ASKCHART PLATFORM ACCESS AND SERVICES AGREEMENT

THIS PLATFORM ACCESS AND SERVICES AGREEMENT (this "Agreement") is entered into as of the date of electronic acceptance (the "Effective Date") by and between KLARITY HEALTH, INC., a Delaware Corporation ("Company"), and the person or entity accepting these terms electronically through the Platform ("Provider"). AskChart is a product line and brand name of Klarity Health, Inc. All rights, obligations, representations, warranties, liabilities, and indemnification obligations described in this Agreement are those of Klarity Health, Inc. All references to "Company" in this Agreement mean Klarity Health, Inc.

RECITALS

WHEREAS, the Company provides artificial intelligence-powered practice management technology services to healthcare professionals;

WHEREAS, the Provider is a licensed healthcare professional or organization duly licensed to provide healthcare services in the United States;

WHEREAS, the Provider desires to access and use the AskChart platform and related AI Services to enhance and automate practice management operations;

WHEREAS, the Company desires to provide such access and services to the Provider, subject to the terms and conditions set forth herein.

NOW, THEREFORE, in consideration of the mutual covenants and agreements contained herein, and for other good and valuable consideration, the receipt and sufficiency of which are hereby acknowledged, the parties agree as follows:

1. TERM OF AGREEMENT

(a) Initial Term. This Agreement shall commence on the Effective Date and shall continue for an initial period of one (1) year (the "Initial Term"), unless sooner terminated in accordance with the provisions of Section 12.

(b) Renewal. This Agreement shall automatically renew for successive one (1) year periods (each a "Renewal Term," and collectively with the Initial Term, the "Term") unless either party provides written notice to the other party of its intention not to renew at least sixty (60) days prior to the end of the then-current Term.

(c) Notice Address. All notices of non-renewal must be sent to the contact information provided in the applicable account settings or to compliance@helloklarity.com.

2. ACCESS TO PLATFORM AND SERVICES

During the Term, Company shall make available to Provider the following:

(a) The AskChart Platform. An artificial intelligence-powered practice management assistant accessible via web application and associated technologies, providing automated workflow management, electronic health record integration, patient communication tools, billing operations, practice intelligence services, and related capabilities (the "Platform").

(b) Integration Services. Integration with Provider's electronic health record system(s) and connected practice management tools to enable AI-assisted practice management operations and data exchange (the "Integration Services").

(c) AI Services. Artificial intelligence-powered automation services that execute Provider-approved workflows including but not limited to: patient intake management, appointment scheduling and rescheduling, insurance eligibility verification, billing and claims processing, patient messaging and communication, practice analytics and reporting, documentation assistance, and other automated practice management functions (the "AI Services").

3. PROVIDER DELEGATION AND AUTHORIZATION

(a) Authorization. Provider hereby authorizes and delegates to Company the right to access, operate, and manage Provider's electronic health record system(s) and connected practice management tools using artificial intelligence, machine learning, and automated processes on Provider's behalf and under Provider's direction and supervision.

(b) AI Processing Consent. Provider acknowledges that the AI Services involve generative artificial intelligence technology that processes Protected Health Information to execute approved workflows and generate outputs. Provider consents to such processing subject to the terms of this Agreement and the Business Associate Agreement attached as Exhibit A.

(c) Automated Workflows. Provider may configure, customize, and manage automated workflows ("Automations") through the Platform. Once approved and enabled by Provider, Automations will execute without requiring per-action authorization from Provider. Provider may pause, modify, or revoke any Automation at any time through the Platform user interface.

(d) Clinical Authority. Provider retains full clinical authority and responsibility for all patient care decisions. The Platform and AI Services do not make clinical decisions, diagnoses, or treatment recommendations. All AI-generated outputs, including drafts, summaries, reports, and communications, are generated for Provider review and are not medical advice.

(e) Provider Review and Approval. Provider is solely responsible for reviewing, evaluating, and approving all AI-generated outputs before they are used in clinical contexts, incorporated into patient records, or communicated to patients. Provider shall not rely on any AI-generated output without independent verification and professional judgment.

4. AI DISCLOSURE AND LIMITATIONS

(a) AI Technology Acknowledgment. Provider acknowledges and accepts that the Platform uses generative artificial intelligence and machine learning technologies to process data, generate outputs, and execute automated workflows. AI-generated outputs may contain errors, inaccuracies, or omissions.

(b) No Guarantee of Accuracy. Company does not guarantee the accuracy, completeness, or reliability of any AI-generated output. Provider is entirely responsible for verifying the accuracy and appropriateness of all AI-generated content before clinical or patient-facing use.

(b-1) Non-Uniqueness of Outputs. Due to the nature of machine learning and generative AI, AI-generated outputs may not be unique. Similar or identical outputs may be generated for multiple Providers submitting similar inputs or operating under similar clinical contexts. Company does not guarantee the uniqueness, originality, or exclusivity of any AI-generated output. Provider shall not represent AI-generated outputs as original work product without independent review and modification.

(c) Data Use for Training. Company shall not use identifiable Protected Health Information to train, develop, or improve general-purpose artificial intelligence models or products. De-identified data may be used to improve the Platform's performance and functionality in accordance with HIPAA de-identification standards (45 CFR 164.514).

(d) Audit Logs and Documentation. Company maintains detailed audit logs of all AI Services interactions involving Protected Health Information. These logs are available to Provider upon request and shall be provided within ten (10) business days of request.

5. PROVIDER OBLIGATIONS

(a) Professional Licensing. Provider shall maintain all required professional licenses, certifications, and credentials necessary to provide healthcare services in Provider's jurisdiction(s). Provider shall promptly notify Company of any license suspension, revocation, or material restriction.

(b) Clinical Responsibility. Provider is solely responsible for all clinical decisions, medical judgment, patient care, treatment protocols, and patient safety. Provider shall not delegate clinical decision-making to the Platform or AI Services.

(c) Insurance Requirements. Provider shall maintain and provide evidence of comprehensive general liability and professional malpractice insurance covering Provider's use of the Platform with minimum coverage of One Million Dollars ($1,000,000) per occurrence and Three Million Dollars ($3,000,000) aggregate, naming Klarity Health, Inc. as additional insured, provided by an insurance company rated A- or better by A.M. Best.

(d) Legal Compliance. Provider shall comply with all applicable federal, state, and local laws, regulations, and licensing requirements in providing healthcare services and using the Platform, including but not limited to HIPAA, state medical practice laws, telemedicine regulations, prescribing requirements, and all other healthcare-related laws.

(e) Privacy and Security Compliance. Provider shall not use the Platform in any manner that violates HIPAA privacy and security requirements (45 CFR Parts 160 and 164), state privacy laws, or other applicable data protection regulations. Provider shall ensure all patient data is collected and used consistent with Provider's privacy obligations and patient consents.

(f) Patient Consents and Notifications. Provider shall obtain and maintain all necessary patient consents, authorizations, and notices required by law for AI-assisted processing of patient health information through the Platform. Provider is responsible for all patient-facing disclosures regarding AI use.

(g) Data Ownership. All medical records, patient data, and health information maintained or processed through the Platform remain the sole property of Provider. Nothing in this Agreement transfers ownership of Provider's data to Company.

6. INTELLECTUAL PROPERTY

(a) Company IP License. Company grants Provider a limited, non-exclusive, non-transferable, revocable license to access and use the Platform and AI Services solely as provided under this Agreement and for Provider's internal practice management purposes during the Term.

