THIS MUTUAL NONDISCLOSURE AGREEMENT is entered into as of ___________________________ between Clearwater Compliance LLC, a Tennessee Limited Liability Company (“Clearwater”) and _______________________________ a _________________ {Limited Liability Company | Corporation} organized under the laws of the state of _____________________, (“Third Party”).

1. Purpose. Third Party wishes Clearwater to review its current information security risk analysis procedures, processes and resultant artifacts and provide feedback and recommendations in comparison to the OCR Guidance on Risk Analysis Requirements Under the HIPAA Security Rule (the “Evaluation”), during which each of the parties may disclose to the other party certain information which the disclosing party considers confidential, valuable and proprietary to its business as further defined herein (“Confidential Information”). Each of the parties desires to protect such Confidential Information from unauthorized use or disclosure and is willing to disclose such Confidential Information for the limited purpose of the Evaluation, and subject only to the restrictions set forth herein.

2. Definition of Confidential Information.

a. “Confidential Information” means any information, technical data or know-how (either oral, written, or digital), that is of value and is provided to or prepared by either party to the other party (including either party’s directors, officers, employees, contractors, agents, clients, service partners or representatives) or obtained by either party from the other (including either party’s directors, officers, employees, contractors, agents, or representatives of the other) including but not limited to, information, technical data or know-how that relates to research, product plans, products, services, customers, markets, software, developments, inventions, processes, methodologies, designs, drawings, engineering, hardware configuration information, marketing or finances of the disclosing party.

b. Confidential Information does not include information, technical data or know-how which:

i. Is in the possession of the receiving party at the time of disclosure as shown by the receiving party’s files and records immediately prior to the time of disclosure; or,
ii. Prior to or after the time of disclosure becomes part of the public knowledge or literature, not as a result of any improper inaction or action of the receiving party; or,
iii. Is expressly approved by the disclosing party, in writing, for release; or,
iv. Comes into the possession of the receiving party from a third party that was not, to the recipient’s knowledge, subject to any confidentiality restriction.

3. Non-Disclosure of Confidential Information. Each party hereby agrees not to use or disclose any Confidential Information provided to it by or obtained by it from the other party for any reason including its own use or for any purpose except to carry out discussions concerning, and the undertaking of, the Evaluation. Neither party will, except as required by law or court order, disclose any Confidential Information of the other party to unrelated third parties or to employees, contractors, agents or professional advisors of the party receiving Confidential Information, except employees, contractors, agents or professional advisors who are required to have the information in order to carry out the discussions in connection with and regarding the undertaking of the Evaluation. Each party will have or has had employees or contractors to whom Confidential Information of the other party is or will be disclosed or who have or will have access to Confidential Information of the disclosing party sign a nondisclosure or similar agreement in content substantially similar to this Agreement. Each party agrees that it will take all reasonable measures to protect the secrecy of and avoid disclosure or use of Confidential Information of the other party in order to prevent it from falling into the public domain or the possession of persons other than those persons authorized under this Agreement to have any such information. Such measures shall include the highest degree of care that the receiving party utilizes to protect its own Confidential Information of a similar nature. Each party agrees to notify the other in writing of any misuse or misappropriation of Confidential Information of the disclosing party of which it becomes aware immediately after such misuse or misappropriation.

4. Return or Destruction of Confidential Information. The parties hereby acknowledge and agree that Confidential Information is the exclusive property of the disclosing party. Upon completion of the Evaluation, and upon written request of the disclosing party, Confidential Information which has been furnished by one party to the other in connection with the Evaluation will either be promptly returned or destroyed by the receiving party, including all memoranda, notes, records, recordings, documentation, disks, manuals, files or other documents (in written, electronic or other form), and all copies thereof (to the extent commercially reasonable or technically practicable), concerning or containing Confidential Information that are in the receiving party’s possession or control, whether made or compiled by the receiving party or furnished to the receiving party by the disclosing party, and, upon written request, provide written certification to the disclosing party that the information has been destroyed. Each party hereby agrees that it will not retain any copies, extracts or other reproductions in whole or in part of any Confidential Information; provided, however, that the receiving party may keep additional copies of any information as might be required for legal and compliance purposes or to comply with any bona fide records retention policy. In such case, the receiving party

5. Patent or Copyright Infringement. Nothing in this Agreement is intended to grant any rights under any patent or copyright of either party, nor shall this Agreement grant either party any rights in or to the other party’s Confidential Information, except the limited right to review such Confidential Information in connection with the Evaluation. Further, both parties agree not to reverse engineer attempt to reverse engineer, decompile or disassemble any computer software programs or devices supplied by the other party.

6. Term. The commitments of each party shall continue for a period terminating on the later of the following to occur:
a. Five (5) years following the date of this Agreement; or,
b. With respect to any particular item of Confidential Information, for so long as such information shall remain Confidential Information under applicable law.

7. Miscellaneous. This Agreement shall be binding upon and for the benefit of the undersigned parties, their successors and assigns, provided that Confidential Information of the disclosing party may not be assigned without the prior written consent of the disclosing party, which consent shall not be unreasonably withheld or delayed. Failure to enforce any provision of this Agreement by a party shall not constitute a waiver of any term hereof by such party.

8. Governing Law. This Agreement shall be governed by and construed and enforced in accordance with the laws of the state of Tennessee without consideration of its conflicts of laws provisions, and shall be binding upon the parties to this Agreement in the United States and worldwide.

9. Remedies. Each party agrees that its obligations provided in this Agreement are necessary and reasonable in order to protect the disclosing party and its business, and each party expressly agrees that monetary damages would be inadequate to compensate the disclosing party for any breach by the receiving party of its covenants and agreements set forth in this Agreement. Accordingly, each party agrees and acknowledges that any such violation or threatened violation will cause irreparable injury to the disclosing party and that, in addition to any other remedies that may be available, in law, in equity or otherwise, the disclosing party shall be entitled to seek injunctive relief against the threatened breach of this Agreement or the continuation of any such breach by the receiving party, without the necessity of proving actual damages.

IN WITNESS WHEREOF, the parties hereto have executed this Agreement as of the date last executed below (the “Effective Date”).

Clearwater Compliance LLC
(“Third Party”)



Robert L. Chaput

President and CEO