HomeMy WebLinkAboutC-10051-1 - Solution Agreement1,01 rUL Y
Huly Solution Agreement
This Solution Agreement is entered into as of November 21, 2025, by and between CITY OF NEWPORT
BEACH, a California municipal corporation and charter city ("City"). and Huly Corp. ("HULY")
collectively referred to as "Parties', both of whom agree to be bound both by this Solutions Agreement. This
agreement is between the Parties with regards to the Pricing listed below:
Total Cost to Customer per year — Annual Call Volume = 10,000
Product/Service
November 20t'',
2025
November 20th,
2025 — November
18tt', 2026
One Time
$7,500
• Setup Fees
Monthly Subscription
$833.33
• Scan It
• Ask Huly
• Narrative Copilot
• Verifai (QA/QI)
• Product Support
Huly Provides features listed below:
1. Employee Management
1.1 Huly will provide an Employee Catalog that enables the QA Administrator to maintain and
manage employee attributes, including:
• First Name, Last Name
• Email, Phone Number
• Manager Name, Manager Email
1.2 Each employee will have unique login credentials (username and password) to securely access
the Huly application.
2. Data Integration & Automation
2.1 Huly will integrate with your ePCR to enable the automated import of PCRs for validation and
compliance checks.
3. Reporting & Analytics
3.1 Huly will generate customized reports based on the agreed -upon criteria, enabling data -driven
decision -making.
3.2 Huly will provide real-time ICD-10 code generation for billers, ensuring accurate medical coding
and billing efficiency.
3.3 Huly will include chart visualizations to help identify recurring issues within the QA/QI process,
enhancing process improvements.
4. Policy & Documentation Management
4.1 Huly will provide administrators with the ability to upload, manage, and delete policies and
protocol files through the Huly Admin Portal. These documents will be made available for
reference within the Ask Huly feature.
4.2 Huly will support uploading and managing email templates, which can dynamically pull
information from the Employee Catalog for automated communications.
5. Automated Notifications & Feedback
5.1 Huly will send instant notifications to Crew Members via the Huly App in case of failed
validations, enabling prompt corrective actions.
Huly Corp. Contract Page 1 of 7
November 25
if HU! v
5.2 Huly will provide automated feedback to crews via email regarding complicated airway cases,
facilitating ongoing learning and improvement.
5.3 Huly will send weekly reports to managers and employees, ensuring transparency and tracking of
performance metrics.
6. Data Storage & Retention
6.1 Huly will store all data for a period of three (3) years, allowing for appropriate reporting and
compliance tracking.
6.2 Data older than three (3) years will be permanently deleted, unless otherwise required by
applicable regulations.
7. Support and Maintenance
Huly will provide ongoing support and maintenance services to ensure the stability, security, and
usability of the system, including but not limited to:
7.1 Technical Support
7.1.1 Huly will offer troubleshooting assistance to diagnose and resolve errors, bugs, and
system issues encountered by the Client.
7.2 Software Updates & Maintenance
7.2.1 Huly will provide periodic software updates, including feature enhancements, performance
optimizations, and security patches to maintain operational integrity.
7.3 User Assistance
7.3.1 Huly will provide user support for common operational issues, including but not limited to:
• Login/access difficulties
• Account settings configuration
• General system usage inquiries
7.4 Performance Monitoring & System Stability
7.4.1 Huly will actively monitor system performance, ensuring high availability and minimal
downtime. Proactive measures will be taken to mitigate risks that may impact system stability.
7.5 Integration Support
7.5.1 Huly will provide assistance with third -party integrations, ensuring seamless functionality
between the system and external applications where applicable.
7.5.2 In the event of integration failures or disruptions, Huly will work with the Client to
troubleshoot and restore the affected functionalities.
Huly Corp. Contract Page 2 of 7
November 25
if P1ULY
HULY will submit the invoice by the 1s' day of every month. CITY OF NEWPORT BEACH, a California
municipal corporation and charter city ("City") will pay the invoice in full within 30 Calendar days from the
date the invoice provided by HULY. CITY OF NEWPORT BEACH, a California municipal corporation and
charter city ("City") will pay for the Product Support in full along with the monthly service fees.
APPROVED AS TO FORM:
CITY ATTORNEY'S OFFICE
Date: I IT7 (�Z 5
By:
Aa n C. Harp
City Attorney
ATTEST:
Date: 9 XV 2 Cj
CITY OF NEWPORT BEACH,
a California mun' ipal c rporation
Date: O / O " 2 G
By: 4, 4 - /_1 I
Je _ oyles
Fire Chief
CONTRACTOR: Huly Corp, a Delaware
corporation
Date:
By: By:
Lena Shumway
City Clerk
Signed in Counterpart
Nidhish Dhru
President/Treasurer
Huly Corp. Contract
November25
Page 3 of 7
L:°
DULY
HULY will submit the invoice by the 15t day of every month. CITY OF NEWPORT BEACH, a California
municipal corporation and charter city ("City") will pay the invoice in full within 30 Calendar days from the
date the invoice provided by HULY. CITY OF NEWPORT BEACH, a California municipal corporation and
charter city ("City") will pay for the Product Support in full along with the monthly service fees.
APPROVED AS TO FORM:
CITY ATTORNEY'S OFFICE
Date: II s
CITY OF NEWPORT BEACH,
a California municipal corporation
Date:
By: �o By:
Aa n C. arp Jeff Boyles
City Attorney Fire Chief
ATTEST: CONTRACTOR: Huly Corp, a Delaware
corporation
Date: Date: 0) l o 5 1,90-� ('
By: By:9 .
