VeriCenter Master Services Agreement

Exhibit 10.1

No. 0002204-QUO

EXECUTION FINAL

VeriCenter

Master Services Agreement

This Master Services Agreement No. 0002204-QUO (the “MSA”) between VeriCenter, Inc. (“VeriCenter”) and Quovadx, Inc (“Customer”) is made effective as of September 30, 2005 (the “Effective Date”).

Article 1 – Introduction

1.1 General. This MSA sets forth the terms and conditions of VeriCenter’s delivery and Customer’s receipt of any or all of the services provided by VeriCenter, including Professional Services. The specific Services to be provided under this MSA are identified in the Order Forms submitted by Customer and accepted by VeriCenter and described in detail in the Order Forms and/or Statements of Work attached to each Order Form. The service levels VeriCenter will provide to Customer for each Service ordered, other than Professional Services, are defined in detail in the Service Level Agreements. Each Service Level Agreement and Order Form submitted, accepted and executed by both parties is hereby incorporated by reference into this MSA. This MSA is intended to cover any and all Services ordered by Customer and provided by VeriCenter.

1.2 Definitions. Capitalized terms used and not elsewhere defined in this MSA, have the meanings given them in Schedule 1.2 to this MSA.

Article 2 – Delivery of Services and Term

2.1 Delivery of Services.

(a) General. By submitting an Order Form, Customer agrees to receive and pay for in accordance with the terms hereof, and, by accepting the Order Form, VeriCenter agrees to provide, the Services specified on the Order Form during the Initial Term and for any Renewal Term, as specified in Section 2.2(b).

(b) Delivery of Supplemental Services. The purpose of this provision is to enable VeriCenter to provide Customer with certain limited services and equipment needed by Customer on a “one-off” or emergency basis (“Supplemental Services”) where such services are not included within the scope of the Services as described in the Order Form and/or Statements of Work. Supplemental Services may include, as an example, a request from Customer to VeriCenter via telephone that VeriCenter immediately replace a problem Customer server with a VeriCenter server for a temporary period of time. VeriCenter shall notify Customer of the fees for any Supplemental Services requested by Customer and obtain Customer’s written approval prior to providing such services. Customer agrees to pay VeriCenter the approved fees charged by VeriCenter for Supplemental Services. VeriCenter will use commercially reasonable efforts to provide Supplemental Services, which shall be subject to the terms hereof., including applicable express warranties. Vericenter shall have no obligation to determine the need for or to provide Supplemental Services.

(c) Delivery of Supplemental Services on an Emergency Basis. In the event VeriCenter reasonably determines that Supplemental Services are required on an emergency basis, VeriCenter may provide such services without the consent of Customer, thereafter provide notice of the services to Customer and xxxx Customer at its then standard hourly rates, as provided to Customer from time to time (“Standard Hourly Rates”) for such services. VeriCenter’s standard hourly rates as of the date of this Agreement are set forth in Schedule 2.1. Customer agrees to pay VeriCenter the reasonable fees charged by VeriCenter for Supplemental Services required on an emergency basis, not to exceed [*]on any one occasion.

(d) Billing for Supplemental Services. Customer will be charged for Supplemental Services in the invoice issued the month following delivery of the Supplemental Services.

2.2 Term of Services.

(a) Commencement of Initial Term. The term of this MSA shall commence on the Effective Date and end on the date on which there are no longer any Services being provided hereunder. The term of this MSA and any Services being performed hereunder may be terminated earlier as set forth below in Section 10. The term for each Service will commence on the Service Commencement Date indicated in the Notice of Service Commencement delivered by VeriCenter to Customer and signed by Customer. VeriCenter will begin providing each Service to Customer on the applicable Service Commencement Date and each Service will continue for an Initial Term of three years.

(b) Renewal Terms. Each Service will continue automatically for additional terms equal to the Initial Term (“Renewal Term”) unless either Party notifies the other Party in writing at least thirty (30) days prior to the end of the Initial Term or a Renewal Term, as applicable, that it has elected to terminate such Service, in which case such Service shall terminate at the end of such term, provided however that in the event of a termination by VeriCenter, the Services shall continue for a period of up to 120 days after the end of the term to allow Customer to make an orderly transition to another facility. The termination of any Service will not affect Customer’s obligations to pay for other Services. Except as otherwise expressly provided in this MSA, VeriCenter is obligated to provide and Customer is obligated to pay for each Service through its Initial Term and any Renewal Term.

Article 3 – Payment Terms for Fees and Expenses

3.1 Fees and Expenses. Customer will pay all fees and expenses due according to the prices and terms listed in the Order Forms. The prices listed in the Order Forms will remain in effect during the Initial Term indicated in the Order Forms and will continue thereafter, unless modified in accordance with Section 2.2(b).


MASTER SERVICES AGREEMENT		Page 1 of 10
VERICENTER CONFIDENTIAL AND PROPRIETARY

[*] We are seeking confidential treatment of these terms which have been omitted. The confidential portions have been filed separately with the Securities and Exchange Commission.

No. 0002204-QUO

EXECUTION FINAL

3.2 Payment Terms. On the Service Commencement Date for each Service, Customer will be billed an amount equal to all non-recurring charges indicated in the Order Form and the monthly recurring charges for the first month of the term. Monthly recurring charges for all other months will be billed in advance of the provision of Services. All other charges for Services received and expenses incurred during a month (e.g., time and materials billing fees, travel expenses, etc.) will be billed at the end of the month in which the Services were provided. Charges stated in the Order Forms shall be all inclusive for the Services specified in the Order Forms, and Customer shall not be invoiced for pass-through or other expenses except as expressly agreed in an Order Form. Time and materials based charges shall, unless otherwise agreed in an Order Form, be based upon the Standard Hourly Rates. Payment for all fees and expenses is due 30 days after receipt of each VeriCenter invoice. All payments will be made in the United States in U.S. dollars.

3.3 Late Payments. Any payment (other than amounts disputed in good faith by Customer) not received within sixty (60) days of the due date will accrue interest at a rate of one percent (1 %) per month, or the highest rate allowed by applicable law, whichever is lower. VeriCenter reserves the right to shut down any service for undisputed payments greater than 90 days past due.

3.4 Taxes. All fees charged by VeriCenter for Services are exclusive of all taxes and similar fees now in force or enacted in the future imposed on the transaction or the delivery of Services, all of which Customer will be responsible for and will pay in full, except for franchise taxes and taxes based on VeriCenter’s net income.

Article 4 – Confidential Information; Intellectual Property Ownership; License Grants

4.1 Confidential Information.

(a) Nondisclosure of Confidential Information. Each party acknowledges that it will have access to certain confidential information of the other party concerning the other party’s business, plans, customers, technology, and products, and other information held in confidence by the other party (“Confidential Information”). Confidential Information will include all information in tangible or intangible form that is marked or designated as confidential, and all information that includes any business or technical nonpublic information of Customer or VeriCenter, including but not limited to any information relating to either party’s products, services, marketing plans, business opportunities or personnel, any third-party customer or protected health information of Customer or that, under the circumstances of its disclosure, should be considered confidential. Confidential Information will also include, but not be limited to, VeriCenter Technology, Customer Technology, and the terms and conditions of this MSA and all documents incorporated by reference into this MSA. Each party agrees that it will maintain the Confidential Information of the other party in strict confidence and that it will not use in any way, for its own account or the account of any third party, except as expressly permitted by, or required to achieve the purposes of, this MSA, nor disclose to any third party (except as required by law or to that party’s attorneys, accountants and other advisors as reasonably necessary), any of the other party’s Confidential Information (and in each such case only subject to binding use and disclosure restrictions at least as protective as those set forth herein). Each party also agrees that it will take reasonable precautions to protect the confidentiality of the other party’s Confidential Information, at least as stringent as it takes to protect its own Confidential Information.

(b) Exceptions. Information will not be deemed Confidential Information under this MSA if such information: (i) is known to the receiving party prior to receipt from the disclosing party directly or indirectly from a source other than one having an obligation of confidentiality to the disclosing party; (ii) becomes known (independently of disclosure by the disclosing party) to the receiving party directly or indirectly from a source other than one having an obligation of confidentiality to the disclosing party; (iii) becomes publicly known or otherwise ceases to be secret or confidential, except through a breach of this MSA by the receiving party; or (iv) is demonstrated by the receiving party to have been independently developed by the receiving party. The receiving party may disclose Confidential Information pursuant to the valid order or requirements of a court or governmental agency, provided that it gives the disclosing party reasonable prior written notice sufficient to permit the disclosing party to contest such disclosure.

4.2 Intellectual Property.

(a) Ownership. Except for the rights expressly granted in this MSA, this MSA does not transfer from VeriCenter to Customer any VeriCenter Technology, and all right, title and interest in and to VeriCenter Technology will remain solely with VeriCenter. Except for the rights expressly granted in this MSA, this MSA does not transfer from Customer to VeriCenter any Customer Technology, and all right, title and interest in and to Customer Technology will remain solely with Customer. VeriCenter and Customer each agrees that it will not, directly or indirectly, reverse engineer, decompile, disassemble or otherwise attempt to derive source code or other trade secrets from the other party. VeriCenter Technology shall in no event include Customer’s data, including patient third-party customer or protected health information, or other content provided by Customer.

(b) General Skills and Knowledge. Notwithstanding anything to the contrary in this MSA, either party may use at any time any skills or knowledge of a general nature acquired during the course of providing or receiving the Services, including, without limitation, in the case of VeriCenter, information publicly known or available or that could reasonably be acquired in similar work performed for another customer of VeriCenter.

4.3 License Grants.

(a) By VeriCenter. VeriCenter hereby grants to Client a nonexclusive, royalty-free license, during the term of this MSA, to use the VeriCenter Technology solely for purposes of using the Services. Customer shall have no right to use the VeriCenter Technology for any purpose other than using the Services.

(b) By Customer. Customer agrees that if, in the course of performing the Services, it is necessary for VeriCenter to use Customer Technology, VeriCenter is hereby granted and shall have a nonexclusive, royalty-free license, during the term of this MSA, to use the Customer Technology solely for the purposes of delivering the Services to Customer. VeriCenter shall have no right to use the Customer Technology for any purpose other than providing the Services.

Article 5 – VeriCenter Representations and Warranties and Covenants

5.1 General.

(a) Authority and Performance of VeriCenter. VeriCenter represents and warrants that (i) it has the legal right and authority to enter into this MSA and perform its obligations under this MSA, (ii) the performance of its obligations and delivery of the Services to Customer will not violate any applicable U.S., state or local laws or


MASTER SERVICES AGREEMENT		Page 2 of 10
VERICENTER CONFIDENTIAL AND PROPRIETARY

No. 0002204-QUO

EXECUTION FINAL

regulations, including OSHA and HIPAA requirements, or cause a breach of any agreements with any third parties and (iii) VeriCenter and each of its officers, directors, employees, representatives, or agents are not barred, suspended or prohibited from participation in any Medicare/Medicaid program. In the event of a breach of the warranties set forth in this Section 5.1(a), Customer’s sole remedy is termination pursuant to Article 10.

(b) Date Compliance. VeriCenter warrants that none of the computer hardware and software systems and equipment incorporated into or utilized in the delivery of the Services contains any date dependent routines or logic which will fail to operate correctly by reason of such date dependence; provided, however, that no representation or warranty is made as to the adequacy of any Customer or third party service provider hardware or software used in connection with the Services except for third party hardware and software provided by VeriCenter. In the event of any breach of the warranties under this Section 5.1(b), Customer’s sole remedy is termination pursuant to Article 10 of this MSA.

(c) HIPAA Compliance. VeriCenter will comply with all applicable provisions of the federal privacy regulations as set forth at 45 C.F.R. Parts 160 through 164 (the “Federal Privacy Regulations”) and the federal security regulations set forth in proposed form at 45 C.F.R. Part 142 (the “Federal Security Regulations”), and as they may be amended or changed from time to time in the future (collectively, “HIPPA Requirements”). The parties shall execute the Business Associate Addendum.

