Common use of Information Technology; Data Protection Clause in Contracts

Information Technology; Data Protection. The IT Assets owned by, controlled by, or otherwise used in the conduct of the businesses of Amedisys and its subsidiaries are sufficient for, and operate and perform as needed by, Amedisys and its subsidiaries to adequately conduct their respective businesses as currently conducted, except for insufficiencies or failures to operate or perform that, individually or in the aggregate, would not reasonably be expected to have a Material Adverse Effect on Amedisys. Since January 1, 2021, to the knowledge of Amedisys, there have not been, and there are no known vulnerabilities or defects that would reasonably be expected to result in, any Security Breaches or unauthorized access or disclosure, unauthorized use, failures or unplanned outages or other adverse integrity or security access incidents affecting the IT Assets owned by or controlled by Amedisys or its subsidiaries or any other persons to the extent used by or on behalf of Amedisys or its subsidiaries (or, in each case, Personal Data and other information and transactions stored or contained therein or transmitted thereby), except as, individually or in the aggregate, would not reasonably be expected to have a Material Adverse Effect on Amedisys. Since January 1, 2021, except as, individually or in the aggregate, would not reasonably be expected to have a Material Adverse Effect on Amedisys, (A) Amedisys and its subsidiaries (1) have been in compliance with all Privacy and Security Requirements and any binding industry standards applicable to the industry in which each of Amedisys or any of its subsidiaries operates, and (2) have implemented and maintained a data security plan with commercially reasonable administrative, technical and physical safeguards to protect the IT Assets of Amedisys and its subsidiaries, and the Personal Data and other information and transactions stored or contained therein or transmitted thereby, against unauthorized access, use, loss and damage; (B) there have been no Actions related to any Security Breaches, other data security incidents, or violations of any Privacy and Security Requirements by Amedisys or any of its subsidiaries; and (C) none of Amedisys or any of its subsidiaries have sent (or been required to send) or received any written notices to or from any Person or Governmental Entity relating to violations or potential violations of any Privacy and Security Requirements. To the knowledge of Amedisys, since January 1, 2021, there has been no (x) unauthorized access, misuse of or damage to any IT Assets owned by or controlled by, or otherwise used in the conduct of the business of, Amedisys or any of its subsidiaries or (y) unauthorized access, use, misuse of, Processing or loss of, or damage to, any Personal Data maintained by or on behalf of Amedisys or any of its subsidiaries, in each case, except as, individually or in the aggregate, would not reasonably be expected to have a Material Adverse Effect on Amedisys.

Information Technology; Data Protection. The IT Assets owned by, controlled by, by or otherwise used in the conduct of the businesses of Amedisys OPCH and its subsidiaries are sufficient for, and operate and perform as needed by, Amedisys by OPCH and its subsidiaries to adequately conduct their respective businesses as currently conducted, except for insufficiencies or failures to operate or perform that, individually or in the aggregate, would not reasonably be expected to have a Material Adverse Effect on AmedisysOPCH. Since January 1, 2021, to the knowledge of AmedisysOPCH, there have not been, and there are no known vulnerabilities or defects that would reasonably be expected to result in, any Security Breaches or unauthorized access or disclosure, unauthorized use, failures or unplanned outages or other adverse integrity or security access incidents affecting the IT Assets owned by or controlled by Amedisys OPCH or its subsidiaries or any other persons to the extent used by or on behalf of Amedisys OPCH or its subsidiaries (or, in each case, Personal Data and other information and transactions stored or contained therein or transmitted thereby), except as, individually or in the aggregate, would not reasonably be expected to have a Material Adverse Effect on AmedisysOPCH. Since January 1, 2021, except as, individually or in the aggregate, would not reasonably be expected to have a Material Adverse Effect on AmedisysOPCH, (A) Amedisys OPCH and its subsidiaries (1) have been in compliance with all Privacy and Security Requirements and any binding industry standards applicable to the industry in which each of Amedisys OPCH or any of its subsidiaries operates, and (2) have implemented and maintained a data security plan with commercially reasonable administrative, technical and physical safeguards to protect the IT Assets of Amedisys OPCH and its subsidiaries, and the Personal Data and other information and transactions stored or contained therein or transmitted thereby, against unauthorized access, use, loss and damage; , (B) there have been no Actions related to any Security Breaches, other data security incidents, or violations of any Privacy and Security Requirements by Amedisys OPCH or any of its subsidiaries; , and (C) none of Amedisys OPCH or any of its subsidiaries have sent (or been required to send) or received any written notices to or from any Person or Governmental Entity relating to violations or potential violations of any Privacy and Security Requirements. To the knowledge of AmedisysOPCH, since January 1, 2021, there has been no (x) unauthorized access, misuse of or damage to any IT Assets owned by or controlled by, by or otherwise used in the conduct of the business of, Amedisys of OPCH or any of its subsidiaries or (y) unauthorized access, use, misuse of, Processing or loss of, or damage to, any Personal Data maintained by or on behalf of Amedisys OPCH or any of its subsidiaries, in each case, except as, individually or in the aggregate, would not reasonably be expected to have a Material Adverse Effect on AmedisysOPCH.

