This Concert Genetics User Agreement (“Agreement”) is between Concert Genetics, Inc. (“Concert Genetics”) and you (hereinafter referred to as “User” or “you”). By using the Concert Genetics beta website and service (collectively, the “Service”), you accept the terms of this Agreement and hereby represent and warrant that you are either a medical doctor, nurse practitioner, genetic counselor, medical librarian or supervised trainees in one of these medial professions. This Agreement is effective immediately upon User’s acceptance of this Agreement by pressing the “accept” button and User’s first use of the Service.

If you are entering into this Agreement on behalf of your employer, hospital or physician practice group (“Organization”) the license granted and restrictions and limitations recited herein apply to your Organization as well as to you as a representative of your Organization. Should you cease being an authorized representative of your Organization, your Organization may continue to operate under this Agreement. You represent and warrant that you have the power and authority to bind your Organization to this Agreement. As used in these terms, “you”, “your” and “User” refers not only to you, the individual checking the “I Agree” button, but also your Organization. Concert Genetics shall not be liable, and you agree to indemnify and hold Concert Genetics and any of its affiliates, subsidiaries, employees, and agents harmless for, all damages, liabilities, penalties, costs and expenses incurred by Concert Genetics and any of its affiliates, subsidiaries, employees or agents as a result of any inaccuracy, false representation or other violation or failure by you in connection with this paragraph.

User agrees that use of any Concert Genetics or third-party features, services, or content either in or accessible through the Service shall be subject to any applicable Concert Genetics and/or third party terms and conditions, disclaimers and disclosures. User agrees to use the Service solely for the purposes of evaluation in accordance with the following terms and conditions:

1. Grant and Scope of License.

1. Concert Genetics hereby grants User a limited, revocable, personal, non-exclusive, non-transferable right and license to use the Service during the Term of this Agreement for User’s internal business purposes and for the purpose of evaluating the Service.

2. This Agreement only gives you the right to access and use the Service. Concert Genetics reserves all other rights. Unless applicable law gives you more rights despite this limitation, you may use the Service only as expressly permitted in this Agreement. In doing so, you must comply with any technical limitations in the Service that only allow you to use it in certain ways and you agree to comply with all laws, rules and regulations applicable to your use of the Service.

3. User agrees that User and User’s Organization will be the only one authorized to use the Service and any related documentation for evaluation and/or testing and discussions with authorized representatives of Concert Genetics.

4. User agrees not to provide access to the Service to any third party, in whole or in part, except as expressly allowed by an authorized representative of Concert Genetics. User agrees not to rent, lease, distribute, lend or use the Service for commercial purposes. You agree that you are responsible for all use and liability incurred under a user account and password assigned to you.

5. To the extent that User provides any information, including but not limited to personal information, to Concert Genetics or its Representatives (as defined below), User warrants that (a) User is providing or obtaining only User’s own information or the information of others which User is authorized to provide to third parties and/or obtain from third parties on their behalf; and (b) the use of such information by Concert Genetics and its Representatives will not infringe upon or misappropriate the intellectual property rights or otherwise violate the rights of any third parties. USER EXPRESSLY ACKNOWLEDGES AND AGREES THAT TO THE EXTENT USER SUBMITS, PROCESSES OR TRANSMITS ANY PATIENT DATA OR PROTECTED HEALTH INFORMATION (AS SUCH TERM IS DEFINED IN 45 CFR § 160.103) IN OR THROUGH THE SERVICE, USER HAS OBTAINED ALL NECESSARY PERMISSIONS, CONSENTS, LICENSES AND AUTHORIZATIONS NECESSARY TO TRANSMIT, UPLOAD AND OR/USE THE PATIENT DATA AND/OR PROTECTED HEALTH INFORMATION IN CONNECTION WITH THE SERVICE OR OTHERWISE IN CONNECTION WITH THIS AGREEMENT. SOLELY TO THE EXTENT USER OR ITS ORGANIZATION HAVE NOT ENTERED INTO A SEPARATE WRITTEN BUSINESS ASSOCIATE AGREEMENT WITH CONCERT GENETICS, USER AND ITS ORGANIZATION AGREE TO THE TERMS OF SECTION 9. User understands and agrees that Concert Genetics will store or otherwise retain patient data and other Protected Health Information provided by User and that Concert Genetics and the Service will be acting as a conduit for any such information received under this Agreement. Concert Genetics hereby disclaims any and all liability related to the use or transmission of patient data and/or protected health information in connection with the Service or this Agreement.