(b) Company Ownership. Company retains all right, title, and interest in and to the Platform, AI Services, underlying technology, algorithms, software code, models, documentation, and all improvements, modifications, and derivatives thereof. No license or ownership rights are granted except as expressly stated herein.

(c) Feedback License. Provider grants Company a perpetual, worldwide, royalty-free, irrevocable license to use any feedback, suggestions, or requests that Provider provides regarding the Platform or AI Services for any purpose without restriction or obligation.

(d) Restrictions. Provider shall not (i) reverse engineer, decompile, disassemble, or otherwise attempt to derive the underlying code, algorithms, or methods of the Platform; (ii) create derivative works of the Platform; (iii) sublicense or transfer any rights to the Platform; (iv) remove any proprietary notices or labels from the Platform; (v) use the Platform to develop a competing product or service, or perform competitive benchmarking or analysis of the Platform; (vi) use any data mining, scraping, or automated data collection methods on the Platform beyond normal authorized use; or (vii) circumvent or attempt to circumvent any access controls, rate limits, or usage restrictions implemented by Company.

(d-1) Brand and Trademark Restrictions. Provider shall not use Company's name, trademarks, logos, or brand assets (including "AskChart," "Klarity," "Klarity Health," and associated marks) in any marketing, advertising, promotional materials, press releases, or public communications without Company's prior written consent. Provider may identify itself as a user of AskChart solely in factual, non-promotional contexts (e.g., professional profiles or credentialing applications). Any approved use of Company marks must comply with Company's brand guidelines, available upon request at compliance@helloklarity.com.

(e) AI Models and Training Data. All artificial intelligence models, training data, algorithms, and architectural designs used in the Platform are Company Confidential Information and remain the exclusive property of Company. Provider has no rights or claims to such materials.

7. FEES AND PAYMENT

(a) Subscription and Usage Fees. Provider shall pay to Company the fees set forth in the pricing plan selected by Provider through the Platform or as otherwise agreed in writing (the "Fees"), as further described in Addendum B (Fee Schedule). Fees may include monthly or annual subscription fees, usage-based fees, per-transaction fees, Billing Service Fees (if elected under Section 7A), or other fee structures as described in the applicable pricing plan and Addendum B.

(b) Payment Terms. Fees shall be invoiced and paid according to the billing schedule associated with Provider's selected pricing plan, typically net thirty (30) days from invoice date. Payment shall be made by credit card, ACH transfer, or other method specified by Company.

(c) Price Adjustments. Company may modify the Fees with thirty (30) days prior written notice. Provider's continued use of the Platform after the effective date of any price modification constitutes acceptance of the new Fees.

(d) Late Payment. Overdue invoices shall accrue interest at the lesser of 1.5% per month or the maximum rate allowed by law.

(e) No Refunds. Except as required by law, all Fees are non-refundable once paid; provided, however, that if Company terminates this Agreement without cause under Section 12(a), Provider shall receive a pro-rata refund of any prepaid Fees for the unused portion of the then-current billing period.

7A. BILLING SERVICES (ELECTIVE)

This Section 7A applies only if Provider elects to receive Billing Services by selecting the Billing Services option through the Platform or by written agreement. If Provider does not elect Billing Services, this Section 7A shall have no force or effect.

7A.1 Scope of Billing Services

(a) Services Provided. If elected, Company shall provide the following medical billing services ("Billing Services") on Provider's behalf:

(i) Claims Submission — Preparation and electronic submission of clean claims to insurance carriers (including Medicare and commercial payers), government payers, and other third-party payers based on encounter data, coding, and documentation provided by Provider.

(ii) Payment Tracking — Monitoring and tracking of submitted claims, including posting of payments, identification of underpayments, and reconciliation of remittance advices (EOBs/ERAs).

(iii) Denial Management — Identification, categorization, and appeal of denied or rejected claims, including resubmission of corrected claims when appropriate.

(iv) Accounts Receivable Follow-Up — Systematic follow-up on unpaid claims aged beyond thirty (30) days from date of submission.

(v) Reporting — Provision of regular billing performance reports, including but not limited to: claims submitted, payments received, denial rates, aging summaries, and collection rates, delivered on a weekly basis or as otherwise agreed in the applicable pricing plan.

(b) Services Expressly Excluded. The following are not included in the scope of Billing Services and remain the sole responsibility of Provider: medical coding (CPT, ICD-10, HCPCS) and code selection; clinical documentation and chart completion; credentialing renewal; patient scheduling and front-office operations; patient collections and balance billing (unless separately agreed); and collection of patient copayments, coinsurance, and deductibles.

7A.2 Provider Data Responsibilities

(a) Data Accuracy. Provider acknowledges and agrees that it is solely responsible for: (i) the accuracy, completeness, and timeliness of all clinical documentation, encounter data, diagnosis codes, procedure codes, and supporting documentation provided to Company for billing purposes; (ii) ensuring all coding submitted to Company for claims preparation is accurate, compliant with applicable coding guidelines (including CPT, ICD-10-CM, and HCPCS Level II), and supported by the clinical record; and (iii) responding to Company inquiries regarding documentation or coding discrepancies within five (5) business days of notification.

(b) Data Access and System Integration. Provider shall provide Company with the data and information necessary to perform the Billing Services through one or more of the following methods, as mutually agreed: (i) direct access to Provider's electronic health records (EHR), practice management system (PMS), and/or payer portals; (ii) automated data transmission via API integration, webhook, HL7/FHIR feed, or other electronic interface; or (iii) secure file transfer (SFTP, encrypted email, or equivalent) of encounter data, documentation, and supporting records. Provider shall ensure that whichever method is used provides Company with timely, complete, and accurate data sufficient to perform the Billing Services. The Parties shall agree on the data access method(s) and technical specifications in writing within thirty (30) days of the Effective Date or the date Billing Services are elected, whichever is later. Any costs associated with establishing or maintaining the data integration shall be borne by Provider unless otherwise agreed.

(c) Compliance. Provider shall comply with all applicable federal, state, and local laws, rules, and regulations, including but not limited to HIPAA, the False Claims Act, and the Anti-Kickback Statute, with respect to its coding and documentation practices.

7A.3 Billing Services Fees and Payment

(a) Definitions.

(i) "Eligible Revenue" means payments received by Provider from insurance carriers, government payers (including Medicare and Medicaid), and other third-party payers on claims that were prepared and submitted by Company under this Agreement.

(ii) Eligible Revenue expressly excludes the following: patient copayments; patient coinsurance; patient deductibles; self-pay or cash-pay patient payments; payments on claims not submitted by Company (provided that if Company submitted a claim and Provider subsequently resubmits that same claim, whether due to denial, modification, or otherwise, such resubmitted claim's payment shall be deemed submitted by Company if resubmitted within sixty (60) days of the original Company submission or at Company's direction); and revenue from ancillary services not within the scope of this Agreement.

(iii) "Net Collections" means Eligible Revenue received during the applicable billing period, net of any refunds, recoupments, or takebacks by payers on claims submitted by Company.

(b) Service Fee. Provider shall pay Company a service fee at the rate set forth in Addendum B (Fee Schedule), as presented to and accepted by Provider through the Platform at the time of sign-up or Billing Services election ("Service Fee"). The Service Fee shall be calculated on a calendar month basis, based on Net Collections received by Provider during each calendar month.

(c) Fee Adjustments. The Service Fee rate shall remain fixed for the Initial Term. Any adjustment to the Service Fee for Renewal Terms shall be mutually agreed upon in writing at least thirty (30) days prior to the commencement of the applicable Renewal Term.

