ALIS SUBSCRIPTION TERMS AGREEMENT
1. Relationship of Parties. Medtelligent, Inc. (“Company”) will provide the company signing this agreement (“Client”) with access to its Assisted Living Intelligent Solutions, (“ALIS”), Company’s proprietary web-based software application that Client can use to manage numerous aspects of its assisted living communities. This agreement shall constitute the master agreement between the Parties and, together with the Terms and any and all other documents entered into between the Parties hereunder, constitutes the entire agreement of the Parties (collectively, the “Agreement”) and may be updated through addendums if appropriate and necessary.
2. Definitions. As used herein, the following terms shall have the following meanings:
“Applicable Laws” means any and all international, Federal, state and/or municipal laws, regulations and/or ordinances, including Data Protection Laws, applicable to a Party hereunder.
“Client Affiliates” means entities under common control with Client which own, operate or manage (“operate”) assisted living communities. Client’s rights hereunder extend to those Client Affiliates which operate senior living communities identified as subscribing to ALIS pursuant to this Agreement.
“Client Data” means collectively, Client’s Confidential Information and the personal information, data and materials of Client’s officers, directors, employees, contractors, agents, residents, patients and Users, whether oral, written or electronic. Client retains ownership of Client Data and has the right to, from time-to-time, obtain an extract file containing its Client Data and other information in an industry standard format
“Data Protection Laws” means any and all international, Federal, state and/or local laws, regulations and ordinances relating to data security, data privacy or similar issues, including, without limitation, (i) the California Consumer Privacy Act, as amended by the California Privacy Rights Act (“CCPA”); (ii) the Virginia Consumer Data Protection Act (the “VCDPA”); (iii) the Washington My Health My Data Act (“WMHMDA”); (iv) the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and Health Information Technology for Economic and Clinical Health Act of 2009 (“HITECH Act”); and (v) any similar law or regulation applicable to the actions or omissions of either Party hereunder, as amended at any time.
“Hosting Partner” means as defined in Section 12 hereof and any successor or substitute thereof.
3. Term: The initial term of this Agreement shall be one (1) year. After the initial one (1) year period, this Agreement shall renew on a yearly basis unless and until terminated by the Parties pursuant to the terms of this Agreement (the “Term”).
4. Services Provided. Company provides ALIS on a software as a service (“SaaS”) basis where one monthly subscription amount covers access to the ALIS system via a URL unique to Client, through Company’s website alisonline.com (“ALIS Online”). “Access” to ALIS Online includes all applicable and necessary technical support (detailed in this Agreement below) including maintenance, updates, and patches. In addition, Company will provide Client with the following additional services (collectively with Access to ALIS Online referred to as the “Services”):
a. Onboarding. If purchased by Client pursuant to the terms outlined in the pricing agreement, Company will deliver onboarding services to assist Client in getting their communities “up and running” with ALIS. The onboarding services include, among other things, project plan creation, data consultation, best practice consultation, and remote training and ALIS configuration including compliance schedule setup, bulk data import and specific module settings (the “Onboarding Phase”). On-site training is available and can be scheduled with Company representatives for an additional flat fee (which includes, without limitation, travel costs and expenses) of $1,500 per each day of a scheduled onsite visit. Onboarding is provided on a per module basis. If additional modules or communities are added, additional onboarding amounts will be incurred.
The Onboarding Phase lasts between 30 and 90 days. The completion of the Onboarding Phase does not shorten, offset or impact the ALIS subscription term or timeline. Client’s ALIS subscription amount will be invoiced pursuant to agreement terms but not later than 30 days from each community’s “kick-off,” and the Parties hereby acknowledge there may be multiple community “kick-offs” during the Term hereof, the respective invoicing for which shall be as mutually agreed in writing.
b. Training. Company will provide training for Client and its representatives via remote training sessions, access to the proprietary ALIS helpdesk, ongoing webinars, and via the ALIS support line. Following the onboarding phase, ongoing training will be primarily provided through access to the ALIS webinars. On an ongoing basis, 1:1 live training is available for community administrators (RNs, Health and Wellness Directors, and Executive Directors) as well as regional and corporate representatives).
c. Support. Company provides both phone and email support to Client as an inclusive feature provided as part of Client’s ALIS monthly SaaS subscription. Company’s support policy is attached to this Agreement as Exhibit A. Company reserves the right to change its support policy as needed. Changes will be communicated two weeks in advance of taking effect. The ALIS support team is to be utilized for single, one-off questions, not for ongoing trainings. Any additional trainings or module implementations will be routed back through sales and/or onboarding. Company reserves the right to route communities back to the onboarding team, at an additional charge, if Client is using the ALIS support services as training or onboarding resources.