Information Technology; Data Protection. The IT Assets owned by, controlled by, or otherwise used in of Telaria and its Subsidiaries are adequate for the conduct of the businesses of Amedisys and its subsidiaries are sufficient for, and operate and perform as needed by, Amedisys and its subsidiaries to adequately conduct their respective businesses as currently conducted, except for insufficiencies or failures to operate or perform that, individually or in the aggregate, would not reasonably be expected to have a Material Adverse Effect on Amedisys. Since January 1, 20212017, to the knowledge Knowledge of AmedisysTelaria, there have not been, and there are no known vulnerabilities or defects that would reasonably be expected to result in, any Security Breaches or unauthorized access or disclosuresecurity breaches, unauthorized useaccess, failures or unplanned outages or other adverse integrity or security access incidents affecting the IT Assets owned by or controlled by Amedisys of Telaria or its subsidiaries Subsidiaries or any other persons Persons to the extent used by or on behalf of Amedisys Telaria or its subsidiaries Subsidiaries (or, in each case, Personal Data and other information and transactions stored or contained therein or transmitted thereby), in each case, except as, individually or and in the aggregate, would not reasonably be expected to have a Material Adverse Effect on AmedisysTelaria. Since January 1, 2021, except Except as, individually or and in the aggregate, would not reasonably be expected to have a Material Adverse Effect on AmedisysTelaria, Telaria and its Subsidiaries (A) Amedisys are and its subsidiaries (1) have been since January 1, 2017 in compliance with all Privacy Applicable Laws, as well as their own rules, policies and Security Requirements procedures, relating to privacy, data protection and any binding industry standards applicable to the industry in which each collection, retention, protection, transfer, use and processing of Amedisys or any of its subsidiaries operates, Personal Data and (2B) have implemented and maintained a data security plan with commercially reasonable administrative, technical and physical safeguards to protect the IT Assets of Amedisys and its subsidiaries, and the Personal Data and other information and transactions stored or contained therein or transmitted thereby, against unauthorized access, use, loss and damage; (B) there have been no Actions related to any Security Breaches, other data security incidents, or violations of any Privacy and Security Requirements by Amedisys or any of its subsidiaries; and (C) none of Amedisys or any of its subsidiaries have sent (or been required to send) or received any written notices to or from any Person or Governmental Entity relating to violations or potential violations of any Privacy and Security Requirements. To the knowledge Knowledge of AmedisysTelaria, since January 1, 20212017, there has been no (x) unauthorized access, misuse of or damage to any IT Assets owned by or controlled byaccess to, or otherwise used in the conduct of the business of, Amedisys or any of its subsidiaries or (y) unauthorized access, use, misuse of, Processing or loss of, or damage to, any Personal Data maintained by or on behalf of Amedisys Telaria or any of its subsidiariesSubsidiaries, in each case, except as, individually or and in the aggregate, would not reasonably be expected to have a Material Adverse Effect on AmedisysTelaria.