(d) Collections Tracking and Reporting. (i) Company shall track all collections on claims submitted by Company, including payer remittances, posted payments, and adjustments, using its billing system as the primary data source. (ii) Company shall generate a monthly collections report within fifteen (15) business days following the close of each calendar month, detailing all Net Collections received during the preceding month, broken down by payer. (iii) Provider shall reasonably cooperate with Company to validate collections data upon request, including providing access to bank deposit records or payer remittance advices as needed to reconcile discrepancies.

(e) Invoice. Company shall issue an invoice to Provider concurrently with the monthly collections report described in Section 7A.3(d). Each invoice shall detail the Net Collections for the period and the corresponding Service Fee.

(f) Payment Terms. Payment is due within thirty (30) days of the invoice date.

(g) Late Payment. Late payments shall accrue interest at a rate of one and one-half percent (1.5%) per month, or the maximum rate permitted by applicable law, whichever is less.

(h) Disputed Charges. Provider must notify Company of any disputed charges in writing within fifteen (15) days of the invoice date. The Parties shall work in good faith to resolve any disputes within thirty (30) days. Undisputed amounts remain due per Section 7A.3(f).

7A.4 Audit Rights

(a) Mutual Audit Rights. Either Party shall have the right, upon thirty (30) days' prior written notice and no more than once per calendar year, to audit the other Party's relevant records to verify the accuracy of collections data and Service Fee calculations. Audits are intended as a safeguard in the event of meaningful discrepancies and shall be conducted in a reasonable and limited manner during normal business hours, limited to records directly relevant to Net Collections on claims submitted by Company.

(b) Underpayment. (i) If an audit reveals an underpayment of Service Fees of more than three percent (3%) for any audited period, Provider shall: pay the outstanding balance within fifteen (15) days of audit completion; and reimburse Company for the reasonable, documented cost of the audit (not to exceed $5,000 per audit, except in cases of willful non-cooperation). (ii) If an audit reveals an underpayment of more than five percent (5%), the Parties shall meet to discuss billing system improvements or reconciliation procedures to prevent future discrepancies.

7A.5 Billing Services Run-Out and Termination

(a) Run-Out Services. Upon termination of this Agreement or Provider's election to discontinue Billing Services, Company shall continue to process claims submitted prior to the termination date for up to ninety (90) calendar days post-termination ("Run-Out Period"), including following up on aging claims, appealing denials received during the Run-Out Period, and resubmitting corrected claims as appropriate. For claims not fully adjudicated by the end of the Run-Out Period, Company shall transition responsibility to Provider or its successor billing vendor and shall make available all claim status information and documentation in industry-standard formats to facilitate such transition.

(b) Run-Out Fees. During the Run-Out Period, the Service Fee shall continue to apply to Net Collections received on claims submitted by Company prior to termination. Provider's reporting and payment obligations shall continue, with the final invoice due within thirty (30) days of the end of the Run-Out Period. Company's collections tracking, reporting, and invoicing obligations under Section 7A.3 shall continue throughout the Run-Out Period. Provider shall continue to cooperate with data validation as described in Section 7A.3(d)(iii).

(c) Data Return. Company shall return or securely destroy all Provider data and Protected Health Information (PHI) in accordance with the Business Associate Agreement (Exhibit A) within thirty (30) days following the end of the Run-Out Period.

(d) Post-Termination Access. Upon termination, Provider shall have continued access to historical reports and billing data in read-only format for twelve (12) months for transition purposes, after which access will be terminated.

(e) Accrued Obligations. All fees accrued through the date of termination and the Run-Out Period shall remain due and payable.

7A.6 Billing Services Representations and Warranties

(a) Company Representations. Company represents and warrants that: (i) it shall perform the Billing Services in compliance with applicable industry standards for medical billing and revenue cycle management, and in compliance with HIPAA and other applicable laws (Company makes no representation regarding the outcomes or results of the Billing Services, which depend substantially on the quality and timeliness of Provider data); (ii) it has the necessary personnel and systems to perform the Billing Services described in Section 7A.1 as of the Effective Date (Company shall notify Provider within ten (10) days of any material changes to its personnel or systems that may affect the Billing Services); and (iii) it shall comply with all applicable laws, including HIPAA and state privacy laws.

(b) Provider Representations. Provider represents and warrants that: (i) all coding, documentation, and clinical data provided to Company is, to the best of Provider's knowledge after reasonable investigation, accurate, complete, and compliant with applicable billing laws, regulations, and payer policies (Provider shall notify Company promptly, within five (5) business days, of any known inaccuracies or compliance issues); (ii) it has obtained all necessary patient consents for billing and claims submission; (iii) it is duly licensed and credentialed to provide the healthcare services for which billing is performed, and all practitioners are appropriately credentialed with all relevant payers; (iv) it has disclosed to Company all relevant payer contracts, fee schedules, and coding/billing requirements applicable to its claims; and (v) any compliance concerns, audits, or investigations by CMS, state health departments, or payers have been disclosed to Company in writing.

7A.7 Billing Services Disclaimer

COMPANY MAKES NO WARRANTY THAT THE BILLING SERVICES WILL RESULT IN ANY SPECIFIC CLAIMS PAYMENT RATE, DENIAL RATE, REVENUE CYCLE METRICS, OR FINANCIAL OUTCOMES. RESULTS DEPEND MATERIALLY ON THE QUALITY, COMPLETENESS, AND TIMELINESS OF PROVIDER DATA AND CODING. THE COMPANY SHALL NOT BE LIABLE FOR ANY CLAIMS, PENALTIES, OR DAMAGES ARISING FROM INACCURATE, INCOMPLETE, OR NON-COMPLIANT CODING PROVIDED BY PROVIDER. THE PROVIDER ACKNOWLEDGES THAT CODING ACCURACY AND COMPLIANCE ARE SOLELY THE PROVIDER'S RESPONSIBILITY.

7A.8 Billing Services Indemnification

(a) Provider Indemnification. In addition to the indemnification obligations in Section 11, Provider shall indemnify, defend, and hold harmless Company from any claims, damages, losses, or expenses (including reasonable attorneys' fees) arising from: (i) inaccurate coding, documentation, or clinical data provided by Provider for Billing Services purposes; (ii) Provider's violation of any applicable law or regulation; or (iii) Provider's breach of this Agreement.

(b) Company Indemnification. Company shall indemnify, defend, and hold harmless Provider from any claims, damages, losses, or expenses (including reasonable attorneys' fees) arising from: (i) Company's negligence or willful misconduct in the performance of the Billing Services, including but not limited to billing errors, claim handling failures, or data management lapses (excluding any liability arising from the accuracy or completeness of data, documentation, or coding provided by Provider); (ii) Company's unauthorized use or disclosure of PHI not caused by Provider-provided data or Provider-directed disclosure; or (iii) Company's material breach of this Agreement. Notwithstanding the above, Company shall have no indemnification obligation for any claim to the extent arising from the inaccuracy, incompleteness, or non-compliance of Provider data, documentation, or coding provided to Company.

7A.9 Billing Services Intellectual Property and Data

(a) Provider Data. Company acknowledges that all encounter data, coding data, and other information provided by Provider ("Provider Billing Data") is and remains the property of Provider, subject to Company's right to use Provider Billing Data solely to perform Billing Services hereunder.

(b) Reports and Output. All reports, analytics, and billing statements generated by Company ("Billing Output") shall be deemed joint work product. Company retains ownership of the format, methodology, and analytical tools; Provider owns its specific data contained therein. Provider may use Billing Output for internal business and regulatory purposes but may not sell, redistribute, or sublicense Billing Output without Company's written consent.

