Stanford University Purchase Orders are issued subject to the following terms and conditions. Terms in any acceptance by a Seller which are in addition to, or not identical with the following terms will not become a part of any Stanford University Purchase Contract unless Stanford specifically and expressly agrees in writing that such other terms are accepted (Updated July 20, 2021).

1.1 “Stanford” means the Board of Trustees of the Leland Stanford Junior University.  

1.2 “Contractor” means the person or entity contracting to supply goods and/or services under this Purchase Order,  and includes all Contractor's sales or other agents, subcontractors, employees and distributors thereof.

1.3 “PO” means a valid Stanford University Purchase Order. 

The PO is accepted on, subject to, and governed by the terms set forth herein. Any additional Terms will not become a part of any PO unless Stanford specifically and expressly agrees in writing that such additional terms are accepted. By performing under the PO or any part hereof, Contractor agrees to and accepts all the provisions of the PO and agrees to fully perform. 

Stanford shall have a reasonable time (but not less than 30 days) after receipt to inspect goods tendered by Contractor. Stanford at its option may reject all or any portion of such goods which do not in Stanford's sole discretion comply in every respect with each and every term and condition of this PO. Stanford may elect to reject any or all goods tendered even if only a portion thereof is nonconforming.  If Stanford elects to accept nonconforming goods, Stanford, in addition to its other remedies, shall be entitled to deduct a reasonable amount from the price to compensate Stanford for the nonconformity. Any acceptance by Stanford, even if unconditional, shall not be deemed a waiver or settlement of any defect in such goods.

Stanford shall pay Contractor the Fee set forth in Contractor's quotation/proposal referenced herein for services satisfactorily performed by Contractor in accordance with this PO. If Contractor's Fee is stated as an hourly rate, fractional hours shall be compensated for on a prorated basis. Time necessarily spent in local travel shall not be considered working time. Hours expended by Contractor shall be documented by weekly timesheets. Timesheets shall be provided to Stanford, upon request. Hourly rates shall include Contractor's fees, cost of operation, including benefits attributable to payroll, overhead, salaries and other administrative expenses.  Contractor and Stanford agree that the Maximum Cost for Contractor's Fees set forth in this PO shall not be exceeded without prior written approval byStanford and a change order to the PO has been issued. Stanford shall reimburse Contractor on account of expenses paid or incurred by Contractor for travel beyond a 50-mile radius from the Stanford University campus. The amount and extent of reimbursement for travel shall be in accordance with the provisions of Stanford University's Guide Memorandum Number 5-4-2, which can be viewed at https://adminguide.stanford.edu/5-4-2. Stanford will also reimburse Contractor on account of incurred costs for reproduction services as may be required in the performance of this PO, and for such purchased services as may be approvedin advance by Stanford, at Contractor's  cost. The amount for Contractor's reimbursable expenses, if any, shall be included in Contractor's quotation/proposal. The total Not-to-Exceed amount stated on the PO shall constitute the limit of compensation due to Contractor under this Agreement.

Contractor shall include Stanford's eight (8) digit PO number on all invoices and the delivery address for all goods delivered to Stanford.

6.1 GOODS: If this PO is for the provision of goods, Stanford shall transmit payment to Contractor within thirty (30) days from acceptance of a proper invoice, e.g., one submitted pursuant to a valid PO.

6.2 SERVICES: If this PO is for the provision of services, Contractor shall submit invoices for services, reimbursable expenses and additional services not more often than once per month to the person and/or office specified in the PO. If Contractor's Fee is stated as an hourly rate, supporting data to be attached to the invoice shall include payroll data identifying each individual, the position, grade or title, number of hours worked, applicable hourly rate and dates worked. Invoices for reimbursable expenses shall be supported by receipts for material, equipment, and rental or other services or charges as appropriate to this PO. Each invoice shall contain a summary of the total amount of previous invoices, this invoice amount, and the unbilled balance of this PO and its approved Change Orders. If the Contractor believes that any amount included in a current invoice is outside the scope of this PO, Contractor shall identify the amount and the nature of the work. In addition, the Contractor shall, on a monthly basis, review its progress on the project. If the Contractor, having performed said review, has reason to anticipate a need for additional funding, it shall indicate, on an invoice attachment, the reasons for the anticipated funding increase, its best estimate of the total additional costs and the time impact, if any, on the project completion schedule. Any failure by the Contractor to comply with this section shall be cause for Stanford to refuse compensation. Upon submission by Contractor of a valid and fully-supported invoice, for Contractor's Services, and approved by Stanford, Stanford will, within 30 calendar days, pay Contractor for Services therefore performed or rendered. Invoices for Contractor's Services are to be made out to Stanford University and submitted for approval, to the address stated on the face of this PO. The PO Number shall be referenced on each invoice.

Contractor understands that time is of the essence with respect to its performance, and thatthis Agreement may not be modified, supplemented, qualified or interpreted by any usage of trade.

Unless otherwise specified herein, Contractor agrees that the price quoted herein includes all federal, state and local sales, use, excise, transaction, and other taxes, fees and/or assessments.

Until accepted by Stanford as provided above, Contractor shall bear all risk of loss and damage, unless such loss or damage results solely from the gross negligence or intentional misconduct of Stanford.

10.1 GOODS: If this PO is for the provision of goods, Contractor warrants that the goods (a) are of merchantable quality; (b) are fit for the particular needs and purposes of Stanford as may be communicated to Contractor; (c) comply with the highest warranties, representations and options expressed by Contractor orally or in any written advertisement, correspondence or other document provided to or in the possession of Stanford; (d) comply with all applicable laws, codes and regulations as published by any national, state or local association or group; and (e) are not restricted in any way by patents, copyrights, trade secrets, or any other rights of third parties. If any of the foregoing warranties is breached, Contractor agrees to correct all defects and nonconformities, to be liable for all direct, indirect, consequential and other damages suffered by Stanford and any other persons, and to defend, indemnify and hold harmless Stanford from any claim asserted by any person resulting in whole or in part from such breach.

10.2 SERVICES: If this PO is for the provision of services, Contractor warrants that all services hereunder shall be performed by personnel experienced and highly skilled in their profession and in accordance with the highest applicable standards of professionalism for comparable or similar services. Contractor shall be responsible for the professional quality, timeliness, coordination and completeness of the services. Contractor personnel assigned to perform the services shall be as proposed by Contractor and approved by Stanford. No such personnel of Contractor shall be reassigned without the approval of Stanford. Contractor shall use only personnel required for the performance of the services who are qualified by education, training and experience to perform the tasks assigned to them. Contractor agrees to replace any of its employees whose work is considered by Stanford to be unsatisfactory or contrary to the requirements of the services to be performed hereunder. Stanford shall not supervise nor control the details of Contractor's services, but rather shall be interested only in the results of Contractor's services.

If at any time Stanford in good faith determines that it questions Contractor's ability or intent to perform, then Contractor agrees to provide Stanford with written assurance fully satisfactory to Stanford, in Stanford's sole discretion, of Contractor's ability and intent to fully perform. Such assurance shall be provided within the time and in the manner specified by Stanford. Contractor shall immediately notify Stanford of any circumstance which may cause Contractor to fail to fully perform. Upon Stanford's good faith determination that Contractor cannot or will not perform, then Stanford may deem this PO to be breached by Contractor (unless performance is excused as provided below), may cancel this PO, and/or may re-procure from other sources.