5.2 Service Level Warranties.

(a) Service Level Warranty. Subject to the exceptions set forth in the Service Level Agreement applicable to a specific Service, VeriCenter warrants that it will provide each Service at or above the service levels defined in the applicable Service Level Agreement (the “Service Level Warranty”).

(b) Remedies. In the event that VeriCenter fails to provide a Service at the level required by the Service Level Warranty, Customer’s only remedies are those set forth in the Service Level Agreement applicable to that Service (the “Remedies”).

(c) Remedies Shall Be Cumulative; Maximum Remedy. The Remedies set forth in each Service Level Agreement are cumulative. The aggregate maximum Remedy for any and all failures to provide Services at the level required by a particular Service Level Agreement that occur in a single calendar month shall not exceed the maximum set forth in such Service Level Agreement.

(d) Termination Option for Chronic Problems. Customer may terminate a specific Service if the Customer experiences Chronic Problems (as defined in the applicable Service Level Agreement) with such Service. If the Service Level Agreement for a specific Service so provides, or if Customer experiences Chronic Problems in more than one Service Level Agreement during any twelve (12) month period, Customer may terminate this MSA if Customer experiences Chronic Problems with such Service. Customer must provide VeriCenter written notice of termination for Chronic Problems as specified in the Service Level Agreement and such termination will be effective as provided in the Service Level Agreement.

(e) The service level warranty set forth in this section 5.2 does not apply to (i) any Professional Services except as expressly provided in any applicable service level agreement; (ii) any Supplemental Services; or (iii) any Services that expressly exclude this service level warranty (as stated in the Service Level Agreements for such Services).

5.3 Service Performance Warranty. VeriCenter warrants that it will perform the Services in a timely, professional and workmanlike manner consistent with the highest industry standards reasonably applicable to the performance thereof.

5.4 SECURITY SERVICES. VERICENTER WILL USE COMMERCIALLY REASONABLE MEASURES TO PROVIDE SECURITY IN CONNECTION WITH THE PROVISION OF THE SERVICES, INCLUDING BUT NOT LIMITED TO, AS APPLICABLE (I) OPERATING CUSTOMER’S SYSTEMS ON SECURE EQUIPMENT LOCATED IN A PHYSICALLY SECURE DATA CENTER, (II) EMPLOYING TECHNOLOGY THAT IS CONSISTENT WITH INDUSTRY STANDARDS FOR FIREWALLS AND OTHER SECURITY TECHNOLOGY TO HELP PREVENT CUSTOMER’S SYSTEMS HOSTED BY VERICENTER FROM BEING ACCESSED BY UNAUTHORIZED PERSONS, (III) HAVING, MAINTAINING AND IMPLEMENTING INDUSTRY STANDARD PHYSICAL SECURITY MEASURES AND POLICIES, (IV) EMPLOYING TECHNOLOGY THAT IS CONSISTENT WITH INDUSTRY STANDARDS FOR BACKUP AND RECOVERY OF CUSTOMER’S DATA AND SYSTEMS, (V) UTILIZING COMMERCIALLY ACCEPTABLE PRACTICES TO VALIDATE THE DATA ON THE TAPE MATCHES DATA ON THE DISKS BEING BACKED UP, AND (VI) PROVIDING COPIES OF THE MOST CURRENT SAS 70 AUDIT REPORT, WHICH SHALL BE TREATED AS CONFIDENTIAL INFORMATION OF VERICENTER. VERICENTER AGREES TO USE COMMERCIALLY REASONABLE EFFORTS TO SAFEGUARD CUSTOMER’S SYSTEMS FROM VIRUSES, WORMS, TROJAN HORSES, OTHER MALICIOUS CODE OR SECURITY FLAWS. VERICENTER’S SECURITY SHALL COMPLY WITH ALL APPLICABLE LAWS AND REGULATIONS AND THE REQUIREMENTS SET FORTH IN THE BUSINESS ASSOCIATE ADDENDUM .

5.5 No Other Warranty. Except for the express warranties in this MSA or any Service Level Agreement, VeriCenter does not make, and hereby disclaims, any and all other Express or implied warranties, including, but not limited to, warranties of merchantability, fitness for a particular purpose, noninfringement and title, and any warranties arising from a course of dealing, usage, or trade practice. VeriCenter does not warrant that the Services will be uninterrupted, error-free, or completely secure.

5.6 Disclaimer of Actions Caused by or Under the Control of Third Parties. VeriCenter does not and cannot control the flow of data to or from VeriCenter’s network and other portions of the internet. Such flow depends in large part on the performance of internet services provided or controlled by third parties. At times, actions or inactions of such third parties can impair or disrupt customer’s connections to the Internet (or portions thereof). Although VeriCenter will use commercially reasonable efforts to take all actions it deems appropriate to remedy and avoid such events, VeriCenter cannot guarantee that such events will not occur. Accordingly, VeriCenter disclaims any and all liability resulting from or related to such events.

Article 6 – Customer Representations, Warranties and Obligations


MASTER SERVICES AGREEMENT		Page 3 of 10
VERICENTER CONFIDENTIAL AND PROPRIETARY

No. 0002204-QUO

EXECUTION FINAL

6.1 Representations and Warranties of Customer.

(a) Authority and Performance. Customer represents and warrants that (i) it has the legal right and authority to enter into this MSA and perform its obligations under this MSA, and (ii) the performance of its obligations and use of the Services (by Customer, its customers and users) will not violate any applicable laws, regulations or the Acceptable Use Policy or cause a breach of any agreements with any third parties or unreasonably interfere with other VeriCenter customers’ use of VeriCenter services.

(b) Breach of Warranties. In the event of any breach of any of the foregoing warranties, VeriCenter will not have the right to suspend Services, but will have any other remedies available at law or in equity. VeriCenter will provide notice and opportunity to cure if practicable depending on the nature of the breach. Once cured, VeriCenter will promptly restore the Services.

6.2 Compliance with Law and Acceptable Use Policy. Customer agrees that it will use the Services only for lawful purposes and in accordance with this MSA. Customer will comply at all times with all applicable laws and regulations and the Acceptable Use Policy, as updated by VeriCenter from time to time. The Acceptable Use Policy are incorporated into this MSA and made a part of this MSA by this reference. VeriCenter may change the Acceptable Use Policy upon fifteen (15) days’ notice to Customer. Customer agrees that it has received, read and understands the current version of the Acceptable Use Policy. The Acceptable Use Policy contains restrictions on Customers and Customer’s users’ online conduct (including prohibitions against unsolicited commercial email) and contains penalties for violations of such restrictions. Customer agrees to comply with such restrictions and, in the event of a failure to comply, Customer agrees to be subject to the penalties in accordance with the Acceptable Use Policy. Customer acknowledges that VeriCenter exercises no control whatsoever over the content of the information passing through Customer’s sites and that it is the sole responsibility of Customer to ensure that the information it and its users transmit and receive complies with all applicable laws and regulations and the Acceptable Use Policy.

6.3 Accesses and Security. Except with the advanced written consent of VeriCenter, Customer’s access to the VeriCenter Data Centers will be limited solely to the Representatives as set forth in the Customer Registration Form which is hereby incorporated by reference into this MSA. Representatives may only access the VeriCenter Data Centers when accompanied by an authorized VeriCenter representative or with a properly issued VeriCenter access badge.

6.4 Restrictions on Use of Services. Customer shall not, without the prior written consent of VeriCenter (which may be withheld in its sole discretion), resell the Services to any third parties.

Article 7 – Insurance

7.1 VeriCenter Minimum Levels. During the term of this Agreement and prior to the performance of any service hereunder by VeriCenter, VeriCenter shall, at its own expense, procure and maintain the following insurance coverage of the type and amounts specified below for the benefit and protection of Customer and VeriCenter, which insurance coverage shall be maintained in full force and effect through out the entire term of this Agreement and until all of the Services are completed and accepted for final payment:

(a) A Commercial General Liability Insurance Policy with a limit of not less than [*] per occurrence and [*] in the aggregate providing coverage for bodily injury, personal injury and property damage for the mutual interest of both Customer and VERICENTER, with respect to all operations. Any general liability policy provided by VeriCenter hereunder shall include, but not be limited to, the following coverage: (i) premises and operations; (ii) products/completed operations; (iii) contractual liability; (iv) personal injury and advertising injury liability; (v) independent provider’s liability; (vi) severability of interest clause; and (vii) broad form property damage. Any general liability policy provided by VeriCenter shall apply as primary insurance, and any other insurance maintained by Customer or its Affiliates, or any of their directors, officers, agents or employees, or any Customer self-funded program, shall be excess only and not contributing with such coverage;

(b) Professional Liability Insurance including Internet professional and security liability coverage that contains limits, including umbrella coverage, of not less than [*] per claim, with an aggregate limit of not less than [*] providing coverage for wrongful acts in the rendering of, or failure to render, professional services with regards to electronic data losses or damage or breaches of electronic data security, employee dishonesty and computer fraud coverage, and shall include but not be limited to, VeriCenter’s obligations under HIPAA; as of the Effective Date, the coverage will not contain specific, express exclusions for design errors, destruction of data (other than casualty exclusions) or failure to design an adequate system arising out of VeriCenter’s wrongful acts in the rendering of, or failure to render, professional services to Customer and/or its Affiliates and VeriCenter will make commercially reasonable efforts to provide that such specific, express exclusions will not be contained in the professional liability insurance during the Term of this Agreement;

(c) Workers’ Compensation Insurance with statutory limits to include Employer’s Liability with a limit of not less than [*].

(d) Property Insurance. VeriCenter shall provide insurance on all property owned by VeriCenter and provided under this Agreement. Such policy shall provide “all risk” perils, and shall be written on a basis of one hundred percent (100%) replacement value of the property. Coverage shall include business personal property, electronic data processing, tenant improvements, business interruption (including mechanical breakdown), business income and extra expense, property of others in the care, custody, and control of the insured, and transit.

Any deductible or self-insured retention must be declared to Customer along with any changes thereto and shall be the responsibility of VeriCenter. No insurance of VeriCenter shall be co-insurance, contributing insurance or primary insurance with Customer’s insurance. VeriCenter shall maintain such insurance in effect during the term of this MSA, except the professional liability insurance which shall be maintained for a minimum of two (2) years following termination or completion of VeriCenter’s performance of its obligations under this Agreement. VeriCenter’s insurance companies shall be licensed to do business in the State of Colorado (with the exception of the professional liability coverage) and will have an A.M. Best Guide Rating of at least A:VII or better. Any insurance company of the VeriCenter with a rating of less than A:VII will not be acceptable to the Customer. VeriCenter is solely responsible for all deductibles and/or self insured retentions under their policies.

7.2 Customer Minimum Levels. In order to provide customers with physical access to facilities operated by VeriCenter and equipment owned by third parties, VeriCenter is required by its insurers to ensure that each VeriCenter customer maintains adequate insurance coverage. Customer agrees to keep in full force and effect during the term of this


MASTER SERVICES AGREEMENT		Page 4 of 10
VERICENTER CONFIDENTIAL AND PROPRIETARY

[*] We are seeking confidential treatment of these terms which have been omitted. The confidential portions have been filed separately with the Securities and Exchange Commission.

No. 0002204-QUO

EXECUTION FINAL

MSA: (i) comprehensive general liability insurance in an amount not less than [*] per occurrence for bodily injury and property damage and (ii) workers compensation insurance in an amount not less than that required by applicable law. Customer agrees that it will ensure and be solely responsible for ensuring that its agents (including contractors and subcontractors) maintain insurance coverage at levels no less than those required by applicable law and customary in Customer’s and its agents’ industries.