6. User acknowledges and agrees that the Service may contain errors, and as a condition of use of the Service, User agrees that in the event of an error in the Service, a designated Concert Genetics representative shall be permitted to access User personal information as reasonably necessary to correct such error.

2. Warranty Disclaimer.

User understands that the Service may contain, errors, “bugs” and other problems, which may result in system failure or failure in the use of the Service or loss of data or access by third parties to personal information provided to Concert Genetics or obtained by User or on User’s behalf through use of the Service. User understands that the Service may “summarize” or “translate” certain information that User obtains, or that is obtained on User’s behalf, and that Concert Genetics does not represent or warrant that any such summary or translation will be complete or accurate. The Service is provided to User “AS IS”, “WITH ALL FAULTS”, and Concert Genetics disclaims any warranty or liability obligations to User of any kind. User understands and agrees that CONCERT GENETICS AND ALL THIRD PARTY SERVICE OR DATA PROVIDERS, LICENSORS OR DISTRIBUTORS (“REPRESENTATIVES”) DO NOT MAKE ANY EXPRESS, IMPLIED, OR STATUTORY WARRANTY OR CONDITION OF ANY KIND FOR THE SERVICE INCLUDING, BUT NOT LIMITED TO, ANY WARRANTY OR CONDITION WITH REGARD TO THE SERVICE’S PERFORMANCE, MERCHANTABILITY, FITNESS FOR ANY PARTICULAR PURPOSE, SECURITY OR NON-INFRINGEMENT, OR DATA OR SYSTEM INTEGRITY. IN NO EVENT WILL CONCERT GENETICS OR ANY OF ITS REPRESENTATIVES BE LIABLE TO USER OR ANY OTHER PARTY FOR (I) PUNITIVE, EXEMPLARY, INCREASED OR AGGRAVATED DAMAGES; (II) ANY DIRECT OR INDIRECT DAMAGES, INCLUDING ANY LOSS OF PROFITS OR INVESTMENT, LOSS OF BUSINESS, LOSS OF SAVINGS, CORRUPTION OR THEFT OF DATA, VIRUSES, SPYWARE, OTHER ECONOMIC OR COMMERCIAL LOSS OR ANY OTHER INCIDENTAL, SPECIAL OR CONSEQUENTIAL DAMAGES OF ANY KIND EVEN IF CONCERT GENETICS OR ANY OF ITS REPRESENTATIVES HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES; OR (III) FOR ANY CLAIM BY ANY OTHER PARTY. USER ACKNOWLEDGES AND AGREES THAT IT BEARS THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE SERVICE AND THE USE AND TRAMISSION OF ALL DATA USER UPLOADS OR SUMBMITS TO OR THROUGH THE SERVICE, INCLUDING WITHOUT LIMITATION PROTECED HEALTH INFORMATION. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES, AND SO PARTS OF THE ABOVE LIMITATION MAY NOT APPLY TO USER. IF ANY EXCLUSION, DISCLAIMER OR OTHER PROVISION CONTAINED IN THIS AGREEMENT IS HELD TO BE INVALID FOR ANY REASON BY A COURT OF COMPETENT JURISDICTION AND CONCERT GENETICS BECOMES LIABLE THEREBY FOR LOSS OR DAMAGE THAT COULD OTHERWISE BE LIMITED, SUCH LIABILITY WHETHER IN CONTRACT, TORT OR OTHERWISE, WILL NOT EXCEED THE AMOUNT PAID BY YOU FOR THE SERVICE OR ONE HUNDRED DOLLARS ($100.00 USD), WHICHEVER IS LESS.

