Compliance with Data Privacy Laws The Company and its Subsidiaries are, and at all prior times were, in compliance with all applicable state and federal data privacy and security laws and regulations, including without limitation HIPAA, and the Company and its Subsidiaries have taken commercially reasonable actions to prepare to comply with, and since May 25, 2018, have been and currently are in compliance with, the GDPR (EU 2016/679) (collectively, the “Privacy Laws”) except in each case, where such would not, either individually or in the aggregate, reasonably be expected to result in a Material Adverse Effect. To ensure compliance with the Privacy Laws, the Company and its Subsidiaries have in place, comply with, and take appropriate steps reasonably designed to ensure compliance in all material respects with their policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling, and analysis of Personal Data (the “Policies”). The Company and its Subsidiaries have at all times made all disclosures to users or customers required by applicable laws and regulatory rules or requirements, and none of such disclosures made or contained in any Policy have, to the knowledge of the Company, been inaccurate or in violation of any applicable laws and regulatory rules or requirements in any material respect. The Company further certifies that neither it nor any Subsidiary: (i) has received notice of any actual or potential liability under or relating to, or actual or potential violation of, any of the Privacy Laws, and has no knowledge of any event or condition that would reasonably be expected to result in any such notice; (ii) is currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Privacy Law; or (iii) is a party to any order, decree, or agreement that imposes any obligation or liability under any Privacy Law.
Compliance with Health Care Laws Each of the Company and its Subsidiaries is, and at all times has been, in compliance in all material respects with all applicable Health Care Laws, and has not engaged in activities which are, as applicable, cause for false claims liability, civil penalties, or mandatory or permissive exclusion from Medicare, Medicaid, or any other state or federal health care program. For purposes of this Agreement, “Health Care Laws” means: (i) the Federal Food, Drug, and Cosmetic Act (21 U.S.C. §§ 301 et seq.), the Public Health Service Act (42 U.S.C. §§ 201 et seq.), and the regulations promulgated thereunder; (ii) all applicable federal, state, local and all applicable foreign health care related fraud and abuse laws, including, without limitation, the U.S. Anti-Kickback Statute (42 U.S.C. Section 1320a-7b(b)), the U.S. Physician Payment Sunshine Act (42 U.S.C. § 1320a-7h), the U.S. Civil False Claims Act (31 U.S.C. Section 3729 et seq.), the criminal False Claims Law (42 U.S.C. § 1320a-7b(a)), all criminal laws relating to health care fraud and abuse, including but not limited to 18 U.S.C. Sections 286 and 287, and the health care fraud criminal provisions under the U.S. Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) (42 U.S.C. Section 1320d et seq.), the exclusion laws (42 U.S.C. § 1320a-7), the civil monetary penalties law (42 U.S.C. § 1320a-7a), HIPAA, as amended by the Health Information Technology for Economic and Clinical Health Act (42 U.S.C. Section 17921 et seq.), and the regulations promulgated pursuant to such statutes; (iii) Medicare (Title XVIII of the Social Security Act); (iv) Medicaid (Title XIX of the Social Security Act); (v) the Controlled Substances Act (21 U.S.C. §§ 801 et seq.) and the regulations promulgated thereunder; and (vi) any and all other applicable health care laws and regulations. Neither the Company nor, to the knowledge of the Company, any subsidiary has received notice of any claim, action, suit, proceeding, hearing, enforcement, investigation, arbitration or other action from any court or arbitrator or governmental or regulatory authority or third party alleging that any product operation or activity is in material violation of any Health Care Laws, and, to the Company’s knowledge, no such claim, action, suit, proceeding, hearing, enforcement, investigation, arbitration or other action is threatened. Neither the Company nor, to the knowledge of the Company, any subsidiary is a party to or has any ongoing reporting obligations pursuant to any corporate integrity agreements, deferred prosecution agreements, monitoring agreements, consent decrees, settlement orders, plans of correction or similar agreements with or imposed by any governmental or regulatory authority. Additionally, neither the Company, its Subsidiaries nor any of its respective employees, officers or directors has been excluded, suspended or debarred from participation in any U.S. federal health care program or human clinical research or, to the knowledge of the Company, is subject to a governmental inquiry, investigation, proceeding, or other similar action that could reasonably be expected to result in debarment, suspension, or exclusion.