7.3 Certificates of Insurance. Promptly following execution of this MSA, each of the parties will (i) deliver to the other party certificates of insurance which evidence the minimum levels of insurance set forth above; (ii) cause its insurance providers to name the other party as an additional insured on the general liability policy and notify the other party in writing of the effective date thereof, and (iii) cause its general liability and worker’s compensation policies to contain a waiver of subrogation in favor of the other party.

Article 8 – Limitations of Liability

8.1 Personal Injury. Each Representative and any other person visiting a VeriCenter Data Center does so at its own risk. VeriCenter assumes no liability whatsoever for any harm to such persons resulting from any cause other than the negligence or willful misconduct of VeriCenter.

8.2 Consequential Damages Waiver. Except for a breach of Section 4.1 (“Confidential Information”), Section 4.2 (“Intellectual Property”) or Section 9.1 (“Indemnification”) of this agreement, in no event will either party be liable or responsible to the other for any type of exemplary, special, punitive, indirect or consequential damages, including, but not limited to, lost revenue, lost profits, or interruption or loss of use of service or equipment, even if advised of the possibility of such damages, whether arising under theory of contract, tort (including negligence), strict liability or otherwise. Except for a breach of Section 4.1, Section 4.2 or Section 9.1 of this agreement, or in the case of gross negligence, reckless, illegal or fraudulent acts or omissions , [*]

8.3 Basis of the Bargain; Failure of Essential Purpose. The parties agree that the limitations and exclusions of liability and disclaimers specified in this MSA represent the parties’ agreement as to the allocation of risk between the parties in connection with VeriCenter’s obligations under this MSA and that such limitations, exclusions and disclaimers will survive and apply even if found to have failed of their essential purpose. The parties acknowledge that VeriCenter has set its prices and entered into this MSA in reliance upon the limitations of liability and the disclaimers of warranties and damages set forth in this MSA, and that the same form an essential basis of the bargain between the parties.

Article 9 – Indemnification

9.1 Indemnification. Each party will indemnify, defend and hold the other harmless from and against any and all costs, liabilities, losses, and expenses (including, but not limited to, reasonable attorneys’ fees) (collectively, “Losses”) resulting from any claim, suit, action, or proceeding (each, an “Action”) brought by any third party against the other or its affiliates alleging (i) the infringement or misappropriation of any intellectual property right relating to the delivery or use of the Services (but excluding any infringement caused by the other party); (ii) personal injury caused by the negligence or willful misconduct of the other party; (iii) any violation of or failure to comply with the Acceptable Use Policy and (iv) violation of any applicable statute or regulation regarding the confidentiality, privacy or security of information. Customer will indemnify, defend and hold VeriCenter, its affiliates and customers harmless from and against any and all Losses resulting from or arising out of any Action brought against VeriCenter, its affiliates or customers alleging any damage or destruction to the VeriCenter Data Centers, VeriCenter equipment or other customers’ equipment caused by the negligence or willful misconduct of Customer, its Representatives or designees

9.2 Notice. Each party’s indemnification obligations under this MSA shall be subject to (i) receiving prompt written notice of the existence of any Action; (ii) being able to, at its option, control the defense of such Action; (iii) permitting the indemnified party to participate in the defense of any Action; and (iv) receiving reasonable cooperation of the indemnified party in the defense thereof.

Article 10 – Termination

10.1 Termination For Cause. Either party may terminate this MSA, effective as of the date specified in written notice of termination provided to the other party, if: (i) the other party breaches any material term or condition of this MSA and fails to cure such breach within thirty (30) days after receipt of written notice of the same, except in the case of failure to pay fees, which must be cured within thirty (30) days after receipt of written notice from VeriCenter, it being acknowledged and agreed that any material breach of Section 4.1, 4.2 or Section 5.1 shall be deemed a material breach of this MSA; (ii) the other party becomes the subject of a voluntary petition in bankruptcy or any voluntary proceeding relating to insolvency, receivership, liquidation, or composition for the benefit of creditors; or (iii) the other party becomes the subject of an involuntary petition in bankruptcy or any involuntary proceeding relating to insolvency, receivership, liquidation, or composition for the benefit of creditors, if such petition or proceeding is not dismissed within sixty (60) days of filing. Notwithstanding the foregoing, if VeriCenter elects to terminate this MSA for cause by reason of non-payment by Customer, Customer may, by written notice to VeriCenter, elect to continue Services hereunder for an additional period of up to 30 days, if Customer cures the payment default promptly after notice of termination and stays current in its payment obligations.

10.2 Termination on Expiration of all Services. Either party may terminate this MSA, effective as of the date specified in written notice of termination provided to the other party, if all Services have been terminated in accordance with the procedures in Section 2.2(b) or if no Order Forms are in effect.

10.3 No Liability for Termination. Except in the case of termination for cause pursuant to Section10.1, neither party will be liable to the other for any termination or expiration of any Service or this MSA in accordance with its terms.

10.4 Effect of Termination. Upon the effective date of termination of this MSA:

(a) VeriCenter will immediately cease providing the Services;


MASTER SERVICES AGREEMENT		Page 5 of 10
VERICENTER CONFIDENTIAL AND PROPRIETARY

[*] We are seeking confidential treatment of these terms which have been omitted. The confidential portions have been filed separately with the Securities and Exchange Commission.

No. 0002204-QUO

EXECUTION FINAL

(b) any and all payment obligations of Customer under this MSA for Services provided through the date of termination will remain due in accordance with the above payment terms;

(c) within ten (10) days of such termination, each party will return all Confidential Information of the other party in its possession and will not make or retain any copies of such Confidential Information except as required to comply with any applicable legal or accounting record keeping requirement; and

(d) Except in the case of termination for cause pursuant to Section 10.1, Customer will pay to VeriCenter all expenses incurred by VeriCenter to return Customers’ Confidential Information, including, but not limited to, labor costs and the cost of storage media.

10.5 Termination Assistance. Notwithstanding the provisions of Section 10.4, upon the termination of this MSA for any reason except termination by Customer for cause, and except as extended by the invocation of the extension under Section 10.6, VeriCenter will provide to Customer such termination assistance relating to the Services, at VeriCenter’s then current standard rates, as may be reasonably requested in writing by Customer. VeriCenter’s obligation to provide assistance pursuant to this Section 10.5 is limited to a period of thirty (30) days (the “Assistance Period”). Customer will pay VeriCenter, on the first day of the Assistance Period and as a condition to VeriCenter’s obligation to provide termination assistance to Customer during the Assistance Period, an amount equal to VeriCenter’s reasonable estimate of the total amount payable to VeriCenter for such termination assistance for the Assistance Period. In the event this MSA is terminated by Customer for cause, or is terminated By VeriCenter pursuant in connection with a lease termination described in Section 11.2, VeriCenter shall provide reasonable assistance to Customer, with no charge to Customer, to assist Customer with an orderly transition to another service provider.

10.6 Continuation of Services. Notwithstanding the provisions of Section 10.4, Customer shall have the option, exercisable upon termination, by delivery of written notice to VeriCenter, to continue the Services and this MSA on a month-to-month basis after the termination date or the expiration date, as applicable, for the then applicable fees set forth in the Order Forms. Customer shall have the right to have this MSA continue on a monthly basis pursuant to this Section 10.6 for up to three months. If this MSA is terminated by VeriCenter, the Customer will pay VeriCenter, on the first day of each month and as a condition to VeriCenter’s obligation to continue to provide the Services to Customer during that month, an amount equal to VeriCenter’s reasonable estimate of the total amount payable to VeriCenter for such Services for that month.

10.7 Survival. The following provisions will survive any expiration or termination of this MSA: Articles 3, 8, 9, 10 and 11 (excluding Section 11.2) and Sections 4.1, 4.2, and 5.4.

Article 11 – Miscellaneous Provisions

11.1 Force Majeure. Except for the obligation to make payments, neither party will be liable for any failure or delay in its performance under this MSA due to any cause beyond its reasonable control, including, but not limited to, acts of war, acts of God, earthquake, flood, embargo, riot, sabotage, labor shortage or dispute, governmental act or failure of the Internet (not resulting from the actions or inactions of VeriCenter, including the inadequacy of infrastructure architecture or physical security) (each a “Force Majeure Event”), provided that the delayed party: (a) gives the other party prompt notice of such cause, and (b) uses its reasonable commercial efforts to promptly correct such failure or delay in performance. If VeriCenter is unable to provide Services for a period of seven (7) consecutive days as a result of a continuing Force Majeure Event, Customer may cancel the Services and this MSA on written notice to VeriCenter. Such termination will be effective on the date specified in the written notice, and Customer shall have no liability to VeriCenter beyond unpaid charges up to the date of interruption of service.

11.2 No Lease; Agreement Subordinate to Master Lease. This MSA is a services agreement and is not intended to and will not constitute a lease of any real property. Customer acknowledges and agrees that (i) it has been granted only a license to use the VeriCenter Data Centers in accordance with this MSA; (ii) Customer has not been granted any real property interest in the VeriCenter Data Centers; and (iii) Customer has no rights as a tenant or otherwise under any real property or landlord/tenant laws, regulations, or ordinances; and (iv) this MSA, to the extent it involves the use of space leased by VeriCenter, shall be subordinate to any lease between VeriCenter and its landlords; and (v) the expiration or termination of any such lease shall terminate this MSA as to such property subject to Customer retaining any rights or claims it may have against VeriCenter arising from the expiration or termination of such lease.

11.3 Marketing. Customer agrees that during the term of this MSA VeriCenter may publicly refer to Customer, orally and in writing, as a Customer of VeriCenter. Any other reference to Customer by VeriCenter requires the written consent of Customer.

11.4 Government Regulations. Neither party will export, re-export, transfer, or make available, whether directly or indirectly, any regulated item or information to anyone outside the U.S. in connection with this MSA without first complying with all export control laws and regulations which may be imposed by the U.S. Government and any country or organization of nations within whose jurisdiction Customer operates or does business.

11.5 Non-Solicitation. During the Term of this MSA and continuing through the first anniversary of the termination of this MSA, each party agrees that it will not, and will ensure that its affiliates do not, directly or indirectly, solicit or attempt to solicit for employment any persons employed by the other party . The foregoing notwithstanding, neither party will be deemed to have breached this Section 11.5 by (a) hiring personnel responding to generally placed help-wanted advertisements or job postings or (b) hiring personnel of the other party that have been terminated or notified of pending termination by the other party. In the event a party violates this Section 11.5, the breaching party agrees to pay the other party the equivalent of six (6) months wages of the individual hired to serve as liquidated damages and as a placement fee for acquisition of staff.

11.6 No Third Party Beneficiaries. VeriCenter and Customer agree that, except as otherwise expressly provided in this MSA, there shall be no third party beneficiaries to this MSA, including but not limited to the insurance providers for either party or the customers of Customer.

11.7 Governing Law; Dispute Resolution. This MSA and the rights and obligations of the parties created hereby will be governed by and construed in accordance with the internal laws of the State of New York without regard to its conflict of law rules and specifically excluding from application to this MSA that law known as the United Nations Convention on the International Sale of Goods. The parties will endeavor to settle amicably by mutual discussions any disputes, differences, or claims whatsoever related to this MSA. Failing such amicable settlement, any controversy, claim, or dispute arising under or relating to this MSA, including the existence, validity, interpretation,


MASTER SERVICES AGREEMENT		Page 6 of 10
VERICENTER CONFIDENTIAL AND PROPRIETARY

No. 0002204-QUO

EXECUTION FINAL

performance, termination or breach thereof, shall finally be settled by arbitration in accordance with the Arbitration Rules (and if Customer is a non-U.S. entity, the International Arbitration Rules) of the American Arbitration Association (“AAA”). There will be one (1) arbitrator (the “Arbitration Tribunal”), who will be appointed by the AAA in accordance with its rules. The language of the arbitration shall be English. The Arbitration Tribunal will not have the authority to award punitive damages to either party. Each party shall bear its own expenses, but the parties will share equally the expenses of the Arbitration Tribunal and the AAA. This MSA will be enforceable, and any arbitration award will be final, and judgment thereon may be entered in any court of competent jurisdiction. The arbitration will be held in New York, New York, USA. Notwithstanding the foregoing, claims for preliminary injunctive relief and other pre-judgment remedies may be brought in a state or federal court in the United States with jurisdiction over the subject matter and parties.