Lena Shumway Nidh€s - , hru
City Clerk President/Treasurer
Hu/y Corp. Contract Page 3 of 7
November 25
0 rUL Y
Terms and Conditions
1 SUBSCRIBER CITY OF NEWPORT BEACH, a California municipal corporation and charter city
("City") Department DATA
a. Processing. HULY will use and process Subscriber (CITY OF NEWPORT BEACH, a California
municipal corporation and charter city ("City") Department) Data to the extent necessary for the
performance of the Subscription and/or Professional Services. Subscriber data shall not include
PHI/EPHI. HULY will also collect Subscriber Data that results from the performance of the
Subscription Service, including data related to any error, issue, enhancement or operation of the
Services, provided that the forgoing does not contain personally identifiable information, and the data
that HULY would have independent of Subscriber's use of the Services, ("HULY Data") and
Subscriber agrees that HULY shall have all rights and ownership in such HULY Data. The subscriber
acknowledges that it may be necessary for HULY to access Subscriber Data to respond to any
technical problems or Subscriber queries and to ensure the proper working of the Subscription
Services. HULY will deliver and support this Subscription Service within the United States. Subscriber
will retain full ownership of Subscriber's data.
b. Warranty. Subscriber represents and warrants that Subscriber has either ownership or sufficient
permission to provide Subscriber Data to HULY for processing as part of the Subscription Service,
and that provision of Subscriber Data to HULY will not violate any law, or proprietary or privacy right
of any individual.
c. Protection. HULY will maintain commercially reasonable administrative, physical, and technical
safeguards for protection of Subscription Service that includes Subscriber Data. HULY will comply
with all applicable privacy, security, and data protection laws and regulations, including but not limited
to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its implementing
regulations, as applicable. HULY will implement and maintain appropriate administrative, technical,
and physical safeguards to protect Client's data from unauthorized access, disclosure, or misuse.
In the event of a data breach or any unauthorized access, use, or disclosure of Subscriber's data,
HULY will promptly notify Subscriber in writing, but in no event later than 3 days from discovery, and
shall take all necessary steps to investigate, mitigate, and remediate the breach in accordance with
applicable laws and industry best practices.
HULY further agrees to cooperate with Subscriber in addressing any compliance concerns and to
implement corrective actions as reasonably required to maintain the integrity and confidentiality of
Subscriber's data.
d. Termination. This Agreement shall commence on the Effective Date and shall continue for an initial
term of one (1) year ("Initial Term"). Thereafter, the Agreement shall automatically renew for "two (2)"
successive one (1) year terms (each, a "Renewal Term"), unless either party provides written notice
of its intent not to renew at least thirty (30) days prior to the expiration of the then -current term.
Either party may terminate this Agreement for cause upon thirty (30) days' written notice to the other
party, specifying the nature of the breach, provided that the breaching party fails to cure such breach
within the notice period. Additionally, either party may terminate this Agreement without cause upon
providing at least thirty(30) days' prior written notice to the other party.
Termination of this Agreement shall not relieve either party of obligations incurred prior to the effective
date of termination, and any provisions that, by their nature, should survive termination shall remain
in full force and effect. HULY will remove, or discard Subscriber Data without notice thirty (30) days
following termination of this Agreement.
e. Feedback. Subscriber grants HULY a royalty -free, worldwide, perpetual license to use and
incorporate into Subscription Service any suggestion, idea, enhancement, feedback, or
recommendation Subscriber provides relating to Subscription Service.
2 Pricing Stability
a. Annual Volume Baseline. Customer's annual fee under this Agreement is based on an estimated
annual call volume of 10,000 calls at a rate of $1.00 per -call, totaling $10,000.00 per year. This
estimated volume serves as the pricing basis for each contract year during the 1-year initial term,
and Renewal Terms.
b. True -Up (Increased Usage). If, upon annual review, actual call volume exceeds 10,500
calls (105% of the estimated volume), Customer shall pay a True -Up Fee for the excess calls
Huly Corp. Contract Page 4 of 7
November 25
P1UL Y
above 10,000, calculated at the rate of $1.00 per -call rate. This fee will be invoiced within thirty
(30) days of the Provider's annual call volume report.
c. True -Down (Reduced Usage). If actual call volume falls below 9,500 calls (95% of the estimated
volume), Customer shall receive a True -Down Credit for the shortfall below 10,000 calls,
calculated at the same $1.00 per -call rate. This credit will be applied to the next annual invoice or
to the final invoice if in the final year of the Agreement.
d. Volume Report and Review. Provider shall deliver a detailed annual call volume report to
Customer within thirty (30) days after each anniversary of the Effective Date. Both Parties shall
review the report in good faith to determine and settle any applicable True -Up or True -Down
adjustment.
e. Mid -Term Termination. If the Agreement is terminated before the end of a contract year, a pro-
rata True -Up or True -Down adjustment shall be calculated based on the actual call volume to date
and invoiced or credited accordingly within thirty (30) days following termination.
f. Maximums. Huly's compensation for all services performed in accordance with this Agreement,
including all reimbursable items and subconsultant fees, shall not exceed Seventy Five Thousand
Dollars and 00/100 ($75,000), without prior written authorization from City.