5. Client Commitments. Client agrees to participate in good faith in all aspects of the relationship between Company and Client. Client acknowledges that Company is committing dedicated resources to Client pursuant to the terms of this Agreement. In exchange, Client takes responsibility for ensuring its team and communities are professional, respectful, active, engaged participants during the Onboarding Phase and for the tenure of the relationship between the Parties.
Company acknowledges that situations and circumstances regularly arise that may cause Client and/or its communities to miss calls or need to reschedule – these changes are anticipated and planned for as to not interrupt the rollout schedule so long as the absences are communicated in advance (or as soon as possible) and are not excessive (more than 2 in a row in a month or more than 4 total in a year). Client and its communities commit to letting their onboarding specialist know before a call is scheduled to occur if an onboarding or training call will be missed or needs to be rescheduled.
If Client misses 2 or more scheduled calls in a month, a meeting will occur that will include the Client’s lead representative and the Client Services Team Lead to discuss the onboarding project plan timing and any adjustments. If Client misses a total of 3 or more scheduled calls in a month, Client’s onboarding will be halted and Company reserves the right to keep all onboarding amounts and invoice Client for additional onboarding time if and when Client chooses to resume the process.
6. Devices/Technical Requirements; ALIS End User Terms of Use. ALIS is device agnostic. ALIS can work on any device that connects to the internet. Company recommends that devices be 5 years old or newer. There are no specific requirements for internet speed but, for convenience, Company recommends a minimum speed of 12 mb/s for downloads and 5 mb/s for uploads.
The ALIS software is optimized for use on Google’s secure Chrome browser. For full ALIS releases (not for beta releases), Company is committed to supporting the last two stable versions of Chrome, Firefox, Edge, and Safari. Company does not support Internet Explorer. ALIS can work “as-is” on Internet Explorer but there are known issues with compatibility and so is not recommended as the Client’s preferred browser.
Client and its users will agree, through the ALIS Terms of Use, to keep their operating systems and browsers up to date with the latest updates and patches which are critical to maintaining device and access security.
The “Terms of Use for ALIS Online” or other similar agreements, including and click-through agreements, shall be construed as being applicable to Client’s end-users and not as modifying this Agreement or Client’s rights and obligations hereunder. If any terms in such Terms of Use are less favorable to Client than this Agreement, then the terms and provision of this Agreement shall prevail.
7. Updates. In general, a new version of ALIS is released every six weeks. All new modules and updates are included in Client’s monthly subscription fee. Release notices and dates will be displayed on the ALIS login page and sent via email one week in advance to all Client employees or agents that Client chooses to enroll in email updates. In some cases, a planned outage is needed for maintenance or to apply minor patches. These will be communicated as soon as possible, but not less than two days in advance. Rarely, Company, and/or its server partners, may need to perform emergency updates. In this case, advance notice may not be possible but Company will notify Client as soon as possible and/or when the update is complete to give details of the situation at hand. Additional details about ALIS updates and releases:
i. Usually scheduled for a Sunday night / Monday morning starting at 12 AM CST;
ii. Release dates are subject to change. All changes to scheduled release dates will be communicated via email;
iii. In most cases the release is completed within 30 minutes; and
iv. Usually, ALIS will be available during these releases but will run slow; sometimes ALIS may be unavailable for periods of time during the release.
Upon completion of the release a new version number is displayed within ALIS.
8. Patches. Reported bugs/issues will be patched at the next scheduled release date. Critical/show-stopper bugs may be patched immediately and made available during the next business day. All bugs are tracked in a database and closed/resolved based on priority.