3. Feedback; Idea Submission.
 In addition, as you use the Site, we collect information about your usage, including without limitation:

1. User acknowledges and agrees that User may be providing certain feedback, statements, suggestions and ideas (“Ideas”) to Concert Genetics, directly or through a third party, in connection with User’s use of the Service, which Concert Genetics may use in future modifications and/or final or public versions of the Service, multimedia works and/or advertising and promotional materials relating thereto. In addition, User acknowledges and agrees that Concert Genetics will have access to certain analytic and demographic data (“Data”) with respect to User’s use of the Service. User hereby assigns to Concert Genetics any and all rights and interest in any Ideas and Data, including but not limited to any copyright, patent right, moral right, and all other intellectual property rights.

2. User acknowledges and agrees that submission of Ideas to Concert Genetics, either orally or in writing, will not in any way establish a confidential relationship with Concert Genetics, nor will it place Concert Genetics in the position of receiving a disclosure in trust. Concert Genetics will not be obligated and makes no commitment to treat or maintain Ideas which User submits as confidential. In addition, User does not expect any type of payment or remuneration from Concert Genetics for Ideas or Data. User agrees that all documents and materials submitted to Concert Genetics will become the property of Concert Genetics, unless Concert Genetics agrees otherwise in writing. No obligation is assumed or may be implied on the part of Concert Genetics by receipt or examination of the Idea or Data submission to use the Ideas and Data, compensate User or otherwise enter into another agreement with User.

4. Term and Termination.

1. Concert Genetics may terminate User’s license immediately if User fails to comply with any term or condition of this Agreement.

2. Concert Genetics further reserves the right to terminate this Agreement on fifteen (15) days’ prior notice to User.

5. Indemnification.

User agrees to indemnify and hold Concert Genetics harmless from and against any and all claims, costs, demands, liabilities, suits, or actions (including all reasonable expenses and attorneys’ fees) for any loss, damage (including incidental, punitive, exemplary, consequential, and special), injury, or other casualty of any kind whatsoever, or by whomever caused, to the person or property of anyone arising out of or resulting from User’s use of the Service.

6. General Provisions.

1. This Agreement shall be governed in all respects by the laws of the State of Tennessee, excluding its conflicts or choice-of-law provisions, and each party agrees to submit to exclusive jurisdiction of the state and federal courts in Davidson County, Tennessee for any claim arising out of or related to this Agreement and/or the Services.

2. Notices between the parties shall be by personal delivery, facsimile transmission, or certified or registered mail, return receipt requested, and shall be deemed given upon receipt at the address of the recipient party or ten days after deposit in the mail.

3. In the event of any invalidity of any provision of this Agreement, the parties agree that such invalidity shall not affect the validity of the remaining portions of this Agreement, and further agree to substitute for the invalid provision a valid provision which most closely approximates the intent and effect of the invalid provision.

4. This Agreement constitutes the entire understanding and agreement between the parties with respect to the subject matter addressed herein and supersedes any and all prior or contemporaneous oral or written communications with respect to the subject matter hereof, all of which are merged herein. User may not assign or transfer User’s rights and obligations under this Agreement without the prior written consent of an authorized representative of Concert Genetics.

5. The provisions of this Agreement are not intended to create any relationship between User and Concert Genetics other than that of independent entities contracting with each other solely for the purpose of effecting the provisions of this Agreement, and nothing contained herein shall be construed as creating any agency, employment, partnership, or joint-venture relationship between the parties.

6. Any waiver of the provisions of this Agreement or of a party’s rights or remedies under this Agreement must be in writing to be effective. Failure, neglect, or delay by a party in enforcing the provisions of this Agreement or its rights at any time will not be construed as, and will not be deemed to be a waiver of, such party’s rights under this Agreement and will not in any way affect the validity of this Agreement in whole or in part or prejudice such party’s right to take subsequent action. Except as expressly stated herein, no exercise or enforcement by either party of any right or remedy under this Agreement will preclude the enforcement by such party of any other right or remedy under this Agreement, or any other right or remedy to which such party may be entitled at law or equity.

