NEW ACCOUNT REGISTRATION FORM

ACCOUNT INFORMATION

PRACTICE PROVIDERS AND/OR FACILITY INFORMATION

Enter information for each provider in the columns below.
To add a new row for another provider click the plus symbol.

SIGNATURES

Please sign, print your name and date below.

FULFILLMENT AGREEMENT

This Fulfillment Agreement (the “Agreement”) is entered into as of today (the “Effective Date”) between Total Wound Supply ("Supplier") and you (“Customer”).

The Customer wants to purchase, and the Supplier has agreed to sell to the Customer, Human Cell and Tissue products, specifically described in the attached Schedule A, (the Product) subject to the following terms

Now, therefore, the parties agree as follows:

Product Prices

Product means the human cell and tissue products offered by Total Wound Supply as described in Schedule A, as such Schedule may be modified from time to time at the Suppliers discretion following notification to the Customer. The Invoice Price for each Product is the price stated for that Product in Schedule A.

Insurance Verification and Billing

A) Customer agrees to utilize Suppliers Insurance Verification Request form (IVR) before ordering and using Products. The Supplier will verify the Customer’s patient benefits using an IVR vendor and confirm patient’s benefits and successful verification to the Customer. If the product is put on the patient without IVR verification, the customer assumes responsibility of the graft and agrees to pay the cost of the product shown in Schedule A. This includes instances when the patient changes insurances in the middle of treatment without notifying the Customer or Supplier.

B) The Supplier will provide templates, checklists, and support to assist Customer with obtaining reimbursement for grafts however, Customer is responsible for all patient care, billing for services rendered and collection of payment from patients and health plans and the Supplier will not be liable for insurance denials due to improper notes, documentation or otherwise.

Order Fulfillment

After Customer submits an IVR and receives confirmation of the patient’s benefits, the Customer places an order and Supplier accepts the order and generates an Order Statement, which will reflect that the Customer has agreed to purchase the Products identified on the Statement and the terms of the purchase. The Supplier shall, on Customer's behalf, promptly pack and ship the Products identified on the Statement for delivery to the Customer using second-day delivery. The Supplier shall provide delivery status information from the carrier to the Customer for shipment.

Returns

The Customer may return any unused Product as long as it is within 30 days of when the graft was order. The returned Product must be unopened and undamaged with no writing on the box.

Product Usage

After receiving the Product(s), Customer will treat the patient as medically necessary. Customer and Total Wound Supply acknowledge that the use of any Product is at the sole discretion of the treating provider, according to his or her professional medical judgment.

Invoices & Payment

a) At the end of each month, the Supplier will develop and deliver an Invoice to Customer that identifies the Products ordered in the preceding month and the Customer’s outstanding balance, which shall reflect the invoice price of the Products ordered and not yet paid by the Customer and any other charges or credits on the Customer’s account to date. Customer agrees to pay the invoiced amount within 45 days.

b) The Customer further undertakes to promptly inform the Supplier upon receipt of payment and to afford view-only billing access for every patient undergoing care with the Products supplied by the Supplier.

Miscellaneous

This Agreement contains the entire agreement between the Parties concerning the subject matter hereof and is governed by Texas law. This agreement may be amended or modified only by a written agreement signed by both parties. The Parties agree to enter into a Business Associate Agreement for compliance with the Health Insurance Portability and Accountability Act

Executed as of the Effective Date.

BUSINESS ASSOCIATE AGREEMENT

THIS BUSINESS ASSOCIATE AGREEMENT (“Agreement”) is made by and between (ACCOUNT/PROVIDER, “covered entity”) and Total Wound, LLC (DISTRIBUTOR, “Business Associate”) on the date indicated below to be effective upon execution for purposes of complying with the Health Insurance Portability and Accountability Act of 1996, Pub. L. No. 104-191 (“HIPAA”), as amended by the Health Information Technology for Economic Clinical Health Act, Publ. L. No. 111-5 (“HITECH”), and the implementing regulations promulgated thereunder that are more specifically referred to as the Standards for Privacy of Individually Identifiable Health Information at 45 C.F.R. Parts 160 and 164, Subparts A and E (the “Privacy Rule”); Health Insurance Reform: Security Standards; Final Rules at 45 C.F.R Parts 160 and 164, Subparts A and C (the “Security Rule”); Breach Notification for Unsecured Protected Health Information; Interim Final Rule at 45 C.F.R. Part 164, Subpart D (the “Breach Notification Rule”); and, Administrative Simplification: Enforcement: Interim Final Rule at 45 C.F.R. Part 160 (the “Enforcement Rule”) (collectively, and as may be amended from time to time, “HIPAA”). Covered Entity and Business Associate are collectively referred to as the “Parties.”

PURPOSE

Covered Entity is a “Covered Entity” for purposes of HIPAA. Business Associate provides services to Covered Entity which may require Business Associate to access, use or disclose PHI. The purpose of this Agreement is to satisfy the requirements of HIPAA that Business Associate provide satisfactory written assurances to Covered Entity that it will comply with the applicable requirements of HIPAA. NOW THEREFORE, in consideration of the mutual covenants, promises and agreements contained herein, the Parties agree as follows:

1. Definitions. Unless otherwise defined in this Agreement, including the definitions stated in the Preamble and Recitals, which are incorporated into this Section 1 by reference, capitalized terms have the meanings ascribed to them under HIPAA for purpose of this Agreement:

(a) “Individual” shall have the meaning given to such term under the Privacy Rule, including, but not limited to, 45 C.F.R. Section 160.103 and shall include a person who qualifies as a personal representative in accordance with 45 C.F.R. Section 164.502(g).