3 LIMITATION OF LIABILITY
a. SUBSCRIBER, HULY, ITS AFFILIATES AND LICENSORS ("HULY") ARE NOT LIABLE FOR: (i)
INDIRECT, SPECIAL, CONSEQUENTIAL, PUNITIVE OR INCIDENTAL DAMAGES; OR (ii)
DAMAGES FOR, WITHOUT LIMITATION, INTERRUPTION OF BUSINESS OR OPERATIONS,
COST OF COVER, LOST PROFITS, DATA, GOODWILL, BUSINESS OR REVENUE.
b. SUBSCRIBER AND HULY IS LIABLE FOR A CLAIM OR DAMAGES, DIRECT OR INDIRECT, FOR
BREACH OF CONFIDENTIALITY ONLY AS A DIRECT RESULT OF EITHER PATRY's GROSS
NEGLIGENCE OR WILLFUL MISCONDUCT, AS DETERMINED BY A COURT OF COMPETENT
JURISDICTION, AND SUBJECT TO THE LIMITATIONS OF SECTIONS 6(a) AND (c)
c. NOTWITHSTANDING ANY PROVISION TO THE CONTRARY, EXCEPT FOR A CLAIM FOR
DEATH, BODILY INJURY, TANGIBLE PROPERTY DAMAGE, NEGLIGENCE, OR WILLFUL
MISCONDUCT, EITHER PARTY'S AGGREGATE LIABILITY FOR ANY CLAIM OR DAMAGES FOR
ANY REASON, UNDER ANY THEORY OF LIABILITY, INCLUDING, WITHOUT LIMITATION,
WARRANTY, BREACH OF CONTRACT, TORT, MISREPRESENTATION, FOR USE OR
PERFORMANCE OF SUBSCRIPTION SERVICE, CLIENT SOFTWARE OR OTHERWISE,
WHETHER FORESEEABLE OR NOT, OR WHETHER A REMEDY FAILS TO ACHIEVE ITS
ESSENTIAL PURPOSE, IS LIMITED TO ACTUAL, DIRECT DAMAGES NOT EXCEEDING THE
AMOUNT SUBSCRIBER PAID FOR THE PRIOR 12 MONTHS FOR THE SPECIFIC
SUBSCRIPTION SERVICE GIVING RISE TO THE CLAIM. EITHER PATRY'S FAILURE TO
EXERCISE A RIGHT OR REMEDY IS NOT A WAIVER. THIS SECTION 6 SPECIFIES HULY'S SOLE
LIABILITY AND SUBSCRIBER'S EXCLUSIVE REMEDY FOR A CLAIM BROUGHT AGAINST HULY.
4 Governing Law & Venue
a. This Agreement shall be governed by and construed in accordance with the laws of the State of
California, without regard to its conflict of law principles. Any disputes arising out of or relating to this
Agreement shall be exclusively brought in the state or federal courts located in California, County of
Orange, and each party hereby irrevocably submits to the personal jurisdiction and venue of such
courts.
5 INTELLECTUAL PROPERTY OWNERSHIP
a. HULY, its affiliates or licensors own and retain all rights, title and interest in all Intellectual Property in
Subscription Service, Client Software, Documentation and all derivative works or modifications to the
foregoing. HULY reserves the right to enforce all its rights and remedies to protect its Intellectual
Property.
6 INTELLECTUAL PROPERTY INFRINGEMENT INDEMNIFICATION
a. The indemnification obligations set forth in this Agreement shall include a commitment by HULY to
Huly Corp. Contract Page 5 of 7
November 25
N rU!Y
indemnify, defend, and hold harmless Subscriber, its affiliates, officers, directors, employees, and
agents from and against any claims, liabilities, damages, costs, and expenses (including reasonable
attorneys' fees) arising out of or related to any allegation that the HULY's software, services, or any
related deliverables infringe upon or misappropriate any third -party intellectual property rights.
b. The HULY shall, at its own expense, (i) defend Subscriber against any such claims; (ii) modify or
replace the infringing component to make it non -infringing while maintaining equivalent functionality;
or (iii) if (ii) is commercially feasible, provide Subscriber with a pro-rata refund of fees paid for the
affected software or services.
c. This indemnity shall not apply to claims arising from (a) unauthorized modifications made by
Subscriber, (b) use of the software in combination with third -party products not provided or approved
by HULY, or (c) use of the software in violation of the Agreement.
d. Assumption of Defense. If HULY fails to defend or settle a claim in a timely manner, Subscriber may
assume defense of the claim at HULY's expense, and the indemnifying party will reasonably
cooperate. Neither party may make an admission of fault on behalf of the other party without written
consent or agree to the settlement of a claim binding the other party that does not contain a full release
of liability for the other party, without written consent.
e. To the fullest extent permitted by law, Huly shall indemnify, defend and hold harmless City, its City
Council, boards and commissions, officers, agents, volunteers, employees and any person or entity
owning or otherwise in legal control of the property upon which Huly performs the Project and/or
Services contemplated by this Agreement (collectively, the "Indemnified Parties") from and against
any and all claims (including, without limitation, claims for bodily injury, death or damage to property),
demands, obligations, damages, actions, causes of action, suits, losses, judgments, fines, penalties,
liabilities, costs and expenses (including, without limitation, attorneys' fees, disbursements and court
costs) of every kind and nature whatsoever (individually, a Claim; collectively, "Claims"), which may
arise from or in any manner relate (directly or indirectly) to any breach of the terms and conditions of
this Agreement, any Work performed or Services provided under this Agreement including, without
limitation, defects in workmanship or materials or Huly's presence or activities conducted on the
Project (including the negligent, reckless, and/or willful acts, errors and/or omissions of Huly, its
principals, officers, agents, employees, vendors, suppliers, consultants, subcontractors, anyone
employed directly or indirectly by any of them or for whose acts they may be liable, or any or all of
them).
Notwithstanding the foregoing, nothing herein shall be construed to require Huly to indemnify the
Indemnified Parties from any Claim arising from the sole negligence or willful misconduct of the
Indemnified Parties. Nothing in this indemnity shall be construed as authorizing any award of
attorneys' fees in any action on or to enforce the terms of this Agreement. This indemnity shall apply
to all claims and liability regardless of whether any insurance policies are applicable. The policy limits
do not act as a limitation upon the amount of indemnification to be provided by Huly.