7. Business Associate Agreement.

You acknowledge and agree that in the course of accessing and receiving the Service, you may provide certain protected health information to Concert Genetics. To the extent you or your Organization have not entered into a separate written Business Associate Agreement, this Section 9 sets forth the Business Associate Agreement (“BAA”) by and between the You, your Organization and Concert Genetics (“Associate”). You and Associate agree that the parties incorporate this BAA into the User Agreement in order to comply with the requirements of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), the American Recovery and Reinvestment Act of 2009 (Pub. L. 111-5) (“ARRA”) and their implementing regulations set forth at 45 C.F.R. Parts 160 and 164 (the “Privacy and Security Rule”). To the extent Associate is acting as a Business Associate of You pursuant to the User Agreement, the provisions of this BAA shall apply and Associate shall be subject to the penalty provisions as specified by ARRA (42 USC §§ 17931(c), 17934(c)). To the extent Associate is to carry out an obligation of You under the Privacy and Security Rule, Associate shall comply with the requirements of the Privacy and Security Rule that apply to You in the performance of such obligation.

1. Capitalized terms not otherwise defined in this BAA shall have the meaning set forth in the Privacy and Security Rule. References to “PHI” mean Protected Health Information created or received by Associate from You or on Your behalf.

2. Associate will neither use nor disclose PHI except as permitted or required by this BAA or as Required By Law. Associate will not sell PHI or use or disclose PHI for purposes of marketing or fundraising, as defined and proscribed in the Privacy and Security Rule and ARRA. Associate is permitted to use and disclose PHI:

1. to perform any and all obligations of Associate as described in the User Agreement, provided that such use or disclosure would not violate the Privacy and Security Rule, if done by You directly;

2. as otherwise permitted by law, provided that such use or disclosure would not violate the Privacy and Security Rule, if done by You directly and provided that You gives its prior written consent;

3. to perform Data Aggregation services relating to the health care operations of You;

4. to report violations of the law to federal or state authorities consistent with 45 C.F.R. § 164.502(j)(1);

5. as necessary for Associate’s proper management and administration and to carry out Associate’s legal responsibilities (collectively “Associate’s Operations”), provided that Associate may only disclose PHI for Associate’s Operations if the disclosure is Required By Law or Associate obtains reasonable assurance, evidenced by a written contract, from the recipient that the recipient will: (1) hold such PHI in confidence and use or further disclose it only for the purpose for which Associate disclosed it to the recipient or as Required By Law; and (2) notify Associate of any instance of which the recipient becomes aware in which the confidentiality of such PHI was breached;

6. de-identify PHI in accordance with 45 C.F.R. § 164.514(b), provided that such de-identified information may be used and disclosed only consistent with applicable law. In the event You notify Associate of a restriction request that would restrict a use or disclosure otherwise permitted by this BAA, Associate shall comply with the terms of the restriction request.

3. Associate will maintain appropriate administrative, technical and physical safeguards to prevent use or disclosure of PHI not permitted by this BAA and shall maintain policies and procedures to detect, prevent, and mitigate identity theft based on PHI or information derived from PHI. Associate will also maintain administrative, technical and physical safeguards that reasonably and appropriately protect the confidentiality, integrity and availability of electronic PHI in compliance with the Privacy and Security Rule, including the documentation requirements.

4. Associate will require any of its subcontractors and agents, to which Associate discloses any PHI, to agree to comply with the same privacy and security obligations as Associate with respect to such PHI.

5. Associate represents that the PHI requested, used or disclosed by Associate shall be the minimum amount necessary to carry out the purposes of the Agreement. Associate will limit its uses and disclosures of, and requests for, PHI (i) when practical, to the information making up a Limited Data Set; and (ii) in all other cases subject to the requirements of 45 CFR § 164.502(b), to the minimum amount of PHI necessary to accomplish the intended purpose of the use, disclosure or request.

6. You shall (i) provide Associate with a copy of the notice of privacy practices that You produces pursuant to 45 C.F.R. § 164.520, and You shall promptly furnish Associate with copies of any material changes to such notice; (ii) notify Associate of any changes in, or revocation of, permission by an individual to use or disclose PHI, if such changes affect Associate’s permitted or required uses or disclosures; (iii) notify Associate of any confidential communication request or restriction to the use or disclosure of PHI affecting Associate that You has agreed to in accordance with 45 C.F.R. § 164.522.