(b) “PHI” shall have the meaning ascribed to “protected health information” in 45 C.F.R. Section 160.103.

(c) “Secretary” shall have the meaning ascribed to this term in 45 C.F.R. § 160.103.

(d) "Security Incident" means the attempted or successful unauthorized access, use, disclosure, modification or destruction of information or interference with system operations in an information system.

(e) “Services” shall mean all functions performed by Business Associate for Covered Entity which involve creating, accessing, using, or disclosing PHI on behalf of Covered Entity and which may be outlined in one or more services agreements between the parties.

(f) “Services Agreement” shall mean any agreement(s) between the parties covering the Services. (g)“Unsecured PHI” shall have the meaning ascribed to this term in 45 C.F.R. Section 164.402.

(g).“Workforce” means employees, volunteers, trainees, and other persons or entities whose conduct, in the performance of work for the entity, is under the control of such entity, whether they are paid by the entity.

2. Obligations of Business Associate. Regarding the use and/or disclosure of PHI by the Business Associate, Business Associate agrees as follows:

(a) Limitations on Uses and Disclosures of PHI. Business Associate shall not, and shall ensure that its Workforce, subcontractors, and agents do not, use or disclose PHI in any manner that would constitute a violation of HIPAA or any other applicable State or Federal law or regulation governing the privacy of PHI. Business Associate shall use or disclose PHI only (i) to perform Services, (ii) as needed for the proper management and administration of Business Associate or to carry out the legal responsibilities of Business Associate, or (iii) as required by law.

(b) Safeguards to Protect PHI. Business Associate will comply with the Security Rule and will implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the PHI that it creates, receives, maintains, or transmits on behalf of Covered Entity. Business Associate will report to Covered Entity within seven (7) days any Security Incident of which it becomes aware.

(c) Breach Notification. Business Associate shall notify Covered Entity as soon as practicable, but no later than seven (7) days after it is known to Business Associate, or, by exercising reasonable diligence would have been known to Business Associate, of any event involving the access, use, or disclosure of Unsecured PHI in violation of HIPAA or this Agreement (“Breach Event”). Business Associate shall be deemed to have knowledge of a Breach Event if such Breach Event is known, or by exercising reasonable diligence would have been known, to any person, other than a person involved in the Breach Event, who is a Workforce member, subcontractor, or agent of Business Associate (determined in accordance with the federal common law of agency). Business Associate will fully cooperate with Covered Entity in its investigation of any Breach Event. Business Associate shall notify its Workforce and any agents or subcontractors with access to PHI of Business Associate’s obligation to immediately notify Covered Entity of a Breach Event. Business Associate will mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a Breach Event.

(d) Subcontractors. Business Associate will obtain and maintain an agreement with each subcontractor or agent of Business Associate that creates, receives, maintains, transmits, or otherwise has access to PHI, which is received from, or received by, Business Associate on behalf of Covered Entity, pursuant to which agreement such subcontractor or agent agrees to be bound by the same restrictions, terms, and conditions that apply to Business Associate pursuant to this Agreement with respect to such PHI.

(e) Access to Information. Business Associate shall make PHI maintained by Business Associate or its agents or subcontractors available to Covered Entity within ten (10) business days of a written request by Covered Entity to enable Covered Entity to respond to a request by an Individual for access to PHI pursuant to 45 C.F.R. Section 164.524. In the event any Individual requests access to PHI directly from Business Associate, Business Associate shall forward such request to Covered Entity within three (3) business days. Access to PHI shall be made in electronic format to the extent requested by Covered Entity or Individual in accordance with the HIPAA requirements.

(f) Availability of PHI for Amendment. Promptly upon receipt of a request from Covered Entity to amend an Individual’s PHI, Business Associate shall either provide such PHI to Covered Entity for amendment or incorporate any such amendments in the PHI as required by 45 C.F.R. Section 164.526 in the possession or under the control of Business Associate or make such amendments to said PHI that may be directed, in writing, by Covered Entity. In the event any Individual requests an amendment of PHI in accordance with 45 C.F.R. Section 164.526 directly from Business Associate, Business Associate shall forward such request to Covered Entity within three (3) business days.

(g) Availability of Internal Practices, Books and Records. Business Associate agrees to make available, at reasonable times, to Covered Entity and Secretary Business Associate’s internal practices, books and records relating to the use and disclosure of PHI received from or created or received by Business Associate on behalf of Covered Entity.

(h) Documentation and Accounting of Disclosures. Business Associate agrees to document disclosures of PHI made by Business Associate, other than disclosures of the type outlined in 45 C.F.R. Sections 164.528(a)(i) through (ix) (as amended, updated, or added to by HIPAA), which are necessary for Covered Entity to provide an accounting of such disclosures to an Individual pursuant to 45 C.F.R. Section 164.528. To the extent required by HIPAA, Business Associate shall also document disclosures of PHI made through an Electronic Health Record, as defined pursuant to HITECH, for purposes of Treatment, Payment and Health Care Operations (“TPO Accounting”). Business Associate shall forward an accounting of such disclosures for a specific Individual within ten (10) business days of receipt of Covered Entity’s written request for such accounting.

(i) Compliance with Laws and Regulations. Business Associate understands that Covered Entity is subject to HIPAA and additional State and Federal laws governing the confidentiality of PHI.

Business Associate agrees to abide by all such laws, whether fully articulated herein. Furthermore, if Business Associate carries out any HIPAA obligation of Covered Entity, it shall do so in accordance with HIPAA. The Parties agree to negotiate, in good faith, any amendments to this Agreement which may be necessary to comply with any applicable State or Federal law including but not limited to any future amendments to HIPAA.

3. Obligations of Covered Entity. Regarding the use and/or disclosure of PHI by the Business Associate, Covered Entity agrees as follows:

(a) Compliance with Privacy Rule. Covered Entity, its Workforce, subcontractors, and agents: (i) shall comply with the Privacy Rule in its use or disclosure of PHI; (ii) shall not use or disclose PHI in any manner that violates applicable Federal and State laws; and (iii) shall not request Business Associate to use or disclose PHI in any manner that violates applicable Federal and State laws.

(b) Notice of Privacy Practices. Covered Entity shall provide Individuals with a notice of privacy practices (the “Notice”) and shall provide Business Associate a copy of the Notice currently in use upon request.

(c) Revocation of Authorizations. Covered Entity shall promptly notify Business Associate, in writing, of any changes in or revocation of an Individual’s permission to use or disclose PHI, if such change or revocation affects Business Associate’s permitted or required uses and disclosures.

(d) Restrictions on Uses and Disclosures. Covered Entity shall promptly notify Business Associate in writing of any arrangements permitted or required of the Covered Entity, including, but not limited to, restrictions on use and/or disclosure of PHI agreed to by the Covered Entity pursuant to 45 C.F.R. Section 164.522, that may impact the use and/or disclosure of PHI by the Business Associate under this Agreement.

4. Term and Termination

(a) Term. This Agreement shall become effective on the Effective Date set forth above and shall terminate upon the termination or expiration of the Services Agreement (or, if earlier, when PHI is no longer needed by Business Associate to perform Services for Covered Entity) and when all PHI provided by either party to the other, or created or received by Business Associate on behalf of Covered Entity is, in accordance with subparagraph (c) of this Section 4, destroyed or returned to Covered Entity or, if it is not feasible to return or destroy PHI, protections are extended to such information, in accordance with the terms of this Agreement.

(b) Termination for Cause

(i) Where either Party has knowledge of a material breach by the other Party and cure is possible, the non-breaching Party shall provide the breaching Party with an opportunity to cure. Where said breach is not cured within ten (10) days of the breaching Party’s receipt of written notice from the non-breaching Party of said breach, the non-breaching Party may terminate this Agreement.

(ii) In the event that either Party has knowledge of a material breach of this Agreement by the other Party and cure is not possible, the non-breaching Party may terminate this Agreement. When neither cure nor termination is feasible, the non-breaching Party may report the violation to the Secretary.

(iii) Effect of Termination. Upon termination of this Agreement for any reason, the Services Agreement shall automatically terminate and if feasible, at Covered Entity’s direction, Business Associate shall return or destroy all PHI received from or created or received by Business Associate on behalf of Covered Entity that Business Associate or its Workforce, subcontractors or agents still maintain in any form, and Business Associate shall certify that it retains no copies of such PHI. If return or destruction of all PHI is not feasible, Business Associate shall extend the protections of this Agreement to such PHI at no cost to Covered Entity and limit further uses and disclosures of such PHI to those purposes that make the return or destruction of the PHI infeasible. Once Business Associate no longer requires the PHI it shall return it to Covered Entity or destroy it.

5. Indemnification

Business Associate shall indemnify, defend and hold harmless Covered Entity and its Workforce, subcontractors, and agents from and against any and all liabilities, costs, claims, suits, actions, proceedings, demands and losses (including court costs and reasonable attorneys’ fees), expert witness fees, and costs of breach notification, investigation, credit protection, call center fees, and any civil monetary penalties or other fines imposed by HHS or any State Attorney General arising from or relating to the acts or omissions of Business Associate or any of its Workforce, subcontractors or agents in connection with the Business Associate’s violation of this Agreement.

6. Miscellaneous

(a) Amendment. If any of the regulations promulgated under HIPAA are amended or interpreted in a manner that renders this Agreement inconsistent therewith, the Parties shall, in good faith, negotiate an amendment to this Agreement to the extent necessary to comply with such amendments or interpretations. No amendments or additions to this Agreement are binding unless signed in writing by both Parties.

(b) Survival. The respective rights and obligations of the parties under this Agreement which require compliance after termination of this Agreement shall survive the termination.

(c) Governing Law. This Agreement shall be governed by and construed in accordance with the laws of the State of Texas.

(d) Notices. All notices, requests, approvals, demands, and other communications required or permitted to be given under this Agreement shall be in writing and delivered either personally, or by certified mail with postage prepaid and return receipt requested, or by overnight courier to the party to be notified. All communications will be deemed given when received.

(e) Severability. In the event any provision of this Agreement violates any applicable statute, regulation, or rule of law such provision shall be ineffective to the extent of such violation without invalidating any other provision of this Agreement.

(f) Waiver. A waiver with respect to one event shall not be construed as continuing or as a bar to or waiver of any right or remedy as to subsequent events.

(g) No Third-Party Beneficiaries. Nothing expressed or implied in this Agreement is intended to confer, nor shall anything herein confer, upon any person other than the parties and their respective successors or assigns, any rights, remedies, or obligations.

(h) Entire Agreement. This Agreement constitutes the entire agreement of the Parties regarding the subject matter hereof and cancels and supersedes any prior business associate agreements between the parties. It is expressly understood and agreed that no verbal representation, promise or condition, whether made before or after signing of this Agreement, shall be binding upon the Parties.

IN WITNESS WHEREOF, each of the undersigned has duly executed this Agreement on behalf of the party and on the date set forth below.