11.8 Severability. In the event any provision of this MSA is held by a tribunal of competent jurisdiction to be contrary to the law, the remaining provisions of this MSA will remain in full force and effect.

11.9 Waiver. The waiver of any breach or default of this MSA, or the failure to exercise any right provided for in this MSA, will not constitute a waiver of any subsequent breach, default or right, and will not act to amend or negate the rights of the waiving or non-exercising party.

11.10 Assignment. Customer may assign this MSA in whole as part of a corporate reorganization, consolidation, merger, sale of all or substantially all of its assets, or transaction or series of related transactions that results in the transfer of fifty percent (50%) or more of the outstanding voting power of Customer. Customer may not otherwise assign its rights or delegate its duties under this MSA either in whole or in part without the prior written consent of VeriCenter, and any attempted assignment or delegation without such consent will be void. VeriCenter may not assign this MSA in whole or part. VeriCenter may delegate or subcontract the performance of certain Services to third parties, including VeriCenter’s wholly owned subsidiaries, only with Customer’s prior written consent and provided VeriCenter controls the delivery of such Services to Customer and remains responsible to Customer for the delivery of such Services. This MSA will bind and inure to the benefit of each party’s successors and permitted assigns.

11.11 Notice. Any notice or communication required or permitted to be given under this MSA may be delivered by hand, deposited with an overnight courier, confirmed facsimile, or mailed by registered or certified mail, return receipt requested, postage prepaid, in each case to the address of the receiving party as listed on the Order Form or at such other address as may hereafter be furnished in writing by either party to the other party. Such notice will be deemed to have been given as of the date it is delivered, mailed, faxed or sent, whichever is earlier.

11.12 Relationship of Parties. VeriCenter and Customer are independent contractors and this MSA will not establish any relationship of partnership, joint venture, employment, franchise or agency between VeriCenter and Customer. Neither VeriCenter nor Customer will have the power to bind the other or incur obligations on the other’s behalf without the other’s prior written consent, except as otherwise expressly provided in this MSA.

11.13 Article and Section Headings; Pronouns; Plural and Singular. The article and section headings in this MSA are for reference purposes only and shall not affect the meaning or interpretation of this MSA. References in this MSA to a designated “Article” or “Section” refer to an Article or Section of this MSA unless otherwise specifically indicated. All pronouns used in this MSA shall be construed as including both genders and the neuter. All capitalized defined terms used in this MSA are equally applicable to their singular and plural forms.

11.14 Entire Agreement.. This MSA, including schedules and all documents incorporated into this MSA by reference, constitute the entire agreement between the parties with respect to the subject matter hereof, and supersede all of the prior agreements and undertakings, both written and oral, among the parties, or any of them, with respect to the subject matter of this MSA, except for the Business Associate Agreement executed by the parties concurrently with this MSA.

11.15 Counterparts and Originals. This MSA may be executed in counterparts, which together shall constitute a single agreement. Delivery by telephonic facsimile transmission of a signed counterpart of this MSA shall be effective as delivery of a manually signed counterpart. Once signed, any reproduction of this MSA made by reliable means (e.g., photocopy, facsimile) is considered an original.

11.16 Amendments. This MSA may be amended or changed only by a written document signed by authorized representatives of VeriCenter and Customer in accordance with this Section 11.16.

11.17 Omnibus Reconciliation Act of 1980 Compliance. Each party will comply with all applicable provisions of Section 952 of Pub. L. 96-499 of the Omnibus Reconciliation Act of 1980, and as such law may be amended or changed from time to time in the future, pertaining to contractors of services to Medicare providers.

11.18 Interpretation of Conflicting Terms. In the event of a conflict between or among the terms in this MSA, the Service Level Agreements, the Order Forms, Statements of Work and any other document made a part hereof, the documents shall control in the following order: this MSA, the Order Form with the latest date, Statements of Work, the Service Level Agreements, and other documents.


MASTER SERVICES AGREEMENT		Page 7 of 10
VERICENTER CONFIDENTIAL AND PROPRIETARY

No. 0002204-QUO

EXECUTION FINAL

Authorized representatives of Customer and VeriCenter have read the foregoing Master Services Agreement and all documents incorporated into the Master Services Agreement and agree and accept such terms effective as of the date first referenced above.


CUSTOMER: QUOVADX, INC.		VERICENTER, INC.

Signature:	/s/ Xxxx Xxxxxxx	Signature:	/s/ Xxxxxxx Xxxxxxxx

Print Name:	Xxxx Xxxxxxx	Print Name:	Xxxxxxx Xxxxxxxx

Title:	Executive Vice President	Title:	SVP Sales

Date:	9/30/2005	Date:	10/3/05

This Master Services Agreement incorporates the following documents:

•		All Schedules

•		Order Forms *[]**

•		Network SLA

•		Facility Availability SLA

•		Availability SLA

•		Performance SLA

•		VeriCenter Roles and Responsibilities *[]**

•		Operational Roles and Responsibilities *[]**

•		Acceptable Use Policy

•		Business Associate Addendum


MASTER SERVICES AGREEMENT		Page 8 of 10
VERICENTER CONFIDENTIAL AND PROPRIETARY

[*] We are seeking confidential treatment of these terms which have been omitted. The confidential portions have been filed separately with the Securities and Exchange Commission.

No. 0002204-QUO

EXECUTION FINAL

VeriCenter

Master Services Agreement Schedule 1.2—Definitions

The following defined terms are equally applicable in their singular and plural forms:

(a) “Customer Registration Form” means the list that contains the names and contact information (e.g. pager, email and telephone numbers) of Customer and the individuals authorized by Customer to enter the VeriCenter Data Centers, as delivered by Customer to VeriCenter and amended in writing from time to time by Customer.

(b) “Customer Technology” means Customer’s proprietary technology, including Customer’s Internet operations design, content, software tools, hardware designs, algorithms, software (in source and object forms), user interface designs, architecture, class libraries, objects and documentation (both printed and electronic), know-how, trade secrets and any related intellectual property rights throughout the world (whether owned by Customer or licensed to Customer from a third party) and also including any derivatives, improvements, enhancements or extensions of Customer Technology conceived, reduced to practice, or developed during the term of this MSA by Customer or jointly by Customer and VeriCenter.

(c) “Initial Term” means the minimum term for which VeriCenter will provide the Services to Customer, as indicated on the Order Forms.

(d) “Notice of Service Commencement” means the written notice delivered by VeriCenter to Customer indicating the Service Commencement Date.

(e) “Order Form” means any of the forms specifying the Services, and the term and prices of such Services, to be provided by VeriCenter to Customer that are submitted by Customer and accepted by VeriCenter.

(f) “Professional Services” means any non-standard professional or consulting service provided by VeriCenter to Customer as more fully described in a Statement of Work.

(g) “Renewal Term” means any service term following the Initial Term, as specified in Section 2.2 of the MSA.

(h) “Representatives” mean the individuals identified in writing on the Customer Registration Form and authorized by Customer to enter the VeriCenter Data Centers.

(i) “Acceptable Use Policy” means the VeriCenter general Acceptable Use Policy governing Customer’s use of Services, including, but not limited to, online conduct, and the obligations of Customer and its Representatives in the VeriCenter Data Centers.

(j) “Services” means the specific services provided by VeriCenter as described on the Order Forms.

(k) “Service Commencement Date” means the date VeriCenter will begin providing the Services to Customer, as indicated in a Notice of Service Commencement delivered by VeriCenter to Customer.

(l) “Service Level Agreement” is the detailed definition of service levels that VeriCenter will provide to Customer for a specific Service.

(m) “Service Level Warranty” is described and defined in Section 5.2 of the MSA.

(n) “Statement of Work” means the detailed descriptions of the Professional Services attached to Order Forms.

(o) “VeriCenter Data Center” means any of the facilities used by VeriCenter to provide the Services.

(p) “VeriCenter Technology” means VeriCenter’s proprietary technology, including VeriCenter Services, software tools, hardware designs, algorithms, software (in source and object forms), user interface designs, architecture, class libraries, objects and documentation (both printed and electronic), network designs, know-how, trade secrets and any related intellectual property rights throughout the world (whether owned by VeriCenter or licensed to VeriCenter from a third party) and also including any derivatives, improvements, enhancements or extensions of VeriCenter Technology conceived, reduced to practice, or developed during the term of this MSA by either party that are not uniquely applicable to Customer or that have general applicability in the art.

(q) The terms “written” and “in writing” mean anything reduced to a tangible form by a party, including a printed, photocopy, facsimile or hand written document but excluding email or other electronic formats.


MASTER SERVICES AGREEMENT		Page 9 of 10
VERICENTER CONFIDENTIAL AND PROPRIETARY

No. 0002204-QUO

EXECUTION FINAL

VeriCenter

Master Services Agreement Schedule 2.1—Standard Hourly Rates

[*]


MASTER SERVICES AGREEMENT		Page 10 of 10
VERICENTER CONFIDENTIAL AND PROPRIETARY

[*] We are seeking confidential treatment of these terms which have been omitted. The confidential portions have been filed separately with the Securities and Exchange Commission.

SLA # 0002204-QUO
EXECUTION FINAL

Network SLA

This Service Level Agreement (the “SLA”) between VeriCenter, Inc. (“VeriCenter”) and Quovadx, Inc (“Customer”) is entered into pursuant to Master Services Agreement No. 0002204-QUO (“MSA”) between VeriCenter and the Customer. Capitalized terms used in this SLA and not otherwise defined below shall have the meanings given to them in the MSA.

A. Purpose and Scope

The purpose of this SLA is to define Managed Network service levels and operational specifications that VeriCenter will provide to Customer. Specifics as to the Service(s) (the “Services”) to be provided to the Customer are set forth in the Order Form, which is incorporated into and made a part hereof. Section 2.0 of the VeriCenter Roles and Responsibilities document is incorporated herein by reference.

B. Service Levels

B.1 Managed Network

VeriCenter Managed Network environments consist of LAN and WAN infrastructures. VeriCenter Managed Network environments will be available on a 7 (day) x 24 (hour) x 52 (week) basis, except for Scheduled Outages. VeriCenter Managed Network environments are designed with robust architectures and production system disciplines to ensure maximum performance and availability. VeriCenter will continuously employ network monitoring techniques to track performance levels of network components and systems. Network latency will be measured by averaging sample measurements taken every five (5) minutes during a calendar month between WAN nodes for Internet Availability. Availability will be calculated monthly using total actual minutes available divided by total possible minutes available. Availability calculations will exclude Scheduled Outages for maintenance and similar scheduled downtime. Performance measurements will exclude Customer’s collocated network equipment and Customer Premise Equipment (CPE). VeriCenter will, at VeriCenter expense, upgrade or improve capacity and performance levels within VeriCenter Managed Network environments as VeriCenter, through reasonable commercial judgment, determines improvements are warranted and necessary for availability and performance attainment. All Managed Network modifications will follow the established change management practices described in this SLA.

[*]

C. Remedy

C.1 Remedies

In the event that, as a direct result of VeriCenter’s actions or inactions, the Service levels provided by VeriCenter fail to meet the specified performance levels stated above, [*]

C.2 Exceptions

VeriCenter will have no liability for any failure to provide Services (a) during any Scheduled Outage, (b) resulting from a Force Majeure Event, or (c) caused, directly or indirectly, by the acts or omissions of Customer or its employees, agents, contractors or representatives or by Customer’s or its employees’, agents’, contractors’ or representatives’ equipment.