Stanford shall be obligated to pay Contractor only for goods and/or services described herein. Any additional goods or services must be approved in writing by Stanford. Stanford, by written notice, may change or terminate all or any part of this PO for Stanford's convenience. If such changes cause an increase or decrease in costs incurred or time required to complete performance an equitable adjustment shall be made in compensation and/or period of performance, and this PO shall be amended accordingly in writing, provided however that Stanford will not compensate Contractor for any goods not shipped or services not performed by the date of such change or termination. If such goods are standard items of Contractor's inventory, Contractor's claim for an equitable adjustment under this paragraph must be submitted to Stanford in writing within 30 days of receipt of notice of change or termination, otherwise all such claims of Contractor shall be deemed to have been waived.

Stanford may, by written notice, terminate this PO, in whole or in part, for failure of Contractor to perform any of the provisions, including failure to deliver as and when specified. If the PO is terminated, Contractor shall be liable for all damages, including without limitation:

a) Any incremental cost of re-procuring the same or similar goods or services,

b) Shipping charges for any items Stanford may, at its sole option, return to Contractor, including items already delivered, but for which Stanford no longer has any use because of Contractor's default, and

c) Amounts paid by Stanford for any items Stanford received but returns to Contractor.

In the event of termination, Stanford shall be liable only for payment in accordance with the payment provisions of this PO for services performed prior to the effective date of termination.  

Contractor shall be excused for any nonperformance due principally to circumstances which are both beyond its control and not foreseeable, but in no event shall Contractor be excused for any inability to obtain goods or services necessary for Contractor's performance, nor for any labor dispute involving employees of Contractor, Stanford, any subcontractor of either, any carrier, or any other person.

Contractor agrees to indemnify, defend and hold Stanford harmless from and against, and to waive all claims against Stanford for claims, suits and demands of liability loss or damage whatsoever, including reasonable attorneys' fees, whether direct or consequential,  
a) on account of any loss, injury, death or damage (including without limitation lost-wage, labor, or employment claims)  to any person or property (including without limitation all agents and employees of Contractor and Stanford and all property owned by, leased to or used by either Contractor or Stanford, or both)  or 
b) on account of any loss or damage to business or reputation or privacy of any person, 
arising in whole or in part in any way from or in any way connected with or in any way related to Contractor's performance, and regardless of whether such loss, injury, death or damage or person or property results in whole or in part from (1) the negligence or omission of Stanford, (2) any product liability of Stanford or any person, or (3) any strict liability of Stanford or any person.  
There are excluded from the above indemnity and waiver provisions any such claims, suits and demands of liability, loss or damage resulting solely from Stanford's gross recklessness or willful intent to injure. As used in this indemnity  and waiver provision, and for purposes of Contractor's insurance, “Stanford” shall be deemed to include Stanford University, its Trustees, Directors, officers, employees, faculty, students, agents, affiliated organizations and their insurance carriers, if any.  

Contractor, at its expense, shall defend, indemnify and hold harmless Stanford, its trustees, officers, employees, agents, and students from and against any and all claims and demands which may be made to the extent that it is based on a claim that any Services furnished hereunder infringed a patent, copyright, trademark, service mark, trade secret, or other legally protected proprietary right.  Contractor shall pay all costs, fees, and damages which may be incurred by Stanford for any such claim or action or the settlement thereof.

Contractor agrees not to use Stanford's name or other Stanford trademarks (together referred to herein as the "Marks"), or the name or trademarks of any related organization, or to quote any of Stanford's faculty, staff, students, volunteers or agents ("Quotes"), either in writing or orally, without the prior written consent of Stanford’s Senior Director, University Brand Management.  This prohibition includes, but is not limited to, use of the Marks or Quotes in press releases, advertising, marketing materials, other promotional materials, presentations, photographs for commercial use, case studies, reports, websites, application or software interfaces, and other electronic media.

18.1   Non-Disclosure. Contractor acknowledges that Stanford continually develops Confidential Information for Stanford and that Contractor may learn of Confidential Information, including Confidential Information of third parties, during the term of this Agreement. Contractor will comply with the policies and procedures of Stanford for protecting Confidential Information set forth below and, in any event, shall not disclose to any person or entity (except as required by applicable law or for the proper performance of Contractor’s duties and responsibilities to Stanford), or use for Contractor’s or any third party’s benefit or gain, any Confidential Information obtained by Contractor incident to Contractor’s consultancy or other association with Stanford.  Contractor understands that this restriction shall continue to apply after this Agreement terminates, regardless of the reason for such termination.

18.2   Ownership of Data. Ownership of technical data produced by or for Contractor or any of its employees in the course of performing the Services hereunder and of all proprietary rights therein shall vest in and shall be delivered, upon request, to Stanford.  For the purposes hereof, the term "technical data" means technical writing, pictorial reproductions, drawings or other graphical representations, tape recordings, reports, calculations, tables and documents of technical nature, whether copyrightable or copyrighted, which are made in the course of performing the Services as specified. Contractor may, however, use data prepared or produced under this Agreement, where such data is otherwise made publicly available or with the specific approval of Stanford.

18.3   Data Security. Contractor agrees to handle data and other information ("Data") with a standard of care at least as rigorous as that specified in Stanford's Minimum Security Standards and Minimum Privacy Standards, located at https://minsec.stanford.edu and http://minpriv.stanford.edu respectively, which are hereby incorporated by reference into the Agreement. Prior to performing Services which require access to, transmission of, and/or storage of Stanford's Moderate or High Risk Data, Contractor will provide a third party certification verifying its ability to comply with the Guidelines. Contractor will not copy, cause to be copied, use or disclose Data received from or on behalf of Stanford except as permitted or required by the Agreement, as required by law, or as otherwise authorized by Stanford in writing. Contractor will give immediate notice to Stanford of any actual or suspected unauthorized disclosure of, access to or other breach of the Data. In the event of actual or suspected unauthorized disclosure of, access to, or other breach of the Data, Contractor will comply with all state and Federal laws and regulations related to such breach, and will cooperate with Stanford in fulfilling its legal obligations. Contractor will indemnify Stanford for its violation of this paragraph, including but not limited to the cost of providing appropriate notice to all required parties and credit monitoring, credit rehabilitation, or other credit support services to individuals with information impacted by the actual or suspected breach. Upon termination or expiration of the Agreement, Contractor will return or, at Stanford's election, destroy, the Data within 30 days from the conclusion of the Agreement. This paragraph and its indemnity will survive the termination of the Agreement.

18.4   FERPA (Family Educational Rights and Privacy Act). During the course of performing Services under this Contract, Contractor may have access to certain Student educational records. If Contractor accesses Student educational records, Contractor may not permit access to, or the release or transfer of personally identifiable information from a student’s educational record to any party by any means, other than to Stanford officials and/or the student upon written request.

18.5   Protected Health Information. During the course of performing Services under this Contract, Contractor may have access to certain information that may constitute Protected Health Information (PHI). Attached to, and hereby incorporated into, this Agreement is a Business Associate Addendum (BAA) that sets forth the terms and conditions governing the handling of PHI. If Contractor accesses PHI, Contractor agrees to comply with the requirements of the BAA, and acknowledges that failure to comply with the requirements of the BAA may result in the liquidated damages stipulated in the BAA and termination of this Agreement.

18.6   GDPR (General Data Protection Regulation). During the course of performing Services under this Agreement, Contractor may have access to certain information that may constitute Personally Identifiable Information (PII) under the General Data Protection Regulation (GDPR). Attached to and hereby fully incorporated into this Agreement is a Data Processing Addendum that sets forth the terms and conditions governing the handling of Personally Identifiable Information.  If Contractor has access to PII for a particular project, Contractor: (a) will return a copy of the Data Processing Addendum to Stanford, complete with information detailing the specific usage of the applicable data, such information requirements are highlighted in yellow in the Data Processing Addendum; (b) agrees to comply with the requirements and stipulations of said Data Processing Addendum; and (c) acknowledges that failure to comply with such requirements will subject Contractor to the damages stipulated in the GDPR as well as termination of this Agreement.

Contractors that process, store or transmit credit card information hereby certifies its PCI DSS compliance, including PCI DSS 12.9 that requires “Service providers acknowledge in writing to customers that they are responsible for the security of cardholder data the service provider possesses or otherwise stores, processes, or transmits on behalf of the customer, or to the extent that they could impact the security of the customer’s cardholder data environment.”

Stanford reserves the right at any time to request that Contractor provide Stanford with written proof of its PCI DSS compliance certifications that are signed by a certified PCI Qualified Security Auditor to verify that Contractor and each of its subcontractors conducts and maintains ongoing compliance under the current PCI DSS compliance standard.

Contractor shall not commence Services under this Agreement until it has obtained insurance that satisfies the below minimum insurance requirements. The Contractor shall not allow any subcontractor to commence Services under a subcontract until the subcontractor has obtained insurance that satisfies the below minimum insurance requirements, or Contractor has insured the subcontractor under its own insurance policies.  

Insurance required under this Agreement shall be:
20.1 Commercial General Liability (bodily injury, property damage, and personal injury) insurance, with a single limit of not less than $2,000,000 for a single occurrence.

20.2 Automobile Liability insurance (bodily injury, property damage and personal injury), with a combined single limit of not less than $1,000,000 for all owned, non-owned, and hired vehicles.

20.3 Commercial General Liability and Automobile Liability insurance shall include the following provisions:
20.3.1 For projects at the University: The Board of Trustees of the Leland Stanford Junior University, its officers, agents, representatives, students, employees and volunteers, shall be included as additional insureds, by endorsement.  

20.3.2 For projects at Stanford Hospital and Clinics: In addition to those listed above, Stanford Hospital and Clinics, its Board of Directors, its officers, agents, representatives, students, employees, and volunteers shall be included as additional insureds, by endorsement. 

20.3.3 The Contractor’s insurance shall be primary coverage, Stanford University and/or Stanford Hospital and Clinics insurance or self-insurance shall be excess and noncontributory.  

20.3.4 Thirty (30) days prior written notice of cancellation or material change in the insurance must be given to Stanford. 

20.3.5 Contractor and Contractor’s insurance companies waive their rights to subrogation against the above named insureds, by endorsement.

20.4 Worker's Compensation insurance and employer's liability insurance covering all persons whom the Contractor may employ in carrying out the Services hereunder. Worker's Compensation insurance will be in accordance with the Worker's Compensation Law of the State of California.

20.5 The insurance arranged by the Contractor and subcontractor(s) or subconsultant(s) shall include contractual liability insurance insuring the indemnity terms of this Agreement.

20.6 On each insurance certificate, the Certificate Holder shall read as follows:  
“The Board of Trustees of the Leland Stanford Junior University
485 Broadway, University Hall, Redwood City, CA 94063”

The Contractor shall furnish Stanford the insurance documents for all insurance required in the preceding paragraphs. The failure of Stanford to: a) object to insurance documents that do not comply with the above insurance requirements or b) require performance by the Contractor under these provisions does not constitute a waiver of these provisions. These provisions may only be amended or waived as provided by this Agreement or by a separate writing signed by Stanford.

Whenever an actual or potential labor dispute delays or threatens to delay the performance under this Agreement, Contractor shall immediately notify Stanford in writing, presenting all relevant information concerning the dispute and its background.

Stanford's policy requires avoidance of real or apparent conflict of interests. Contractor affirms, that to the best of its knowledge, there exists no actual or potential conflict between Contractor's family, business or financial interest and the Services under this Agreement, and in the event of change in either private interests or Services under this Agreement, it will raise with Stanford any question regarding possible conflict of interest which may arise as a result of such change.

Stanford shall have access to and the right to examine any directly pertinent books, documents, papers and records of Contractor involving transactions related to this Agreement until the expiration of three (3) years after final payment hereunder. Contractor agrees to keep and maintain such records for such period of time. If this Agreement is for the provision of Services with a value of $10,000.00 or more within a 12 month period, then until the expiration of four (4) years after the furnishing of any Services pursuant to this Agreement, Contractor shall make available, upon written request from the Secretary of the United States Department of Health and Human Services or from the United States Comptroller General, or any of their duly authorized representatives, this Agreement and such books, documents and records of Contractor as are necessary to certify the nature and extent of the reasonable cost of Services to Stanford.  If Contractor enters into an agreement with any related organization to provide Services pursuant to this Agreement with a value of $10,000.00 or more within a 12-month period, such agreement shall contain a clause identical in content to the first sentence of this paragraph. This paragraph shall be of force and effect only to the extent required by P.L. 96 499.

Except for subcontracting specifically approved by Stanford, Contractor shall not assign its rights nor delegate its duties under this Agreement. Notwithstanding any notice of assignment, Stanford's tender of payment to the Contractor named herein or to any person reasonably believed by Stanford to be entitled to payment shall fully satisfy Stanford's obligation to pay, and in no event shall Stanford be obligated to pay additional sums or be liable for any damages due to failure to pay the correct party.

The laws of the State of California govern all matters arising out of or relating to this Agreement. Any dispute arising under this Agreement shall be resolved in the courts of Santa Clara County or in the Federal District Court for the Northern District of California, Northern Branch, and Stanford and Contractor hereby submit themselves to the personal jurisdiction of said courts. All rights and remedies of Stanford and Contractor shall be cumulative.

All Services performed under this Agreement shall conform to all applicable Local, County, State and Federal codes and regulations. Nothing in this Agreement shall be construed as requiring or permitting Services that are contrary to the above-referenced codes and regulations.

If the Contractor is providing websites, web applications, or other electronic content design or development services to Stanford under this agreement, Contractor confirms that such deliverables shall meet the requirements of Stanford’s Accessibility of Electronic Content Policy, the provisions of which are incorporated by reference.

This Agreement is subject to Stanford’s “Living Wage and Benefit Guidelines for Stanford Contractors”, hereinafter “The Guidelines,” which can be found at https://fingate.stanford.edu/purchasing-contracts/policy/policy-and-initiative-information-suppliers#anchor-23986

Contractor represents and warrants that it will comply with The Guidelines as amended by Stanford from time to time. Contractor acknowledges that failure to comply with The Guidelines will be deemed a material breach of this Agreement. Contractor agrees to provide in a timely manner upon Stanford’s written request, but in any event not more than 10 business days, written evidence of compliance satisfactory to Stanford.

In connection with its performance under this Agreement, Contractor will not discriminate against any employee or applicant for employment because of race, religion, color, sex, sexual orientation, gender identity, age, national origin; or because he or she is a special disabled veteran or veteran of the Vietnam era in regard to any position for which the employee or applicant is qualified; or because of physical or mental disability in regard to any position for which the employee or applicant is qualified. Contractor agrees to comply with the following federal regulations which are hereby incorporated herein by reference: 41 CFR 60-1.4; 41 CFR 60-250.5; 41 CFR 60-741.5; and all other applicable regulations of 41 CFR Part 60, Federal Acquisition Regulation (“FAR”) 52.222-26 (Equal Opportunity); FAR 52.222-27 (Affirmative Action Compliance Requirements for Construction) – applicable for construction contracts only; FAR 52.222-35 (Affirmative Action for Disabled Veterans and Veterans of the Vietnam Era); FAR 52.222-36 (Affirmative Action for Workers with Disabilities); and all other applicable provisions of the Federal Acquisition Regulations.

All Federal Grant and/or subcontract purchases are subject to the terms and conditions defined in Public Law 87-653 (Truth in Negotiations) and the Copeland “Anti-Kickback” Act. In addition, the following clauses are incorporated herein by reference according to the amount of this order, and references to Government (or United States) and this PO shall be interpreted as necessary to apply to the U.S. Government or Stanford and Contractor, respectively.
Clauses which are required for the transaction covered by this PO also are incorporated by reference.
FAR Number and Title of Clause, Regardless of Amount:
52.203.11           Certification & Disclosure Re: Payments to Influence Certain Federal Transactions
52.222.4             Contract Work Hours and Safety Standards Act
52.225.13           Restrictions on Certain Foreign Purchases
52.227.10           Filing of Patent Applications-Classified Subject Matter
52.227.11/12/13 Patent Rights
52.247.63           Preference for U.S. Flag Air Carriers
52.247.64           Preference for Privately Owned U.S. Flag Commercial Vessels
252.227.7034     DFAR Patents- Subcontracts DOD only
252.227.7039     DFAR Patents Reporting Subject Inventions DOD only
52.222.21           Prohibition of Non-Segregated Facilities
52.222.26           Equal Opportunity
52.222.35           Affirmative Action for Disabled Veterans of the Vietnam Era
52.222.36           Affirmative Action for Workers with Disabilities
52.222.37           Employment Reports on Disabled Veterans of the Vietnam Era
FAR Number and Title of Clause, Orders over $100,000: all of the above clauses plus:
52.203.6             Restrictions on Subcontractor Sales to the Government
52.203.7             Anti-Kickback Procedures
52.203.12           Limitation on Payments to Influence Certain Federal Transactions
52.215.2             Audit and Records- Negotiation, Alternative II
52.219.8             Utilization of Small Business Concerns
52.227.1             Authorization and Consent Alternative I
52.227.2             Notice and Assistance Regarding Patent and Copyright Infringement
42 U.S.C. 7401, et. seq.     Clean Air Act
33 U.S.C. 1251, et. seq.     Federal Water Pollution Control Act
FAR Number and Title of Clause, Orders over $700,000:  all of the above clauses plus:
52.219.9             Small Business Subcontracting Plan
FAR Number and Title of Clause, Orders over $750,000: all of the above clauses plus:
52.215.12/13      Subcontractor Cost or Pricing Data- Modifications

This section applies to all contractors who supply Stanford University with services that are not related to facilities or grounds maintenance, construction, demolition, installation of equipment (including furnishings) or products that contain regulated hazardous materials (including consumer products).

Asbestos: In accordance with California Health and Safety Code Section 25915 (Connelly Act) and the Cal/OSHA Asbestos Standard, 8 CCR Section 1529, Contractor is hereby notified that in Stanford facilities there are construction materials that are known to contain asbestos. In some areas, asbestos has been identified in one or more of the following construction products: spray-applied fireproofing; pipe, boiler, tank and air duct insulation; air duct seam tape; gaskets; roofing tar, felt and mastic; asbestos-cement pipe, wallboard, and shingles; plaster and acoustical treatments; gypsum board taping compound; vinyl and asphalt floor tile; vinyl sheet flooring; vinyl flooring, basecove, and ceiling tile adhesive; caulking and glazing compound; acoustic ceiling and wall tile; lab fumehood liners, exhaust ducts and counter tops; and fire-rated door core insulation.

Contractor shall not disturb building materials and shall stop work and report any inadvertent disturbance of such materials immediately to Stanford Environmental Health and Safety at 650-725-9999.  Unless specifically qualified to do so, Contractor shall not enter an area that is posted with warning signs or labels indicating the presence or chemical, biohazardous or radioactive materials or equipment or areas that may have residual contamination from such materials.

Proposition 65 Notice: Under California Health and Safety Code Sections 25249.5 through 25249.13, asbestos, lead, mercury and polychlorinated biphenyls have been listed as chemicals known to the State of California to cause cancer or reproductive harm. Contractor will be working in areas in which some or all of these materials may be present. This notice constitutes the warning of the presence of a chemical known to cause cancer or reproductive harm required by Proposition 65. It is Contractor’s duty to follow all requirements of Proposition 65.

Persons who work on Stanford University projects under contract, including supply vendors, must comply with the provisions of Stanford’s Sexual Harassment policy. Stanford defines Sexual Harassment as: “Unwelcome sexual advances, requests for sexual favors, and other visual, verbal or physical conduct of a sexual nature, between persons of the same or different gender, constitute sexual harassment when: (1) It is implicitly or explicitly suggested that submission to or rejection of the conduct will be a factor in academic or employment decisions or evaluations, or permission to participate in a Stanford activity; or (2) The conduct, whether subtle or blatant, has the purpose or effect of interfering with an individual’s academic or work performance by creating an intimidating, hostile or offensive academic, work or student living environment, such as persistent and unwanted communication of a sexual nature (e.g., in person, by phone, text, email, via social media) and applies to one incident if sufficiently severe or repeated behaviors over time.

For information, consultation, advice or to lodge a complaint, contact the Sexual Harassment Policy Office at 556 O’Connor Lane, Griffin Drell House, Room 101 Stanford, CA 94305-8210, (650) 724-2120; email to: @email; website: http://harass.stanford.edu.

If Stanford determines that any Stanford employee, student, agent, representative or associate is being sexually harassed by a Contractor employee or subcontractor, the Contractor will immediately remove the employee or subcontractor from any and all Stanford University projects under contract. Contractor must operate in accordance with all federal, state and local laws and regulations, as well as Stanford's Code of Conduct which can be found at: https://adminguide.stanford.edu/1-1-1.

In accordance with Stanford policy supporting its fundamental research mission, Stanford suppliers may NOT sell or ship any International Traffic in Arms (ITAR) controlled defense article or technical data, any dual-use “500/600 Series” item or technology, and any Wassenaar Arrangement Munitions List item, without express written preauthorization from Stanford’s Export Control Officer. 

Learn more about Stanford’s ITAR policy:  
https://fingate.stanford.edu/purchasing-contracts/policy/policy-and-initiative-information-suppliers#anchor-23966.
 

This PO (including these Terms and Conditions), any specifications or additional terms and conditions attached or referenced, constitute the entire agreement between Stanford and Contractor. Contractor's quotation/proposal is incorporated if specifically stated in the PO. No other terms or conditions are binding on Stanford unless accepted by Stanford in writing. In the event of a conflict between this PO and terms and conditions stated in Contractor's quotation/proposal, the terms of this PO shall take precedence.

This addendum (“Addendum”) is by and between The Board of Trustees of the Leland Stanford Junior University, a body having corporate powers under the laws of the State of California (“Stanford”) and Contractor (“Contractor”). 

This Addendum supplements and amends the Purchase Order Terms and Conditions (“Agreements”) hereto as follows: 
1. Applicability. The requirements of this Addendum apply to non-construction services performed by Contractor on-site at any Stanford location in Santa Clara County and/or San Mateo County (“On-site”). For clarity, if Contractor provides both construction and non-construction services, these requirements will only apply to the non-construction portion of the services. 

2. Requirements. Contractor must provide to Stanford, upon Stanford’s request, a copy of its COVID-19 health protocols for On-site work in the county in which it provides services to Stanford, including, but not limited to, a detailed explanation of how it has implemented the social distancing protocol described in Section 16 and Appendix A of the Shelter-in-Place Orders of the Counties of Santa Clara and/or San Mateo (“Counties”) that is required of all essential businesses (including, but not limited to, the conducting of daily symptom checks of all employees prior to their entering a workplace, or any equivalent protocols, as may be updated from time to time by the Counties). Stanford requires Contractor to provide Stanford written verification that Contractor is in compliance with all applicable health orders set forth by the Counties, including without limitation, implementing a compliant social distancing protocol, in order for Contractor’s employers to be able to work On-site. By executing this Addendum, Contractor is verifying its compliance with all such orders. Stanford will assist the Contractor in its implementation to the extent reasonable. Contractor agrees to provide information to Stanford on a daily basis relating to employees of the Contractor who have tested positive for COVID-19, are experiencing COVID-19 symptoms, or have been exposed to someone who has tested positive for COVD-19, to enable Stanford to perform the necessary follow up in compliance with guidance from the Counties, the Centers for Disease Control and Prevention (CDC) and the Occupational Safety and Health Administration (OSHA). Contractor will immediately contact the Stanford representative for the jobsite if an employee of Contractor exhibits an onset of COVID-19 symptom(s) while working On-site, or if an employee of Contractor has tested positive for COVID-19 within 48 hours of being On-site. Contractor further agrees to abide by, and to instruct its employees to abide by, the following as may be amended from time to time: (a) any public health orders set forth by the Counties, (b) any instructions posted at the relevant Stanford jobsite and (c) any additional instructions provided to Contractor by Stanford. 

3. Audit Rights and Termination. Stanford reserves the right to audit Contractor’s books and records on request to confirm its compliance with this Addendum. Failure to comply with the terms of this Addendum, including failure to cooperate in the implementation of the overall social distancing protocol described above or of any relevant public health orders set forth by the Counties, as may be amended from time to time, including the symptom checking process, shall constitute a material breach of the Addendum by Contractor. Such breach may result in termination of the Agreements without penalty to Stanford and with a refund of any prepaid fees for services not yet rendered by Contractor. 

4. Indemnification. Contractor shall indemnify, defend and hold Stanford harmless from any and all claims arising in whole or in part out of the subject matter of this Addendum, resulting in whole or in part from Contractor’s breach of this Addendum, or the negligence or willful misconduct of Contractor, its employees, contractors, invitees, agents or visitors. 

5. Notice. Any notices under this Agreement will be given as follows: 
Notices will be deemed sufficient if given by (a) registered or certified mail, postage prepaid, return receipt requested (“Mail”); (b) private courier service, with signature provided by the receiving party (“Courier Service”); Purchase Order Terms and Conditions or (c) electronic mail to the Authorized Contacts below, with carbon copies required as shown (“Electronic Mail”). If Contractor opts to provide notice by Mail and/or Courier Service, Contractor must also send a copy by Electronic Mail in order for notice to be deemed sufficient. 

Receipt. Notices sent via mail or courier will be deemed given upon receipt. Notices sent via electronic mail will be deemed given when receipt has been acknowledged by the Authorized Contact, with an automatic “read receipt” constituting acknowledgement, or 3 days after dispatch if the email was sent to the correct address and was not returned as undeliverable. 

For safety issues: 
Please contact the Stanford Representative for the jobsite/Purchase Order 

If to Stanford for a legal matter: 
Stanford University 
Office of General Counsel 
Main Quad, Building 170 
Stanford, CA 94305 M/C 2038 
Attention: Senior University Counsel 

Fax: 650-736-2495 

If to Contractor, to: 
Contractor’s address as noted on the face of the Purchase Order 
Attn: CEO/President 

Each Party may change its address and that of its representative for notice by giving notice thereof in the manner provided above in this section. 

6. Integration Clause. This Addendum constitutes the full and complete agreement of the Parties with respect to the subject matter of this Addendum and cannot be changed or modified except in writing signed by both Parties.

THE FOLLOWING BUSINESS ASSOCIATE ADDENDUM (BAA) IS APPLICABLE IN SITUATIONS WHERE THE CONTRACTOR MIGHT ACCESS, RECEIVE, USE, DISCLOSE, OR MAINTAIN PROTECTED HEALTH INFORMATION TO PERFORM A SERVICE ON STANFORD UNIVERSITY’S BEHALF

This Addendum (the “Addendum”) is entered into as of the Purchase Order date, and supplements and amends the Purchase Order Terms and Conditions that require Business Associate (as defined below) to perform a service, function or activity that may involve the Use or Disclosure of Protected Health Information (defined below), by and between The Board of Trustees of the Leland Stanford Junior University through its HIPAA Covered Entity (“Covered Entity”) and Contractor (“Business Associate”). Covered Entity and Business Associate are sometimes referred to herein individually as a “Party” and collectively as the “Parties.”

Business Associate may perform functions or activities on behalf of, or provide certain services (the “Services”) to Covered Entity that involve access to, or creation, receipt, processing, maintenance, use, or disclosure of certain information, some of which may constitute Protected Health Information (“PHI”). Both Parties are required to comply with the Health Information Technology Economic and Clinical Health (“HITECH”) Act, the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), and the regulations promulgated thereunder, including, but not limited to, the Privacy, Security, Breach Notification, and Enforcement Rules (45 C.F.R. Parts 160, 162 and 164), as may be amended from time to time. This Addendum sets forth the terms and conditions pursuant to which Protected Health Information, including electronic Protected Health Information, will be handled by Business Associate and third parties during the term of the Agreement and after its termination. The Parties agree as follows:

1.    DEFINITIONS
All capitalized terms shall have the meaning set forth in HITECH and regulations issued thereunder, HIPAA and regulations issued thereunder (including but not limited to the HIPAA Privacy and Security Rules), and applicable state privacy laws, including but not limited to the Confidentiality of Medical Information Act (COMIA) and state breach notification laws (including but not limited to California Health and Safety Code § 1280.15 and Civil Code § 1798.82 et seq., as these may be amended from time to time).