COVERED ENTITY AUTHORIZED OFFICER

SHORELINE AGREEMENT

This agreement is optional. If you don't wish to sign into this agreement with Shoreline, do not sign or fill in the fields on this page.

THIS BILLING SERVICE AGREEMENT (the "Agreement") is made and entered into (“Effective Date”) by and between Shoreline Medical Administration, LLC, a Wyoming limited liability company ("Shoreline"), and (“Medical Provider”).

Shoreline provides Medicare reimbursement billing Review Services to Medical Providers to ensure that certain medical billings are Medicare compliant. As a part of its Review Services, Shoreline provides a Service Guarantee in which Shoreline will reimburse the Medical Provider for Medicare overpayment claims for any Covered Medical Billings subject to Medicare overpayment reimbursement, after Shoreline review and approval.

1. Definitions. Unless otherwise set out below, each of the terms in this Section be defined as follows:

a. "Covered Medical Billing(s)” shall mean any Medicare billings for Covered Medical Services submitted by Medical Provider to Shoreline for Review Services and approved by Shoreline for coverage under the Service Guarantee.

b. “Covered Medical Service(s)” shall mean any medical services identified in Schedule A as updated from time-to-time pursuant to Section 2.b.

c. “Review Service(s)” shall mean Shoreline’s review of Medicare billings for compliance with Medicare billing requirements related to Covered Medical Services.

d. “HIPAA” shall mean the Health Insurance Portability and Accountability Act of 1996.

2. Review Services. On behalf of the Medical Provider, Shoreline shall review each Medicare billing for Covered Medical Services to ensure that the language, coding, and supporting documents are compliant with Medicare requirements regarding reimbursement of the Covered Medical Services.

a. Submission Review Procedure. Upon receipt of a Medicare billing submission, Shoreline reserves the sole right to determine whether the Medicare billing is covered under this Agreement and Service Guarantee. Medical Provider must submit all Medicare billings for Covered Medical Services to Shoreline no later than five (5) business days after submission to Medicare. Shoreline will notify Medical Provider within seven (7) business days if a Medicare billing is rejected. Upon receipt of such notification, Medical Provider will have three (3) business days to correct and resubmit the billing submission to Shoreline. Upon resubmission, Shoreline will have the sole right to accept or deny approval of the corrected billing transaction. Any billing submitted to Medicare by Medical Provider that does not conform to the billing reviewed and approved by Shoreline shall not be covered by this Agreement.

b. Covered Medical Services. Covered Medical Services are limited to medical services identified in Schedule A which is incorporated as terms of this Agreement. Shoreline Review Services are limited to Medicare billings for Covered Medical Services identified in Schedule A. Shoreline reserves the right to add or remove Covered Medical Services from coverage from time-to-time by providing Medical Provider notice in writing of the changes along with an updated Schedule A identifying all Covered Medical Services as of the effective change date. Shoreline will notify Medical Provider in writing of any addition or removal of Medical Services in writing at least 30 days before the change becomes effective. Any Covered Medical Billings for Covered Medical Services submitted and approved by Shoreline before the effective change date for removal of a medical service from coverage shall continue to be covered under the Service Guarantee terms of this Agreement.

c. Service Guarantee. For each Medicare billing reviewed and approved for submission by Shoreline, Medical Provider shall receive a Confirmation of Coverage which identifies the Covered Medical Billing information eligible for the Service Guarantee with an assigned Confirmation of Coverage Identification Number. Each Confirmation of Coverage shall become part of this Agreement.

d. Medical Providers Obligations.

i. Access to data. Medical Provider shall grant Shoreline direct access to the Medical Providers electronic record management or medical service billing software to review billing submissions for Covered Medical Services via direct access, Application Programming Interface (API) or other alternative HIPAA compliant data sharing protocols. This access is granted solely for the purpose of enabling Shoreline to validate that all billing procedures for Covered Medical Services have been performed properly and accurately.

ii. Reimbursement Submissions. Any Medicare billings that Medical Provider submits to Medicare for reimbursement which have not been reviewed and approved by Shoreline pursuant to the review procedure set forth in Section 2(a) above shall be excluded from coverage. In the event of any fraud or misrepresentation of a material fact by Medical Provider related to a Covered Medical Billing, Shoreline shall not be responsible for defending or reimbursing any Medicare overpayment claim to the extent that the claim applies to such Covered Medical Billing.

iii. Medicare Overpayment Demand Letter and Service Guarantee Claim Submission. In the event that Medical Provider receives a Medicare Overpayment Demand Letter for any Covered Medical Billings, Medical Provider shall file a claim with Shoreline for coverage under the Service Guarantee (“Service Guarantee Claim”) within five (5) business days from receipt of such letter. Shoreline’s obligation to reimburse Medical Provider for overpayment of Covered Medical Billings is contingent upon Shoreline’s right to contest and appeal the Medicare Overpayment Demand Letter against Medical Provider at Shoreline’s exclusive discretion. Shoreline shall not be responsible to reimburse any Medicare overpayment claim that becomes final as a result of (1) a failure by Medical Provider to file a Service Guarantee Claim with Shoreline in a timely manner; or (2) any action or inaction by Medical Provider resulting in the loss of the right to defend against, contest, or appeal the Medicare Overpayment Demand Letter.

Medical Provider shall provide full cooperation in the response and/or defense of a Medicare Overpayment Demand Letter for Covered Medical Billings and shall provide full access to medical records and other documents requested by Shoreline. Failure to fully cooperate with Shoreline in the defense of a Medicare overpayment claim for Covered Medical Billings may result in denial of reimbursement coverage under the Service Guarantee.

e. Shoreline Responsibilities.

i. Access to Data. Shoreline acknowledges that the Covered Medical Billing data accessed may contain sensitive and protected health information. As such, Shoreline agrees to protect this data in accordance with HIPAA requirements and any other applicable laws and regulations. Shoreline will implement and maintain appropriate administrative, physical, and technical safeguards to protect the data from unauthorized access, disclosure, alteration, or destruction. These safeguards will include but are not limited to encryption of the data in transit and at rest, access controls, and regular security audits. Shoreline agrees to use the data accessed solely for the purposes outlined in this Agreement and will not disclose, sell, or otherwise misuse the data. Any violation of this Section shall be a material breach of this Agreement and Medical Provider shall have the right to immediately terminate this Agreement in accordance with Section 5. Shoreline will promptly notify Medical Provider of any suspected or actual breach of data security and will cooperate fully with Medical Provider to mitigate the effects of such breach and prevent its recurrence.

ii. Elect to Defend. Upon Shoreline’s receipt of a timely filed Service Guarantee Claim regarding a Medicare Overpayment Demand Letter for reimbursement, Shoreline may elect to defend Medical Provider against the Medicare Overpayment Demand Letter. If Shoreline elects to defend, Shoreline will engage with legal counsel and diligently pursue all available legal and administrative remedies to challenge the Medicare Overpayment Demand Letter. Shoreline shall have an exclusive right and sole discretion to elect to defend and/or settle a claim of overpayment before a final overpayment determination of liability. Any payment to Medicare or settlement of a Medicare Overpayment Demand Letter by Medical Provider without Shoreline’s consent shall nullify the applicable Service Guarantee Claim, and Shoreline’s obligation to reimburse Medical Provider for such Service Guarantee Claim shall be waived.

iii. Duty to Reimburse. Shoreline agrees to provide reimbursement to Medical Provider for any Medicare overpayments for Covered Medical Billings covered by the Service Guarantee that Medical Provider becomes obligated to pay (1) if Shoreline elects not to defend, (2) after final appeal, if Shoreline elects to defend, or (3) after a Shoreline approved settlement. Payment of the reimbursement will be made within fifteen (15) days of receipt by Shoreline of (1) the Service Guarantee Claim which Shoreline elects not to defend, (2) written notice of the final appeal denial or (3) written notice of the final settlement. Such written notice shall include a copy of the final appeal denial, settlement agreement, and/or any other documentation reasonably necessary to calculate the amount of the reimbursement. The reimbursement shall be made by Shoreline to Medical Provider by wire transfer of immediately available funds to an account designated in writing by Medical Provider. Shoreline's obligation to reimburse Medical Provider is conditional upon Medical Provider's compliance with all of the Service Guarantee Claim submission requirements.

iv. Coverage Period. Shoreline’s obligations to reimburse Medical Provider against Medicare Overpayment Demand Letters for Shoreline approved Covered Medical Billings shall terminate six (6) years after the date that the Shoreline-approved Covered Medical Billing was paid by Medicare. Subject to exclusions to coverage detailed elsewhere in this Agreement, Shoreline’s obligation to reimburse Medical Provider under the Service Guarantee shall survive termination of this Agreement so long as Shoreline approved the Covered Medical Billing for which Medicare claims overpayment (as indicated on the Confirmation of Coverage), and the fee(s) related to the Covered Medical Billing was paid by Medical Provider to Shoreline.

3. Fees. In consideration for the Review Services provided by Shoreline under this Agreement, Medical Provider agrees to pay Shoreline a service fee equal to six percent (6%) of the gross billing amount, less any adjustment by Medicare, of the Covered Medical Billings (“Service Fee”). The Service Fee will be calculated based on the total Covered Medical Billings paid in each calendar month and will be due and payable on the fifteenth (15th) day of the month following payment by Medicare. For example, the service fee for Covered Medical Billings paid in January will be due and payable on February 15th. Medical Provider shall make all payments of the Service Fee to Shoreline by wire transfer of immediately available funds to an account designated in writing by Shoreline. If the due date for any payment falls on a weekend or public holiday, the payment shall be due on the next business day. Shoreline reserves the right to suspend its services under this Agreement if any payment of the Service Fee is not received by the due date. Service Fees not paid when due will bear interest from the due date until paid at a rate equal to 1.5% per month or the maximum rate permitted by law, whichever is less.

4. Claim Submission. To initiate a Service Guarantee Claim, Medical Provider is required to submit a formal claim to Shoreline via a designated Shoreline claim submission form , and must adhere to the following stipulations: The Service Guarantee Claim submission must include the following:

-The Confirmation of Coverage or Confirmation of Coverage Identification Number for the Covered Medical Billing;
-A certified copy of the Medicare Overpayment Demand Letter, which must contain the following information:
-Confirmation that an overpayment was made -Detailed explanation of the methodology used to calculate the overpayment
-The full name and Medicare Beneficiary Identifier (MBI) of the patient involved -The specific dates and types of services for which overpayment occurred
-A comprehensive breakdown of how interest will accrue, and the applicable rate, should the overpayment not be repaid in full within a 30-day period
-An extended repayment schedule (ERS) as per Medicare guidelines
-A thorough explanation of the recoupment process and options, including the commencement date of recoupment, the ability to request immediate recoupment, and the impact of filing an appeal on recoupment
-Details of rebuttal rights, if applicable
-Details of administrative appeal rights
-A statement that the Centers for Medicare & Medicaid Services (CMS) may instruct the Medicaid State Agency to withhold the federal share of any Medicaid payments until the full amount owed to Medicare is recouped.

Shoreline will not initiate the Service Guarantee claim process until the Medical Provider has fulfilled all of the above submission requirements. Shoreline reserves the right to request additional information or documentation as necessary to process the claim.

5. Termination. Shoreline may terminate this Agreement at any time upon providing written notice to Medical Provider. Such termination shall become effective immediately upon receipt of the written notice by Medical Provider unless otherwise specified in the notice. Medical Provider may terminate this Agreement at any time upon providing written notice to Shoreline. Upon termination of this Agreement, all rights and obligations of the parties under this Agreement shall cease, except for those rights and obligations that by their nature should survive termination of this Agreement. Notwithstanding the foregoing, termination of this Agreement shall not relieve either party of any obligations incurred prior to the effective date of such termination, and the provisions of Sections 1, 2, 6, and 7 shall survive any termination of this Agreement.

6. Governing Law and Dispute Resolution. This Agreement shall be governed by and construed in accordance with the laws of the State of Wyoming, without regard to its conflict of laws principles. In the event of any dispute, claim, question, or disagreement arising from or relating to this Agreement or the breach thereof, the parties hereto shall use their best efforts to settle the dispute, claim, question, or disagreement. To this effect, they shall consult and negotiate with each other in good faith and, recognizing their mutual interests, attempt to reach a just and equitable solution satisfactory to both parties. If the parties do not reach such a resolution within a period of sixty (60) days, then, upon notice by either party to the other, all disputes, claims, questions, or differences shall be finally settled by arbitration administered by the American Arbitration Association in accordance with the provisions of its Commercial Arbitration Rules. The number of arbitrators shall be one. The place of arbitration shall be Cheyenne, Wyoming. Wyoming law shall apply. Judgment on the award rendered by the arbitrator(s) may be entered in any court having jurisdiction thereof. The parties agree that any arbitration proceedings will be kept confidential and that the existence of the proceeding and any element of it (including but not limited to any pleadings, briefs, or other documents submitted or exchanged and any testimony or other oral submissions and awards) will not be disclosed beyond the arbitration proceedings, except as may lawfully be required in judicial proceedings relating to the arbitration or by applicable disclosure rules and regulations of securities regulatory authorities or other governmental agencies.

7. Limitation of Liability. This is a Service Guarantee Agreement, not an insurance policy. In no event shall Shoreline’s liability exceed the costs to defend against a Medicare Overpayment Demand Letter and reimbursement of a Service Guarantee Claim. Other than liability related to its failure to perform pursuant to the terms of this Agreement, Shoreline shall have no liability to Medical Provider for damages, lost time, earnings, wages, or data breaches arising from providing services under the terms of this Agreement.

8. Right to Audit. Shoreline shall have the right, at its own expense, to audit the records of Medical Provider related to the Covered Medical Billings . The purpose of such an audit will be to verify the accuracy of the billing submissions, the calculation of the service fee, and Medical Provider’s compliance with the terms of this Agreement. Such audits may be conducted no more than once per calendar year unless Shoreline has reasonable grounds to suspect a breach of this Agreement or any fraud or misrepresentation by Medical Provider. In such cases, provided that Shoreline provides Medical Provider with a written statement and available supporting documentation explaining the basis for its suspicion, additional audits may be conducted as reasonably necessary. Medical Provider shall provide Shoreline with reasonable access to its records for the purpose of such audits and shall cooperate fully with Shoreline in the conduct of the audits. The audits shall be conducted during normal business hours and in a manner that does not unreasonably interfere with Medical Provider’s normal business operations. If an audit reveals any underpayment of the service fee or any breach of this Agreement by Medical Provider, Medical Provider shall promptly pay the underpaid amount to Shoreline, together with interest at a rate equal to 1.5% per month or the maximum rate permitted by law, whichever is less, from the due date until paid. In addition, if the underpayment exceeds five percent (5%) of the service fee due for any period, Medical Provider shall reimburse Shoreline for the reasonable costs of the audit.

9. Entire Agreement. This Agreement, Schedule A as modified from time-to-time pursuant to Section 2.b., along with Shoreline provided Confirmation of Coverage notices for Covered Medical Billings, contains the entire agreement between the parties relating to the subject matter hereof and supersedes any and all prior agreements or understandings, written or oral, between the parties related to the subject matter hereof.

IN WITNESS WHEREOF, the parties have executed this Service Guarantee Agreement as of the date first above written.

SHORELINE SCHEDULE A

The below schedule of Allograft information is available upon approval by viewing any product landing page when logged into the Total Wound Supply website. Please click the Next button to proceed.

BUSINESS ASSOCIATE AGREEMENT

This Business Associate Agreement (“Agreement”), is made effective today (the “Effective Date”), is entered into by and between the (Clinic) and its subsidiaries collectively known as (“Covered Entity ”) and Shoreline Medical Administration, LLC (“Business Associate”).

RECITALS

A. Business Associate and Covered Entity are engaged in a business relationship whereby Covered Entity purchases, and Business Associate sells or provides, certain services to Covered Entity (“Business Relationship”);

B. As part of this Business Relationship, Business Associate performs or assists in performing a function or activity on behalf of Covered Entity that involves the use and/or disclosure of Protected Health Information (as defined in 45 C.F.R. 164.501), as amended from time to time.

C. The parties desire to enter into this Agreement regarding the use and/or disclosure of Protected Health Information as required by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), the Standards for Privacy of Individually Identifiable Health Information (the “Privacy Rule”) and the Standards for Security of Electronic Protected Health Information (the “Security Rule”) promulgated thereunder, and the Health Information Technology for Economic and Clinical Health Act (Division A, Title XIII and Division B, Title IV, of the American Recovery and Reinvestment Act of 2009, Pub. L. 111-5) (the “HITECH Act”), and any regulations promulgated thereunder, as amended from time to time.