7 CONFIDENTIALITY
a. Confidential Information. Whether or not disclosed orally or marked as confidential, Confidential
Information includes the Intellectual Property, and financial data. Confidential Information does not
include information that is: (i) publicly available without breach of the Agreement; (ii) reasonably shown
to disclosing party's satisfaction by objective data to have been known by receiving party prior to
disclosure or independently developed by receiving party subsequent to disclosure without breach of
the Agreement; (iii) obtained by receiving party from a third party that is not under confidentiality
obligation to disclosing party for the information; or (iv) required to be disclosed by public disclosure
laws such as the California Public Records Act (Gov't Code Section 7931.000 et seq.). The receiving
party will promptly notify the disclosing party if it is compelled by law or a court to disclose Confidential
Information and take reasonable actions requested to maintain its confidentiality.
b. Non -disclosure. Receiving party will use disclosing parry's Confidential Information solely to perform
its obligations under the Agreement. The receiving party will take commercially reasonable actions to
safeguard disclosing parry's Confidential Information, no less than the actions taken to protect its own
Confidential Information. The receiving party must not disclose the disclosing parry's Confidential
Information except to its employees or contractors bound by confidentiality obligations no less
restrictive than these terms. The receiving party must promptly notify the disclosing party in writing of
unauthorized use or disclosure of Confidential Information. Receiving party, at its expense, must take
all reasonable actions to recover Confidential Information and prevent further unauthorized use or
disclosure, including seizure and injunctive relief. If the receiving party fails to timely do so, the
disclosing party may take any reasonable action to do so at the receiving party's expense, and the
Huly Corp. Contract Page 6 of 7
November 25
P1U! Y
receiving party will reasonably cooperate.
NO ATTORNEYS' FEES. In the event of any dispute or legal action arising under this
Agreement, the prevailing party shall not be entitled to attorneys' fees.
CYBER LIABILITY INSURANCE. HULY shall maintain cyber liability insurance in an amount not less
than one million dollars ($1,000,000) per claim and two million dollars ($2,000,000) in the annual
aggregate, covering (1) all acts, errors, omissions, negligence, infringement of intellectual property;
(2) network security and privacy risks, including but not limited to unauthorized access, failure of
security, breach of privacy perils, wrongful disclosure, collection, or negligence in the handling of
confidential information, privacy perils, including coverage for related regulatory defense and
penalties; (3) data breach expenses payable whether incurred by City or HULY, including but not
limited to consumer notification, whether or not required by law, computer forensic investigations,
public relations and crisis management firm fees, credit file or identity monitoring or remediation
services in the performance of services for City or on behalf of City hereunder.
Huly Corp. Contract Page 7 of 7
November 25
HIPAA/HITECH BUSINESS ASSOCIATE AGREEMENT
THIS BUSINESS ASSOCIATE AGREEMENT (this "Agreement") is made by and entered
into as of this 2 1 " day of November, 2025, ("Effective Date") between the CITY OF NEWPORT
BEACH, a California municipal corporation and charter city ("City") ("Provider") and Huly
Corp. a Delaware corporation ("Business Associate") whose address is 1729 Cedarwood Loop,
San Ramon, CA 94582 ,and is effective upon signing. In consideration of good and valuable
consideration, the receipt and sufficiency of which are hereby acknowledged, the Provider and
Business Associate hereby agree as follows.
BACKGROUND STATEMENTS
A. Purpose. The purpose of this Agreement is to comply with the requirements of the Health
Insurance Portability and Accountability Act of 1996 and the associated regulations (45
C.F.R. parts 160-164, as may be amended, including the "Privacy Rule," the "Security
Rule," the Breach Notification and Enforcement Rules together, the "Rules") ("HIPAA")
and the Health Information Technology for Economic and Clinical Health Act and the
associated regulations, as may be amended ("HITECH"). "HIPAA" and "HITECH" are
collectively referred to in this Agreement as "HIPAA/HITECH." Unless otherwise defined
in this Agreement, capitalized terms have the meaning given in above -referenced HIPAA
and HITECH statutes and regulations, as applicable. HIPAA/HITECH requires Provider
to obtain certain written assurances from Business Associate that Business Associate will
appropriately safeguard Personal Health Information ("PHI") as well as Electronic
Protected Health Information ("BPHI").
B. Relationship. Provider and Business Associate have entered into this Agreement to which
Business Associate may receive, maintain, transmit, use, obtain, access and/or create PHI
from or on behalf of Provider in the course of providing services (the "Services") for
Provider.
C. Definitions:
1. "Personal Health Information" means any information used by Provider in the course
of its business relating to any employee, patient or other individual associated with
Provider, including but not limited to any information relating to an employee's
personnel file, a patient's medical file and the physical or mental health condition,
medical history or medical treatment of an individual or a member of the individual's
family that is obtained from a medical professional, medical care institution or other
related institution. It also includes any information received from the individual, or the
individual's immediate family, or from the provision of or payment for health care to
or on behalf of an individual or a member of the individual's family.
2. "Security Incident" means any threatened, attempted, suspended, or successful
unauthorized acquisition, access, use, modification, destruction or disclosure of
PHI/EPHI under this Agreement that would be a violation of HIPAA/HITECH or a
violation of this Agreement if the PHUEPHI had in fact been acquired, accessed, used
or disclosed.
3. "Breach" means any unauthorized acquisition, access, use or disclosure of PHI/EPHI
under this Agreement that is (a) a violation of HIPAA/HITECH or (b) not permitted
under this Agreement.
4. "Limited Data Set" means a limited set of identifiable patient information as defined
by the Privacy Regulations issued under HIPAA.
1. Permitted Uses and Disclosures.
Business Associate may use and/or disclose PHI/EPHI only as permitted or required
by this Agreement or as otherwise required or allowed by Federal and California law.