Without limiting the foregoing, VeriCenter is not responsible for acts or omissions of Customer or its employees, agents, contractors or representatives that result in failure of, or disruption to, the Services. Customer agrees that neither Customer nor its employees, agents, contractors or representatives shall attempt in any way to circumvent or otherwise interfere with any security precautions or measures of VeriCenter relating to the VeriCenter Data Centers or any other VeriCenter equipment. Any such attempts may, among other things, cause disruption to the Services. Any disruption to the Services resulting from a violation of these provisions shall not be an Unscheduled Outage and Customer will have no right to any Service credit or other remedy under this SLA or otherwise with respect to such disruption. Customer will be responsible for, and will indemnify VeriCenter for, any damage or service interruptions caused by Customer or its employees, agents, contractors or representatives in violation of these provisions, including, without limitation, any damage to any VeriCenter provided equipment. Further, the Customer will pay VeriCenter, at VeriCenter’s then current rates, for all remedial services resulting from the Customer’s actions.

C.3 Termination for Chronic Problems

The conditions warranting termination of Services applicable to this SLA, as specified on the Order Form, are as follows:

[*]

D. Service Level Change Request Procedures

Either party may request changes to this SLA at any time. Since a change could affect the fees, schedules or other terms related to this SLA or the MSA, both the Customer and VeriCenter must approve each change, and this SLA and/or the MSA must be appropriately amended before implementation of any change. The change request procedure is as follows:


NETWORK SLA		Page 1 of 2
VERICENTER CONFIDENTIAL AND PROPRIETARY

[*] We are seeking confidential treatment of these terms which have been omitted. The confidential portions have been filed separately with the Securities and Exchange Commission.

SLA # 0002204-QUO
EXECUTION FINAL

The project manager for the requesting party will submit a change request (“CR”) in writing. It will describe the change and include whatever rationale and/or estimated effect the change will have on the SLA and/or the MSA.

The other party’s project manager will review each CR. The project manager will weigh the merits of the proposed change and approve it for investigation or reject it. If rejected, the project manager will return the CR to the requesting party, together with the reason(s) for rejection.

Approval of a CR for investigation by both parties constitutes authorization by the Customer of any fee proposed by VeriCenter to investigate the CR for investigations taking less than 3 hours. Investigations longer than 3 hours must be estimated by VeriCenter and approved by customers authorized representatives. During such investigation, the effect on the Monthly Fee, Service Term or other terms of this SLA will be determined. Following completion of such investigation, the requested change will then be approved or disapproved for implementation.

Approved changes will be incorporated into this SLA or the MSA through written modifications, which shall be signed by duly authorized representatives of both parties

E. Change Management

The Customer will be provided at least twenty-one (21) days prior written notice of any changes to be made by VeriCenter that affect the Services. However, if a shorter notification period is required, changes will be made with the agreement of the Customer. VeriCenter will strive to minimize outages that may be caused by a change; however, in the event that an outage is required, VeriCenter will use best reasonable efforts to minimize the impact of the change and schedule the outage based upon the Customer’s and VeriCenter’s requirements. If an outage is required, such outage will be considered a Scheduled Outage. VeriCenter intends to work with the Customer on all change management issues in order to ensure that the Services are not affected beyond the levels set forth in this SLA. VeriCenter reserves the right, however, to proceed with any change if it is determined, by VeriCenter, that the change will not cause harm to the Customer’s specific environment and/or is otherwise necessary. Customer is required to provide prior notification to VeriCenter of any changes to its configurations that interface with the provided Services. If necessary, VeriCenter will provide a representative to work with the Customer to address any issues that arise during the Customer’s configuration changes.

F. Event Notification

VeriCenter shall provide initial notice to a designated Customer’s representative by telephone, e-mail, pager or comparable notification service within one (1) hour of VeriCenter becoming aware of an event that has caused or may cause an Unscheduled Outage. In the event Customer first becomes aware of such event, Customer shall promptly provide initial notice to VeriCenter via the Toll-Free Customer Support Number (000) 000-0000. Status reports about the event will continue on the hour until either the event has been resolved or both VeriCenter and the Customer have determined a course of action that does not require continued notification.

G. Definitions

LAN (Local Area Network): Those network components and facilities that are installed within VeriCenter Data Centers providing local connectivity to installed equipment, and that are owned and managed by the VeriCenter Operations Group and made available to subscribers of VeriCenter services.

Managed Network: The system of LAN and WAN environments utilized by VeriCenter Data Centers.

Monthly Fee: The monthly fee for a Service as set forth in the Order Form for that Service.

Scheduled Outages: The six-hour period of time between 0:00 (AM Mountain Time) each Sunday until 6:00 (AM Mountain Time) that Sunday, during the Service Term, during which VeriCenter temporarily interrupts any Services for upgrades, maintenance, or for any other agreed upon reason or purpose, including an established framework for scheduling and managing such outages.

Service Term: The minimum term for which VeriCenter will provide the Service to Customer as set forth in the Order Form for that Service.

Unscheduled Outages: Interruptions in Services outside of the agreed-upon Scheduled Outage, for any reason, including arising from failures associated with Services provided by VeriCenter or a Force Majeure Event. Unscheduled Outage shall not include any outage primarily caused by Customer or its employees or agents.

VeriCenter Operations Group: The VeriCenter Operations Group, responsible for the daily delivery and management of Services provided to the Customer.

WAN (Wide Area Network): Those network components and facilities that are installed at the boundaries of VeriCenter Data Centers providing connectivity to external or remote networks and equipment and made available to subscribers of VeriCenter services.

By the signatures of their duly authorized representatives below, VeriCenter and Customer, intending to be legally bound, agree to all of the provisions of this SLA.


CUSTOMER: QUOVADX, INC.		VERICENTER, INC.

Signature:	/s/ Xxxx Xxxxxxx	Signature:	/s/ Xxxxxxx Xxxxxxxx

Print Name:	Xxxx Xxxxxxx	Print Name:	Xxxxxxx Xxxxxxxx

Title:	Executive Vice President	Title:	SVP Sales

Date:	9/30/2005	Date:	10/3/05

This Service Level Agreement incorporates the following documents

•		Order Form *[]**

•		VeriCenter Roles and Responsibilities, Section 2.0 *[]**


NETWORK SLA		Page 2 of 2
VERICENTER CONFIDENTIAL AND PROPRIETARY

[*] We are seeking confidential treatment of these terms which have been omitted. The confidential portions have been filed separately with the Securities and Exchange Commission.

SLA # 0002204-QUO
EXECUTION FINAL

Facility Availability SLA

A. Purpose and Scope

The purpose of this SLA is to define Facility Availability service levels and operational specifications that VeriCenter will provide to Customer. Specifics as to the Service(s) (the “Services”) to be provided to the Customer are set forth in the Order Form, which is incorporated into and made a part hereof. Section 1.0 of the VeriCenter Roles and Responsibilities document is incorporated herein by reference.

B. Service Levels

B.1 Facility Availability

VeriCenter Data Centers will be available on a 7 (day) x 24 (hour) x 52 (week) basis, except for Scheduled Outages. VeriCenter Data Centers are designed with environmental support system redundancy and managed environmental system infrastructures that provide for un-interruptible power and cooling for all components within such VeriCenter Data Center. VeriCenter will continuously monitor capacity levels for power generation, cooling, and un-interruptible power supply systems at VeriCenter Data Centers. VeriCenter will, at VeriCenter expense, upgrade or improve capacity levels within VeriCenter Data Centers as necessary. Capacity upgrades will follow the established change management practices described in this SLA. VeriCenter’s performance level for Facility Availability is set as 99.99% available. Availability will be calculated monthly using total actual minutes available divided by total possible minutes available. Availability calculations will exclude Scheduled Outages for maintenance and similar scheduled downtime.

C. Remedy

C.1 Remedies

In the event that, as a direct result of VeriCenter’s actions or inactions, the Service Levels provided by VeriCenter fail to meet the specified performance levels,

[*]

C.2 Exceptions

VeriCenter will have no liability for any failure to provide Services (a) during any Scheduled Outage, (b) resulting from a Force Majeure Event, or (c) caused, directly or indirectly, by the acts or omissions of Customer or its employees, agents, contractors or representatives or by Customer’s or its agents’, contractors’ or representatives’ equipment.

C.3 Termination for Chronic Problems

The conditions warranting termination of Services applicable to this SLA, as specified on the Order Form, are as follows:

[*]

D. Service Level Change Request Procedures

The project manager for the requesting party will submit a change request (“CR”) in writing. It will describe the change and include


FACILITY AVAILABILITY SLA		Page 1 of 2
VERICENTER CONFIDENTIAL AND PROPRIETARY

[*] We are seeking confidential treatment of these terms which have been omitted. The confidential portions have been filed separately with the Securities and Exchange Commission.

SLA # 0002204-QUO
EXECUTION FINAL

whatever rationale and/or estimated effect the change will have on the SLA and/or the MSA.

Approval of a CR for investigation by both parties constitutes authorization by the Customer of any fee proposed by VeriCenter to investigate the CR. During such investigation, the effect on the Monthly Fee, Service Term or other terms of this SLA will be determined. Following completion of such investigation, the requested change will then be approved or disapproved for implementation.

Approved changes will be incorporated into this SLA or the MSA through written modifications, which shall be signed by duly authorized representatives of both parties.

E. Change Management

F. Event Notification

G. Definitions

Facility Availability: The availability of VeriCenter Data Centers.

Monthly Fee The monthly fee for a Service as set forth in the Order Form for that Service.

Service Term The minimum term for which VeriCenter will provide the Service to Customer as set forth in the Order Form for that Service.

Unscheduled Outages: Any interruptions in Services outside of the agreed-upon Scheduled Outage, for any reason, including arising from failures associated with Services provided by VeriCenter or a Force Majeure Event. Unscheduled Outage shall not include any outage primarily caused by Customer or its employees or agents.

By the signatures of their duly authorized representatives below, VeriCenter and Customer, intending to be legally bound, agree to all of the provisions of this SLA.


CUSTOMER: QUOVADX, INC.		VERICENTER, INC.

Signature:	/s/ Xxxx Xxxxxxx	Signature:	/s/ Xxxxxxx Xxxxxxxx

Print Name:	Xxxx Xxxxxxx	Print Name:	Xxxxxxx Xxxxxxxx

Title:	Executive Vice President	Title:	SVP Sales

Date:	9/30/2005	Date:	10/3/05

This Service Level Agreement incorporates the following documents:

•		Order Form *[]**

•		VeriCenter Roles and Responsibilities *[]**


FACILITY AVAILABILITY SLA		Page 2 of 2
VERICENTER CONFIDENTIAL AND PROPRIETARY

[*] We are seeking confidential treatment of these terms which have been omitted. The confidential portions have been filed separately with the Securities and Exchange Commission.

SLA 00002139-xxx
EXECUTION FINAL

Application Availability SLA

This Service Level Agreement (the “SLA”) between VeriCenter, Inc. (“VeriCenter”) and (“Customer”) is entered into pursuant to Master Services Agreement (MSA) NO. 000. Capitalized terms used in this SLA and not otherwise defined below shall have the meanings given to them in the MSA.

A. Purpose and Scope

The purpose of this SLA is to: (1) provide an overview of VeriCenter’s operational services in support of Application Availability, (2) define target Application Availability service levels, and (3) define appropriate remedies. The VeriCenter Roles and Responsibilities document is incorporated herein by reference.