The term “Breach” as used herein shall mean (i) breach as defined in the HIPAA Rules and (ii) unlawful or unauthorized access to, or unauthorized use or disclosure of, information pursuant to state law (including but not limited to COMIA, California Health and Safety Code § 1280.15 and California Civil Code § 1798.82).
Terms used but not otherwise defined in this Addendum shall have the same meaning as those terms in HITECH, HIPAA, the HIPAA Privacy Regulation or Security Regulation, or applicable state privacy and breach notification laws, as they are currently drafted and as they are subsequently updated, amended, or revised. 

2.    PERMITTED USES AND DISCLOSURES OF PROTECTED HEALTH INFORMATION
2.1  Services.  Except as otherwise specified herein, Business Associate may use Protected Health Information directly necessary to perform its obligations under the Agreements, provided that such use does not violate HITECH, HIPAA or the Privacy or Security Regulations and such use is expressly permitted by this Addendum. Moreover, Business Associate may disclose Protected Health Information for the purposes authorized by this Addendum only (i) to its Subcontractors (as defined below) and agents, in accordance with Section 3(f), (ii) as directed by Covered Entity in accordance with this Addendum, (iii) as otherwise permitted by the terms of this Addendum including, but not limited to, Section 2.2 below, or (iv) as required by law, in accordance with Section 3(b) below. Any other use and/or disclosure not permitted or required by this Addendum (“Unauthorized Use and/or Disclosure”) is prohibited.  

In conducting activities under this Agreement that involve the use and/or disclosure of Protected Health Information, Business Associate shall limit the use and/or disclosure of Protected Health Information to the minimum amount of information necessary to accomplish the intended purpose of the use or disclosure. To the extent Business Associate is performing one or more of Covered Entity’s obligations under HIPAA and HITECH, Business Associate agrees to comply with the legal requirements that apply to Covered Entity in the performance of such obligation(s). 

2.2   Business Activities of Business Associate. Business Associate may use and disclose Protected Health Information if necessary for the proper management and administration of Business Associate or to meet its legal responsibilities; provided, however, that such Protected Health Information may be disclosed to third parties for such purposes only if the disclosures are required by law or Business Associate obtains reasonable assurances from the third party to whom the information is disclosed that:
a.    the information will remain confidential;
b.    the information will be used or further disclosed only as required by law or for the purpose for which the information was disclosed to the third party; and 
c.    the third party will notify Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached.

2.3   Additional Activities of Business Associate. In addition to using the Protected Health Information to perform the Services, Business Associate may use Protected Health Information for Data Aggregation purposes only for the Health Care Operations of Covered Entity if expressly authorized under the Agreement(s). Under no circumstances may Business Associate disclose Covered Entity’s Protected Health Information to a third party pursuant to this Section 2.3 absent Covered Entity’s explicit written authorization.  Business Associate may not de-identify Protected Health Information received from or created on behalf of Covered Entity unless such de-identification and the permitted uses and disclosures of such de-identified information are expressly permitted in writing by the Covered Entity’s Chief Privacy Officer or authorized designee. 

2.4   Prohibition on Sale of Protected Health Information. Business Associate is prohibited from the sale of Protected Health Information without authorization unless an exception under 45 C.F.R §164.508 applies.

3.    OBLIGATIONS AND RESPONSIBILITIES OF BUSINESS ASSOCIATE WITH RESPECT TO PROTECTED HEALTH INFORMATION
Business Associate hereby agrees to do the following:
a.    Business Associate shall use and/or disclose the Protected Health Information only as permitted or required by the Agreement(s), this Addendum or as otherwise Required by Law. 
b.    Business Associate shall immediately, or as soon as practicable, notify Covered Entity if it believes it may disclose Protected Health Information on the basis that such disclosure is Required by Law. Unless immediate disclosure is Required by Law, Business Associate shall not, without the prior written consent of Covered Entity, disclose any Protected Health Information on the basis that such disclosure is Required by Law without first notifying Covered Entity so that Covered Entity shall have an opportunity to object to the disclosure and to seek appropriate relief. If Covered Entity objects to such disclosure, Business Associate shall refrain from disclosing the Protected Health Information until Covered Entity has exhausted all alternatives for relief. Business Associate shall require reasonable assurances from third parties receiving Protected Health Information in accordance with Sections 2.1 or 2.2 hereof that such third parties will provide Covered Entity with similar notice and opportunity to object before disclosing Protected Health Information on the basis that such disclosure is Required by Law.

c.    Because Covered Entity’s Protected Health Information is subject to state laws (including those referenced in Section 1 hereof), Business Associate must report to the Covered Entity’s Chief Privacy Officer, in writing, any Breach, Security Incident or any Unauthorized Use and/or Disclosure of which Business Associate becomes aware as soon as possible, and at least within five (5) calendar days of Business Associate’s discovery of such Breach, Security Incident, or Unauthorized Use and/or Disclosure. For purposes of this Section, “discovery” shall have the meaning ascribed to it in 45 CFR § 164.404(a)(2)). In the event of a Breach, Security Incident, or Unauthorized Use or Disclosure that arises from the acts or omissions of Business Associate or its employees, Subcontractors, agents, or representatives, and that requires notification of government agencies and/or individuals, Business Associate will cooperate fully with Covered Entity in Covered Entity’s efforts to carry out any mitigation efforts and notifications.  Business Associate will indemnify and reimburse Covered Entity for all of Covered Entity’s costs of complying with and carrying out such requirements. In the event Covered Entity requests that Business Associate carry out the notification requirements, Business Associate will do so subject to Covered Entity’s prior approval of any written reports or communications.  
d.    Mitigate, to the greatest extent possible, any deleterious effects from any Breach, Security Incident, Unauthorized Use and/or Disclosure of Protected Health Information of which Business Associate becomes aware.
e.    Comply with the Security Rule to maintain the security of the Protected Health Information including electronic Protected Health Information and to prevent Unauthorized Use and/or Disclosure of such Protected Health Information. Business Associate shall maintain and implement a comprehensive written information privacy and security program that complies with HITECH, HIPAA, and the regulations and guidance issued thereunder by the U.S. Department of Health and Human Services (“HHS”). Without limitation, this includes administrative, technical and physical safeguards that are appropriate to the size and complexity of Business Associate’s operations and the nature and scope of its activities to reasonably and appropriately protect the privacy, confidentiality, integrity and availability of Protected Health Information. In addition to any safeguards required by law and as set forth in this Addendum, Business Associate shall use any and all appropriate safeguards to prevent Unauthorized Use or Disclosure of Covered Entity’s Protected Health Information. 
f.    Require any person(s) to whom Business Associate delegates a function, activity, or service, or any person(s) who create, receive, maintain or transmit Protected Health Information (“Subcontractors”) and agents that receive or use, or have access to, Protected Health Information to enter into a business associate agreement that, (i) complies with the HITECH and HIPAA requirements, (ii) includes to the same restrictions, conditions and obligations concerning Protected Health Information that apply to Business Associate pursuant to this Addendum; (iii) not to subcontract or assign its rights and obligations under the Agreement without obtaining Business Associate’s and Covered Entity’s prior written consent; and (iv) ensures that all subcontractors of Business Associate’s Subcontractor enter into Business Associate Agreements. 
g.    Before allowing any Subcontractor or agent that is not organized under the laws of any state within the United States (“Foreign Subcontractor”) to use or disclose, or have access to, Protected Health Information, Business Associate shall obtain the prior written consent of Covered Entity, which consent may be withheld in Covered Entity’s sole discretion. Notwithstanding anything to the contrary in the Agreement, and in addition to any other remedies available to Covered Entity under this Addendum, the Agreement or at law, Business Associate hereby acknowledges that irreparable harm may result from any breach of the terms of this Section 3.g. of this Addendum. 
h.    Make available all records, books, agreements, policies and procedures, and related  materials pertaining to the use and/or disclosure of Protected Health Information to the Secretary of the U.S. 