Business Associate may disclose PHUEPHI to, and permit the use of PHI/EPHI by, its
employees, contractors, agents or other authorized representatives only to the extent
directly related to and necessary for the performance of the Services. Disclosure and
use of PHUEPHI by subcontractors, agents and other authorized representatives is also
subject to Section 4 below. Business Associates will, to the extent practical, limit the
use of PHI to a Limited Data Set or if necessary to the minimum necessary to
accomplish the intended purpose. Business Associate will request from Provider no
more than the minimum PHI necessary to perform the Services. Business Associate
will not use or disclose PHI/EPHI in any manner (i) inconsistent with Provider's
obligations under HIPAA/HITECH, or (ii) that would violate HIPAA/HITECH if
disclosed or used in such a manner by Provider.
Business Associate will also comply with its own direct obligations under
HIPAA/HITECH. In addition, to the extent that Business Associate is required
pursuant to this Agreement to carry out one or more of Provider's obligations under
HIPAA, Business Associate agrees to comply with the HIPAA Rules applicable to the
Provider in the performance of such obligation(s). Business Associate will not engage
in marketing or fundraising that involves the use of disclosure of PHI/EPHI and will
not otherwise receive direct or indirect remuneration for PHI/EPHI.
2. Safeguards for Protection of PHUEPHI
Business Associate will implement, maintain and use commercially appropriate
security safeguards and comply with Subpart C of 45 C.F.R. Part 164 and such other
governmental regulations requiring security safeguards with respect to EPHI, to ensure
that PHUEPHI obtained by or on behalf of Provider is not used or disclosed by Business
Associate in violation of the Agreement. Such safeguards shall be designed to protect
the confidentiality and integrity of such PHUEPHI obtained, accessed or created from
or on behalf of Provider. Security measures maintained by Business Associate shall
include administrative, physical and technical security safeguards as necessary to
protect such PHUEPHI, including such safeguards that reasonably and appropriately
Page 2 of 11
protect the confidentiality, integrity and availability of all PHI/EPHI that it creates,
receives, uses, obtains, accesses, maintains, or transmits on behalf of Provider, all in
accordance with HIPAA/HITECH. Upon request by Provider, Business Associate
shall provide a written description of such safeguards.
3. Reporting and Mitigating the Effect of Unauthorized Disclosure of Unsecured
PHI/EPHI.
Business Associate will immediately report but no later than three (3) days, upon
discovery, in writing, without limitation, by first class mail to the address noted below
and by either-, facsimile e-mail text or telephone call directed to lbanuelosgnbfd.net
any actual or potential Security Incident (as defined above) or Breach (as defined
above) by Business Associate or any or of its employees, directors, officers, agents,
subcontractors or representatives concerning the use or disclosure of unsecured PHI.
Unsecured PHI is defined under HITECH as PHI that is not rendered unusable or
indecipherable to an unauthorized individual through the use of a technology or
methodology specified under HITECH. Currently under HITECH PHI/EPHI is not
secured unless electronic health records are encrypted in accordance with NIST
standards, or if hard copy media, it is destroyed (shredding, redaction or destruction).
Business Associate will be deemed to have discovered a Breach or Security Incident as
of the first day on which the Breach or Secuirty Incident is, or should reasonably have
been known to (a) Business Associate or (b) any employee, officer, contractor or other
agent of Business Associate including the individual committing the Breach. Business
Associate further will investigate the Breach or Security Incident and provide to
Provider, no later than twenty (20) days after discovery, all information Provider may
require to make notifications of the Breach or Security Incident to individuals and/or
other persons or entities of the Breach or Security Incident ("Notifications"). Provider
may elect, in its sole discretion, for Business Associate to make the Notifications and
implement other mitigation steps, in a form and manner and within timeframes directed
by Provider, consistent with Provider's legal obligations. Without limitation as to any
other remedies available to Provider under this Agreement or the law, Business
Associate will pay, or reimburse Provider for all costs incurred in connection with
provision of the Notifications including all costs incurred to mitigate the harmful
effects or potentially harmful effects of the Breach or Security Incident (the "Costs").
Business Associate will establish and implement procedures and other reasonable
efforts for mitigating, to the greatest extent possible, any harmful effects arising from
improper use and/or disclosure of PHI/EPHI. Upon request by Provider, Business
Associate shall provide a written description of such procedures.
Business Associate shall require its employees, agents, and subcontractors to promptly
report to Business Associate any use of PHI/EPHI in violation of governmental laws,
regulations or this Agreement to Business Associate, and Business Associate, shall
immediately report the same to Provider.
Page 3 of 11
4. Use and Disclosure of PHUEPHI by Subcontractors, Agents and Representatives
Business Associate will require any subcontractor, agent or other representative that is
authorized to create, receive, maintain, transmit, use, or have access to PHUEPHI
obtained or created under this Agreement, to agree, in writing, to adhere to the same
restrictions, conditions and requirements regarding the use and/or disclosure of
PHUEPHI and safeguarding of the same, that apply to Business Associates under this
Agreement, including the implementation of necessary administrative, physical and
technical security safeguards and procedures for mitigating any harmful effects arising
from improper use and/or disclosure of PHI/EPHI. However, Business Associate
acknowledges and agrees that Business Associate will be responsible for reporting to
Provider any Security Incident or Breach of PHI/EPHI by a subcontractor, agent or
other representative in the manner set forth in Paragraph 3, and that Business Associate
will be liable to Provider for all Costs described in Paragraph 3 resulting from the
unauthorized disclosure of unsecured PHUEPHI by a subcontractor, agent or
representative.
At the request of Provider Business Associate agrees to make available to Provider
copies of all agreements with subcontractor, agents and representatives that create,
receive maintain transmit, use or have access to PHUEPHI obtained or created under
this Agreement.
