THISHIPAABUSINESSASSOCIATEAGREEMENT (The Agreement )Isenteredintoeffectivethe

HIPAABUSINESSASSOCIATEAGREEMENT

THISHIPAABUSINESSASSOCIATEAGREEMENT(the"Agreement")isenteredintoeffectivethe

dayof

, 20 byandbetween ("BUSINESSASSOCIATE")

witha businessaddressat andPeterA. RipperAssoc.,Inc.("COVEREDENTITY"):

RECITALS:

WHEREAS, Pursuanttothisrelationship, BUSINESS ASSOCIATE acknowledges that COVERED ENTITYissubjecttolawsandregulations thatrequireCOVEREDENTITY toprotectthe confidentialityof informationabout its patients, including theprovisionsoftheHealthInsurance Portability andAccountabilityActof1996(“HIPAA”), PublicLaw 104-191,asaCoveredEntity asdefinedin HIPAAandtheimplementingregulationspromulgated bytheU.S.Department ofHealthandHumanServices; andBUSINESSASSOCIATE willcomplywiththe administrative, physicalandtechnicalsafeguardsinthe same manneras COVEREDENTITY;and

WHEREAS, BUSINESSASSOCIATE isa BusinessAssociateofCOVEREDENTITYas definedin HIPAAandtheimplementingregulationspromulgated bytheU.S.Department ofHealthandHumanServices; and

WHEREAS, BUSINESSASSOCIATEmay receivecertain information regarding past,presentor future patients of COVERED ENTITY, (referred to hereinas "PHI" or“ProtectedHealthInformation”).PHI shallmeanIndividually IdentifiableHealthInformation (asthattermisdefinedin45CFR§160.103) thatis(i) transmitted byelectronicmedia;(ii)maintainedinany mediumconstitutingelectronicmedia;or(iii)transmitted ormaintainedinanyotherformormedium.

NOW THEREFORE,in considerationfor limited use and access to PHI as permitted under HIPAA, BUSINESSASSOCIATE andCOVEREDENTITY herebyagreeas follows:

1. Definitions. The capitalized terms in this Agreement shall have the same meaning as the definitionsfoundintheHIPAAregulations at45C.F.R. Parts160to 164.

2. Use of Protected Health Information.BUSINESSASSOCIATEshallnot,andshallensurethat itsdirectors,officers, employees,contractors andagents donot,usePHIreceivedfromCOVERED ENTITYin anymannerthatwouldconstituteaviolation ofthe privacy orsecuritystandards ofHIPAAoranyother applicablelaw,including theAmerican Recovery and ReinvestmentActof2009(“ARRA”),PublicLaw111-5, ifusedbyCOVERED ENTITYinsuchmanner. BUSINESSASSOCIATE mayusePHI(i)for BUSINESS ASSOCIATE’S propermanagementand administration, or(ii)tocarryoutthelegal responsibilitiesofBUSINESSASSOCIATE.

3. Disclosure ofProtected Health Information.BUSINESSASSOCIATEshallnot,andshallensurethat itsdirectors,officers,employees, contractors, andagents donot,disclose PHIreceivedfromCOVEREDENTITY inanymannerthatwouldconstitute aviolation ofthe privacy orsecuritystandards ofHIPAAoranyother applicable law,including theARRA,ifdisclosed by COVERED ENTITYinsuchmanner. BUSINESS ASSOCIATE maydisclosePHIinamannerpermitted pursuanttothisAgreement, asrequiredbylawor(i)for BUSINESS ASSOCIATE’S propermanagementand administration, or (ii) to carry out the legal responsibilitiesof BUSINESS ASSOCIATE. To the extentBUSINESSASSOCIATE inthecourseof performingits obligationsundertheAgreementdiscloses PHItoathirdparty,BUSINESSASSOCIATE must obtain, priortomaking any suchdisclosure: (i) reasonableassurancesfromsuchthirdpartythatsuch PHIwillbeheldconfidential asprovidedinthis Agreement,andwillbedisclosedonlyasrequiredbylaw orforthepurposesforwhichitwasdisclosedtosuch thirdparty;and(ii)anagreementfromsuchthirdpartyto immediately notifyBUSINESSASSOCIATE ofany breachesoftheconfidentialityofthePHI,totheextent it hasobtainedknowledgeofsuchbreach. BUSINESS ASSOCIATEmustnotifyCOVERED ENTITYwithout unreasonable delay, and not more than 7 days from breachbecomingknown,orthroughreasonablediligence shouldhavebeenknown.