B. Overview of Operational Services

B.1.5 Summary of Operational Services:


Rapid Secure
Operating System
Servers
Storage
Networking
Facilities

This section summarizes VeriCenter’s operational services in support of Application Availability. ACTUAL SERVICES TO BE PROVIDED ARE DETAILED IN THE ROLES AND RESPONSIBILITIES (“R&R”) ADDENDUM AND ARE HEREAFTER REFERRED TO AS THE “Services.”

B.1 General Services

VeriCenter Managed Services environments will be available on a 7 (day) x 24 (hour) x 52 (week) basis, except for Scheduled Outages. VeriCenter will administer changes, microcode upgrades and/or other hardware/software improvements/upgrades on behalf of Customer in accordance with the Change Management and Change Request procedures set forth herein.

B.1.1 Facilities Service

VeriCenter Data Centers are designed with environmental support system redundancy and managed environmental system infrastructures that provide for un-interruptible power and cooling for all components within such VeriCenter Data Center. VeriCenter will continuously monitor capacity levels for power generation, cooling, and un-interruptible power supply systems at VeriCenter Data Centers. VeriCenter will, at VeriCenter expense, upgrade or improve capacity levels within VeriCenter Data Centers as necessary.

B.1.2 Network Services

VeriCenter Managed Network environments consist of LAN and WAN infrastructures. VeriCenter Managed Network environments are designed with robust architectures and production system disciplines to ensure maximum performance and availability. VeriCenter will provide monitoring services of the network hardware at the VeriCenter Data Centers. These monitoring services include the monitoring of routers, switches and other networking equipment required to deliver network services.

B.1.3 Storage Services

VeriCenter will provide monitoring services of the storage hardware at the VeriCenter Data Centers. These monitoring services include periodic monitoring of disk performance, cache memory usage and related performance metrics available through vendor tools. VeriCenter will advise the Customer when appropriate of any issues with the performance of communications or storage hardware required for the delivery of these services such as signal quality loss, error retransmissions, disk failures, and power or microcode failures.

B.1.4 Managed Server Services

VeriCenter Managed Servers will be available on a 7 (day) x 24 (hour) x 52 (week) basis, except for Scheduled Outages. VeriCenter Managed Server environments are designed with robust architectures and production system disciplines to ensure maximum performance and availability. VeriCenter will continuously employ production system disciplines and monitor capacity and performance levels for Managed Server environments.

C. Services (Check the Applicable Operational Services Option)

C.1.1 þ Rapid Secure Services

VeriCenter Rapid Secure services provide firewall and intrusion detection protection while allowing remote access to the Customer’s Environment over the Internet. The Rapid Secure option includes operating system responsibility.

D. Application Availability and Remedies

D.1 Target Application Availability Level

VeriCenter’s Target Application Availability level is 99.5%

D.2 Remedies

In the event that, as a direct result of VeriCenter’s actions or inactions with respect to its performance of the Services (as detailed in the R&R addendum), VeriCenter fails to meet the target Application Availability level, [*]

Such service credit shall be deemed to be liquidated damages, and in no event will the total Managed Service Credit exceed [*] This credit will be in the form of a credit memo or a cash payment if this service has been discontinued / expired or if it has otherwise been terminated in accordance with the provisions of the MSA.

D.2 Exceptions

[*] We are seeking confidential treatment of these terms which have been omitted. The confidential portions have been filed separately with the Securities and Exchange Commission.

EXECUTION FINAL

Customer or its employees, agents, contractors or representatives or by Customer’s or its employees’, agents’, contractors’ or representatives’ equipment.

Without limiting the foregoing, VeriCenter is not responsible for acts or omissions of Customer’s employees, agents, contractors or representatives that result in failure of, or disruption to, the Services. Customer agrees that neither Customer nor its employees, agents, contractors or representatives shall attempt in any way to circumvent or otherwise interfere with any security precautions, procedural controls, Acceptable Use Policy, Change Request Management, Problem Management or other measures of VeriCenter relating to the VeriCenter offered services. Any such actions may, among other things, cause disruption to the Services. Any disruption to the Services resulting from a violation of these provisions shall not be an Unscheduled Outage and Customer will have no right to any Service credit or other remedy under this SLA or otherwise with respect to such disruption. Customer will be responsible for, and will indemnify VeriCenter for, any damage or service interruptions caused by Customer or its employees, agents, contractors or representatives in violation of these provisions, including, without limitation, any damage to any VeriCenter provided equipment or other affected customers. Further, the Customer will pay VeriCenter, at VeriCenter’s then current rates, for all remedial services resulting from the Customer’s actions.

D.3 Termination for Chronic Problems

The conditions warranting termination of Services applicable to this SLA, as specified on the Order Form and Roles & Responsibilities documents are as follows:

[*]

E. Service Level Change Request Procedures

Approved changes will be incorporated into this SLA or the MSA through written modifications, which shall be signed by duly authorized representatives of both parties

F. Change Management

The Customer will be provided at least Twenty-one (21) days prior written notice of any changes to be made by VeriCenter that affect the Services. However, if a shorter notification period is required, changes will be made with the agreement of the Customer. VeriCenter will strive to minimize outages that may be caused by a change; however, in the event that an outage is required, VeriCenter will use best reasonable efforts to minimize the impact of the change and schedule the outage based upon the Customer’s and VeriCenter requirements. If an outage is required, such outage will be considered a Scheduled Outage. VeriCenter intends to work with the Customer on all change management issues in order to ensure that the Services are not affected beyond the levels set forth in this SLA. VeriCenter reserves the right, however, to proceed with any change if it is determined, by VeriCenter, that the change will not cause harm to the Customer’s specific environment and/or is otherwise necessary. Customer is required to provide prior notification to VeriCenter of any changes to its configurations that interface with the provided Services. If necessary, VeriCenter will provide a representative to work with the Customer to address any issues that arise during the Customer’s configuration changes.

G. Event Notification

VeriCenter shall provide initial notice to a designated Customer’s representative by telephone, e-mail, pager or comparable notification service within one (1) hour of VeriCenter becoming aware of an event that has caused or may cause an Unscheduled Outage that effects service. In the event Customer first becomes aware of such event, Customer shall promptly provide initial notice to VeriCenter via the Toll-Free Customer Support Number (000) 000-0000. Status reports about the event will continue on the hour until either the event has been resolved or both VeriCenter and the Customer have determined a course of action that does not require continued notification.

H. Reporting

VeriCenter shall provide monthly reports to Customer covering the performance of the following:

Application Availability: Through VeriCenter’s Monitoring and Customer Service tools, any outage is reported to determine the availability of your subscription. We take the total number of unavailable minutes (if any), subtract them from the total minutes within the month, and finally divide the total available minutes by the month’s total minutes to determine your subscription’s availability. The report will cover Total Application Availability, VeriCenter Environment Availability, and Customer Application Availability.

Bandwidth Utilization: Bandwidth samples are taken every 5 minutes, resulting in 288 daily samples and totaling approximately 8640 samples per month. Those samples are then added / averaged to derive total measured bandwidth, average, incoming, and outgoing utilization rates.

Customer Service Performance: By tracking all calls/emails that come in to the Support Center, and the tickets that are generated from those calls – we are able to provide you with information regarding the number of tickets opened, closed on first contact, closed, and still open. In addition we provide you with a breakdown of the types of calls/emails received, and who generated the requests.


APPLICATION AVAILABILITY SLA		Page 2 of 3
VERICENTER CONFIDENTIAL AND PROPRIETARY

[*] We are seeking confidential treatment of these terms which have been omitted. The confidential portions have been filed separately with the Securities and Exchange Commission.

EXECUTION FINAL

Incident Detail: Each month data is extracted from the Customer Support Centers Incident reporting system to provide you the detail of each incident that was called or emailed to the Customer Support Center. You will find all details of when the incident ticket was opened, closed, and all activities that occurred between the opening and closing of the ticket.

I. Definitions

Application Availability: Calculated by dividing the total number of minutes in a month by the number of minutes that the application was available. VeriCenter will track all incidents that affect the Application Availability but is only responsible for the elements outlined in the R&R. This is to say that problems with the application that result in an outage will be recorded for tracking purposes but will not be used in the calculation of the Environment Availability uptime percentage which is used to pay remedies.

Environment: The infrastructure components defined in the Order Form that run Customer’s application(s).

Managed Network: The management and support of the infrastructure used to provide the Local Area Network (LAN) and Wide Area Network (WAN) services.

Managed Services: The service, provided by VeriCenter to the Customer that is required to deliver the contracted service as outlined in the Order Form and Roles & Responsibilities documents.

Monthly Fee: The monthly fee for a Service as set forth in the Order Form for that Service.

Rapid Secure: The security model, designed by VeriCenter to allow customers the benefits of firewall and intrusion detection services as well as enabling the customer remote access into the systems. This product offering requires that VeriCenter allow remote access to the customers systems therefore limits the level of SLA that VeriCenter is able to provide. The limited SLA is dues to the fact that the customer has both access and control of the systems. This SLA includes all base services components and hardware but does not include any application software that is being used.

Site Vault: The security model designed by VeriCenter to provide customers with the benefits of firewall and intrusion detection services but restricts the customers’ access to administer the systems. This product offering requires that the customer allow only VeriCenter to have access to the systems. This limited access to the servers by the customer allows VeriCenter to provide a more comprehensive SLA that includes the availability of the operating system.

Managed Service Credit: A credit, which the Customer can apply for if a service is temporarily unavailable and the outage is outside of the stated SLA availability percentage.

VeriCenter Operations Group: The VeriCenter Operations Group, responsible for the daily delivery and management of Services provided to the Customer.

By the signatures of their duly authorized representatives below, VeriCenter and Customer, intending to be legally bound, agree to all of the provisions of this SLA.


CUSTOMER: QUOVADX, INC.		VERICENTER, INC.

Signature:	/s/ Xxxx Xxxxxxx	Signature:	/s/ Xxxxxxx Xxxxxxxx

Print Name:	Xxxx Xxxxxxx	Print Name:	Xxxxxxx Xxxxxxxx

Title:	Executive Vice President	Title:	SVP Sales

Date:	9/30/2005	Date:	10/3/05

This Service Level Agreement incorporates the following documents:

	•		Order Form *[]**

	•		VeriCenter Roles & Responsibilities *[]**

	•		Outage Flow Chart

	•		Check Out Procedures (COP’s) – To Be Provided by Customer Upon Implementation


APPLICATION AVAILABILITY SLA		Page 3 of 3
VERICENTER CONFIDENTIAL AND PROPRIETARY

[*] We are seeking confidential treatment of these terms which have been omitted. The confidential portions have been filed separately with the Securities and Exchange Commission.

SLA # 0002204-QUO
EXECUTION FINAL

Operational Performance SLA

This Service Level Agreement (the “SLA”) between VeriCenter, Inc. (“VeriCenter”) and Quovadx, Inc (“Customer”) is entered into pursuant to Master Services Agreement (MSA) No.0002204-QUO between VeriCenter and the Customer. Capitalized terms used in this SLA and not otherwise defined below shall have the meanings given to them in the MSA.

A. Purpose and Scope

The purpose of this SLA is to: (1) provide an overview of VeriCenter’s operational services that support Customer’s application Environment, (2) define target performance service levels for those services, and (3) define appropriate remedies. The VeriCenter Roles and Responsibilities document is incorporated herein by reference.

B. Overview of Operational Services

This section summarizes VeriCenter’s operational services that support Customer application Environment. The services described in this section and the Monitoring Section of the Roles and Responsibilities (“R&R”) Addendum are hereafter referred to as the “Services.”

B.1 Monitoring Services

VeriCenter Monitoring systems are defined as hardware and software probes, sniffers, agents, applications and utilities that are owned and managed by the VeriCenter Operations Group and installed within VeriCenter Data Centers, that monitor, collect, process and report on information associated with the characteristics of VeriCenter Data Center computer system environments. VeriCenter Monitoring systems are designed to provide early warning notification and alerts, as well as initiate pre-defined corrective actions or trouble avoidance procedures and processes, when thresholds are reached or triggers are activated. VeriCenter Monitoring systems will be available on a 7 (day) x 24 (hour) x 52 (week) basis, except for Scheduled Outages. VeriCenter will, at VeriCenter’s expense, upgrade or improve capabilities of VeriCenter Monitoring system environments as VeriCenter, through reasonable commercial judgment, determines improvements are warranted and necessary to maintain Monitoring systems integrity and performance. All Monitoring systems modifications will follow the established change management practices described in this SLA. VeriCenter’s Monitoring services will be delivered in two (2) Tiers or categories of service, with different performance objectives as follows:

B.1.1 Tier 1 Monitoring – Base level monitoring of major components and systems within the subscribed services configuration including component and system condition assessment (up or down) and basic network connectivity (responds or does not respond). Recognition of abnormal conditions will be made within five (5) minutes and abnormal conditions will be reported to the Customer by phone or e-mail within 60 minutes of the recognition. Recovery procedures will be initiated immediately, were applicable. Status reports will be hourly until normal conditions are restored.

B.1.2 Tier 2 Monitoring – Intelligent monitoring of major components and systems within the subscribed services configuration including component and system condition assessment (up or down) and basic network connectivity (responds or does not respond), as well as supported operating system, supported operating system services and supported data base conditions. Recognition of abnormal conditions will be made within five (5) minutes and abnormal conditions will be
reported to the Customer by phone or e-mail within 60 minutes of the recognition.

Recovery procedures will be initiated immediately, where applicable. Status reports will be hourly until normal conditions are restored. Historical event logging and trending reports will be provided to Customers monthly.

B.2 Facility Services

B.3 Backup Services

Backup services will be measured on an exception basis. The table below summarizes the standard policy for handling common exceptions and events.


Exception/Event		VeriCenter Policy
Backup Exceeds Window (due to capacity growth or Backup Client Server processing constraints)		Default Action. VeriCenter will reschedule job start time within the policy window, and/or split the job into multiple parallel streams, to rectify problem. Alternative: If above is not successful, VeriCenter will contact the Customer to arrange for an acceptable policy exception for the Backup Client involved.

File Open/Not backed up		No action. File will be picked up on the next scheduled backup. Files which are never closed will never be backed up without the purchase of additional services when an alterative exists. Reasonable efforts will be made to backup open files or work with Customer to find a solution.

Backup Client Not Accessible		Notify Customer. Backup will automatically pick up the next day’s schedule except if a Full Backup is missed. The next day a Full Backup will be completed subject to Customer limitations.

Tape or drive Failure		Restart Job. VeriCenter will reallocate a different drive and restart the job unless previous restrictions are defined for that Backup Client Server by the Customer.

Unable to restore from tape		Attempt Alternate Restore, Contact Customer VeriCenter will attempt to restore the file from a different/previous backup job. The Customer will be notified of the failure and will verify which alternate file should be used, if any. Notice will be provided within the restore initiation window defined for the particular file.

VeriCenter warrants that it will routinely back-up all Customer data and systems and that it will use reasonable and industry standard backup technology and procedures in performing all routine back-ups for Customer. VeriCenter warrants that it will use industry standard technology and procedures to verify all back-ups mirror accurately the files on each operational disk.


VERICENTER CONFIDENTIAL AND PROPRIETARY		Page 1

SLA # 0002204-QUO
EXECUTION FINAL

VeriCenter does not warrant the validity of the data that is being backed up.

B.4 Support Performance

Following are the baseline services offered by the VeriCenter Customer Service Center.

B.4.1 Easy Access to Support — Described below are several tools that have been put in place to allow a Caller easy access to a Customer Support Representative (CSR).

B.4.1.i VeriCenter Customer Service Center Help Line - Callers need easy access to a CSR. The VeriCenter Customer Service Center Help Line allows a Caller to access the VeriCenter Customer Service Center team through an automated attendant. The number for the VeriCenter Customer Service Center Help Line is: Toll Free Number: 000-000-0000

B.4.1.ii Voice Mailbox – If all CSR’s are busy, and a Caller has been holding for 30 seconds, the Caller is given an option to continue holding or to be routed to a voice mailbox. This mailbox is checked every 15 minutes 24 hours per day, 7 days per week, and the CSR’s will return calls promptly, as appropriate.

B.4.1.iii E-Mail Mailbox – For customers desiring to contact VeriCenter Customer Service Center through electronic mail, Service Requests will be accepted that are prioritized as MED or LOW. This mailbox is checked regularly, 24 hours per day, 7 days per week and calls returned within an hour as appropriate. It is recommended that Severity Level 1 and 2 requests not rely on this service due to slower response times. xxxxxxxxxxxxxxx@xxxxxxxxxx.xxx

B.4.1.iv Service Request Ownership/Resolution — Once a CSR receives a call and entitlement has been established the representative is responsible for its resolution or its escalation. Thus the representative is responsible for logging the call, providing the customer with the corresponding Service Request Number, trouble-shooting the Service Request, and escalating the call if necessary. The CSR will maintain the responsibility for determining the resolution, communicating the resolution back to the Caller, and recording the resolution in the VeriCenter Customer Service Center tracking database. If a CSR receives a call that is not supported by the team, the representative is responsible for helping the individual get to the right place for support.

B.4.1.v Knowledge Management — As noted above, the CSR is responsible for logging the Service Request. It is each team’s responsibility to keep a current and accurate base of knowledge that will assist in future Service Request resolutions.

B.4.2 Service Elements

Below are the service elements between the Customer and the VeriCenter Customer Service Center.

B.4.2.i Hours of Operation – The VeriCenter Customer Service Center’s hours of operation are:

Regular Business Hours:

Monday – Friday:
7:00AM – 7:00PM CST

After Business Hours:


		Monday – Friday:
		7:00PM – 7:00AM CST
		Saturday – Sunday:
		All Day

B.4.2.ii Priority Definitions — The prioritization of a Service request is very important and is the foundation of VeriCenter escalation process. A call’s priority determines how quickly a call is resolved and/or escalated. During the initial call, the CSR will inquire into the nature and urgency of the Service Request in order to assign the appropriate priority. Afterwards, the CSR and Caller will agree upon what priority the call is to be given. Call priorities are:


Severity		First Level	Second Level
Levels	Description of Severity	Escalation	Escalation
1	An outage of a defined customer environment. This is treated with the highest level of support and service.	5 Min.	1 Hr.

2	An outage that affects functionality but does not leave the customer defined environment non-functional. This type of outage is treated with a high level of support and service.	1 Hr.	4 Hrs.

3	A request by the customer to perform a task or operation, which is important but not critical to ongoing operations	3 Hrs.	8 Hrs.

4	A request by the customer to perform a task or operation, of convenience	8 Hrs.	48 Hrs.

B.4.3 Internal Escalation Procedures — When a CSR determines that a call needs to be escalated; the call is marked as such in the tracking database. If a call is severity 1 priority, every attempt will be made to perform ‘live’ escalation via phone or direct contact. For severity 2 — 4 priority calls, escalations are made through the call-tracking system.

B.4.4 External Escalation Procedures – When it is necessary for a CSR to escalate a Service Request to an escalation partner outside of VeriCenter, then the service level priority expectations for problem resolution will vary. The CSR will inform the customer of such proceedings and will keep the customer updated continually until the Service Request has been resolved.

B.4.5 Caller’s Responsibilities — It is the Caller’s responsibility to provide as much detail as possible on the Service Request. In addition, the Caller needs to be open to the CSR’s suggestions as they work together toward problem resolution. In most instances, the customer is part of the escalation process. The customer must commit resources to helping resolve escalated Service Requests to meet the agreed-upon service levels. Finally, the Caller is responsible for returning the representative’s phone call or e-mail message if additional information or documentation is needed


VERICENTER CONFIDENTIAL AND PROPRIETARY		Page 2

SLA # 0002204-QUO
EXECUTION FINAL

B.4.6 Communication - Support is a team effort. It is imperative that continuous communication and feedback exist between parties to provide quick resolution to Service Requests.

B.5 Security Services:

B.5.1 Physical Access: Physical access to VeriCenter Data Centers is controlled by the VeriCenter Operations Group and is restricted to authorized VeriCenter employees and those individuals specifically approved and authorized by VeriCenter who are accompanied by VeriCenter’s personnel or who have properly issued access badges. Access by the Customer will be limited to Representatives of the Customer designated in the Customer Registration Form, which is hereby incorporated by reference. If the Customer wishes to gain access to a VeriCenter Data Center, arrangements must be made in advance with VeriCenter (typically a phone call on the day requested). At all times a VeriCenter employee must escort Customer’s Representatives unless other arrangements have been made and an access badge properly issued. All changes to the Customer’s Representatives designated in the Customer Registration Form must be confirmed with VeriCenter in writing at least one (1) day prior to access to the facility for any new Representative.

B.5.2 Electronic Access: Electronic access to VeriCenter’s data center environments will be secured through the deployment and utilization of best of breed redundant firewall borders, network intrusion monitors, Operating System security parameters, anti-virus software and security policy administration. VeriCenter will continually monitor and track intrusion attempts, virus threats and other security breaches, both internal and external, and take appropriate actions should vulnerabilities be identified. Formal logging and reporting of all security breaches will be performed.

B.5.3 Access to Customer’s Facilities: VeriCenter may require security clearance and access to the Customer’s facility to install and maintain VeriCenter’s equipment. VeriCenter will comply with all requirements deemed necessary by the Customer for VeriCenter’s personnel and contractors to gain access to the Customer’s facility. VeriCenter will be responsible for all work performed by VeriCenter’s personnel and contractors while on Customer’s premises.

B.6 Summary of Services:


	Initial Problem
	Notification /	Initial Customer
Service Type	Recognition	Contact	Status Updates
Facility	5 Min.	1 Hr	Hourly
Monitoring	5 Min.	1 Hr	Hourly
Backup	N/A	Exception Based	Exception Based
Security	Best Efforts	Best Efforts	Best Efforts
Support	N/A	N/A	N/A

C. Remedy

C.1 Responsiveness

[*]

C.2 Exceptions

C.3 Termination for Chronic Problems

The conditions warranting termination of Services applicable to this SLA, as specified on the Order Form, are as follows:

[*]

D. Service Level Change Request Procedures

The other party’s project manager will review each CR. The project manager will weigh the merits of the proposed change and approve it for investigation or reject it. If rejected, the project


VERICENTER CONFIDENTIAL AND PROPRIETARY		Page 3

[*] We are seeking confidential treatment of these terms which have been omitted. The confidential portions have been filed separately with the Securities and Exchange Commission.

SLA # 0002204-QUO
EXECUTION FINAL

manager will return the CR to the requesting party, together with the reason(s) for rejection.

Approved changes will be incorporated into this SLA or the MSA through written modifications, which shall be signed by duly authorized representatives of both parties

E. Change Management

F. Event Notification

VeriCenter shall provide initial notice to a designated Customer’s representative by telephone, e-mail, pager or comparable notification service within one (1) hour of VeriCenter becoming aware of an event that has caused or may cause an Unscheduled Outage. In the event Customer first becomes aware of such event, Customer shall promptly provide initial notice to VeriCenter via the Toll-Free Customer Support Number (866) VCENTER. Status reports about the event will continue on the hour until either the event has been resolved or both VeriCenter and the Customer have determined a course of action that does not require continued notification.

G. Definitions

Environment: The infrastructure components as defined in the Order Form that run Customer’s application(s).

Monitoring: The monitoring, collecting, processing and reporting of information associated with the characteristics of VeriCenter Data Center computer system environments.

Monthly Fee: The monthly fee for a Service as set forth in the Order Form for that Service.

Service Term: The minimum term for which VeriCenter will provide the Service to Customer as set forth in the Order Form for that Service.

VeriCenter Operations Group: The VeriCenter Operations Group, responsible for the daily delivery and management of Services provided to the Customer.

By the signatures of their duly authorized representatives below, VeriCenter and Customer, intending to be legally bound, agree to all of the provisions of this SLA


CUSTOMER: QUOVADX, INC.		VERICENTER, INC.

Signature:	/s/ Xxxx Xxxxxxx	Signature:	/s/ Xxxxxxx Xxxxxxxx

Print Name:	Xxxx Xxxxxxx	Print Name:	Xxxxxxx Xxxxxxxx

Title:	Executive Vice President	Title:	SVP Sales

Date:	9/30/2005	Date:	10/3/05

This Service Level Agreement incorporates the following documents:

•		Order Form *[]**

•		VeriCenter Roles & Responsibilities *[]**

•		Problem Management Flow Chart

VERICENTER CONFIDENTIAL AND PROPRIETARY

Page 4

[*] We are seeking confidential treatment of these terms which have been omitted. The confidential portions have been filed separately with the Securities and Exchange Commission.

EXECUTION FINAL

QUOVADX BUSINESS ASSOCIATE AGREEMENT

This Business Associate Agreement (“BA Agreement”) is entered into by and between Quovadx, Inc. (“Quovadx”) and VeriCenter, Inc. (“Business Associate”) (each a “Party” and collectively the “Parties”).

WHEREAS, in the operation of its Cash Accelerator business, Quovadx is a Covered Entity;

WHEREAS, Quovadx in connection with the operation of its Cash Accelerator business receives services from Business Associate under the terms of that certain Master Services Agreement between the Parties dated September 30, 2005 (the “Underlying Agreement”);

WHEREAS, in providing services to Quovadx, Business Associate may obtain access to PHI;

WHEREAS, the Parties desire to meet their obligations under the Health Insurance Portability and Accountability Act of 1996, the Privacy Rule (as defined below) and the Security Rule (as defined below) (collectively, “HIPAA”);

NOW, THEREFORE, in consideration of the foregoing and for other good and valuable consideration, the receipt and sufficiency of which are hereby acknowledged, the Parties agree as follows:

1. DEFINITIONS.

1.1 Unless otherwise specified in this BA Agreement, all capitalized terms used in this BA Agreement and not otherwise defined herein have the meaning set forth in the Underlying Agreement or in 45 CFR parts 160 and 164, each as amended from time to time.

1.2 “Electronic PHI” shall mean Electronic Protected Health Information, as defined in 45 CFR § 160.103.

1.3 “PHI” shall mean Protected Health Information, as defined in 45 CFR § 160.103.

1.4 “Privacy Rule” shall mean the privacy regulations at 45 CFR §§ 160 and 164 Subparts A and E.

1.5 “Security Rule” shall mean the security regulations at 45 CFR §§ 160 and 164 Subparts A and C.

2. RESPONSIBILITIES OF BUSINESS ASSOCIATE.

2.1 Business Associate agrees to:

(a) use and/or disclose PHI only as permitted or required by this BA Agreement, the Underlying Agreement, or as required by law;

(b) use appropriate safeguards to prevent use or disclosure of PHI other than as permitted or required by this BA Agreement or the Underlying Agreement;

(c) (i) implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the Electronic PHI that it creates, receives, maintains or transmits on behalf of Quovadx; and (ii) make its policies and procedures, and documentation required by the Security Rule relating to such safeguards, available to the Secretary of the Department of Health and Human Services (“HHS”) for purposes of determining Quovadx’s compliance with the Security Rule;

EXECUTION FINAL

(d) report to Quovadx any use or disclosure of PHI of which it becomes aware that is not permitted by this BA Agreement or the Underlying Agreement;

(e) report to Quovadx any Security Incident with respect to Electronic PHI of which it becomes aware;

(f) require all its subcontractors and agents that create, receive, use, disclose or have access to PHI to agree, in writing, to the same restrictions and conditions on the use and/or disclosure of PHI that apply to Business Associate;

(g) ensure that all of its subcontractors and agents to whom it provides Electronic PHI agree in writing to implement reasonable and appropriate safeguards to protect such Electronic PHI;

(h) make available its internal practices, books, and records relating to the use and disclosure of PHI to the HHS for purposes of determining Quovadx’s compliance with HIPAA;

(i) document such disclosures of PHI and information related to such disclosures as would be required by Quovadx to respond to a request for an accounting of disclosures of PHI about an individual;

(j) within 20 days of receiving a written request from Quovadx, make available information necessary for Quovadx to make an accounting of disclosures of PHI about an individual; and

(k) mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of PHI by Business Associate in violation of this BA Agreement.

2.2 If Business Associate retains PHI in its possession and such PHI constitutes a Designated Record Set, Business Associate agrees as follows with regard to such PHI:

(a) within 20 days of receiving a written request from Quovadx, to make available the PHI necessary for Quovadx to respond to individuals’ requests for access to PHI about them; and

(b) within 20 days of receiving a written request from Quovadx, incorporate any amendments or corrections to the PHI in accordance with the Privacy Rule.

3. PERMITTED USES AND DISCLOSURES OF PHI.

3.1 Unless otherwise limited herein, in addition to any other uses and/or disclosures permitted or required by this BA Agreement or required by law, Business Associate may:

(a) use the PHI in its possession for Business Associate’s proper management and administration and to fulfill any legal responsibilities of Business Associate; and

(b) disclose the PHI in its possession to a third party for the purpose of Business Associate’s proper management and administration or to fulfill any legal responsibilities of Business Associate; provided, however, that the disclosures are required by law or Business Associate has received from the third party written assurances that (i) the information will be held confidentially and used or further disclosed only as required by law or for the purpose for which it was disclosed to the third party; and (ii) the third party will notify Business Associate of any instances of which it becomes aware in which the confidentiality of the information has been breached.

4. RESPONSIBILITIES OF QUOVADX.

4.1 Quovadx agrees to inform Business Associate of any PHI that is subject to any arrangements permitted or required of Quovadx under the Privacy Rule that may materially impact in any manner the use and/or disclosure of PHI by Business Associate under this BA Agreement, including, but not limited to, restrictions on the use and/or disclosure of PHI as provided for in 45 CFR § 164.522 and agreed to by Quovadx.

5. EFFECTIVE DATE. This BA Agreement shall be effective as of the effective date of the Underlying Agreement (the “BA Effective Date”).

EXECUTION FINAL

6. TERM AND TERMINATION.

6.1 Term. This BA Agreement shall commence as of the BA Effective Date and continue in effect until terminated in accordance with the provisions of Section 6.2.

6.2 Termination.

(a) Upon Quovadx’s determination of a breach of a material term of this BA Agreement by Business Associate, Quovadx shall either terminate the Underlying Agreement, this BA Agreement and any other agreements requiring the disclosure of PHI by Quovadx to Business Associate; or provide Business Associate written notice of that breach in sufficient detail to enable Business Associate to understand the specific nature of that breach and afford Business Associate an opportunity to cure the breach; provided, however, that if Business Associate fails to cure the breach within a reasonable time specified by Quovadx, Quovadx may terminate this BA Agreement and the Underlying Agreement to the extent that Business Associate’s continued performance under the Underlying Agreement requires Business Associate to create or receive PHI. If Quovadx terminates this BA Agreement, Business Associate shall have no continuing obligations under the Underlying Agreement.

(b) This BA Agreement shall terminate immediately upon the termination of the Underlying Agreement, or in the case of multiple Underlying Agreements, the last of such agreements.

6.3 Effect of Termination or Expiration.

(a) Except as provided in 6.3(b), upon termination of this BA Agreement for any reason, Business Associate shall return or destroy all PHI received from Quovadx, or created or received by Business Associate on behalf of Quovadx. This provision shall apply to PHI that is in the possession of subcontractors or agents of Business Associate.

(b) In the event that Business Associate determines that returning or destroying the PHI is infeasible, Business Associate shall notify Quovadx of the conditions that make return or destruction infeasible. In that event: (i) Business Associate shall extend the protections of this BA Agreement to such PHI and limit further uses and disclosures of such PHI to those purposes that make the return or destruction infeasible, for so long as Business Associate maintains such PHI; and (ii) Quovadx shall comply with its obligations under Section 4.1(b) with respect to any PHI retained by Business Associate after the termination or expiration of this BA Agreement. This Section 6.3 shall survive any termination or expiration of this BA Agreement.

7. NOTICES. All notices pursuant to this BA Agreement must be given in accordance with the requirements set forth in the Underlying Agreement(s).

8. CHANGE IN LAW; AMENDMENT. The Parties agree to negotiate to amend this BA Agreement as necessary to comply with any amendment to any provision of HIPAA or its implementing regulations set forth at 45 CFR parts 160 and 164, including, but not limited to, the Privacy Rule and the Security Rule, which materially alters either Party’s or both Parties’ obligations under this BA Agreement. This BA Agreement may not be amended, altered or modified except by written agreement signed by Quovadx and Business Associate.

9. CONTRADICTORY TERMS; CONSTRUCTION OF TERMS. Any provision of the Underlying Agreement or any other agreement between the Parties that is directly contradictory to one or more terms of this BA Agreement (“Contradictory Term”) shall be superseded by the terms of this BA Agreement as of the BA Effective Date only to the extent that it is reasonably impossible to comply with both the Contradictory Term and the terms of this BA Agreement. The terms of this BA Agreement shall be construed in light of any applicable interpretation or guidance on HIPAA, the Privacy Rule, and/or the Security Rule issued by HHS, the Office for Civil Rights, or the Centers for Medicare and Medicaid Services from time to time.

10. ASSIGNMENT. Neither this BA Agreement nor any right or obligation hereunder shall be assigned or transferred by either Party without the prior written consent of the other (which consent shall not be unreasonably withheld or delayed); provided, however, that each party shall have the right, without such consent, to assign or transfer this BA Agreement or any right or obligation hereunder to any of its affiliates or also to any other person that (a) acquires or otherwise succeeds to all or substantially all of that Party’s business and assets or the business and assets of said Party that relate to the Underlying Agreement, (b) assumes all of the Party’s obligations hereunder or obligations hereunder that arise after such assignment or transfer, and (c) agrees to perform or cause performance of all such obligations when due. No assignment or transfer shall relieve a Party of any obligation hereunder. Any purported assignment or transfer not permitted by this Section shall be void. All of the terms and provisions of this BA Agreement shall be binding upon and inure to the benefit of the Parties and their respective successors and permitted assigns and transferees.

EXECUTION FINAL

11. MISCELLANEOUS. Nothing in this BA Agreement shall confer upon any person other than the Parties and

their respective successors or assigns, any rights, remedies, obligations, or liabilities whatsoever. In the event that any provision of this BA Agreement violates any applicable statute, ordinance or rule of law in any jurisdiction that governs this BA Agreement, such provision shall be ineffective to the extent of such violation without invalidating any other provision of this BA Agreement. No provision of this BA Agreement may be waived except by an agreement in writing signed by the waiving Party. A waiver of any term or provision shall not be construed as a waiver of any other term or provision. The persons signing below have the right and authority to execute this Agreement for their respective entities and no further approvals are necessary to create a binding agreement.

IN WITNESS WHEREOF, the Parties hereto have executed this BA Agreement as of the BA Effective Date.


QUOVADX, INC.		VERICENTER, INC.


By:	/s/ Xxxxx Xxxxxxxx	By:	/s/ Xxxxxxx Xxxxxxxx

	(Authorized Signature)		(Authorized Signature)

	Xxxxx Xxxxxxxx		Xxxxxxx Xxxxxxxx

	Printed Name		Printed Name

	EVP		SVP Sales

	Title		Title

Document Metadata

Table of Contents

VeriCenter Master Services Agreement

Document Metadata