Department of Health and Human Services (or any officer or employee of HHS to whom the Secretary of HHS has delegated such authority) for purposes of determining Covered Entity’s compliance with the Privacy Regulation and Security Regulation after the compliance dates, respectively, of those regulations, subject to attorney-client and other applicable legal privileges. Business Associate shall immediately notify Covered Entity upon receipt by Business Associate of any complaint or request for access by the Secretary of HHS and shall provide Covered Entity with a copy thereof as well as a copy of all materials disclosed pursuant thereto.
i.    Upon reasonable prior written notice, make available during normal business hours at Business Associate’s offices all records, books, agreements, policies, procedures, and related materials pertaining to the use and/or disclosure of, and security of, Protected Health Information to Covered Entity for purposes of enabling Covered Entity to determine Business Associate’s compliance with the terms of this Addendum.
j.    Document such disclosures of Protected Health Information as necessary to enable Covered Entity to respond to an individual’s request for an accounting of disclosures of Protected Health Information in accordance with 45 C.F.R. § 164.528, as it may be amended to comply with HITECH. Specifically, Business Associate shall maintain a record of all disclosures of Protected Health Information for a period not less than 6 years following any such disclosure, including the date of the disclosure, the name and, if known, the address of the recipient of the Protected Health Information, a brief description of the Protected Health Information disclosed, and the purpose of the disclosure (including an explanation of the basis for such disclosure). This provision shall survive the termination or expiration of the Agreements. 
k.    Within 10 business days of receiving a written request from Covered Entity, provide to Covered Entity such information as is requested by Covered Entity to permit Covered Entity to respond to a request by an individual for an accounting of the disclosures of the individual's Protected Health Information in accordance with 45 C.F.R. § 164.528, as it may be amended to comply with HITECH. In the event that an individual requests an accounting of disclosures directly from Business Associate or its agents or Subcontractors, Business Associate must notify Covered Entity in writing within 5 business days of the request; Covered Entity shall be responsible for preparing and delivering to the individual any such accounting requested.
l.    Subject to Section 5.3 below, return to Covered Entity or destroy, within 30 calendar days of the termination of this Addendum and/or the Agreements, the Protected Health Information in its possession and retain no copies (which for purposes of this Addendum shall include, without limitation, destruction of all backups).
m.    using or disclosing Protected Health Information, Business Associate agrees to comply with all applicable provisions of the HITECH Act and any implementing regulations adopted thereunder.
n.    Business Associate represents to Covered Entity that all of its employees, agents, representatives, Subcontractors and members of its Workforce, whose services may be used to fulfill obligations under the Agreement or this Addendum are or shall be appropriately informed of the terms of this Addendum.

4.    RESPONSIBILITIES OF BUSINESS ASSOCIATE WITH RESPECT TO HANDLING OF DESIGNATED RECORD SET
In the event that the Protected Health Information received by Business Associate pursuant to the Agreement constitutes a Designated Record Set, Business Associate hereby agrees to do the following:
a.    At the request of, and in the time and manner designated by Covered Entity, provide access to the Protected Health Information to Covered Entity for inspection or copying, to enable Covered Entity to fulfill its obligations under 45 C.F.R. § 164.524. In the event that an individual requests access to Protected Health Information directly from Business Associate or its agents or Subcontractors, Business Associate must notify Covered Entity in writing within 5 business days of the request; Covered Entity shall be responsible for delivering to the individual the information he or she has requested.
b.    At the request of, and in the time and manner designated by Covered Entity, make any amendment(s) to the Protected Health Information that Covered Entity directs pursuant to 45 C.F.R. § 164.526. In the event that any individual requests an amendment of Protected Health Information directly from Business Associate or its agents or Subcontractors, Business Associate must notify Covered Entity in writing within 5 business days of such request; Covered Entity will then direct Business Associate to amend its Protected Health Information, as may be appropriate based on the individual’s request.

5.    TERM AND TERMINATION
5.1   Term. This Addendum shall become effective on the Agreement Effective Date and shall continue in effect until termination or expiration of the Agreement, subject to the provisions of Section 7.1, unless terminated as provided in this Section 5.

5.2   Termination by Covered Entity. As provided under 45 C.F.R. § 164.504(e)(2)(iii), Covered Entity may immediately terminate this Addendum and the Agreements, in whole or in part, if Covered Entity determines that Business Associate has violated any material provision of this Addendum. Alternatively, if Covered Entity has determined that Business Associate has breached a material term of this Addendum and does not immediately terminate the Agreement and this Addendum, then Covered Entity shall: (i) provide Business Associate written notice of the existence of an alleged material breach; and (ii) afford Business Associate an opportunity to cure the alleged material breach within 5 days. In the event that Business Associate does not cure the breach within 5 days, Covered Entity may terminate, the Agreement, if feasible (as determined by Covered Entity), or if termination is not feasible, report the problem to the Secretary of HHS.

5.3   Effect of Termination. Upon termination of the Agreement and this Addendum pursuant to this Section 5, Business Associate shall return or destroy, as directed by Covered Entity, all Protected Health Information that Business Associate and its agents and Subcontractors still maintain in any form. If such return or destruction is not feasible, then Business Associate will so notify Covered Entity in writing, and shall (a) extend any and all protections, obligations, limitations and restrictions contained in this Addendum to Protected Health Information retained by Business Associate, its agents and its Subcontractors after the termination of the Agreement and this Addendum, (b) limit any further uses and/or disclosures to those purposes that make the return or destruction of the Protected Health Information infeasible, and (c) at such time as return or destruction of such retained PHI becomes feasible, return or, if agreed to by Covered Entity, destroy such PHI.  Notwithstanding the foregoing, in the event that one or more of the Agreements is terminated and other Agreements and this Addendum remain in effect, Business Associate shall, in accordance with this Section 5.3 and to the extent it is practicable and feasible to do so, return to Covered Entity or destroy the PHI related to the Services that are the subject of the terminated Agreement(s) concurrent with the termination of such Agreement(s).

6.    INDEMNIFICATION
Business Associate agrees to indemnify, defend and hold harmless Covered Entity and its affiliated corporations and entities and their trustees, officers, agents, employees, representatives, students, and volunteers (collectively, Covered Entity’s “Indemnitees”) against all actual and direct losses, liabilities, damages, claims, costs, fines or expenses (including reasonable attorney’s fees) the Indemnitees may suffer as a result of any claims, demands, actions, investigations, settlements or judgments against the Indemnitees arising from or in connection with any breach of this Addendum or of any representation or warranty hereunder, or from any acts or omissions, including failure to perform its obligations under the Privacy Regulation and Security Regulation, by Business Associate or its employees, directors, officers, Subcontractors, representatives, agents or other members of its Workforce. In addition, and without limiting the foregoing, in the event of a HITECH Breach that requires notification of government agencies and individuals, Business Associate will cover all costs of complying with such legal requirements if the breach arises from actions or omissions of Business Associate or its employees, directors, officers, Subcontractors, representatives, agents, or other members of its Workforce. To the extent that the Agreement contains a provision that limits Business Associate’s liability under the Agreement, Business Associate’s obligation to indemnify Covered Entity and its Indemnitees under this Section 6 shall be excluded from such limitation of liability. Business Associate’s obligation to indemnify Covered Entity and its Indemnitees shall survive the expiration or termination of this Addendum for any reason. 

7.    MISCELLANEOUS
7 .1   Survival. The respective rights and obligations of Business Associate and Covered Entity under the provisions of Sections 3, 5.3, 6, 7.5, 7.8 and 7.10 shall survive termination of this Addendum indefinitely. In addition, Section 4 shall survive termination of this Addendum, provided that Covered Entity determines that the Protected Health Information being retained pursuant to Section 5.3 herein constitutes a Designated Record Set.

7.2   Entire Agreement; Amendments; Waiver. This Addendum constitutes the entire agreement between the Parties pertaining to the Business Associate’s access to, or creation, receipt, processing, maintenance, use, or disclosure of Protected Health Information while performing Services and supersedes any previous agreements between the Parties relating to the same subject matter. This Addendum may not be modified, nor shall any provision hereof be waived or amended, except in a writing duly signed by authorized representatives of the Parties. A waiver with respect to one event shall not be construed as continuing, or as a bar to or waiver of any right or remedy as to subsequent events.

7.3    No Third Party Beneficiaries. Nothing express or implied in this Addendum is intended to confer, nor shall anything herein confer, upon any person other than the Parties and the respective successors or assigns of the Parties, any rights, remedies, obligations, or liabilities whatsoever.

7.4    Notices. Any notices under this Addendum shall be written in English and given as follows:
a.    Notices will be deemed sufficient if given by (a) registered or certified mail, postage prepaid, return receipt requested; (b) private courier service, with signature provided by the receiving party; (c) electronic mail to the Authorized Contacts in this Section 7.4, with carbon copies required as shown. 
b.    Receipt. Notices sent via mail or courier will be deemed given upon receipt.  Notices sent via electronic mail will be deemed given when receipt has been acknowledged by the Authorized Contact, with an automatic “read receipt” constituting acknowledgement, or 3 days after dispatch if the email was sent to the correct address and was not returned as undeliverable.

If to Covered Entity    If to Business Associate
To:    Stanford University 
505 Broadway, 6th Floor | 6212
Redwood City, CA 94063
Attention: Chief Privacy Officer 
Facsimile: 650-725-0073
Or email: privacy@stanford.edu 
Contractor’s address as noted on the face of the Purchase Order
Attn: CEO/President

With a copy to:   Stanford University
Office of General Counsel
Main Quad, Building 170
Stanford, CA 94305 M/C 2038
Attention: Senior University Counsel
Fax: 650-736-2495    

Each Party may change its address and that of its representative for notice by giving notice thereof in the manner provided above in this Section 8.4.
7.5   Counterparts; Facsimiles. This Addendum may be executed in any number of counterparts, each of which shall be deemed an original. Facsimile copies hereof shall be deemed to be originals.

7.6   Effect of Agreement. Except as specifically required to implement the purposes of this Addendum, or to the extent inconsistent with this Addendum, all other terms of the Agreement shall remain in full force and effect.

7.7   Interpretation. The provisions of this Addendum shall prevail over any provisions in the Agreement that may conflict or appear inconsistent with any provisions in this Addendum. The Parties agree that any ambiguity in this Addendum shall be resolved in favor of a meaning that complies and is consistent with the Privacy Regulation and Security Regulation. The section headings used in this Addendum are for reference and convenience only and have no legal or contractual effect.

7.8   Governing Law. This Addendum shall be governed by and construed in accordance with the laws of the State of California, without application of principles of conflicts of laws. The Parties hereto agree that any dispute arising under this contract shall be resolved in the California State courts of Santa Clara County, California, or in the Federal District Court for the Northern District of California sitting in San Francisco, California, and the Parties hereby submit themselves to the personal jurisdiction of said courts. 

7.9   Amendment to Comply with Law. The Parties acknowledge that state and federal laws relating to data security and privacy are rapidly evolving and that amendment of this Agreement may be required to provide for procedures to ensure compliance with such developments. The Parties agree to take such action as is necessary to implement the standards and requirements of HITECH and regulations thereunder, HIPAA, the Privacy Regulation, the Security Regulation, and other applicable laws relating to the security or confidentiality of Protected Health Information. The Parties further agree that if current or future federal or state laws, rules, or regulations adversely impact a Party’s performance under the Agreement or this Addendum, the Parties will negotiate in good faith to amend the Agreement and/or this Addendum, as necessary, to be consistent with the requirements of HITECH and regulations thereunder, HIPAA, the Privacy Regulation, the Security Regulation, or other applicable laws, as the same may be amended from time to time. Covered Entity may terminate the Agreement and this Addendum in the event that the Parties are unable to modify the Agreement and/or Addendum to remain in full compliance with HITECH and regulations thereunder, HIPAA, the Privacy Regulation, the Security Regulation, California laws and regulations, or other applicable law.

7.10   Injunctions. Covered Entity and Business Associate agree that any violation of the provisions of this Addendum may cause irreparable harm to Covered Entity. Accordingly, in addition to any other remedies available to Covered Entity at law, in equity, or under this Addendum, in the event of any violation by Business Associate of any of the provisions of this Addendum, or any explicit threat thereof, Covered Entity shall be entitled to an injunction or other decree of specific performance with respect to such violation or explicit threat thereof, without any bond or other security being required and without the necessity of demonstrating actual damages.

7.11   Individual Authorization. Nothing in this Addendum shall be construed to require or permit Business Associate to use or disclose Protected Health Information without written authorization from an individual who is a subject of the Protected Health Information, or written authorization from any other person, where such authorization would be required under state law for such use or disclosure.

7.12    Agency. The Parties agree and acknowledge that Business Associate is not an “agent” of Covered Entity as that term is defined in the federal common law.

Questions?

arrow_upward
Back to Top