Accolade, Inc. - FORM S-1/A - EX-10.32

Attached files

file	filename
EX-23.1 - EX-23.1 - Accolade, Inc.	a2241931zex-23_1.htm
EX-5.1 - EX-5.1 - Accolade, Inc.	a2241931zex-5_1.htm
EX-1.1 - EX-1.1 - Accolade, Inc.	a2241931zex-1_1.htm
S-1/A - S-1/A - Accolade, Inc.	a2241931zs-1a.htm

Exhibit 10.32

CERTAIN CONFIDENTIAL INFORMATION CONTAINED IN THIS DOCUMENTS, MARKED BY [***], HAS BEEN OMITTED BECAUSE ACCOLADE, INC. HAS DETERMINED THE INFORMATION (I) IS NOT MATERIAL AND (II) WOULD LIKELY CAUSE COMPETITIVE HARM TO ACCOLADE, INC. IF PUBLICLY DISCLOSED.

SECOND RENEWAL AND AMENDMENT OF THE
AMENDED AND RESTATED SERVICES AGREEMENT

This “Second Renewal and Amendment” is to the AMENDED AND RESTATED SERVICES AGREEMENT (the “Agreement”), dated June 29, 2015, by and between Accolade, Inc., a Delaware corporation (“Accolade”) and Comcast Cable Communications Management, LLC, a Delaware limited liability company, on behalf of itself, its Affiliates and The Comcast Comprehensive Health and Welfare Plan (“Comcast”). Accolade and Comcast are each “a Party” and collectively referred to as the “Parties.”

Capitalized terms used but not defined herein shall have the respective meanings ascribed thereto in the Agreement. Section references herein, if any, shall refer to Section references in the Agreement. Added text is shown in italics.

WHEREAS, the Agreement will expire as of 11:59 p.m. EST on December 31, 2020, unless extended by the Parties;

WHEREAS, the Parties agree to renew and extend the Agreement until 11:59 p.m. EST on December 31, 2023;

WHEREAS, as part of the afore-referenced renewal, the Parties desire to update and/or amend certain provisions of the Agreement as further set forth below;

AND, WHEREAS, as part of the afore-referenced renewal, the Parties also desire to amend and restate the Services provided by Accolade to Comcast, and therefore are replacing certain Exhibits and Statements of Work under the Agreement with a new Exhibit B (Accolade Services Schedule);

NOW, THEREFORE, for good and valuable consideration, the receipt and sufficiency of which are hereby acknowledged, Accolade and Comcast hereby agree to renew and amend the Agreement as follows:

EFFECTIVE DATE

This Second Renewal and Amendment will be effective as of January 1, 2020 (“Amendment Effective Date”). Any revisions pertaining to Service Years subsequent to the end of Service Year 2019 shall be effective on the dates referenced expressly herein.

AMENDMENTS TO THE AGREEMENT

1. Amend the Agreement by replacing Exhibit B (Accolade Services Schedule) and Statement of Work No. 6 with a new Exhibit B (Accolade Services Description) that, subject to the timeframes for launch and delivery set forth herein, sets forth a description of the Services to be provided by Accolade to Comcast from the Amendment Effective Date through the end of the Term.

2. Add a new Exhibit B-1 (Accolade Services Pricing and Launch Schedule) to the Agreement applicable to the period commencing on the Amendment Effective Date through the end of the

Term that sets forth target launch dates for components of the Services set forth in Exhibit B (Accolade Service Schedule) and each such component’s associated pricing.

3. Add a new Exhibit B-2 (Product Roadmap and Milestones) to the Agreement applicable to the period commencing on the Amendment Effective Date through the end of the Term that sets forth the description of each of the components of any new Services which are being implemented during the Term of this Amendment.

4. Add a new Exhibit B-3 (Minimum Requirements) to the Agreement applicable to the period commencing on the Amendment Effective Date through the end of the Term that sets forth the description of the minimum requirements for each of the components of the new Services which are being implemented during the Term of this Amendment.

5. Beginning on the Amendment Effective Date through the end of the Term, Accolade will provide the Services set forth in the amended and restated version of Exhibit B, as supported by Exhibits B-2 and B-3, as applicable, in each case attached to this Second Renewal and Amendment as and when available and at the prices set forth in Exhibit B-1 (Accolade Services Pricing and Launch Schedule).