5. Individual Rights.
Business Associate will comply with the following Individual Rights requirements of
the patient (the "Individual") as applicable to PHUEPHI used or maintained by
Business Associate:
5.1 Right of Access. Business Associate agrees to provide access to PHI/EPHI, at the
request of Provider and in a time and manner designated by the Provider, to Provider,
or as directed by Provider, to an Individual, in order to meet the individual access
requirements under HIPAA/HITECH. It is the Individual's right to obtain a copy of
their PHI in an electronic format from Business Associate if the Business Associate
maintains or uses electronic health records. Individuals may also designate another
recipient of this transmittal without having to sign an authorization. Business Associate
will comply with all other obligations regarding PHI and Individuals Rights of Access
under HIPAA/HITECH.
Notwithstanding the foregoing:
a) The Parties understand that if either Party receives a request for access to or
copies of PHI from an Individual which the Party may complete with only its
own onsite information, the time for such response shall be thirty (30) days,
with notification to the Provider upon completion.
b) If Provider does not have the requested PHI onsite and directs Business
Associate to provide access to or a copy of his/her PHI directly to the Individual,
Page 4 of 11
the Business Associate shall have sixty (60) days from the date of the
Individual's request to provide access to PHI or deliver a copy of such
information to the Individual. The Business Associate shall notify the Provider
when it completes the response.
c) If the Provider receives a request and requires information from the Business
Associate in addition to the Provider's onsite information to fulfill the request,
the Business Associate shall have thirty (30) days from the date of Provider's
notice to provide access or deliver such information to the Provider so that the
Provider may timely respond to the Individual within the sixty (60) day
requirement of 45 CFR 164.524.
d) If the Party designated above responding to the Individual's request is unable
to complete the response to the request in the time provided, that Party shall
provide the Individual with a written statement of the reasons for the delay and
the date by which the Party will complete its action on the request. The Party
may extend the response time once for no more than thirty (30) additional days.
5.2 Right of Amendment. Business Associate agrees to make any amendment(s) to
PHI/EPHI that Provider directs in order to meet the amendment requirements under the
Privacy Rule. Business Associate shall make such amendment(s) within thirty (30)
days of receipt of a written directive from provider detailing the required
amendment(s).
5_3 Right to Accounting of Disclosures. Business Associate agrees to document and
maintain such disclosures of PHI/EPHI as would be required for Provider to respond
to a request by an Individual for an accounting of PHI in accordance with the Privacy
Rule, and to provide all such documentation to Provider or, as directed by Provider, to
an Individual, in the time and manner designated by Provider. Business Associate will
otherwise comply with its obligations regarding an Individual's right to an accounting
of disclosures under HIPAA/HITECH.
The Business Associate agrees to provide to Provider or to an Individual, in time and
manner designated by Provider, information collected in accordance with this
Agreement, to permit Provider to respond to a request by an Individual for an
accounting of disclosures of PHI in accordance with 45 CFR § 164.528. The Provider
shall forward the Individual's request requiring the participation of the Business
Associate to the Business Associate in a timely manner, after which the Business
Associate shall provide such information as follows:
a) If Provider directs Business Associate to provide accounting of disclosures of the
Individual's PHI directly to the Individual, the Business Associate shall have sixty (60)
days from the date of the Individual's request to provide access to or deliver such
information to the Individual. The Provider shall provide notice to the Business
Associate in time to allow the Business Associate a minimum of thirty (30) days to
timely complete the Individual's request.
Page 5 of 11
b) If the Provider elects to provide the accounting to the Individual, the Business
Associate shall have thirty (30) days from date of Provider's notice of request to
provide information for the Accounting to the Provider so that the Provider may timely
respond to the Individual within the sixty (60) day period.
c) If either of the Parties is unable to complete the response to the request in the times
provided above, that Party shall notify the Individual with a written statement of the
reasons for the delay and the date by which the Party will complete its action on the
request. The Parties may extend the response time once for no more than thirty (30)
additional days.
d) The accounting of disclosures shall include at least the following information:
(1) date of the disclosure; (2) name of the third party to whom the PHI was disclosed,
(3) if known, the address of the third party; (4) brief description of the disclosed
information; and (5) brief explanation of the purpose and basis for such disclosure.
e) The Parties shall provide one (1) accounting in any twelve (12) months to the
Individual without charge. The Parties may charge a reasonable, cost -based fee, for
each subsequent request for an accounting by the same Individual if he/she is provided
notice and the opportunity to modify his/her request. Such charges shall not exceed any
applicable State statutes or rules.
f) As Business Associate does not, without limitation, create, edit or otherwise change
PHUEPHI provided to Business Associate, Provider hereby agrees to indemnify and
defend Business Associate against any claims made in connection with any erroneous
or false PHI/EPHI contained in any reports provided to an individual or entity at the
direction of Provider.
6. Use and Disclosure for Business Associate's Purposes
6.1 Use. Except as otherwise limited in this Agreement, Business Associate may use
PHI/EPHI for the proper management and administration of Business Associate or to
carry out the legal responsibilities of Business Associate.
6.2 Disclosure. Except as otherwise limited in this Agreement, Business Associate
may disclose PHUEPHI for the proper management and administration of Business
Associate, provided that disclosures are required by law, or Business Associate obtains
reasonable assurances from the person to whom the PHUEPHI is disclosed that the
PHI/EPHI will remain confidential and be used or further disclosed only as required by
law or for the purpose for which it was disclosed to the person, and the person notifies
Business Associate immediately upon discovery of any instances in which the
confidentiality of the PHI has been Breached, as defined above and described in Section
3 of this Agreement.
Page 6of11
7. Audit and Inspection
Business Associate will make its internal practices, books, records, policies and
procedures relating to the use and disclosure of PHI received from, or created or
received by Business Associate on behalf of Provider, available to the federal
Department of Health and Human Services ("HHS"), the Office of Civil Rights
("OCR"), or their agents and to Provider for purposes of monitoring with
HIPAA/HITECH.