4. SafeguardsAgainstMisuseofInformation andCompliancewithOtherLaws. BUSINESSASSOCIATE agreesthatitwillimplementallappropriatesafeguards to prevent the use or disclosureof PHI that are not permittedbytheterms andconditionsofthisAgreement. Further,BUSINESSASSOCIATE shallcomplywithall applicablestateandfederallawsandregulations relating toconfidentiality andsecurityofPHI,includingbutnot limited to requirements related to patient identifiable data,mentalillness,chemicaldependency, sexually transmitted disease, andpatient,memberorsubscriber information.

5. Response toRequestforRelease. Intheevent BUSINESSASSOCIATE receivesasubpoena,courtor administrative orderorotherdiscoveryrequestor mandateforreleaseofPHI,COVEREDENTITY shall havetherighttocontrolBUSINESS ASSOCIATE’S response to such request. BUSINESS ASSOCIATE shallnotifyCOVEREDENTITYoftherequestassoon as reasonablypracticable,butinanyeventwithintwo (2) businessdaysofreceiptofsuchrequest.

6. NeedToKnowandAccesstoPHI. BUSINESS ASSOCIATE maydisclosePHIonlytothoseofits employees,agentsorsubcontractors whoneedtoknow such information; provided that BUSINESS ASSOCIATE shallinformeachsuchemployee,agentor subcontractor oftheconfidential natureofthePHIand BUSINESSASSOCIATE's obligationspursuanttothis Agreement and further provided that each such employee,agentorsubcontractorshall haveagreedtothe samerestrictionsandconditionsplaceduponBUSINESS ASSOCIATE bythisAgreement. BUSINESS ASSOCIATEshalltakeappropriatedisciplinary action against anymember ofitsworkforce, whether employee, agentorsubcontractor,who usesordisclosesPHIin contraventionofthisAgreement.

7. Effect of Termination of Agreement. Upon writtenrequestbyCOVEREDENTITY,completion of workbyBUSINESSASSOCIATE,orterminationofthis Agreementforanyreason,BUSINESS ASSOCIATE shallreturnordestroyallPHIthatitmaintained inany form,recorded onanymedium, orstoredinanystorage system,unlesssaidinformationhasbeende-identified andisnolongerPHI,andshallretain nocopies ofsuch PHI. BUSINESS ASSOCIATE shallfurnishto COVEREDENTITYappropriatecertificationof such destruction ofPHIandthatitretainsnocopiesinany form. BUSINESSASSOCIATE shallremainboundby theprovisions ofthisAgreement untilsuchtimeasall PHIhasbeenreturned,de-identified orotherwise destroyedasprovidedinthisSection.

8. ReturnorDestructionInfeasible. Intheevent BUSINESS ASSOCIATE determinesthatreturningor destroying thePHIisinfeasible,BUSINESS ASSOCIATE shallprovidetoCOVEREDENTITY notification oftheconditionsthatmakereturnor destruction infeasible. Upondetermination by BUSINESSASSOCIATE thatreturnordestructionof PHIisinfeasible,BUSINESSASSOCIATE shallextend theprotections ofthisAgreement tosuchPHIandlimit further uses and disclosures of such PHI to those purposesthatmakethereturnordestructioninfeasible, forsolong asBUSINESSASSOCIATE maintainssuch PHI.

9. Reportingof Disclosuresof ProtectedHealthInformation. BUSINESSASSOCIATE agreestoreport to the designated Privacy Officer of COVERED ENTITY,inwriting,anyuseand/ordisclosureofthe PHIthatisnotpermittedorrequiredbythisAgreement ofwhichBUSINESSASSOCIATE becomes aware, within two(2)businessdaysoftheBUSINESS ASSOCIATE’s discovery of such unauthorized use and/ordisclosure. BUSINESSASSOCIATE agreesthat COVERED ENTITYmaysufferserious andirreparable harmintheeventBUSINESSASSOCIATE usesor discloses the PHI to others in violation of this

Agreement. BUSINESSASSOCIATEexpressly agrees thatCOVERED ENTITYmayterminate thisAgreement andanyunderlyingarrangement orotheragreement betweenthepartiesthatinvolvesPHI,notwithstanding thetermsofsuchunderlyingarrangements orother agreements,ifCOVERED ENTITYdetermines BUSINESSASSOCIATEhasviolatedamaterialtermof thisAgreement andmaysecureanappropriate legal remedy,includinginjunctionordeclaratoryjudgment,to enableCOVERED ENTITYtoprotectitsrights hereunder. Inaddition,COVERED ENTITY,atits option,maycureorendanybreachorviolation ofthis Agreement priortoorinlieuofterminating the Agreement,or mayprovideBUSINESSASSOCIATE withanopportunity tocuresuchbreachorviolation. COVERED ENTITY’S cureofabreachofthis Agreementshallnotbeconstruedasawaiverofany otherrightCOVEREDENTITYhasinthisAgreement orbyoperationoflaworinequity.