9. Configurations vs. Customizations. During Onboarding, Company and Client will work together to “configure” the existing ALIS settings to Client’s workflows. “Configuration” specifically refers to selecting current ALIS settings that most appropriately reflect Client’s environment and workflows. Also, during the Onboarding Phase, Company and Client will work together to receive, log, and track “custom” feature requests. “Customization” refers to any features or enhancements that do not currently exist in ALIS. All custom feature/enhancement requests will be routed through Company’s proprietary enhancement tracking process. The decision to action any and all custom feature requests is at the Company’s sole discretion. This Agreement does not in any way commit Company to delivering customized features to Client. No enhancement or custom feature requests can be actioned less than 10 weeks from the full scoping of the request with Company’s Product Team and all actions are subject to the terms below in this Section.
For custom features/enhancement requests deemed critical by Client and depending on the priority and complexity of the customization request, Company and Client will scope these requests and will discuss all costs associated with the customization requests as well as the schedule for requested customizations. All requests must be technically possible and in line with Company’s roadmap and resource allocation plans. Estimated release dates and availability will be determined by Company’s development team and communicated back to Client. The priority and order in which features are worked on will be at the sole discretion of the Company. Company’s development team will make every attempt to meet communicated delivery dates for custom features. In some cases, the feature may be moved to a later release due to delays, complications or other unforeseen/unplanned circumstances.
10. Third Party Integrations. Generally speaking, Company does not charge for integrating with third parties or for the use of any already existing integrations. Company reserves the right to charge for integrations including and not limited to, if Company is being charged by the third party. In the event Client needs an integration specific to them (and no other clients) or needs a specific integration in place by a certain date, Company reserves the right to scope the project and discuss the costs associated with the integration with Client. Company makes all reasonable business efforts to integrate with third parties for the benefit of Client and all of Company’s clients and Users. However, all integrations are dependent on the technology backend, security protocols, willingness, and aptitude of the third party so Company retains the right to determine whether or not an integration will be scheduled and completed. All decisions will be communicated to Client timely to facilitate its business planning.
11. Third Party Modules. Company often partners with third party vendors to continue improving ALIS and to maintain ALIS’s competitive edge in the market. Generally, all third-party modules are included in Client’s monthly subscription fee; however, Company reserves the right to charge for additional modules. Company will charge for any third-party modules where Company incurs a fee to provide the additional third-party module service. These modules currently include but are not limited to, the Medi-Span database, HelloSign secure electronic signatures, Citrix MAR downloads, and customized DOMO reports.
12. Security & Data Protection.
a. Data Security. Company’s full Security Overview is attached to this Agreement as Exhibit B and is incorporated here by reference.
As required by Applicable Laws Company shall remain compliant with all Data Protection Laws, including, without limitation, HIPAA, HITECH, and any other state or federal regulations protecting PHI, personal information or consumer health data transmitted electronically. SOC reports are available upon request and are sent directly from Company’s Hosting Partner to Client.
Client is responsible for all internal policies and procedures of Client to educate, train, and enforce security protocols to ensure compliance with Applicable Laws and regulations. This includes full responsibility for data, in any and all forms, downloaded locally and/or printed.
b. Data Protection. For purposes of Data Protection Laws, if and as the following terms apply, the Client is the “controller” of Client Data and the Company is the “processor” or “service provider” of all Client Data used, collected and/or uploaded with or into ALIS by or on behalf of the Client or otherwise shared by Client with the Company. The Company’s access to and use of any and all Client Data uploaded into ALIS or otherwise provided to the Company is subject to the following agreements and restrictions:
i. The Client provides such Client Data to the Company only as necessary for the Company to carry out the business purposes represented by this Agreement and the Company hereby accepts that its use of Client Data is limited to such purposes;
ii.The Company agrees not to sell, disclose or provide access to Client Data to any third party (other than to its Hosting Partner hereunder) for the benefit of such third party unless authorized in writing by Client; and
iii.The Company agrees to cooperate with and support Client’s compliance with and response to any consumer’s or User’s exercise of his or her data rights under any applicable Data Protection Laws relating to any Client Data held by Company or on its behalf.
The Company agrees to take all reasonable actions to process any personal information subject to Data Protection Laws only in accordance with the instructions of Client and to perform this Agreement. The Company shall promptly disclose to the Client any unauthorized or unlawful processing of or loss, destruction or unauthorized access to or use of any Client Data of which it becomes aware and will support all actions of the Client relating to the investigation and remediation of any such incidents or data breaches.