NOW, THEREFORE, for and in consideration of the representations, warranties and covenants contained herein, and other good and valuable consideration, the receipt and sufficiency of which is hereby acknowledged, the parties hereto agree as follows:

AGREEMENT

1. Terms Used. Terms used but not otherwise defined, in this Agreement shall have the same meaning given to such terms in HIPAA, the HITECH Act, or any implementing regulations promulgated thereunder, including but not limited to the Privacy Rule and the Security Rule.

2. Permitted Uses and Disclosures of Protected Health Information. Except as otherwise limited in the Business Relationship or this Agreement, Business Associate may use and/or disclose Protected Health Information to perform the functions, activities, or services for or on behalf of Covered Entity as specified in the Business Relationship provided that such use and/or disclosure (a) would not violate the Privacy Rule if done by Covered Entity, (b) is in compliance with each applicable requirement of 45 C.F.R. § 164.504(e), and (c) is in compliance with the HITECH Act and those requirements relating to security and privacy that are made applicable to business associates by sections 13401 and 13404 of the HITECH Act. All other uses and/or disclosures not authorized by the Business Relationship or this Agreement are prohibited.

3. Responsibilities of Business Associate with Respect to Protected Health Information. With regard to the use and/or disclosure of Protected Health Information, Business Associate hereby agrees:

a. not to use and/or disclose Protected Health Information other than as permitted or required by the Business Relationship or this Agreement or as Required By Law;

b. to use appropriate safeguards to prevent the use and/or disclosure of Protected Health Information other than as provided for by the Business Relationship or this Agreement;

c. to comply with the Security Rule provisions relating to Administrative Safeguards (45 C.F.R. § 164.308), Physical Safeguards (45 C.F.R. § 164.310), Technical Safeguards (45 C.F.R. § 164.312) and Policies and Documentation (45 C.F.R. § 164.316), and to implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the Electronic Protected Health Information Business Associate creates, receives, maintains, or transmits on behalf of Covered Entity;

d. to secure Electronic Protected Health Information in a manner that complies with the HITECH Act and any applicable implementing regulations, to report to Covered Entity any Security Incident of which it becomes aware within 5 business days, and to report any potential Breach of Unsecured Protected Health Information within 5 business days of discovery, and (in either case) any such report shall include the identification of each individual whose Unsecured Protected Health Information has been, or is reasonably believed by Business Associate to have been, accessed, acquired or disclosed during any such Security Incident or potential Breach, together with such other information regarding the Security Incident or potential Breach as is known to Business Associate at the time such report is made (such as the type of PHI involved in the event, the nature of the information accessed, acquired or disclosed, etc.);

e. to notify Covered Entity in writing within five (5) business days of any use and/or disclosure of Protected Health Information that is not provided for by the Business Relationship or this Agreement;

f. to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of Protected Health Information by Business Associate in violation of the requirements of this Agreement, or as the result of any Security Incident or potential Breach, using mitigation actions that are disclosed to Covered Entity in advance and authorized by Covered Entity, all at the sole cost and expense of Business Associate;

g. to work cooperatively with Covered Entity in connection with Covered Entity’s investigation of any potential Breach and in connection with any notices Covered Entity determines are required as a result, and to refrain from giving any notice itself unless Covered Entity expressly agrees in advance and in writing to Business Associate giving notice and to the form, content and method of delivery of such notice, all at the sole cost and expense of Business Associate;

h. to ensure that all agents, including subcontractors, to whom it provides Protected Health Information received from, or created or received by, Business Associate on behalf of Covered Entity agree in writing to the same restrictions and conditions on the use and/or disclosure of Protected Health Information that apply to Business Associate pursuant to the Business Relationship and this Agreement, and that any agent, including subcontractors, to whom it provides Electronic Protected Health Information agrees in writing to implement reasonable and appropriate safeguards to protect such Electronic Protected Health Information;

i. to provide access (at the request of, and in the time and manner designated by, Covered Entity) to Protected Health Information in a Designated Record Set to Covered Entity or, as directed by Covered Entity, to an Individual in order to meet the requirements under 45 C.F.R. 164.524 (this provision shall be applicable only if Business Associate has Protected Health Information in a Designated Record Set) and to notify Covered Entity of any requests for access it receives from an individual within 5 business days of receipt;

j. to make any amendment(s) (at the request of, and in the time and manner designated by, Covered Entity) to Protected Health Information in a Designated Record Set that Covered Entity directs pursuant to 45 C.F.R. § 164.526 (this provision shall be applicable only if Business Associate has Protected Health Information in a Designated Record Set) and to notify Covered Entity of any amendment requests it receives from an individual within 5 business days of receipt;

k. to document such disclosures of Protected Health Information and information related to such disclosures as would be required for Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR § 164.528;

l. to provide to Covered Entity, in a time and manner designed by Covered Entity, information collected in accordance with Section 3.k. of this Agreement, to permit Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR § 164.528 (and HITECH Act § 13405(c) when such requirements are effective as to Covered Entity);

m. to make its internal practices, books, and records relating to the use and/or disclosure of Protected Health Information received from, or created or received by Business Associate on behalf of, Covered Entity available to Covered Entity, or at the request of Covered Entity, to the Secretary of the Department of Health and Human Services or his/her designee, in a time and manner designated by Covered Entity or the Secretary, for purposes of determining Covered Entity’s and/or Business Associate’s compliance with the Privacy Rule; and

n. if Business Associate knows of a pattern of activity or practice that constitutes a material breach or violation of Business Associate’s obligations under this Agreement, Business Associate agrees to give written notice of such pattern or practice to Covered Entity within five (5) business days of its discovery and to take reasonable steps to cure the breach or end the violation.