(c) Confidential Methods. Company's billing, denial appeal, and revenue cycle optimization methodologies and algorithms shall be treated as Company's Confidential Information and shall not be disclosed to third parties or used for any purpose other than performing the Billing Services.

8. CONFIDENTIAL INFORMATION

(a) Definition. "Confidential Information" means all non-public information disclosed by one party to the other, including but not limited to business plans, pricing, customer lists, technical specifications, artificial intelligence model architectures, training data, algorithms, and source code.

(b) Obligation. Each party shall maintain the confidentiality of the other party's Confidential Information and shall not disclose it to third parties without prior written consent, except as required by law or to its professional advisors subject to confidentiality obligations.

(c) Exclusions. Confidential Information shall not include information that: (i) is publicly available through no breach of this Agreement; (ii) is rightfully received by a party from a third party without confidentiality restrictions; (iii) is independently developed without reference to Confidential Information; or (iv) is required to be disclosed by law.

(d) PHI Exclusion. Protected Health Information is not subject to this Section 8 but is instead regulated by the Business Associate Agreement (Exhibit A) and applicable HIPAA rules.

9. REPRESENTATIONS AND WARRANTIES OF PROVIDER

(a) Authority. Provider represents and warrants that it has full authority to enter into this Agreement and to delegate the rights and responsibilities described herein.

(b) Professional Standing. Provider represents that: (i) Provider holds all required professional licenses and certifications; (ii) Provider is in good professional standing with all licensing boards; (iii) Provider has not been subject to criminal conviction, license suspension, license revocation, or debarment; and (iv) Provider is not excluded from federal healthcare programs.

(c) Adverse Actions. Provider shall immediately notify Company of any license suspension, license revocation, criminal investigation, malpractice claim, DEA restriction, insurance denial or cancellation, or any other action that materially affects Provider's professional standing or ability to provide healthcare services.

(d) Compliance. Provider represents that its use of the Platform shall comply with all applicable laws, regulations, and professional standards.

10. REPRESENTATIONS AND WARRANTIES OF COMPANY

(a) Authority and Status. Company represents that it is duly organized, validly existing, and in good standing under Delaware law, and that it has full authority to enter into this Agreement and perform its obligations hereunder.

(b) Non-Infringement. Company represents that the Platform and AI Services do not infringe any third-party intellectual property rights and that Provider's authorized use thereof does not infringe any such rights.

11. LIMITATION OF LIABILITY; INDEMNIFICATION

(a) Disclaimer of Warranties. THE PLATFORM, AI SERVICES, AND ALL OUTPUTS ARE PROVIDED ON AN "AS IS" AND "AS AVAILABLE" BASIS. COMPANY EXPRESSLY DISCLAIMS ALL WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, OR STATUTORY, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT. COMPANY DOES NOT WARRANT THAT THE PLATFORM WILL BE UNINTERRUPTED, ERROR-FREE, SECURE, OR FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS. COMPANY MAKES NO WARRANTY REGARDING THE ACCURACY, COMPLETENESS, OR RELIABILITY OF ANY AI-GENERATED OUTPUT OR THE RESULTS THAT MAY BE OBTAINED FROM USE OF THE PLATFORM. NO ADVICE OR INFORMATION, WHETHER ORAL OR WRITTEN, OBTAINED FROM COMPANY OR THROUGH THE PLATFORM SHALL CREATE ANY WARRANTY NOT EXPRESSLY STATED HEREIN.

(a-1) Disclaimer of Damages. IN NO EVENT SHALL EITHER PARTY BE LIABLE TO THE OTHER FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING LOST PROFITS, LOST REVENUE, LOST DATA, OR BUSINESS INTERRUPTION, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

(b) AI Outcome Disclaimer. Company shall not be liable for any clinical outcomes, patient injuries, adverse events, or other consequences resulting from Provider's use, reliance on, or implementation of AI-generated outputs or Automations, or any errors or inaccuracies in AI-generated content.

(c) Liability Cap. EXCEPT FOR BREACHES OF CONFIDENTIALITY, INTELLECTUAL PROPERTY INFRINGEMENT, OR GROSS NEGLIGENCE, EACH PARTY'S TOTAL LIABILITY UNDER THIS AGREEMENT SHALL NOT EXCEED THE TOTAL FEES PAID OR PAYABLE BY PROVIDER IN THE TWELVE (12) MONTHS PRECEDING THE CLAIM.

(d) Company Indemnification. Company shall defend, indemnify, and hold harmless Provider from any third-party claims that the Platform or AI Services, as provided by Company, infringe any intellectual property rights, provided that Provider promptly notifies Company of such claim.

(e) Provider Indemnification. Provider shall defend, indemnify, and hold harmless Company from any third-party claims arising from: (i) Provider's use of the Platform or AI Services in violation of this Agreement or applicable laws; (ii) Provider's patient care decisions or clinical judgment; (iii) Patient claims related to Provider's use of AI-generated outputs; or (iv) any patient data provided by Provider that infringes third-party rights.

(f) Injunctive Relief. Each party acknowledges that any breach of Section 6 (Intellectual Property), Section 8 (Confidential Information), or the Business Associate Agreement (Exhibit A) may cause irreparable harm to the other party for which monetary damages would be an inadequate remedy. Accordingly, in addition to any other remedies available at law or in equity, the non-breaching party shall be entitled to seek injunctive or other equitable relief without the necessity of proving actual damages or posting any bond or other security.

12. TERMINATION

(a) Termination Without Cause. Either party may terminate this Agreement without cause upon thirty (30) days written notice to the other party. Upon termination, Provider's access to the Platform shall cease, and Provider's payment obligations shall end at the end of the notice period.

(b) Company Termination for Cause. Company may immediately terminate this Agreement without notice if: (i) Provider materially breaches this Agreement and fails to cure within thirty (30) days of written notice; (ii) Provider's license is suspended, revoked, or restricted; (iii) Provider is excluded from federal healthcare programs; (iv) Provider uses the Platform illegally or in violation of HIPAA; (v) Provider fails to pay Fees when due and fails to cure within fifteen (15) days of notice; or (vi) Provider breaches Section 3 or 4.

(c) Provider Termination for Cause. Provider may terminate for cause if Company materially breaches this Agreement and fails to cure within thirty (30) days of written notice, or if Company breaches confidentiality obligations.

(d) Effect of Termination. Upon termination: (i) Provider shall immediately cease use of the Platform; (ii) Company shall return or securely destroy all Provider data and PHI in accordance with the Business Associate Agreement within thirty (30) days unless required to retain by law; (iii) all payment obligations accrued through the termination date remain due; (iv) if Provider has elected Billing Services under Section 7A, the Run-Out provisions of Section 7A.5 shall apply; and (v) Sections 3, 6, 7A (to the extent of run-out obligations), 8, 11, 12A, 14, 15, and 18 survive termination.

(e) Termination for Account Inactivity. If Provider's account remains inactive (no login, API call, or Automation execution) for twelve (12) consecutive months, Company may classify the account as dormant. Company shall provide at least sixty (60) days' written notice to Provider's registered email address before suspending or terminating a dormant account. If Provider does not respond or reactivate within the notice period, Company may terminate this Agreement and initiate data return or destruction in accordance with Section 12(d) and the Business Associate Agreement. This provision does not override any data retention obligations required by HIPAA or applicable law.