13. Terms of Use. A copy of Company’s terms of use (the “Terms of Use”) pop-up the first time any and all staff members log in to the Client’s ALIS installation. Client agrees to Company’s terms of use for ALIS. The terms of use will pop-up when Client logs onto ALIS.
14. Additional Products and Services. Company offers additional products and services on an a-la-carte basis, including but not limited to data entry, on-site trainings, Chromebooks, and more – these Additional Products and Services will be invoiced separately at the time of purchase. Company in its sole discretion, and at the request of Client, may combine Additional Products and Services with Client’s monthly usage invoice. For Chromebook or other devices specifically, Client owns these devices and is responsible for disposal in the event of destruction or a defect that is not covered by warranty that causes the device(s) to be unusable. Replacement devices will be charged at the unit price based on the average market rate and may fluctuate based on availability of supply.
15. Invoicing. For Client’s monthly subscription fee, Company generates invoices on the 1st of the month (to be delivered on or before the 15th of the relevant month) prospectively for the Company’s Services. For example, the February 1 invoice will cover the ALIS service for all of February. Invoices can be sent by mail or email to the Client’s home office or to individual communities. Company will notify Client via mail and email if the preferred address is changed.
16. Late Payments. If Client is more than 30 days in arrears on payment Company will notify Client through a statement and/or call. If Client fails to bring their account current within 60 days of being notified (90 days overdue on payment) Company may, at its discretion, give Client a final 3-day notice of “Intent to Disconnect ALIS Service” absent Client’s payment in full for outstanding amounts due or other arrangements are made. Company will not delete any of Client’s information and will provide Client access to its information on an as needed basis but, while an outstanding balance exists, Client will not be able to access their ALIS Installation for ongoing, active use
17. Termination by Client. Notwithstanding anything in the Agreement to the contrary, Client shall have the right to cancel this Agreement with thirty (30) days’ notice at any time.
18. Termination by Company. Company shall have the right to terminate this Agreement with sixty (60) days’ written notice via email or letter if Client does any of the following and fails to cure the same within thirty (30) days after receipt of written notice of default from Company:
a. Terminates or suspends its business;
b. Becomes subject to any bankruptcy or insolvency proceeding;
c. Becomes insolvent or becomes subject to direct control by a trustee, receiver or similar authority;
d. Has wound up or liquidated, voluntarily or otherwise;
e. Violates the terms of this Agreement including specifically but not limited to the payment terms;
f. Demonstrates a pattern of non-compliance with the terms of this Agreement and/or a pattern of abusive verbal or written communication to the Company’s representatives; and/or
g. Takes any action that significantly impairs or precludes Company’s ability to perform effectively under the terms of this Agreement.
19. Dispute Resolution. All claims or disputes between the Parties, arising out of or relating to this Agreement, shall be mutually resolved, if possible, through good faith negotiation between the Parties. The Parties agree that if any claim or dispute is not resolved by mutual agreement within sixty (60) days of the commencement of such good faith negotiations they will, before initiating any legal action, engage a mutually acceptable mediator or an arbitrator to assist in evaluating and resolving such claim or dispute. All fees and expenses of such dispute resolution will be evenly divided between the Parties. So long as subscription amounts are paid and remain current, Client shall retain access to its records during any dispute resolution. Client shall have full usage access rights during any dispute but, in addition to access rights, shall also have the right to obtain an extract file containing its information in an industry standard format.
For any additional actions that may arise, Parties may bring such actions in any court that has proper personal and subject matter jurisdiction.
20. Covenant of Non-Disclosure. The Company promises and agrees to hold all information related to Client, not publicly available, as “Confidential Information” in strict confidence; to use the Confidential Information only for the purpose of providing Client with ALIS services (the “Business Purpose”) or as requested by the Company; to only disclose the Confidential Information to those of its officers, employees, and agents to whom disclosure is necessary to carry out the Business Purpose; to not disclose the Confidential Information to third parties without prior written consent from the Client; and to advise each person to whom the Confidential Information must be disclosed of the terms and conditions of this Agreement and to have each person sign this Agreement before disclosure is made. The Parties agree to obtain each other’s written permissions before using either Party’s name in marketing or other public disclosures not required by law.
21. Indemnification. Each Party does hereby agree to indemnify and hold the other party, and its subsidiaries, affiliates, officers, and employees, harmless from and against any claim or demand, including reasonable attorneys’ fees and costs, made by any third party against the indemnified party due to or arising out of the indemnifying party’s violation of this Agreement, violation of Applicable Laws, violation of duties of confidentiality and/or data protection and/or violation of other third party rights or interests relating to the use of Company’s Services and any negligent acts or omissions on the part of the indemnifying party.
Company hereby represents and warrants to Client that the services provided will not violate the patent, copyright, or other proprietary rights of any third party, and that Company will defend, indemnify and hold harmless Client from any claim of copyright, patent or similar proprietary rights infringement claim provided Client promptly notifies Company following notice of such claim and reasonably cooperates in the defense of such claim. Company shall control of any such defense and settlement of the claim But in the event Client wishes to participate in such defense, Company will reasonably cooperate with legal counsel of Client’s choosing.
22. Limitation of Liability. Neither Company nor Client shall be liable for any special, indirect, consequential, or incidental damages or damages for lost profits, loss of revenue, or loss of use arising out of or related to this Agreement whether such damages arise in contract, negligence, tort, under statute in equity or law or otherwise. In the event that damages are nonetheless awarded, excluding liability for Company’s violation or breach of (i) Applicable Laws, (ii) duties of confidentiality and/or data protection, (iii) indemnification of Client and/or (iv) third party rights or interests, Company’s liability is limited and warranties are excluded to the greatest extent permitted by law to the aggregate amount of fees paid to Company hereunder.
23. Access Authorization. By signing this Agreement, the Client agrees, acknowledges, and authorizes the Company to access the Client’s systems and information for the Business Purpose only, specifically including but not limited to, updating the software, auditing the Client’s resident information for billing and invoicing purposes, for training, as authorized by Client, and as necessary to ensure the proper functioning and security of ALIS and Client’s information.
24. Counterparts. This Agreement may be executed in counterparts including via email and fax. Each counterpart shall be considered an original executed copy.
EXHIBIT A: ALIS SUPPORT POLICY
I. GENERAL. Both phone and email support is provided to You with Your ALIS subscription. Medtelligent, Inc. (the “Company”) reserves the right to change its support policy as needed. Changes will be effective sixty (60) days after notice of the changes is given.
II. EMAIL SUPPORT. There are no limits or restrictions on email support questions.
A. All Non-Critical Issues. Email support may be used, in addition to telephone support below, for all non-critical issues, which usually constitutes about 90% of issues that arise, some examples include but are not limited to the following circumstances: Feature requests and changes; usage and training questions; minor bugs reporting; unexpected user interaction and/or results; and to configure system settings that are not accessible from within the application by the Client.
B. Email Support. The support email address is support@medtelligent.com. Support tickets and emails are responded to Mon – Fri from 8am – 6pm CST on an as soon as possible basis up to two hours from submission time. Emails regarding emergency issues received during holidays or off-support hours will be responded to within four hours. Non-emergency issues will be addressed as soon as possible or at the start of the next support period.
III. TELEPHONE SUPPORT. There are no limits or restrictions on telephone support questions.
A. Guidelines for Telephone Support. The support contact number is 1-888-404-ALIS (2547). The support phone hours are Mon – Fri from 8am – 6pm CST. During off peak hours customers are encouraged to call and leave a detailed message with the question or issue and will be responded to as soon as possible. Emergency issues involving downtime will be responded to immediately; all other non-emergency inquiries will be responded to as soon as possible but not later than the next business day.
B. Voicemail. The Company will make every attempt to answer each support call. Under certain conditions all support members may be busy assisting other customers. In this case the Client is encouraged to leave a voice message and a support member will return the call as quickly as possible. Voice messages left outside of the phone support hours will be handled immediately if they pertain to an outage or major system fault/failure. Otherwise, they are handled at the start of the next business day.