7. Consistent with ARRA and the Privacy and Security Rule, Associate shall permit You or, at Your request, an individual (or the individual’s personal representative) to inspect and obtain copies of any PHI about the individual that is in Associate’s custody or control and that is maintained in a Designated Record Set. Associate will, upon receipt of notice from You, promptly amend or permit You to access to amend any portion of PHI so that You may meet its amendment obligations under 45 C.F.R. § 164.526.

8. Except for disclosures excluded from the accounting obligation by the Privacy and Security Rule and regulations issued pursuant to ARRA, Associate will record for each disclosure that Associate makes of PHI the information necessary for You to make an accounting of disclosures pursuant to the Privacy and Security Rule. Associate will make this information available to You promptly upon Your request for the period requested, but for no longer than the six (6) years preceding Your request for the information (except Associate need not have any information for disclosures occurring before the effective date of this BAA or with respect to disclosures required to be recorded by ARRA, the effective date of the ARRA regulations with respect to You).

9. Associate will make its internal practices, books, and records, relating to its use and disclosure of PHI, available upon request to You or the Secretary of U.S. Department of Health and Human Services (“HHS”) to determine Your compliance with the Privacy and Security Rule.

10. To the extent known to or discovered by Associate, Associate shall promptly report to You any use or disclosure of PHI not permitted by this BAA, any Security Incident involving electronic PHI and any Breach of Unsecured Protected Health Information involving PHI. Associate shall mitigate, to the extent practicable, any harmful effect known to it of a Security Incident, Breach or use or disclosure of PHI by Associate not permitted by this BAA. Notwithstanding the foregoing, the parties acknowledge and agree that this section constitutes notice by Associate to You of the ongoing existence and occurrence of attempted but Unsuccessful Security Incidents (as defined below) for which no additional notice to You shall be required. “Unsuccessful Security Incidents” shall include, but not be limited to, pings and other broadcast attacks on Associate’s firewall, port scans, unsuccessful log-on attempts, denials of service and any combination of the above, so long as no such incident results in unauthorized access, use or disclosure of electronic PHI. All reports of Breaches shall be made in compliance with 45 CFR § 164.410.

11. Term and Termination.

1. Term. This BAA shall be effective as of the effective date of the Agreement and shall remain in effect until termination of the Agreement. Either party may terminate this BAA and the Agreement effective immediately if it determines that the other party has breached a material provision of this BAA and failed to cure such breach within thirty (30) days of being notified by the other party of the breach. If the non-breaching party determines that cure is not possible, such party may terminate this BAA and the Agreement effective immediately upon written notice to other party. If termination is not feasible, the non-breaching party shall report the breach to HHS.

2. Obligations upon Termination. Upon termination of this BAA for any reason, Associate will, if feasible, return to You or destroy all PHI maintained by Associate in any form or medium, including all copies of such PHI. Further, Associate shall recover any PHI in the possession of its agents and subcontractors and return to You or destroy all such PHI. In the event that Associate determines that returning or destroying any PHI is infeasible, Associate may maintain such PHI but shall continue to abide by the terms and conditions of this BAA with respect to such information and shall limit its further use or disclosure of such information to those purposes that make return or destruction of the information infeasible.

3. Survival. Upon termination of this BAA for any reason, all of Associate’s obligations under this BAA shall survive termination and remain in effect (a) until Associate has completed the return or destruction of PHI as required by BAA Section 9.11(ii) and (b) to the extent Associate retains any PHI pursuant to this Section9.11(ii).

12. In the event that any final regulation or amendment to final regulations is promulgated by HHS or other government regulatory authority with respect to PHI, the parties shall negotiate in good faith to amend this BAA to remain in compliance with such regulations. Any ambiguity in this BAA shall be resolved to permit You and Associate to comply with the Privacy and Security Rule. Nothing in this BAA shall be construed to create any rights or remedies in any third parties or any agency relationship between the parties. A reference in this BAA to a section in the Privacy and Security Rule means the section as in effect or as amended. The terms and conditions of this BAA override and control any conflicting term or condition of this Agreement. All non-conflicting terms and conditions of the Agreement remain in full force and effect.