12A. ACCEPTABLE USE POLICY

(a) Prohibited Uses. In addition to the restrictions set forth elsewhere in this Agreement, Provider shall not use the Platform or AI Services to: (i) engage in or facilitate any illegal activity, fraud, abuse, or violation of any applicable law or regulation; (ii) process data of individuals who have not provided the necessary consents required by law; (iii) generate, store, or transmit content that is defamatory, harassing, threatening, or that promotes violence or discrimination; (iv) attempt to extract, reverse-engineer, or reconstruct AI model weights, training data, or proprietary algorithms from AI-generated outputs or Platform behavior; (v) systematically download, scrape, or harvest data from the Platform beyond normal authorized clinical and administrative use; (vi) use the Platform to generate misleading, deceptive, or fraudulent medical claims, billing codes, or documentation; (vii) circumvent or attempt to circumvent any security measures, access controls, rate limits, or usage restrictions; (viii) impersonate another Provider, user, or entity; (ix) introduce viruses, malware, or other harmful code into the Platform; or (x) use the Platform in any manner that could damage, disable, overburden, or impair the Platform or interfere with other users' access.

(b) Downstream Use Restrictions. Provider shall not make the Platform, AI Services, or AI-generated outputs available to third parties (including patients, staff, or affiliated entities) on terms that are less restrictive or more permissive than those set forth in this Agreement. Provider is responsible for ensuring that any authorized users accessing the Platform under Provider's account comply with the terms of this Agreement.

(c) Enforcement. Company reserves the right to investigate suspected violations of this Section and may take enforcement actions including content removal, access suspension, or account termination for persistent or serious violations. Company will notify Provider in advance of enforcement actions except where immediate action is necessary to protect the security, integrity, or availability of the Platform, comply with legal requirements, or prevent imminent harm.

12B. SERVICE MODIFICATIONS

(a) Right to Modify. Company reserves the right to modify, update, enhance, or discontinue any feature, functionality, or component of the Platform or AI Services at any time. Company shall provide at least thirty (30) days' prior written notice of any material modification that significantly reduces the core functionality available to Provider under this Agreement.

(b) Emergency Modifications. Notwithstanding Section 12B(a), Company may immediately modify, suspend, or restrict access to the Platform without prior notice if necessary to: (i) address security vulnerabilities, data breaches, or threats to the integrity of the Platform; (ii) comply with applicable law, regulation, court order, or government directive; (iii) respond to abuse, fraud, or violations of this Agreement; or (iv) prevent imminent harm to the Platform, its users, or third parties. Company shall notify Provider as promptly as practicable following any such emergency modification.

(c) No Liability for Modifications. Except as expressly provided in Section 17 (Service Levels), Company shall not be liable for any modification, suspension, or discontinuation of the Platform or any feature thereof.

13. INDEPENDENT CONTRACTORS

The relationship between Company and Provider is that of independent contractors. Neither party is an employee, agent, partner, or joint venturer of the other. Neither party has authority to bind or commit the other party or to represent that it is authorized to do so.

14. COMPLIANCE WITH LAWS

(a) HIPAA and Privacy. The parties shall comply with the Health Insurance Portability and Accountability Act (HIPAA) and its implementing regulations (45 CFR Parts 160 and 164), including the HIPAA Privacy Rule, Security Rule, and Breach Notification Rule. Company, as a Business Associate, shall comply with the Business Associate Agreement attached as Exhibit A.

(b) Patient Consents. Provider shall obtain and maintain all required patient consents and authorizations for AI-assisted processing of patient health information and shall provide all legally required notifications to patients regarding AI use.

(c) State Laws. Provider shall comply with all state and local healthcare laws, medical practice regulations, telemedicine requirements, and other applicable laws in Provider's jurisdiction(s).

(d) Healthcare Fraud and Abuse Laws. Each party represents and warrants that its performance under this Agreement shall comply with all applicable healthcare fraud and abuse laws, including the Federal Anti-Kickback Statute (42 U.S.C. § 1320a-7b), the Stark Law (42 U.S.C. § 1395nn), and applicable state fraud and abuse laws. Neither party shall offer, solicit, or accept any improper inducements, kickbacks, rebates, or payments in connection with this Agreement beyond the fees expressly stated herein.

(e) Regulatory Changes. Each party shall notify the other within thirty (30) days of becoming aware of any change in law, regulation, guidance, or enforcement action by regulatory authorities (including FDA, HHS, CMS, state medical boards) that materially affects the parties' obligations under this Agreement. The parties shall cooperate in good faith to amend this Agreement as necessary to comply with changed legal requirements.

(f) Export Controls and Sanctions. Provider represents and warrants that Provider is not: (i) located in, organized under the laws of, or a resident of any country or territory subject to comprehensive U.S. economic sanctions (including Cuba, Iran, North Korea, Syria, and the Crimea, Donetsk, and Luhansk regions of Ukraine), or any other country or territory that becomes subject to such sanctions during the Term; (ii) identified on the U.S. Treasury Department's Specially Designated Nationals and Blocked Persons List, the U.S. Commerce Department's Entity List or Denied Persons List, or any other applicable restricted party list; or (iii) owned or controlled by any person or entity described in (i) or (ii). Provider shall not access or use the Platform from any embargoed country or territory, or export, re-export, or transfer any data, software, or technical information received through the Platform in violation of applicable U.S. export control and sanctions laws, including the Export Administration Regulations (15 CFR Parts 730-774) and regulations administered by the Office of Foreign Assets Control (31 CFR Part 500).

(g) Government Entity Use. Government entities (including federal, state, and local government agencies, departments, and instrumentalities) may not access or use the Platform without Company's prior written authorization. Provider shall not make the Platform or AI Services available to any government entity without Company's prior written consent. If Provider is or becomes a government entity, or if a government entity acquires control of Provider, Provider shall promptly notify Company and this Agreement shall be subject to Company's review and written approval for continued use. To the extent the Platform is provided to U.S. Government end users, it is provided as "commercial computer software" and "commercial computer software documentation" as those terms are used in 48 CFR 12.212 and 48 CFR 227.7202.

15. COMPANY INSURANCE

(a) Company shall maintain, at its own expense, throughout the Term and for twelve (12) months following termination: (i) Cyber Liability Insurance covering data breaches, privacy liability, network security, and HIPAA compliance violations, with minimum limits of Two Million Dollars ($2,000,000) per occurrence and Five Million Dollars ($5,000,000) annual aggregate; (ii) Professional Liability / Errors & Omissions Insurance covering the Platform and AI Services, with minimum limits of One Million Dollars ($1,000,000) per claim and Two Million Dollars ($2,000,000) annual aggregate; and (iii) Commercial General Liability Insurance with minimum limits of One Million Dollars ($1,000,000) per occurrence.

(b) Company shall provide certificates of insurance to Provider annually upon request and shall notify Provider within thirty (30) days of any cancellation, material change in coverage, or reduction in limits.

16. FORCE MAJEURE

(a) Excusable Events. Neither party shall be liable for failure or delay in performance under this Agreement caused by events beyond its reasonable control, including but not limited to: acts of God, natural disasters, pandemics, war, terrorism, government action, strikes, widespread cyberattacks affecting internet or cloud infrastructure, or regulatory orders (each, a "Force Majeure Event"). Force Majeure shall not excuse: (i) Company's obligation to maintain HIPAA Security Rule compliance; (ii) Company's obligation to notify Covered Entity of Breaches under the BAA; (iii) payment obligations; or (iv) confidentiality obligations.

(b) Notice and Mitigation. The affected party shall provide prompt written notice describing the event, expected duration, and impact on performance, and shall make reasonable efforts to mitigate the impact and resume performance.

(c) Extended Disruption. If a Force Majeure Event prevents performance for more than ninety (90) consecutive days, either party may terminate this Agreement upon written notice without penalty.