8. Term and Termination
8.1 Term. Unless terminated sooner pursuant to Section 8.2, this Agreement will
remain in effect for the duration of all Services provided by Business Associate
pursuant to the Huly Solution Agreement dated November 20, 2025 and for so long as
Business Associate will remain in possession of any PHUEPHI received from, or
created or received by Business Associate on behalf of Provider, unless Provider has
agreed in accordance with Section 8.3 that it is infeasible to return or destroy all
PHI/EPHI.
8.2 Termination. Upon discovery of a material breach of this Agreement, the non -
breaching Party must take reasonable steps to cure the breach. The non -breaching Party
must provide the breaching Party with written notice of the existence of the material
breach and afford the breaching Party thirty (30) days to cure the material breach. If
such steps are unsuccessful, HITECH requires the non -breaching Party to terminate the
Agreement, if feasible, or notify HHS. If termination of the Agreement is not feasible,
the non -breaching Party will provide the breaching Party with advance written notice
of its intent to notify HHS and provide a copy of that notification. HHS must be notified
of all breaches, whether by the non -breaching or the breaching Party. The Parties may
terminate this Agreement for any reason or no reason by providing thirty (30) days'
written notice to the other Party.
8.3 Effect of Termination. Upon termination of the Services Agreement and this
Agreement, Business Associate will recover any PHUEPHI relating to this Agreement
in the possession of its subcontractors, agents or representatives. Business Associate
will return to Provider or destroy all such PHI/EPHI plus all other PHUEPHI relating
to this Agreement in its possession, and will retain no copies. If Business Associate
believes that it is not feasible to return or destroy the PHUEPHI as described above,
Business Associate will notify Provider in writing. The notification will include (i) a
statement that Business Associate has determined that is infeasible to return or destroy
the PHI/EPHI in its possession and (ii) the specific reasons for such determination. If
Provider agrees in its sole discretion that Business Associate cannot feasibly return or
destroy the PHI/EPHI, Business Associate will ensure that any and all protection,
requirements, and restrictions contained in this Agreement, including Subpart C of 45
C.F.R. Part 164, will be extended to any PHI/EPHI retained after the termination of
this Agreement, and that further use and/or disclosures will be limited to the purposes
that make the return or destruction of the PHI/EPHI infeasible.
Page 7of11
9. No Employment Relationship
Provider and Business Associate are independent contractors, and neither Parry nor any
agent, employee or representative of such Party shall be deemed to be an employee or
agent of the other Party for any purpose. Although Business Associate has agreed to
perform the Services described in the accompanying Agreement at the request of
Provider, the Parties agree that Provider will not control how Business Associate
performs the specific Services set forth in the accompanying Agreement. At no time
will Business Associate represent in any way to any third-Party/patient or the general
public that it is an agent of Provider.
10. Indemnification
To the fullest extent permitted by law, Huly shall indemnify, defend and hold harmless
City, its City Council, boards and commissions, officers, agents, volunteers, employees
and any person or entity owning or otherwise in legal control of the property upon
which Huly performs the Project and/or Services contemplated by this Agreement
(collectively, the "Indemnified Parties") from and against any and all claims (including,
without limitation, claims for bodily injury, death or damage to property), demands,
obligations, damages, actions, causes of action, suits, losses, judgments, fines,
penalties, liabilities, costs and expenses (including, without limitation, attorneys' fees,
disbursements and court costs) of every kind and nature whatsoever (individually, a
Claim; collectively, "Claims"), which may arise from or in any manner relate (directly
or indirectly) to any breach of the terms and conditions of this Agreement, any Work
performed or Services provided under this Agreement including, without limitation,
defects in workmanship or materials or Huly's presence or activities conducted on the
Project (including the negligent, reckless, and/or willful acts, errors and/or omissions
of Huly, its principals, officers, agents, employees, vendors, suppliers, consultants,
subcontractors, anyone employed directly or indirectly by any of them or for whose
acts they may be liable, or any or all of them).
11. Insurance
Business Associate agrees that it will maintain general liability insurance in a sufficient
amount to protect against any and all losses of PHI/EPHI, or any Security Incident or
Breach, as defined above and described in Paragraph 3 of this Agreement and without
limiting Business Associates indemnification obligations, prior to commencement of
the Services, shall obtain, provide and maintain at its own expense during the tern of
this Agreement, the insurance policy (ies) as described int eh Insurance Requirements
attached hereto as Exhibit B, and incorporated herein by reference. Upon request,
Business Associate agrees to make available to Provider evidence of such insurance,
and agrees to notify Provider within five (5) days of any lapse or change in the terms,
conditions or limits of said insurance coverage.
Page 8of11
12. Miscellaneous
12.1 Survival. The respective rights and obligations of the Parties under Section 7
(Audit & Inspection), Section 8.3 (Effect of Termination), 9 (Provider and Business
Associate), 10 (Indemnification) and 12 (Miscellaneous) will survive termination of
this Agreement indefinitely.
12.2 Amendments. This Agreement constitutes the entire Agreement between the
Parties with respect to its subject matter. It may not be duly modified, nor will any
provision be waived or amended, except in a writing duly signed by authorized
representatives of the Parties. Notwithstanding the foregoing, Provider may amend this
Agreement upon written notice to Business Associate if the amendment is necessary to
comply with a statutory or regulatory requirement.
12.3 Waiver. A waiver with respect to one event will not be construed as continuing,
or as a bar to or waiver of any right or remedy as to subsequent events.
12.4 Compliance with HIPAA/HITECH. Any ambiguity in this Agreement will be
resolved in favor of a meaning that permits Parties to comply with HIPAA/HITECH,
as amended by the Final Omnibus HIPAA/HITECH Rules promulgated by the U.S.