Information Technology; Data Protection. The IT Assets owned by, controlled by, or otherwise used in of Rubicon Project and its Subsidiaries are adequate for the conduct of the businesses of Amedisys and its subsidiaries are sufficient for, and operate and perform as needed by, Amedisys and its subsidiaries to adequately conduct their respective businesses as currently conducted, except for insufficiencies or failures to operate or perform that, individually or in the aggregate, would not reasonably be expected to have a Material Adverse Effect on Amedisys. Since January 1, 20212017, to the knowledge Knowledge of AmedisysRubicon Project, there have not been, and there are no known vulnerabilities or defects that would reasonably be expected to result in, any Security Breaches or unauthorized access or disclosuresecurity breaches, unauthorized useaccess, failures or unplanned outages or other adverse integrity or security access incidents affecting the IT Assets owned by or controlled by Amedisys of Rubicon Project or its subsidiaries Subsidiaries or any other persons Persons to the extent used by or on behalf of Amedisys Rubicon Project or its subsidiaries Subsidiaries (or, in each case, Personal Data and other information and transactions stored or contained therein or transmitted thereby), in each case, except as, individually or and in the aggregate, would not reasonably be expected to have a Material Adverse Effect on AmedisysRubicon Project. Since January 1, 2021, except Except as, individually or and in the aggregate, would not reasonably be expected to have a Material Adverse Effect on AmedisysRubicon Project, Rubicon Project and its Subsidiaries (A) Amedisys are and its subsidiaries (1) have been since January 1, 2017 in compliance with all Privacy Applicable Laws, as well as their own rules, policies and Security Requirements procedures, relating to privacy, data protection and any binding industry standards applicable to the industry in which each collection, retention, protection, transfer, use and processing of Amedisys or any of its subsidiaries operates, Personal Data and (2B) have implemented and maintained a data security plan with commercially reasonable administrative, technical and physical safeguards to protect the IT Assets of Amedisys and its subsidiaries, and the Personal Data and other information and transactions stored or contained therein or transmitted thereby, against unauthorized access, use, loss and damage; (B) there have been no Actions related to any Security Breaches, other data security incidents, or violations of any Privacy and Security Requirements by Amedisys or any of its subsidiaries; and (C) none of Amedisys or any of its subsidiaries have sent (or been required to send) or received any written notices to or from any Person or Governmental Entity relating to violations or potential violations of any Privacy and Security Requirements. To the knowledge Knowledge of AmedisysRubicon Project, since January 1, 20212017, there has been no (x) unauthorized access, misuse of or damage to any IT Assets owned by or controlled byaccess to, or otherwise used in the conduct of the business of, Amedisys or any of its subsidiaries or (y) unauthorized access, use, misuse of, Processing or loss of, or damage to, any Personal Data maintained by or on behalf of Amedisys Rubicon Project or any of its subsidiariesSubsidiaries, in each case, except as, individually or and in the aggregate, would not reasonably be expected to have a Material Adverse Effect on AmedisysRubicon Project.

Information Technology; Data Protection. The IT Assets owned by, controlled by, or otherwise used in the conduct of the businesses of Amedisys Raytheon and its subsidiaries are sufficient for, and operate and perform as needed by, Amedisys by Raytheon and its subsidiaries to adequately conduct their respective businesses as currently conducted, except for insufficiencies or failures to operate or perform that, individually or in the aggregate, would not reasonably be expected to have a Material Adverse Effect on AmedisysRaytheon. Since January 1, 20212017, to the knowledge of AmedisysRaytheon, there have not been, and there are no known vulnerabilities or defects that would reasonably be expected to result in, any Security Breaches or unauthorized access or disclosuresecurity breaches, unauthorized useaccess, failures or unplanned outages or other adverse integrity or security access incidents (i) affecting the IT Assets owned by or controlled by Amedisys of Raytheon or its subsidiaries or any other persons to the extent used by or on behalf of Amedisys Raytheon or its subsidiaries (or, in each case, Personal Data and other information and transactions stored or contained therein or transmitted thereby)) or (ii) resulting in a partial or complete loss of control of any products of Raytheon or its subsidiaries, in each case, except as, individually or in the aggregate, would not reasonably be expected to have a Material Adverse Effect on AmedisysRaytheon. Since January 1, 2021, except Except as, individually or in the aggregate, would not reasonably be expected to have a Material Adverse Effect on AmedisysRaytheon, (A) Amedisys Raytheon and its subsidiaries (1A) are and have been