to permit covered entities to comply with HIPAA.

E. Notices. Any notices given hereunder shall be in writing and addressed as follows:

Business Associate:
Deseret Biologicals, Inc

Covered Person/Customer:

Healthcare Practitioner Agreement

This HEALTHCARE PRACTITIONER AGREEMENT (this “Agreement”), signed and effective on the dates set forth below (the “Effective Date”), is entered into by and between DesBio dbscript, LLC, a Utah limited liability company(the “Company”), and (“Practitioner”). The Company and Practitioner are referred to collectively herein as the “Parties.” This agreement replaces any prior agreements in entirety.

In consideration of the mutual covenants and promises contained herein, and for other good and valuable consideration, the receipt and sufficiency of which are hereby acknowledged, the Parties hereby agree as follows:

1. Representations. Practitioner represents that he/she is a qualified healthcare or wellness provider. During the time of this agreement Practitioner shall have and maintain a valid license or certification to practice medicine or wellness for each state in which Practitioner practices medicine or wellness. 

2. Services. The Company will provide ordering and fulfillment services so Practitioner's patients/clients may purchase products directly from the Company under Practitioner's direction and approval. Practitioner will invite each patient/client individually to the Company's website and each will be required to sign a patient agreement certifying they are purchasing the products under Practitioner's care and supervision. See Attached form of Patient Agreement.

3. Internet Sales Policy. No product should be purchased by a patient/client without the Practitioner first providing a healthcare or wellness evaluation/consultation. Practitioner agrees that he/she will not resell any products purchased from the Company to anyone other than his or her own personal patients/clients. Practitioner understand he/she is fully responsible for any and all costs the Company incurs as a result of breach of this agreement as well as a minimum payment of $5000 per infraction.

4. Healthcare Practitioner Certification. Practitioner understands the products purchased from the Company are complex products whose effects could vary from patient to patient. Practitioner acknowledges that, as a prescribing healthcare or wellness professional, Practitioner will recommend the products based solely on his/her own professional judgement, as opposed to reliance on any claim or statement made about the products by the Company, its staff or representatives.

5. Product Advice Certification. Practitioner understands the Company sells many types of products including homeopathic products that are based on homeopathic principles and require specific homeopathic knowledge to use (the "Products"). Practitioner certifies and acknowledges that by prescribing or recommending any Product from the Company to his/her patient/client, he/she is legally and lawfully able to provide advice to his/ her clients/patients on the use of those Products and prescribe them based on his or her own professional judgment, and is solely responsible for the determination of Product usage. Practitioner agrees to immediately notify the Company and to cease the prescribing and recommending Products to his/her patients/clients if he/she is unable to legally and lawfully comply with this statement.

6. Practitioner Responsibility. Practitioner is responsible for all orders made under their account and Practitioner agrees to review all orders made and confirm the patient/client is under the care of the Practitioner and the Products are appropriate for the patient/client. Practitioner agrees to immediately notify the Company in the event a person who is not under the care of the Practitioner orders Products or a Product has not been recommended by the Practitioner and is not appropriate for the patient/client. Practitioner must sign the Business Associates agreement.

7. Refund Policy. Practitioner understands and acknowledges that there are limited returns/refunds available for patient/client purchases and Practitioner will inform patients of the return policy. No returns or refunds will be given except for Product that is faulty or damaged upon receipt. The patient/client must contact the Company within seven days of receipt and provide the product name, lot number, and the name of their Practitioner. The Company will provide either replacement Product or Company credit for the item.

8. Patient Interaction. Patients/Clients using the Company's website and services will be deemed customers of the Company. The Company does not provide health advice or product/dosage recommendations.

9. Service Fee and Commission.
(a) Service Fee. The Company's service fee is calculated as 30% of the gross profit on the sale of each product. Gross profit is defined as the manufacturer's suggested retail price minus the wholesale price.
(b) Commission. On or before the last day of the month, the Company will issue payment to the practitioner via PayPal for the prior month's aggregate gross profit on sales from his/ her patients/clients, less the Company’s service fee. Practitioner shall be responsible for setting up and maintaining their account with PayPal to receive their commission payments. Practitioner shall be responsible for any and all taxes associated with any remuneration it shall receive from the Company. Practitioner payment will be reduced for any fraudulent orders, returns, refunds and charge-backs.
(c) Coupons and Sales. Practitioner may choose to forego some or all of his/her payment to be passed on as a discount to his/her patients/clients. Discounts from coupons issued by the Company, the cost of the use of which will be split 50/50 between Practitioner and the Company. The maximum discount offered by the Practitioner on any product is 30 percent.