Department of Health and Human Services on January 25, 2013.
12.5 No Third -Party Beneficiaries. Nothing expressed or implied in this Agreement
is intended to confer, nor will anything herein confer, upon any person other than the
Parties and their respective successors and permitted assigns, any rights, remedies,
obligations or liabilities whatsoever.
12.6 Notices. Any notice to be given under this Agreement to a Party will be made
via certified mail or commercial courier, or hand delivery to such Party as its address
given below, and/or via facsimile to the facsimile telephone number listed below, or to
such other address or facsimile number as will hereafter be specified by notice from
the Party. Any such notice will be deemed given so delivered to or received at the
proper address.
12.7 Mutual Non -Disparagement. The Parties acknowledge that any disparaging
comments by either Party about the other Party are likely to substantially depreciate the
business or personal reputation of the Parties. The Parties agree to act in good faith so
as not to harm the business or personal reputation of the other Party in any way. The
Parties further agree not to directly or indirectly defame, disparage, or publicly criticize
the services, business, integrity, veracity or reputation of the other Parry, its owners,
officers, directors, or employees in any forum directly or through any medium of
communication. The Parties agree not to, without limitation, directly or indirectly,
through executive officers or directors, defame, disparage, or publicly criticize the
integrity, veracity or reputation of the other Party.
Page 9of11
If to the Business Associate:
Attention: Nidhish Dhru — President/Treasurer
1729 Cedarwood Loop
San Ramon, CA 94582
If to Provider,
Attention: Attn: EMS Division Chief
Newport Beach Fire Department
City of Newport Beach
100 Civic Center Drive
PO Box 1768
Newport Beach, CA 93658
12.8 Breach of Covenants. Business Associate and Provider acknowledge that breach
of the terms of this Agreement will cause irreparable harm to the business of the non -
breaching Party and that damages arising from any breach may be difficult to ascertain
and no adequate legal remedies exists. Accordingly, non -breaching Party shall be
entitled to receive injunctive relief and/or specific performance and damages, as well
as any and all legal and equitable remedies to which it may be entitled.
12.9 Inconsistencies. If any terms of this Agreement conflict with or are inconsistent
with the terms of the Agreement covering the Services provided by the Business
Associate, the terms of this Agreement will prevail.
12. 10 Controlling Law and Venue. The laws of the State of California shall govern
this Agreement and all matters relating to it and any action brought relating to this
Agreement shall be adjudicated in a court of competent jurisdiction in the County of
Orange, State of California.
12.11 No Attorneys' Fees. In the event of any dispute or legal action arising under
this Agreement, the prevailing party shall not be entitled to attorneys' fees.
12.12 Counterparts. This Agreement may be executed in two (2) or more
counterparts, each of which shall be deemed an original and all of which together shall
constitute one (1) and the same instrument.
Page 10 of 11
IN WITNESS WHEREOF, each of the Parties has caused this Agreement to be executed in its
naives and on its behalf as of the Effective Date.
APPROVED AS TO FORM:
CITY ATTORNEY'S OFFICE
Date:
By:
Aaron C. Harp
City Attorney
ATTEST:
Date:
By:
Lena Shumway
City Clerk
CITY OF NEWPORT BEACH,
a California mu cipal orporation
Date: d /off/2G
By: 4,
Je oyles
Fire Chief
CONTRACTOR: Huly Corp, a Delaware
corporation
Date:
LM
Signed in Counterpart
Nidhish Dhru
President/Treasurer
Page 11 of 11
IN WITNESS WHEREOF, each of the Parties has caused this Agreement to be executed in its
names and on its behalf as of the Effective Date.
APPROVED AS TO FORM:
CITY ATTORNEY'S OFFICE
Date: 1117,1 17,s
By:
Aa n C. Harp
City Attorney
ATTEST:
Date:
UM
Lena Shumway
City Clerk
CITY OF NEWPORT BEACH,
a California municipal corporation
Date:
By:
Jeff Boyles
Fire Chief
CONTRACTOR: Huly Corp, a Delaware
corporation
Date:
By:
Nid s hru
President/Treasurer
Page 11 of 11
q 12 286 D+ 24
qSearch
Insured Name
HULY Corp (FV00001479)
.___. _.__._.... .
Q
HULY Corp (FV00001479)
Active Records Only
Advance Search
Insured Tasks Admin Tools
View
sgs Insured
Notes
J History
Deficiencies
Coverages
Requirements
Add
Other Document Tracking
Edit
Help
Video Tutorials
-t& Insured
Name:
Account Number:
Address:
Status:
HULY Corp
FV00001479
1729 CEDARWOOD LOOP, SAN
RAMON, CA, 94582
Compliant with Waived
Deficiencies.
Insured
Business Unit(s) I Print Insured Info
Account Information
Account Number: FV00001479
Risk Type: Professional
Services
Agreement
Do Not Call: Address Updated:
Address Information
Mailing Address Physical Address
Insured: HULY Corp HULY Corp
Address 1: 1729 3377 W ROCKY PEAK WA)
CEDARWOOD
LOOP
Address 2:
City: SAN RAMON SOUTH JORDAN
State: CA UT
Zip: 94582 84095
Contract Information
Contract Number:
Contract Start Date:
Contract Effective Date:
Description of Services:
Contact Information
CLOUD
BASED Al
SOFTWARE
Contract End Date:
Contract Expiration Date:
Safety Form II:
Contact Name: Nidhish Dhru Misc:
Phone Number: Alt Phone Number:
Fax Number:
E-Mail Address: nidhish@huly.ai; Ibanuelos@nbfd.net
Approval Date:
Rush: No
Contract on File: No
Certificate Received: No
Indemnification Agreement: No
Tax Id:
This Account created by 936 on 11/26/2025.