since January 1, 2017 in compliance with all Privacy Applicable Laws, as well as their own rules, policies and Security Requirements procedures, relating to privacy, data protection and any binding industry standards applicable to the industry in which each collection, retention, protection, transfer, use and processing of Amedisys or any of its subsidiaries operates, Personal Data and (2B) have implemented and maintained a data security plan with commercially reasonable administrative, technical and physical safeguards to protect the IT Assets of Amedisys and its subsidiaries, and the Personal Data and other information and transactions stored or contained therein or transmitted thereby, against unauthorized access, use, loss and damage; (B) there have been no Actions related to any Security Breaches, other data security incidents, or violations of any Privacy and Security Requirements by Amedisys or any of its subsidiaries; and (C) none of Amedisys or any of its subsidiaries have sent (or been required to send) or received any written notices to or from any Person or Governmental Entity relating to violations or potential violations of any Privacy and Security Requirements. To the knowledge of AmedisysRaytheon, since January 1, 20212017, there has been no (x) unauthorized access, misuse of or damage to any IT Assets owned by or controlled byaccess to, or otherwise used in the conduct of the business of, Amedisys or any of its subsidiaries or (y) unauthorized access, use, misuse of, Processing or loss of, or damage to, any Personal Data maintained by or on behalf of Amedisys Raytheon or any of its subsidiaries, in each case, except as, individually or in the aggregate, would not reasonably be expected to have a Material Adverse Effect on AmedisysRaytheon.

Information Technology; Data Protection. The IT Assets owned by, controlled by, or otherwise used in the conduct of the businesses of Amedisys UTC RemainCo and its subsidiaries are sufficient for, and operate and perform as needed by, Amedisys by UTC RemainCo and its subsidiaries to adequately conduct their respective businesses as currently conducted, except for insufficiencies or failures to operate or perform that, individually or in the aggregate, would not reasonably be expected to have a Material Adverse Effect on AmedisysUTC. Since January 1, 20212017, to the knowledge of AmedisysUTC, there have not been, and there are no known vulnerabilities or defects that would reasonably be expected to result in, any Security Breaches or unauthorized access or disclosuresecurity breaches, unauthorized useaccess, failures or unplanned outages or other adverse integrity or security access incidents (i) affecting the IT Assets owned by or controlled by Amedisys of UTC RemainCo or its subsidiaries or any other persons to the extent used by or on behalf of Amedisys UTC RemainCo or its subsidiaries (or, in each case, Personal Data and other information and transactions stored or contained therein or transmitted thereby)) or (ii) resulting in a partial or complete loss of control of any products of UTC RemainCo or its subsidiaries, in each case, except as, individually or in the aggregate, would not reasonably be expected to have a Material Adverse Effect on AmedisysUTC. Since January 1, 2021, except Except as, individually or in the aggregate, would not reasonably be expected to have a Material Adverse Effect on AmedisysUTC, (A) Amedisys UTC RemainCo and its subsidiaries (1A) are and have been since January 1, 2017 in compliance with all Privacy Applicable Laws, as well as their own rules, policies and Security Requirements procedures, relating to privacy, data protection and any binding industry standards applicable to the industry in which each collection, retention, protection, transfer, use and processing of Amedisys or any of its subsidiaries operates, Personal Data and (2B) have implemented and maintained a data security plan with commercially reasonable administrative, technical and physical safeguards to protect the IT Assets of Amedisys and its subsidiaries, and the Personal Data and other information and transactions stored or contained therein or transmitted thereby, against unauthorized access, use, loss and damage; (B) there have been no Actions related to any Security Breaches, other data security incidents, or violations of any Privacy and Security Requirements by Amedisys or any of its subsidiaries; and (C) none of Amedisys or any of its subsidiaries have sent (or been required to send) or received any written notices to or from any Person or Governmental Entity relating to violations or potential violations of any Privacy and Security Requirements. To the knowledge of AmedisysUTC, since January 1, 20212017, there has been no (x) unauthorized access, misuse of or damage to any IT Assets owned by or controlled byaccess to, or otherwise used in the conduct of the business of, Amedisys or any of its subsidiaries or (y) unauthorized access, use, misuse of, Processing or loss of, or damage to, any Personal Data maintained by or on behalf of Amedisys UTC RemainCo or any of its subsidiaries, in each case, except as, individually or in the aggregate, would not reasonably be expected to have a Material Adverse Effect on AmedisysUTC.