If a Service component set forth in Exhibit B-2 requires implementation, Accolade will notify Comcast at least [***] prior to commencing implementation activities related to the launch of a new component of the Services, and Accolade and Comcast will work collaboratively to implement such Service component. Upon acceptance of the readiness of such Service component by Comcast, which acceptance shall be provided if, within Comcast’s reasonable discretion, the Service component is consistent with the descriptions and minimum requirements set forth in Exhibits B-2 and B-3 respectively (which such approval shall not be unreasonably withheld or delayed), the subject Service component will be launched and included within the Services provided to Comcast and Comcast will be subject to Fees charged by Accolade for such newly launched Service components at the prices set forth in Exhibit B-1 from and after the actual launch date. Comcast’s acceptance of a Service component shall be documented in written notice provided to Accolade. For purposes of this requirement, an email to Accolade’s Account Manager shall suffice.

The dates for launch of the specified Accolade Services are the mutually agreed upon implementation dates. Any mutually agreed changes to the launch dates for any reason shall be documented in a Change Request to mutually agree upon a new implementation date and a revision to the commencement date of the fees set forth in the “Effective Date” column of the table set forth in Exhibit B-1 commensurate with the change in the implementation date.

6. Amend Section 3.1.8 as follows:

“Fully comply with Comcast’s privacy and information security requirements, as set forth in Exhibit E, and with any applicable law regarding information security, including but not limited to the Health Insurance Portability Accountability Act of 1996 (“HIPAA”);”

7. Renumber Section 5.2.5 as 5.2.6, and add a new Section 5.2.5, as follows:

“5.2.5 Beginning [***] basis and set forth in Exhibit B-1 (Accolade Services Pricing and Launch Schedule). An “employee” refers to an active employee of Comcast who is enrolled in a self-insured medical health plan administered by the Comcast Comprehensive Health and Welfare Plan or a former employee that is an active participant in a COBRA plan supported by Comcast. [***]”

8. Replace Section 5.3.1 with the following:

“5.3.1 Commencing April 1, 2020, Accolade shall meet the performance metrics (“Metrics”) set forth in Exhibit F (the “Service Level Agreement”), as may be amended or substituted by mutual written agreement of the Parties in accordance with the provisions of the Service Level Agreement. Failure to meet such service levels defined in the Service Level Agreement may result in fee credits being refunded to Comcast in accordance with the terms of the Service Level Agreement.”

9. Replace Section 5.3.2 with the following:

“5.3.2 Any of the service levels defined in the Service Level Agreement, the Metrics for measuring the service levels or the fee credits payable to Comcast for failing to meet any service level may be eliminated or changed at any time upon the mutual written agreement of the Parties.”

10. Replace Section 5.5 with the following:

“5.5 [***]”

11. Replace Section 6.1 with the following:

“6.1 Base Fees.

6.1.1 Upon the end of each month, and using the applicable employee count from the eligibility file for such month, Accolade shall prepare and send to Comcast an invoice for the past month’s fee (“Monthly Invoice”). Comcast shall pay the Monthly Invoice no later than [***]

6.1.2 For Additional Groups, if any, Comcast shall pay [***] as determined in accordance with Section 6.1.1 above, or such other amount as may be agreed between the Parties in accordance with Section 4 above.”

12. Replace Section 10.1 with the following:

“10.1 Term. The term of this Agreement (the “Term”) will begin on the Effective Date and expire at 11:59 p.m. EST on December 31, 2023, unless earlier terminated in accordance with Section 10.2 or Section 10.3 below, and may be renewed by mutual written agreement for additional terms with mutually agreeable adjustments to the terms and conditions of this Agreement.”

13. Amend Section 10.2.2, as follows:

“10.2.2 [***]”

14. Amend Section 10.3.1, as follows:

“[***]”

15. Amend Section 13.3 as follows:

“All Confidential Information that is collected, stored or otherwise maintained by Accolade pursuant to this Agreement shall be maintained in a secure environment that meets or exceeds industry standards for the protection of highly sensitive information as well as the requirements set forth in Exhibit E. At a minimum, such safeguards shall include storing any Confidential Information that is collected or obtained by Accolade in a secure form and transmitting such Confidential Information in encrypted form, and utilization of authentication and access controls with respect to any media, applications, operating systems or equipment utilized by Accolade and its subcontractors, and utilization of host and network based intrusion detection systems (with third party penetration testing). In the event of a breach or suspected breach of security of any system, website, database, equipment or storage medium or facility that results or could result in unauthorized access to any Comcast Confidential Information (including without limitation Personal Information, or any Work Product) by any third party (including any Personnel of Accolade that is not authorized to access such information), Accolade shall notify Comcast [***], and make [***] efforts to re-secure its systems immediately. Accolade shall treat any information related to such security incident(s) as Comcast’s Confidential Information. Accolade agrees to provide reasonable cooperation to Comcast and any applicable government agency in investigating and resolving any such security incident. In addition, Accolade shall comply with the privacy requirements set forth in Exhibit E.”

16. Commencing April 1, 2020, the version of Exhibit F attached to this Second Renewal and Amendment shall set forth the service levels in accordance with the Service Level Agreement applicable to Accolade Services beginning April 1, 2020 until the end of the Term of the Agreement. For the avoidance of doubt, and as further set forth in the Service Level Agreement, for the period between January 1, 2020 and March 31, 2020, there will be no fee credits payable to Comcast under either the Service Level Agreement or any performance guarantees or service levels set forth in a prior version of Exhibit F.

17. Amend the Agreement by replacing Exhibit E-1 (Comcast Information Security Requirements) with that certain Data Protection Addendum, including all exhibits thereto, executed by Accolade and dated August 5, 2019 with an effective date of January 1, 2020 and attached as a new Exhibit E-1 hereto.

18. For the avoidance of doubt, Exhibits G and H shall have no applicability to Accolade Services following January 1, 2020.

19. Amend the Agreement by replacing Exhibit I (Business Associate Agreement) with a new Exhibit I (Business Associate Agreement) applicable for commencing January 1, 2020 through the end of the Term. Amend the Agreement by adding a new Exhibit J (Governance and Key Personnel) applicable for services performed commencing January 1, 2020 through the end of the Term.

20. Paragraph 24 of the Renewal and Amendment to the Amended and Restated Services Agreement is hereby deleted in its entirety and inapplicable to Service Year 2020 and all Service Years through the end of the Term.

Except as expressly set forth herein, the terms and conditions of the Agreement remain in full force and effect. In the event of a conflict between the terms of this Renewal and Amendment and the Agreement, the terms of this Renewal and Amendment will govern.

[signatures follow]

IN WITNESS WHEREOF, the Parties hereto, by their duly authorized representatives, have executed this Amendment.

Comcast Cable Communications Management, LLC		Accolade, Inc.

By:	/s/Peter Kiriacoulacos	By:	/s/Rajeev Singh

Name:	Peter Kiriacoulacos	Name:	Rajeev Singh

Title:	EVP & CPO	Title:	CEO

Date:	06/20/2020	Date:	6/19/2020

Exhibit B

Accolade Services Description

[commences on following page]

Exhibit B - Service Description

Guide Comcast

FINAL

Table of Contents

[***]

Exhibit B-1

Accolade Services Pricing and Launch Schedule

[***]

Exhibit B-2

Product Roadmap and Milestones

[***]

Exhibit B-3

Product Roadmap Minimum Requirements

[***]

Exhibit E-1

Comcast Information Security Requirements (with Data Protection Addendum)

The terms of this Exhibit E-1 do not apply to “protected health information” (as defined in 45 CFR § 160.103) that is disclosed pursuant to the Business Associate Agreement between the parties attached to this Amendment.

[***]

* * *

Exhibit E-2

Information Security Requirements for Suppliers

This Information Security Requirements for Suppliers Exhibit (“Exhibit”) defines certain security controls and requirements for Supplier’s performance of services for, or provision of services or products to, Comcast under the Agreement (“Services”). Unless expressly stated otherwise in the Agreement, the terms of this Exhibit shall take precedence and prevail over any conflicting or inconsistent provisions set forth in the Agreement, statements of work and orders thereunder (collectively or individually, the “Agreement”); provided, however, that any security controls specified in the Agreement shall take precedence and prevail over the provisions of this Exhibit where (i) the Agreement expressly states so or (ii) the security controls specified in the Agreement exceed those set forth in this Exhibit. As used herein, “Requirements” means the security requirements set forth in this Exhibit and/or the Agreement (either expressly or to the extent exceeding those set forth in this Exhibit), as applicable.

[***]

Exhibit F

Service Level Agreement

Table of Contents

General	10

Allocation of Fees at Risk	10

Reallocation of Fees at Risk	10

Exclusions	10

[***]

I. General

The performance measures contained in this document apply to the standard ongoing Services Accolade provides. All measures are reported monthly unless noted otherwise. All financial calculations (fees at risk) are calculated quarterly taking the quarter as a single measurement period. Any credits shall be applied to the next available invoice following the end of quarter. All measures and associated fees at risk will take effect on April 1, 2020.

Notwithstanding the sum of the individual performance payments calculated below, the maximum penalty assessed in any Agreement quarter shall not exceed [***] of quarterly ongoing Base Fees tied to this Agreement, other than as provided below for calendar [***].

[***] Transition:

· For the period [***], there shall be [***] fees at risk based on the Performance Measures defined below.

· For the period [***], the [***] fees at risk for each Performance Measure shall equal [***]. For example, the Fees at Risk for Net Promoter Score shall be [***], calculated as [***].

· For the period [***], the maximum penalty assessed in any Agreement quarter shall not exceed [***], calculated as [***].

II. Allocation of Fees at Risk

Of the performance standards listed below, Comcast may assign weighting of [***] at risk across the chosen performance standards, in [***] increments, with a maximum of [***] for any one performance standard, other than as provided above for calendar [***].

III. Reallocation of Fees at Risk

On an annual basis, Comcast may reallocate the fees-at-risk associated with the set of Performance Measures defined below. Any such reallocation must comply with the guidelines defined in the Allocation of Fees at Risk section above. Comcast must provide written notice of desire to reallocate by [***] each Agreement year. Any such reallocation would become effective the subsequent January 1st and would remain in effect until further notice from Comcast. If Comcast fails to provide such notice by [***], the current allocation of fees-at-risk would remain in effect for the subsequent year.

IV. Exclusions

The performance standards are waived for periods of significant unanticipated events impacting the Services for such period (e.g., force majeure, an event without prior notice to Accolade like a major announcement affecting Comcast employees, etc.). During such period, Accolade agrees to work with Comcast to identify and implement appropriate measures to mitigate the impact of such events.

[***]

Exhibit I

Business Associate Agreement

This Business Associate Agreement (“Agreement”), effective January 1, 2020 (“Effective Date”), is entered into by Comcast Cable Communications Management, LLC, affiliate of Comcast Corporation, Plan Sponsor and on behalf of the Comcast Comprehensive Health and Welfare Plan (“Covered Entity”) and Accolade, Inc. (“Business Associate”) (each a “Party” and collectively the “Parties”).

Business Associate provides certain services for Covered Entity (“Services”) that involve the use and disclosure of Protected Health Information that is created or received by Business Associate from or on behalf of Covered Entity (“PHI”). These Services are performed pursuant to the underlying service agreement between the parties (the “Contract”). With respect to these Services, Business Associate is committed to complying with the Standards for Privacy of Individually Identifiable Health Information, 45 C.F.R. Part 160 and Part 164, Subparts A and E as amended from time to time (the “Privacy Rule”), and with the Security Standards, 45 C.F.R. Part 160 and Part 164, Subpart C as amended from time to time (the “Security Rule”), under the Health Insurance Portability and Accountability Act of 1996 (together with the regulations thereunder, “HIPAA”), and by the Health Information Technology for Economic and Clinical Health Act and its implementing regulations (“HITECH”). Business Associate acknowledges that, pursuant to HITECH, 45 C.F.R. §§ 164.308 (administrative safeguards), 164.310 (physical safeguards), 164.312 (technical safeguards), 164.316 (policies and procedures and documentation requirements) and 164.502 et. seq. apply to Business Associate in the same manner that such sections apply to Covered Entity. The additional requirements of Title XIII of HITECH contained in Public Law 111-005 that relate to privacy and security and that are made applicable with respect to covered entities shall also be applicable to Business Associate. This Agreement sets forth the terms and conditions pursuant to which PHI, and, when applicable, PHI that is Electronic Protected Health Information (“EPHI”), shall be handled. Business Associate further acknowledges that state statutes or other laws or precedents may impose data breach notification or information security obligations, and it is its further intention to comply with such laws, to the extent applicable, as well as HITECH and HIPAA and the terms of this Agreement in the collection, handling, storage, and disclosure of personal data of patients or other personal identifying information exchanged or stored in connection with their relationship.

The Parties agree as follows:

1. Definitions

All capitalized terms used in this Agreement but not otherwise defined shall have the meaning set forth in the Privacy Rule, Security Rule and HITECH.

2. Permitted Uses And Disclosures Of PHI

2.1 Unless otherwise limited herein, Business Associate may:

(a) use or disclose PHI to perform functions, activities or Services for, or on behalf of, Covered Entity as requested by Covered Entity from time to time, provided that such use or disclosure would not violate the Privacy or Security Rules or the standards for Business Associate Agreements set forth in 45 C.F.R. § 164.504(e), exceed the minimum necessary to accomplish the intended purpose of such use or

disclosure or violate the additional requirements of HITECH contained in Public Law 111-005 that relate to privacy and security;

(b) disclose PHI for the purposes authorized by this Agreement only: (i) to its employees, subcontractors and agents; (ii) as directed by this Agreement; or (iii) as otherwise expressly permitted by the terms of this Agreement;

(c) use PHI in its possession to provide Data Aggregation Services to Covered Entity as permitted by 45 C.F.R. § 164.504(e)(2)(i)(B) upon Covered Entity’s explicit approval or as a part of the Services provided in accordance with the Contract;

(d) use PHI in its possession for proper management and administration of Business Associate or to carry out the legal responsibilities of Business Associate as permitted by 45 C.F.R. § 164.504(e)(4)(i);

(e) disclose the PHI in its possession to third parties for the proper management and administration of Business Associate to the extent and in the manner permitted under 45 C.F.R. § 164.504(e)(4)(ii); provided that the disclosure is Required by Law or Business Associate obtains reasonable assurances from the persons to whom the information is disclosed that it will remain confidential and used or further disclosed only as Required by Law, or for the purpose for which it was disclosed to the person, and the person notifies Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached;

(f) use PHI to report violations of law to appropriate Federal and state authorities, consistent with 45 C.F.R. § 164.502(j)(1);

(g) upon Covered Entity’s explicit approval or as a part of the Services in accordance with the Contract, de-identify any PHI obtained by Business Associate under this Agreement, both with respect to the individuals and Comcast, for further use or disclosure only to the extent such de-identification is pursuant to this Agreement, and use such de-identified data in accordance with 45 C.F.R. § 164.502(d)(1).

2.2 Additional Responsibilities of Business Associate with Respect to EPHI. In the event that Business Associate has access to EPHI, in addition to the other requirements set forth in this Agreement relating to PHI, Business Associate shall:

(a) use appropriate safeguards and comply with Subpart C of 45 C.F.R. Part 164 with respect to EPHI to prevent use or disclosure of PHI other than as provided for by this Agreement;

(b) implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of EPHI that Business Associate creates, receives, maintains, or transmits on behalf of Covered Entity as required by 45 C.F.R. Part 164, Subpart C;

(c) ensure that any subcontractor or agent to whom Business Associate provides any EPHI agrees in writing to implement reasonable and appropriate safeguards to protect such EPHI; and

(d) report to the Privacy Official of Covered Entity, in writing, any Security Incident involving EPHI of which Business Associate becomes aware within [***] of Business Associate’s discovery of such Security Incident. For purposes of this Section, a Security Incident shall mean (consistent with the definition set forth at 45 C.F.R. § 164.304), the attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or interference with systems operations in an information system. In

such event, the Business Associate shall, in consultation with the Covered Entity, mitigate, to the extent practicable, any harmful effect that is known to the Business Associate of such improper use or disclosure.

3. Mitigation

Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of Protected Health Information by Business Associate in violation of the requirements of this Agreement.

4. Duty to Report Violations

Business Associate agrees to report to Covered Entity any material use and/or disclosure of Protected Health Information that is not permitted or required by this Agreement of which it becomes aware including the identities of any Individual whose Protected Health Information was breached.

5. Responsibilities Of The Parties With Respect To PHI

5.1 Responsibilities of Business Associate. With regard to its use and/or disclosure of PHI, Business Associate shall:

(a) use and/or disclose PHI only as permitted or required by this Agreement or as otherwise Required by Law;

(b) report to the Privacy Official of Covered Entity, in writing, (i) any use and/or disclosure of the PHI that is not permitted or required by this Agreement of which Business Associate becomes aware, and (ii) any Breach of PHI that is Unsecured Protected Health Information (“Unsecured PHI”) as specified by HITECH, [***] of discovery. In such event, the Business Associate shall, in consultation with the Covered Entity, mitigate, to the extent practicable, any harmful effect that is known to the Business Associate of such improper use or disclosure. The notification of any Breach of Unsecured PHI shall include, to the extent possible: (i) the identification of each individual whose Unsecured PHI has been, or is reasonably believed by the Business Associate to have been, accessed, acquired, used or disclosed during the Breach; (ii) a brief description of what happened, including the date of the Breach and date of its discovery; (iii) a description of the types of Unsecured PHI included in the Breach; (iv) the steps Business Associate (or its agent) is taking to investigate the Breach, mitigate losses, and protect against future breaches; (v) the steps that Business Associate would recommend affected individuals take to protect themselves from harm resulting from the Breach; and (vi) a contact person for more information. If requested by Covered Entity, Business Associate shall notify, at its own cost, the individuals involved, the media, state officials, or the US Department of Health and Human Services, as applicable, in accordance with HITECH, and regulations or guidance issued thereunder, including 45 CFR Part 164, Subpart D, and any applicable state laws provided that Covered Entity shall approve the content of any notification in advance. If requested by Covered Entity, Business Associate shall reimburse Covered Entity for any costs associated with Covered Entity making such notification and for costs to mitigate any harm resulting from the Breach. For purposes of this provision, Business Associate is considered an independent contractor of Covered Entity.

(c) provide Covered Entity a copy of the risk assessment it completed that determines whether there is a low probability that the PHI has been compromised. At a minimum, such risk assessment must include the four-factor analysis required under 45 C.F.R. § 164.402

(d) use commercially reasonable safeguards to maintain the privacy of the PHI and to prevent use and/or disclosure of such PHI other than as provided herein;

(e) obtain and maintain a written agreement with all of its subcontractors and agents that receive, use, or have access to, PHI pursuant to which agreement such subcontractors and agents agree to adhere to the same restrictions and conditions on the use and/or disclosure of PHI that apply to Business Associate pursuant to this Agreement;

(f) [***], make available all internal practices, records, books, agreements, policies and procedures and PHI relating to the use and/or disclosure of PHI to the Secretary for purposes of determining Covered Entity’s compliance with the Privacy Rule;

(g) document disclosures of PHI and information related to such disclosure and, within [***], provide to Covered Entity such information as is requested by Covered Entity to permit Covered Entity to respond to a request by an individual for an accounting of the disclosures of the individual’s PHI in accordance with 45 C.F.R. § 164.528, as well as provide an accounting of such disclosures, directly to an individual provided that the individual has made a request directly to Business Associate for such an accounting. At a minimum, the Business Associate shall provide the Covered Entity with the following information: (i) the date of the disclosure, (ii) the name of the entity or person who received the PHI, and if known, the address of such entity or person; (iii) a brief description of the PHI disclosed; and (iv) a brief statement of the purpose of such disclosure which includes an explanation of the basis for such disclosure. In the event the request for an accounting is delivered directly to the Business Associate, the Business Associate shall, within [***], forward such request to the Covered Entity. The Business Associate shall implement an appropriate recordkeeping process to enable it to comply with the requirements of this Section;

(h) subject to Section 6.4 below, return to Covered Entity within [***], the PHI in its possession and retain no copies, including backup copies;

(i) disclose to its subcontractors, agents or other third parties, and request from Covered Entity, only the minimum PHI necessary to perform or fulfill a specific function required or permitted hereunder;

(j) if all or any portion of the PHI is maintained in a Designated Record Set:

(i) upon [***], provide access, including in the electronic form or format requested, to the PHI in a Designated Record Set to Covered Entity or, as requested by Covered Entity, the individual to whom such PHI relates or his or her authorized representative to meet a request by such individual under 45 C.F.R. § 164.524, or 164.526; and

(ii) [***], make any amendment(s) to the PHI that Covered Entity agrees to pursuant to 45 C.F.R. § 164.526;

(k) notify the Covered Entity within [***], except where such notification is prohibited by law. To the extent that the Covered Entity decides to assume responsibility for challenging the validity of such request, the Business Associate shall cooperate reasonably with the Covered Entity in such challenge;

(l) maintain a formal security program materially in accordance with all applicable data security and privacy laws and industry standards designed to ensure the security and integrity of the Covered Entity’s data and protect against threats or hazards to such security;

(m) as Required by Law, not directly or indirectly receive remuneration in exchange for any Protected Health Information and not engage in marketing activities or the sale of Protected Health Information,

as defined in the Privacy Rule, without the prior written consent of Covered Entity and individual written authorization;

(n) not undertake any activity that may be considered underwriting based on genetic information, as defined by the Genetic Information Nondiscrimination Act and prohibited under the Privacy Rule or the Security Rule;

(o) To the extent Business Associate is to carry out one or more of Covered Entity’s obligations under Subpart E of 45 C.F.R. Part 164, Business Associate agrees to comply with the requirements of Subpart E that apply to the Covered Entity in the performance of such obligation;

(p) certify that it conducts transactions that are subject to the HIPAA standard transaction rules (45 C.F.R. Parts 160-164) as required under the rules and any related regulations, operating rules, or guidance. Business Associate agrees to provide any documentation, certification, or evidence to demonstrate such compliance if requested by Covered Entity, and

(q) ensure that any agent, including a subcontractor, to whom it provides EPHI agrees to implement reasonable and appropriate safeguards to protect such information.

The Business Associate acknowledges that, as between the Business Associate and the Covered Entity, all PHI shall be and remain the sole property of the Covered Entity.

5.2 Responsibilities of Covered Entity. Covered Entity shall, with respect to Business Associate:

(a) provide Business Associate a copy of Covered Entity’s notice of privacy practices (“Notice”) currently in use;

(b) notify Business Associate of any changes to the Notice that Covered Entity provides to individuals pursuant to 45 C.F.R. § 164.520, to the extent that such changes may affect Business Associate’s use or disclosure of PHI;

(c) notify Business Associate of any changes in, or withdrawal of, the consent or authorization of an individual regarding the use or disclosure of PHI provided to Covered Entity pursuant to 45 C.F.R. § 164.506 or § 164.508, to the extent that such changes may affect Business Associate’s use or disclosure of PHI; and

(d) notify Business Associate, in writing and in a timely manner, of any restrictions on use and/or disclosure of PHI as provided for in 45 C.F.R. § 164.522 agreed to by Covered Entity, to the extent that such restriction may affect Business Associate’s use or disclosure of PHI. Business Associate agrees to comply with any restriction to which the Covered Entity has agreed pursuant to 45 C.F.R. § 164.522.

6. Terms and Termination

6.1 Term. This Agreement shall become effective on the Effective Date and shall continue in effect unless terminated as provided in this Article 6. Certain provisions and requirements of this Agreement shall survive its expiration or other termination as set forth in Section 7.1 herein.

6.2 Termination. Either Covered Entity or Business Associate may terminate this Agreement and any related agreements if the terminating Party determines in good faith that the other Party has breached a material term of this Agreement; provided, however, that no Party may terminate this Agreement if the breaching

Party cures such breach to the reasonable satisfaction of the terminating Party within [***] after the breaching Party’s receipt of written notice of such breach.

6.3 Automatic Termination. This Agreement shall automatically terminate without any further action of the Parties upon the termination or expiration of Business Associate’s provision of Services to Covered Entity under the Contract.

6.4 Effect of Termination. Upon termination or expiration of this Agreement for any reason, Business Associate shall return to Covered Entity or, at Covered Entity’s request, destroy all PHI if, and to the extent that, it is feasible to do so. Prior to doing so, Business Associate shall recover any PHI in the possession of its subcontractors or agents. To the extent it is not feasible for Business Associate to return or destroy any portion of the PHI, Business Associate shall provide Covered Entity a statement that Business Associate has determined that it is infeasible to return or destroy all or some portion of the PHI in its possession or in possession of its subcontractors or agents. Business Associate shall extend any and all protections, limitations and restrictions contained in this Agreement to any PHI retained after the termination of this Agreement until such time as the PHI is returned to Covered Entity or destroyed and require the same of its subcontractors and agents who retain PHI.

7. Miscellaneous

7.1 Survival. The respective rights and obligations of Business Associate and Covered Entity under the provisions of this Agreement shall survive termination of this Agreement until such time as all PHI is returned to Covered Entity or destroyed.

7.2 Amendments; Waiver. This Agreement may not be modified or amended, except in a writing duly signed by authorized representatives of the Parties. To the extent that any relevant provision of the HIPAA or HITECH Rules is materially amended in a manner that changes the obligations of Business Associate or Covered Entity, the Parties agree to negotiate in good faith appropriate amendment(s) to this Agreement to give effect to the revised obligations. Further, no provision of this Agreement shall be waived, except in a writing duly signed by authorized representatives of the Parties. A waiver with respect to one event shall not be construed as continuing, or as a bar to or waiver of any right or remedy as to subsequent events.

7.3 No Third Party Beneficiaries. Nothing express or implied in this Agreement is intended to confer, nor shall anything herein confer, upon any person other than the Parties and the respective successors or assigns of the Parties, any rights, remedies, obligations, or liabilities whatsoever.

7.4 Notices. Any notices to be given hereunder to a Party shall be made via U.S. Mail or express courier to such Party’s address given below, and/or via facsimile to the facsimile telephone numbers listed below.

If to Business Associate, to:

Accolade, Inc.

660 West Germantown Pike, Suite 500

Plymouth Meeting, PA 19025

Attn: Privacy Officer

Email: privacy@accolade.com

If to Covered Entity, to:

Comcast Cable Communications Management, LLC

One Comcast Center

1701 John F. Kennedy Blvd.

Philadelphia, PA 19103

Attn: Joe Pitra, VP Total Rewards

Tel: (267) 260-0037

With a copy to:

Comcast Cable Communications Management, LLC

One Comcast Center

1701 John F. Kennedy Blvd.

Philadelphia, PA 19103

Attn: SVP, Cable Legal - Operations

Each Party named above may change its address and that of its representative for notice by the giving of notice thereof in the manner hereinabove provided. Such notice is effective upon receipt of notice, but receipt is deemed to occur on next business day if notice is sent by FedEx or other overnight delivery service.

7.5 Counterparts; Facsimiles. This Agreement may be executed in any number of counterparts, each of which shall be deemed an original. Facsimile copies hereof shall be deemed to be originals.

7.6 Choice of Law; Interpretation. This Agreement shall be governed by the laws of the Commonwealth of Pennsylvania to the extent they are not preempted by federal law; provided, however, that any ambiguities in this Agreement shall be resolved in a manner that allows Business Associate and Covered Entity to comply with the Privacy Rule and the Security Rule.

7.7 Indemnification. Business Associate agrees to indemnify, defend, and hold harmless Covered Entity, Comcast Corporation, its affiliates, and their respective directors, officers, employees, representatives, agents, successors and assigns, from any and all losses, claims, charges, obligations, damages, commitments, actions, proceedings, demands, judgments, assessments, penalties, costs, expenses (including reasonable attorneys’ fees and costs) and other liabilities of any kind, nature or description to the extent arising out of or attributable to any breach or violation of the provisions of this Agreement by Business Associate, its affiliates, and any of their respective directors, officers, employees, agents, or subcontractors (collectively, “BA Parties”). None of the indemnification provisions set forth in the Contract, other than the provisions set forth in this Section 7.7, shall apply to this Agreement. [***]

7.8 Relationship of Parties. The parties intend that Business Associate is an independent contractor and not an agent of Covered Entity.

IN WITNESS WHEREOF, each of the undersigned has caused this Agreement to be duly executed in its name and on its behalf as of the Effective Date.

Accolade, Inc.		Comcast Cable Communications Management, LLC, affiliate of Comcast Corporation, Plan Sponsor and on behalf of the Comcast Comprehensive Health and Welfare Plan

By:	/s/Rajeev Singh	By:	/s/Joseph Pitra

Name:	Rajeev Singh	Print Name:	Joseph Pitra

Title:	CEO	Print Title:	Senior Vice President, Total Rewards

Date:	6/19/2020	Date:	June 22, 2020

Accolade, Inc. - FORM S-1/A - EX-10.32 - June 24, 2020

Attached files

Accolade, Inc. Reports