(d) Continuity Obligations. Company shall maintain reasonable business continuity and disaster recovery procedures to minimize service disruptions and shall maintain data backup and recovery capabilities to restore Platform access and Provider data within forty-eight (48) hours of a recoverable Force Majeure Event.

17. SERVICE LEVELS

(a) Uptime Target. Company shall use commercially reasonable efforts to maintain Platform availability of at least ninety-five percent (95%) measured on a calendar month basis, excluding scheduled maintenance windows and Force Majeure Events ("Uptime Target"). Scheduled maintenance shall be performed during off-peak hours (between 12:00 AM and 6:00 AM Eastern Time) with at least twenty-four (24) hours advance notice via the Platform or email.

(b) Service Credits. If Company fails to meet the Uptime Target in any calendar month, Provider shall be entitled to a service credit equal to five percent (5%) of the monthly Fees for each full percentage point below the Uptime Target, up to a maximum credit of twenty-five percent (25%) of the applicable monthly Fees. Service credits are Provider's sole and exclusive remedy for failure to meet the Uptime Target. Provider must request service credits in writing within thirty (30) days of the end of the affected month.

(c) Exclusions. The Uptime Target does not apply to: (i) scheduled maintenance performed in accordance with Section 17(a); (ii) Force Majeure Events; (iii) failures caused by Provider's equipment, systems, or internet connectivity; (iv) Provider's misuse of the Platform; or (v) third-party EHR or payer system outages outside Company's control.

(d) Monitoring and Reporting. Company shall monitor Platform availability and shall make uptime reports available to Provider upon request.

18. GENERAL PROVISIONS

(a) Subcontracting. Company may engage subcontractors to provide services under this Agreement, provided that Company ensures all subcontractors comply with this Agreement and the Business Associate Agreement with respect to Protected Health Information.

(b) Governing Law. This Agreement shall be governed by the laws of the State of Delaware, without regard to its conflict of law principles.

(c) Arbitration. Any dispute arising from or relating to this Agreement shall be resolved by binding arbitration administered by JAMS in Wilmington, Delaware, before a single arbitrator, in accordance with the JAMS Comprehensive Arbitration Rules. Each party shall bear its own costs and attorneys' fees. The arbitrator's decision shall be final and binding. Judgment upon the award rendered by the arbitrator may be entered in any court of competent jurisdiction.

(c-1) Class Action and Jury Trial Waiver. TO THE FULLEST EXTENT PERMITTED BY LAW, EACH PARTY AGREES THAT ANY DISPUTE ARISING OUT OF OR RELATED TO THIS AGREEMENT SHALL BE BROUGHT SOLELY IN THE PARTY'S INDIVIDUAL CAPACITY AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS, COLLECTIVE, CONSOLIDATED, REPRESENTATIVE, OR MASS ACTION. THE ARBITRATOR MAY NOT CONSOLIDATE MORE THAN ONE PARTY'S CLAIMS AND MAY NOT OTHERWISE PRESIDE OVER ANY FORM OF A CLASS, COLLECTIVE, OR REPRESENTATIVE PROCEEDING. IF THIS CLASS ACTION WAIVER IS FOUND TO BE UNENFORCEABLE WITH RESPECT TO A PARTICULAR CLAIM OR REQUEST FOR RELIEF, THEN THAT CLAIM OR REQUEST FOR RELIEF SHALL BE SEVERED AND PROCEED IN A COURT OF COMPETENT JURISDICTION RATHER THAN IN ARBITRATION. EACH PARTY HEREBY IRREVOCABLY WAIVES, TO THE FULLEST EXTENT PERMITTED BY LAW, ANY RIGHT TO TRIAL BY JURY IN ANY ACTION, PROCEEDING, OR COUNTERCLAIM ARISING OUT OF OR RELATING TO THIS AGREEMENT.

(c-2) Arbitration Opt-Out. Provider may opt out of the arbitration and class action waiver provisions of Sections 18(c) and 18(c-1) by sending written notice to compliance@helloklarity.com within thirty (30) days of the Effective Date of this Agreement. The notice must include Provider's name, address, and a clear statement that Provider wishes to opt out of arbitration. If Provider opts out, all disputes shall be resolved exclusively in the state or federal courts located in Wilmington, Delaware. Opting out of arbitration will not affect any other provision of this Agreement.

(d) Notice Provisions. All notices required under this Agreement shall be in writing and delivered by: (i) personal delivery; (ii) overnight courier; (iii) certified mail; or (iv) email (if sent to the contact email address in each party's account). Notices shall be effective upon receipt.

(e) No Assignment. Provider shall not assign or transfer any rights or obligations under this Agreement without Company's prior written consent. Company may assign this Agreement to its affiliates or in connection with a merger, acquisition, or sale of assets.

(f) Severability. If any provision is held invalid or unenforceable, the remaining provisions shall continue in full force and effect.

(g) Entire Agreement. This Agreement, including Section 7A (Billing Services, if elected), Exhibit A (Business Associate Agreement), and Addendum B (Fee Schedule), constitutes the entire agreement between the parties and supersedes all prior agreements, understandings, and negotiations.

(g-1) Order of Precedence. In the event of any conflict between the main body of this Agreement and any Exhibit or Addendum, the Exhibit or Addendum shall control with respect to its subject matter. Between Exhibits and Addenda, the following order of precedence shall apply: Exhibit A (Business Associate Agreement), then Addendum B (Fee Schedule).

(h) Amendment. This Agreement may be amended only by written agreement signed by authorized representatives of both parties, except that Company may modify the Fees, Automations, and Platform capabilities with thirty (30) days notice as described herein.

(i) Counterparts. This Agreement may be executed in counterparts, each of which shall be deemed an original and all of which together shall constitute one instrument.

SIGNATURES

By electronically accepting this Agreement through the Platform, Provider and Company agree to be bound by all terms and conditions hereof.

EXHIBIT A

BUSINESS ASSOCIATE AGREEMENT

THIS BUSINESS ASSOCIATE AGREEMENT (this "BAA") is entered into as of the Effective Date of the Platform Access and Services Agreement (the "Services Agreement") by and between KLARITY HEALTH, INC., a Delaware Corporation ("Business Associate"), and the healthcare provider or organization that has accepted the Services Agreement ("Covered Entity").

RECITALS

WHEREAS, Covered Entity is a covered entity under the Health Insurance Portability and Accountability Act ("HIPAA") (42 U.S.C. § 1320d et seq.) and the Health Information Technology for Economic and Clinical Health Act ("HITECH Act") (42 U.S.C. § 17921 et seq.);

WHEREAS, Business Associate is a business associate within the meaning of HIPAA and 45 CFR § 160.103;

WHEREAS, Business Associate will assist Covered Entity in providing healthcare services and managing healthcare operations by providing the services and access to the AskChart platform (a product of Klarity Health, Inc.) as described in the Services Agreement;

WHEREAS, in performing these services, Business Associate will receive, create, maintain, and transmit Protected Health Information (as defined below) on behalf of Covered Entity;

WHEREAS, the parties recognize that the Services Agreement contemplates the use of artificial intelligence and automated technologies to process Protected Health Information on behalf of Covered Entity;

NOW, THEREFORE, in consideration of the mutual covenants herein contained, the parties agree as follows:

ARTICLE I. DEFINITIONS

(1.1) "Breach" means the unauthorized acquisition, access, use, or disclosure of Unsecured PHI which compromises the security or privacy of such information as determined by risk assessment pursuant to 45 CFR 164.404(b).