10. Termination of Agreement. Either party may terminate this Agreement at any time for any reason or no reason at all with thirty days' advanced written notice; however, should Practitioner breach the terms of this Agreement or otherwise act in a way which may negatively impact the name or reputation of the Company, no such thirty day notice shall be required. Examples of behavior which shall give rise to immediate termination shall include, but not be limited to, theft of Company assets, failure to perform the duties listed on Exhibit A, arrest for crimes of moral turpitude. Notwithstanding the termination of this Agreement, the provisions of this Agreement that continue beyond such termination shall remain in full force and effect. Any termination of this Agreement shall occur only when both parties have been so apprised of such termination.

11. Confidentiality. In the performance of the service contemplated by this Agreement, Practitioner agrees to hold in strict confidence all confidential or proprietary information that it receives relating to the Company’s business, and Practitioner will not divulge or otherwise communicate such information to a third party without the Company’s prior written consent. Confidential or proprietary information shall include all information obtained by Practitioner from the Company, and which relates to the Company’s past, present, or future business activities, including client lists, technology and operational processes and manuals, except for previously obtained or publicly disclosed information. Further, Practitioner acknowledges that the customers submitted to the Company immediately shall become the property of the Company.

12. Representations and Warranties. In the performance of the service contemplated by this Agreement, Practitioner agrees that Practitioner shall not make any representations or warranties about the Company’s Products without prior written consent and direction of the Company. Specifically, Practitioner shall comply with any and all federal and state regulations regarding statements made about the Products.

13. Miscellaneous.
(a) Practitioner acknowledges that breach of this Agreement would cause Company to suffer irreparable harm for which monetary damages would be inadequate compensation. Practitioner agrees that Company will be entitled to an injunction restraining any actual or threatened breach of this Agreement, or specific performance, if applicable, in addition to any monetary damages.

(b) All payments made to or for the benefit of Practitioner under this Agreement shall not be subject to withholdings for federal, state and local taxes, FICA, and other withholdings required by applicable law. Practitioner will be personally responsible for any and all employment related taxes and shall indemnify the Company for the same.

(c) This Agreement sets forth the entire agreement of the parties with respect to the subject matter hereof, and supersedes all prior agreements, whether written or oral.

(d) This Agreement may not be assigned by Practitioner, but the Company may assign any or all of its rights under this Agreement to any affiliate or subsidiary company of the Company, so long as the Company remains liable for the performance by that affiliate or subsidiary of the payment obligations of the Company hereunder. Except as provided in the preceding sentences of this Section, this Agreement shall be binding upon, and inure to the benefit of, the parties and their respective personal representatives, successors and assigns.

(e) No provision of this Agreement shall be altered, amended, revoked or waived except by an instrument in writing signed by the Party sought to be charged with such amendment, revocation or waiver.

(f) No waiver of any provision of this Agreement shall be valid unless it is in writing and signed by the party against whom it is charged.

(g) The invalidity or unenforceability of any provision of this Agreement shall not affect the other provisions hereof, and this Agreement shall be construed as if such invalid or unenforceable provision were omitted.

(h) This Agreement shall be governed by and construed in accordance with the laws of the State of Utah.

IN WITNESS WHEREOF, the Parties have executed and delivered this Agreement on the dates set forth below, to be effective as of the Effective Date.

DesBio dbscript, LLC a Utah limited liability company.

Leave this empty:

Your legal name

Your email address

Please Confirm full name and signature.

Change fonts

• Draw Signature
  
• Type In Signature
  

Draw your signature with your mouse, tablet or smartphone Clear

I agree that I am and I agree this is a legal representation of my signature for all purposes just the same as a pen-and-paper signature

Insert Signature

I agree that I am and I understand this is a legal representation of my signature

Adopt & Sign

Signed by Ashlee Taylor
Signed On: January 3, 2023

Signature Certificate

Document name: Single Practitioner ESign

Unique Document ID: d52100ce5726004dbe951d04b6001503d2563404

Build. Track. Sign Contracts.

Timestamp	Audit
November 15, 2021 5:24 am MST	Single Practitioner ESign Uploaded by Harold Swift - [email protected] IP 107.158.196.51

This audit trail report provides a detailed record of the online activity and events recorded for this document.

https://dbscript.com/

Audit Trail Serial# e98189131138b58dd7025adffbf10ffd