EXHIBIT B: SECURITY OVERVIEW
I. HIPAA Compliance and more. Unwavering Commitment to Security.
Medtelligent is committed to be an industry leader in security and protection of client information including HIPAA compliance. Medtelligent employs stringent physical, electronic, and managerial procedures to safeguard and secure all information stored in ALIS from loss, misuse, unauthorized access, disclosure, alteration and destruction. Medtelligent invests in both internal and external legal counsel to stay apprised of relevant statutory and regulatory updates.
II. Secure and Reliable Host.
ALIS is hosted as a secure web application in Microsoft Azure Cloud’s platform as a service offering with zone redundancy, and boasts robust resiliency and redundancy. Zone redundancy means that the application is distributed across multiple isolated zones within a region, each with independent infrastructure. This design significantly mitigates the risk of simultaneous zone failures, ensuring that if one zone experiences issues, the others maintain the application’s availability and functionality without service interruption.
Further enhancing this resilience is Azure Front Door, which provides geo-redundancy. This setup allows for traffic to be intelligently routed across different geographic regions, maintaining service continuity even during regional disruptions. The combination of zone and geo-redundancy ensures high availability and reliability of the application, crucial for continuous business operations and user satisfaction in a digitally-dependent environment.
III. System Redundancy and Backup.
ALIS data is stored in Microsoft Azure Cloud’s robust platform as a service SQL Server engine utilizing the highest tier that offers premium storage performance and capacity in addition to zone-redundant replication engineered for high resilience and data safety. In essence, it’s equipped with an automatic failover mechanism, meaning if a major issue arises at the primary data location, the system seamlessly switches to a backup in another region, ensuring uninterrupted service. Additionally, the system is configured for point-in-time allowing data restoration to any point in the past 30 days, minimizing data loss in case of unexpected incidents.
Complementing this, the databases are backed up in full daily and stored indefinitely, offering a comprehensive long-term data safety net. Concurrently, data is continuously replicated in real-time to a data lake, a vast storage pool used for advanced analysis and business intelligence. This dual strategy of frequent, detailed backups and real-time data replication not only safeguards against data loss but also enables deep, data-driven insights for strategic decision-making.
IV. Security.
All transmissions of information to and from ALIS are encrypted. ALIS uses secure socket layer (“SSL”) technology to encrypt all communication between the browser used by the community and the ALIS system. SSL is the same encryption technology that financial institutions including banks and credit card companies and governments use to deliver information from systems to browsers over the Internet.
The Microsoft Azure platform includes robust firewalls, 256-bit encryption at rest, intrusion detection, and antivirus protection. Medtelligent also utilizes a CDN (“Content Delivery Network”) layer to intelligently provide application access and redirect users to different ALIS installations in the event of any form of outage. The CDN also provides added security and monitoring of traffic to and from the application.
From an administrative and operational perspective, Company has implemented stringent physical, electronic, and managerial procedures, in addition to extensive backend automation, to ensure the highest security standards and restricted access to the ALIS production environment.
As required by Applicable Laws Company shall remain compliant with HIPAA, HITECH, and any other state or federal regulations protecting PHI, personal information or consumer health information transmitted electronically. SOC II covering the ALIS production deployment environment are available upon request and are sent directly from Company’s hosting provider to Client.
Client is responsible for all internal policies and procedures to educate, train, and enforce security protocols to ensure compliance with applicable laws and regulations. This includes full responsibility for data, in any and all forms, downloaded locally and/or printed.
V. Limited Access Internally and Externally.
Internally, access to ALIS data is highly regulated and monitored. No one has physical access to the ALIS servers. From a production environment standpoint, only highly cleared individuals have access, including but not limited to, the CTO, the Engineering department team lead, and the IT department team lead.
From a community and client perspective, ALIS employs “user access levels” that allow the community to restrict access to information and features based on the user’s role to ensure only minimum access is given to complete role specific tasks.
VI. Advanced Network Monitoring.
The ALIS application is monitored by Panopta LLC, a website monitoring and security notification service alongside Microsoft Azure Cloud’s application insights monitoring. Any downtime is detected immediately and information regarding the downtime is immediately routed to the individuals and entities responsible for remedying any issues.
VII. Internal Training and Education.
Medtelligent’s internal policies and procedures limit access to patient information and detail security procedures for the ALIS application. Medtelligent provides ongoing legal and policy education to its employees regarding data privacy and protection.