(1.2) "Designated Record Set" shall have the meaning given such term in 45 CFR 164.501.

(1.3) "ePHI" or "Electronic Protected Health Information" means PHI that is stored, transmitted, or otherwise maintained in electronic form.

(1.4) "Individual" shall have the meaning given such term in 45 CFR 164.501.

(1.5) "PHI" or "Protected Health Information" shall have the meaning given such term in 45 CFR 164.501 and shall include ePHI.

(1.6) "Unsecured PHI" means PHI that is not secured by a method listed in guidance issued by the Secretary of the Department of Health and Human Services.

(1.7) "Required By Law" shall have the meaning given such term in 45 CFR 164.501.

(1.8) "Secretary" means the Secretary of the Department of Health and Human Services.

(1.9) "Subcontractor" means any entity that assists Business Associate in providing services under the Services Agreement and will have access to, use, or create PHI on behalf of Business Associate.

(1.10) "AI Services" means the artificial intelligence, machine learning, and automated processing capabilities provided through the AskChart platform as described in the Services Agreement.

(1.11) "AI-Generated Output" means any content, draft, summary, report, or other output produced by the AI Services that contains or is derived from Protected Health Information.

(1.12) "Automation" means a Covered Entity-configured automated workflow that executes AI Services operations without requiring per-action Covered Entity authorization.

ARTICLE II. OBLIGATIONS AND ACTIVITIES OF BUSINESS ASSOCIATE

(2.1) Use and Disclosure Restrictions. Except as required by law or as permitted by this BAA, Business Associate shall not use or disclose PHI except to perform functions, activities, or services for Covered Entity as specified in the Services Agreement.

(2.2) Safeguards. Business Associate shall implement and maintain physical, technical, and administrative safeguards that comply with the HIPAA Security Rule (45 CFR Parts 160 and 164 Subpart C) and shall ensure the confidentiality, integrity, and availability of all ePHI.

(2.3) Breach Notification. Business Associate shall notify Covered Entity of any Breach or suspected Breach of Unsecured PHI immediately upon discovery, and in no case later than forty-eight (48) hours after discovery. Such preliminary notice shall include: (a) date, time, and nature of the suspected Breach; (b) description of immediate containment measures taken; (c) preliminary assessment of potentially affected Individuals; and (d) expected timeline for full investigation. Within sixty (60) calendar days of discovery, Business Associate shall provide complete written notice including: (a) identification of each Individual whose Unsecured PHI has been, or is reasonably believed to have been, accessed, acquired, used, or disclosed; (b) a detailed description of what occurred including the date of the Breach and the date of discovery; (c) a description of the steps Individuals should take to protect themselves; (d) a summary of what Business Associate is doing to investigate, mitigate harm, and prevent further breaches; and (e) contact information for Business Associate including a toll-free telephone number or Internet website address.

(2.4) Subcontractor Compliance. Business Associate shall ensure that any Subcontractor that receives, creates, maintains, or transmits PHI on behalf of Business Associate agrees in writing to comply with all applicable HIPAA requirements and the terms of this BAA equivalent to those imposed on Business Associate.

(2.5) Individual Access. Business Associate shall, at the request of Covered Entity and at no additional charge, provide Covered Entity with access to PHI maintained by Business Associate that would constitute a Designated Record Set and shall cooperate with Covered Entity in facilitating Individual requests for access to their PHI within the timeframes required by 45 CFR 164.524.

(2.6) Amendment of PHI. Business Associate shall, at the request of Covered Entity, cooperate with Covered Entity in permitting Individuals to request amendment of their PHI and shall implement approved amendments in accordance with 45 CFR 164.526.

(2.7) Accounting of Disclosures. Business Associate shall, at the request of Covered Entity and at no additional charge, provide Covered Entity with an accounting of disclosures of PHI maintained by Business Associate in accordance with 45 CFR 164.528.

(2.8) Subpart E Compliance. If Business Associate is a health plan as defined in 45 CFR 160.103, Business Associate shall comply with 42 CFR Part 2 requirements regarding substance use disorder patient records.

(2.9) Secretary Access. Business Associate shall make available to the Secretary all books, records, and facilities necessary to verify compliance with HIPAA Rules.

(2.10) Amendment to Comply with Law. Business Associate shall promptly notify Covered Entity of any change in law that affects Business Associate's obligations under HIPAA and shall amend its practices as necessary to comply.

ARTICLE III. PERMITTED USES AND DISCLOSURES OF PHI

(3.1) Use and Disclosure for Specified Purpose. Business Associate shall use and disclose PHI only to perform the functions, activities, and services specified in the Services Agreement.

(3.2) Permitted Uses and Disclosures. Business Associate may use and disclose PHI for: (a) management and administrative activities necessary to perform its obligations under the Services Agreement; (b) data aggregation for Covered Entity's healthcare operations; (c) creating de-identified information in accordance with 45 CFR 164.514; (d) as required by law; or (e) as authorized by Covered Entity in writing.

(3.3) AI Services Processing. Business Associate may process PHI through AI Services to perform services described in the Services Agreement, including executing Covered Entity-approved Automations, generating AI-Generated Outputs, and creating analytics and reports.

(3.4) AI-Generated Outputs. All AI-Generated Outputs containing or derived from PHI are treated as PHI for all purposes under this BAA and are subject to all restrictions and protections herein.

(3.5) De-Identification. Business Associate may use de-identified information and de-identified data to improve the Platform's functionality in accordance with 45 CFR 164.514 without the restrictions of this BAA.

(3.6) Data Aggregation. Business Associate may perform data aggregation to provide Covered Entity with analytics, reports, and practice intelligence, and to the extent such aggregated data is de-identified, may use such data for improving the Platform.

(3.7) Required Disclosures. Business Associate may disclose PHI when required by law, provided that Business Associate: (a) notifies Covered Entity of the legal requirement unless prohibited by law; (b) discloses the minimum PHI necessary; and (c) if permitted, gives Covered Entity opportunity to seek a protective order.

ARTICLE IV. AI-SPECIFIC PROVISIONS

(4.1) AI Processing Safeguards. All Protected Health Information processed by AI Services is subject to the same safeguards, restrictions, and protections as all other Protected Health Information under this BAA and applicable HIPAA Rules. Business Associate shall implement AI-specific security measures to prevent unauthorized access or misuse of PHI during processing.

(4.2) No Use for Training General Models. Business Associate shall not use identifiable Protected Health Information to train, develop, or improve general-purpose artificial intelligence models, large language models, or products external to the AskChart platform. Business Associate shall not use identifiable PHI for fine-tuning third-party large language models, federated learning across multiple Covered Entities' data, or generating synthetic patient data. Business Associate may use data that has been de-identified in accordance with the HIPAA Safe Harbor method (45 CFR 164.514(b)(2)) or Expert Determination (45 CFR 164.514(b)(1)) to improve the Platform's performance, train Platform-specific models, and generate synthetic datasets for internal model development. All de-identification determinations shall be documented and available to Covered Entity upon request.

(4.3) AI-Generated Output Treatment. All AI-Generated Outputs containing or derived from Protected Health Information shall be treated as Protected Health Information and subject to all restrictions and protections under this Agreement, the Services Agreement, and HIPAA Rules.

(4.4) Automation as Authorized Use. Covered Entity-approved Automations are treated as authorized uses and disclosures of Protected Health Information for purposes of this BAA. Covered Entity authorizes Business Associate to execute Automations according to Covered Entity's configuration and may modify or disable Automations at any time.

(4.5) Audit Logs and Documentation. Business Associate shall maintain detailed audit logs and documentation of all AI Services processing of Protected Health Information, including the date and time of processing, data elements accessed, outputs generated, and users involved. These logs shall be made available to Covered Entity upon request and shall be provided within ten (10) business days.

(4.6) AI Infrastructure Subcontractors. Business Associate shall ensure that any Subcontractors providing artificial intelligence, machine learning, cloud computing, or data processing infrastructure or services agree in writing to comply with all restrictions and conditions regarding Protected Health Information contained in this BAA.

ARTICLE V. OBLIGATIONS OF COVERED ENTITY

(5.1) Notice of Privacy Practices. Covered Entity shall provide notice to Individuals as required by 45 CFR 164.520 that describes Covered Entity's use and disclosure of PHI and the rights of Individuals with respect to their PHI.

(5.2) Individual Authorization. Covered Entity shall obtain and maintain any authorizations or consents required by HIPAA and applicable state law for Business Associate's use of PHI as described in the Services Agreement.

(5.3) AI Disclosure to Individuals. Covered Entity shall obtain any necessary authorizations, consents, or notifications required by law for AI-assisted processing of Individuals' Protected Health Information. Covered Entity is responsible for all patient-facing disclosures regarding AI use, data processing, and AI-Generated Outputs.

(5.4) HIPAA Compliance. Covered Entity shall comply with all requirements of the HIPAA Privacy Rule (45 CFR Part 164 Subpart E) and Security Rule (45 CFR Part 164 Subpart C) with respect to PHI.

ARTICLE VI. TERM AND TERMINATION

(6.1) Term. This BAA shall commence on the Effective Date of the Services Agreement and shall remain in effect for the duration of the Services Agreement, including any Renewal Terms, unless sooner terminated.

(6.2) Termination. This BAA shall terminate upon termination of the Services Agreement. Either party may terminate this BAA upon thirty (30) days written notice if the other party materially breaches this BAA and fails to cure within thirty (30) days of written notice.

(6.3) Effect of Termination. Upon termination or expiration of this BAA: (a) Business Associate shall promptly return or, if return is infeasible as certified in writing, shall securely destroy all PHI maintained by Business Associate, including all copies, unless retention is required by law; (b) Business Associate shall retain only that PHI as is necessary for wind-down and compliance activities; and (c) all obligations under this BAA shall survive termination with respect to PHI retained under exception (b).

(6.4) Survival. Sections 2.1, 2.3, 2.4, 3.1, 3.2, 4.1, 4.2, 4.3, 4.5, and 6.3 shall survive termination or expiration of this BAA.

ADDENDUM B

FEE SCHEDULE

This Fee Schedule ("Addendum B") is incorporated into the Klarity Health, Inc. — AskChart Platform Access and Services Agreement (the "Agreement") by and between Klarity Health, Inc. ("Company") and the Provider who has accepted the Agreement.

B.1 ELECTRONIC ACCEPTANCE AND INCORPORATION

The specific fees, rates, and pricing plan applicable to Provider are as displayed to and accepted by Provider through the AskChart platform at the time of account registration, plan selection, or Billing Services election. By clicking "I Agree," "Accept," or any similar acceptance mechanism presented during sign-up or plan selection, Provider agrees to the pricing terms displayed on-screen at that time, which are incorporated into this Agreement by reference as though fully set forth herein.

Company shall ensure that the pricing terms displayed to Provider at the time of acceptance are: (a) clearly and conspicuously presented prior to acceptance; (b) specific as to the fee amounts, calculation methods, and billing frequency; and (c) retained by Company as a record of Provider's accepted pricing plan. Company shall make the accepted pricing plan available to Provider at any time through Provider's account settings or upon written request.

B.2 FEE CATEGORIES

Fees under this Agreement may include one or more of the following categories, as applicable to Provider's selected pricing plan:

(a) Platform Subscription Fees — Monthly or annual fees for access to the AskChart platform and AI Services, as displayed at the time of plan selection.

(b) Billing Service Fees (if Billing Services are elected under Section 7A) — A percentage of Net Collections (as defined in Section 7A.3(a)) on claims prepared and submitted by Company on Provider's behalf, at the rate displayed and accepted by Provider at the time of Billing Services election.

(c) Usage-Based Fees — Fees based on transaction volume, API calls, or other usage metrics, if applicable to Provider's selected pricing plan, as displayed at the time of plan selection.

(d) Add-On Service Fees — Fees for optional services or features not included in Provider's base plan, as displayed and accepted by Provider at the time of election.

B.3 BILLING SERVICE FEE DEFINITIONS

If Provider has elected Billing Services under Section 7A, the following definitions apply:

(a) "Eligible Revenue" means payments received by Provider from insurance carriers, government payers (including Medicare and Medicaid), and other third-party payers on claims that were prepared and submitted by Company under this Agreement.

(b) Eligible Revenue expressly excludes the following: patient copayments; patient coinsurance; patient deductibles; self-pay or cash-pay patient payments; payments on claims not submitted by Company (provided that if Company submitted a claim and Provider subsequently resubmits that same claim, whether due to denial, modification, or otherwise, such resubmitted claim's payment shall be deemed submitted by Company if resubmitted within sixty (60) days of the original Company submission or at Company's direction); and revenue from ancillary services not within the scope of the Agreement.

(c) "Net Collections" means Eligible Revenue received during the applicable billing period, net of any refunds, recoupments, or takebacks by payers on claims submitted by Company.

B.4 FEE ADJUSTMENTS

(a) Initial Term. All fees shall remain at the rate accepted by Provider at the time of sign-up or plan selection for the duration of the Initial Term, unless Provider elects to upgrade or change plans through the Platform.

(b) Renewal Terms. Any adjustment to fees for Renewal Terms shall be: (i) communicated to Provider in writing (including email or in-Platform notification) at least thirty (30) days prior to the commencement of the applicable Renewal Term; and (ii) subject to Provider's right to terminate prior to the Renewal Term if Provider does not accept the adjusted fees.

(c) Plan Changes. If Provider elects to change pricing plans through the Platform during the Term, the new plan's fees shall take effect as of the date of election or the next billing cycle, as specified at the time of plan change. Provider's acceptance of the new plan's terms through the Platform shall constitute an amendment to this Addendum B with respect to fees.

B.5 INVOICING AND PAYMENT

(a) Platform Subscription Fees shall be invoiced and charged automatically according to the billing frequency (monthly or annual) of Provider's selected plan.

(b) Billing Service Fees shall be invoiced in accordance with Section 7A.3(d) and (e) of the Agreement.

(c) Payment is due within thirty (30) days of the invoice date, unless otherwise specified in the applicable pricing plan.

(d) Late payments shall accrue interest at a rate of one and one-half percent (1.5%) per month, or the maximum rate permitted by applicable law, whichever is less.

(e) Disputed Charges. Provider must notify Company of any disputed charges in writing within fifteen (15) days of the invoice date. The Parties shall work in good faith to resolve any disputes within thirty (30) days. Undisputed amounts remain due per Section B.5(c).

B.6 RECORD OF ACCEPTED PRICING

Company shall maintain a timestamped record of each Provider's accepted pricing plan, including: (a) the specific fees and rates displayed at the time of acceptance; (b) the date and time of Provider's electronic acceptance; (c) the version of the pricing plan accepted; and (d) any subsequent plan changes elected by Provider. These records shall be available to Provider upon request and shall be admissible as evidence of the agreed-upon fees in the event of any dispute.

This Fee Schedule is an integral part of the Klarity Health, Inc. — AskChart Platform Access and Services Agreement and shall be interpreted in accordance with the terms of the Agreement.