10. Documentation andAccountingofDisclosures.Withinten(10)daysofnoticebyCOVEREDENTITY to BUSINESS ASSOCIATE that it has received a requestforan accountingofdisclosuresofPHI regarding anindividual,BUSINESSASSOCIATE shallmake available to COVERED ENTITY such PHI, for the periodoftimeinquestion orasotherwise specifiedby law,in BUSINESSASSOCIATE’Spossessionand is required for COVERED ENTITY to make the accounting requiredby45CFR§164.528. BUSINESS ASSOCIATEshallprovideCOVEREDENTITYwith thefollowinginformation unlessotherwisespecifiedby law: (i)thedateofthedisclosure; (ii)thename ofthe entityorpersonwhoreceivedthePHI,andifknown,the address ofsuchentity orperson; (iii)abriefdescription ofthePHIdisclosed; and(iv)abriefstatement ofthe purposeofsuchdisclosurewhichincludesanexplanation of the basisforsuch disclosure. Intheeventtherequest for an accountingis delivereddirectlyto BUSINESS ASSOCIATE, BUSINESS ASSOCIATE shall within two (2) business days forward such request to COVEREDENTITY. BUSINESSASSOCIATEshall alsoforwardtheinformation specifiedaboveto COVEREDENTITY. Unless otherwise specified by COVERED ENTITY,ItshallbeCOVERED ENTITY’S responsibilitytoprepareanddeliver anysuch accounting requested. BUSINESSASSOCIATE isobligatedto implementanappropriaterecord-keeping processto enableittocomplywiththerequirementsofthisSection.

11. Access orAmendment ofPHI. BUSINESS ASSOCIATEshallmakePHI availableas providedin45

CFR §164.504(e)(2)ii(E)-(F)forpurposesofaccessand amendmentwithinten(10)daysofreceiving arequest fromCOVEREDENTITY. BUSINESSASSOCIATE furtheragreestoincorporateanyamendments toPHI maintainedbyBUSINESSASSOCIATE ifsuch informationispartofa designatedrecordset.

12. AvailabilityofBooksandRecords. BUSINESS ASSOCIATE agrees to make available its books, records,agreements, policiesandprocedures relatingto the use and/or disclosure of PHI received from, or createdorreceivedbyBUSINESSASSOCIATE on behalfof COVEREDENTITYtotheSecretaryofHealth andHumanServices forpurposes ofdetermining COVEREDENTITY’S compliancewithHIPAAand other applicablelaws. Nothingin this Agreementis intendedtolimitorrestrictBUSINESS ASSOCIATE’S abilitytosatisfyitsobligation tomaintain privacy of privilegedinformation.

13. Indemnification. Except as otherwise stated herein,eachpartyisresponsible foritsownactsor omissionsandneitherpartyindemnifies theother, providedthatthisprovision shallnotbeconstrued asa waiverbyeitherparty ofanyrightstoindemnification, contribution orsubrogation itmayhavebyoperation of laworinequity.

14. Rights Cumulative. Allrights andremedies conferredunderthisAgreement orby anyother instrument orlaw shallbecumulative, andmaybe exercisedsingularly orconcurrently. Failureby COVERED ENTITYtoenforceanyprovisionofthis Agreement shallnotbedeemedawaiveroffuture enforcement ofthatoranyotherprovision. Intheevent thatanyportionofthisAgreement shallbeheldtobe unenforceable, theremainingportionsofthisAgreement shallremaininforceandeffect.

15. Notices. All notices required under this Agreement shallbeinwriting andshallbedeemedto havebeengivenonthe nextdaybyfaxiftheparty providingnoticereceivedconfirmation ofsuccessful transmittal orotherelectronicmeansoruponpersonal delivery,orinten(10)daysupondelivery inthemail, firstclass,withpostage prepaid. Notices shallbesentto the addressees indicated below unless written notificationofchangeofaddressshall havebeengiven.