4. Responsibilities of Covered Entity with Respect to Protected Health Information. If deemed applicable by Covered Entity, Covered Entity shall:

a. provide Business Associate with the notice of privacy practices that Covered Entity produces in accordance with 45 CFR 164.520 as well as any changes to such notice;

b. provide Business Associate with any changes in, or revocation of, permission by individual to the use and/or disclosure of Protected Health Information, if such changes affect Business Associate’s permitted or required uses and/or disclosures; and

c. notify Business Associate of any restriction to the use and/or disclosure of Protected Health Information that Covered Entity has agreed to in accordance with 45 CFR 164.522.

5. Specific Use and Disclosure by Business Associate. Except as otherwise limited in the Business Relationship and this Agreement, Business Associate may:

a. use Protected Health Information for the proper management and administration f Business Associate or to carry out the legal responsibilities of Business Associate;

b. disclose Protected Health Information for the proper management and administration of Business Associate, provided that the disclosures are Required By Law, or Business Associate obtains reasonable assurances from the person to whom Protected Health Information is disclosed that it will remain confidential and be used or further disclosed only as Required by Law or for the purpose for which it was disclosed to the person, and the person notifies the Business Associate of any instances of which it is aware in which the confidentiality of Protected Health Information has been breached; and

c. use Protected Health Information to provide Data Aggregation services to Covered Entity as permitted by 42 CFR 164.504(e)(2)(i)(B).

6. Term and Termination.

a. Term. The Term of this Agreement shall be effective as of the Effective Date and shall terminate when all of the Protected Health Information provided by Covered Entity to Business Associate, or created or received by Business Associate on behalf of Covered Entity, is destroyed or returned to Covered Entity, or, if it is infeasible to return or destroy Protected Health Information, protections are extended to such Protected Health Information, in accordance with Section 6.c. below.

b. Termination for Cause. Covered Entity may immediately terminate the Business Relationship and/or this Agreement if Covered Entity determines that Business Associate has breached a material term of this Agreement.

c. Effect of Termination.

(1) Except as provided in paragraph (2) of this Section 6.c., upon termination of the Business Relationship and/or this Agreement, for any reason, Business Associate shall return or destroy all Protected Health Information received from Covered Entity, or created or received by Business Associate on behalf of Covered Entity. This Section 6.c.(1) shall apply to Protected Health Information that is in the possession of subcontractors or agents of Business Associate. Business Associate shall retain no copies of the Protected Health Information.

(2) In the event that Business Associate determines that returning or destroying the Protected Health Information is infeasible, Business Associate shall provide in writing to Covered Entity notification of the conditions that make return or destruction infeasible. Upon mutual written agreement of the Parties that return or destruction of Protected Health Information is infeasible, Business Associate shall extend the protections of this Agreement to such Protected Health Information and limit further uses and disclosures of such Protected Health Information to those purposes that make the return or destruction infeasible, for so long as Business Associate maintains such Protected Health Information.

7. Indemnification.

a. Business Associate agrees to indemnify Covered Entity and their respective current and former officers, directors, members, employees and agents (collectively, “Indemnitees”), from and against any liability, claim, action, loss, cost, damage or expense (including reasonable fees of attorneys and experts) incurred or suffered by Indemnitees, to the extent that such liability, claim, action, loss, cost, damage, expense or fees are attributable to or incurred as a result of an unauthorized use or disclosure of Protected Health Information by Business Associate, a Business Associate Breach or Security Incident, or any breach of this Agreement by Business Associate.

8. Miscellaneous.

a. Amendment. The Parties agree to take such action as is necessary to amend this Agreement from time to time as is necessary for Covered Entity and Business Associate to comply with the requirements of the Privacy Rule, the Security Rule, HIPAA, and the HITECH Act. Notwithstanding the forgoing, if Covered Entity and Business Associate have not amended this Agreement to address a law or final regulation that becomes effective after the Effective Date and that is applicable to this Agreement, then upon the effective date of such law or regulation (or any portion thereof) this Agreement shall be amended automatically and deemed to incorporate such new or revised provisions as are necessary for this Agreement to be consistent with such law or regulation and for Covered Entity and Business Associate to be and remain in compliance with all applicable laws and regulations. Except as provided in this Section 8.a., no amendment to this Agreement shall be effective unless it is in writing and signed on behalf of Covered Entity and Business Associate.

b. Survival. The respective rights and obligations of Business Associate under Section 6.c. of this Agreement shall survive the termination of the Business Relationship and/or this Agreement.

c. Regulatory and Statutory References. Any reference in this Agreement to a section of HIPAA, the Privacy Rule, the Security Rule, the HITECH Act, or any other regulations implementing HIPAA or the HITECH Act, shall mean such regulation or statute as in effect at the time of execution of this Agreement or, if and to the extent applicable, as subsequently updated, amended or revised.

d. Interpretation. Any ambiguity in this Agreement shall be resolved in favor of a meaning that permits Covered Entity to comply with the Privacy Rule.

e. No Third Party Beneficiary. Nothing in this Agreement is intended, nor shall be deemed, to confer any benefits on any third party.

8. Effect of Agreement. Except as amended by this Agreement, the terms and provisions of the Business Relationship shall remain in full force and effect.