Ifto COVEREDENTITY:

16. Modification of Agreement. Except as otherwiseprovidedherein,thisAgreement shallnotbe amended ormodified, norshallanywaiver ofanyright hereunder beeffective, unlesssetforthinadocument executedbybothparties.Notwithstandingtheforegoing, COVERED ENTITYmayamendthisAgreementupon writtennoticetotheBUSINESSASSOCIATE tothe extentCOVEREDENTITYreasonablydeemsnecessary orappropriatetoassurecompliancewithapplicable laws andregulations asadopted,modifiedorsupersededfrom timetotime.If BUSINESSASSOCIATEdoesnotagree withCOVEREDENTITY’Smodifications tothis Agreement, BUSINESS ASSOCIATE may terminate thisAgreementuponthirty(30)dayspriorwrittennotice. Suchtermination oftheAgreementwillresultin simultaneous termination ofanyunderlyingarrangement orotheragreementbetweenthepartiesthatinvolvesPHI, notwithstanding thetermsofsuchunderlying arrangementsorotheragreements.

17. SuccessorsandAssigns.ThisAgreementshall bindandinuretothebenefitofthepartiesheretoand theirsuccessorsandassigns.

18. Third Party Rights. The terms of this Agreementarenotintended, norshouldtheybe construed, togrant anyrightstoanypartiesotherthan BUSINESSASSOCIATEandCOVEREDENTITY.

19. Electronic Transactions. BUSINESS ASSOCIATErepresentsandwarrantsthat totheextentit conducts anyStandardTransactions forCOVERED ENTITY, theformatandstructureofsuchtransmissions shallbeincompliancewiththeTransactionStandardsset forthin45 C.F.R.Parts160 and162.

20. ElectronicProtectedHealthInformation. To theextentthatBUSINESSASSOCIATE creates, receives,maintains ortransmitsElectronic Protected HealthInformationonbehalf ofCOVEREDENTITYon orafterApril20,2005,BUSINESS ASSOCIATEagrees to:

PARAHealthCareFinancialServices

4801EastCopaDeOroDrive, AnaheimHills,CA92807

Attn:PeterRipper

PhoneNumber:(800)999-3332x211

Email:

IftoBUSINESSASSOCIATE: HospitalName

Address

Attn:

PhoneNumber: Email:

(a) Implement Administrative, Physical and TechnicalSafeguardsthatreasonably and appropriately protect the confidentiality, integrity andavailability oftheElectronic ProtectedHealthInformation;

(b) Protect against any reasonably anticipated threatsorhazardstothesecurity orintegrityof suchinformation;

(c) Protectagainstanyreasonablyanticipateduses ordisclosuresofsuchinformation thatarenot permitted or required by the Privacy Regulations;

(d) Complywiththe securityregulationssetforthin

45 C.F.R.Parts160to 164;

(e) Ensure that any agent, including a subcontractor, towhomitprovidesElectronic ProtectedHealthInformation agreesto implement reasonable andappropriate safeguardstoprotectit;and

(f) ReporttoCoveredEntityanySecurity Incident ofwhichBUSINESSASSOCIATE becomes aware.

21. CompliancewithRedFlagRules. BUSINESS ASSOCIATE shalldevelopandimplement policiesand procedures designedtoprevent,detectandmitigate againstthereasonablyforeseeable risksofpersonaland medical identity theft in compliance with the requirements of the Identity Theft, Red Flags and Address Discrepancies under the Fair and Accurate CreditTransactionActof2003(“RedFlagRules”).

22. DataSecurity. BUSINESS ASSOCIATE representsand warrantsthat it will use commercially reasonableeffortstoimplementadministrative,technical andphysicalsafeguards andpoliciesandprocedures to complywiththePrivacyStandards andSecurity Standards ofHIPAA andotherapplicablelawsor regulations.

23. OwnerofPHI. Undernocircumstancesshall BUSINESSASSOCIATEbedeemedinanyrespectto betheownerofany PHIusedordisclosed by orto BUSINESSASSOCIATE pursuanttothetermsofthis Agreement.

24. ChangesinLaw. Thepartiesagreetoamend thisAgreement,asappropriate,toconformwith anynew orrevisedlegislation, rulesandregulations towhich COVEREDENTITYis subjectnowor in the future including,withoutlimitation, theARRAandits implementing regulations,aswellasthePrivacy Standards, SecurityStandards orTransactionsStandards ofHIPAA(collectively“Laws”).

COVEREDENTITY BUSINESSASSOCIATE

By: By:

Name / Title: Name / Title: Peter A. Ripper / President

Date: Date: