Terms of Service

Last Updated: July 13, 2026

IMPORTANT DISPUTE NOTICE: THESE TERMS CONTAIN BINDING INDIVIDUAL ARBITRATION, A JURY-TRIAL WAIVER, AND A CLASS- AND REPRESENTATIVE-ACTION WAIVER. SECTION 19 EXPLAINS THESE PROVISIONS AND CUSTOMER’S 30-DAY RIGHT TO OPT OUT OF ARBITRATION.

1. Agreement and Authority

These Terms of Service (the “Terms”) are a binding agreement between Bomi Health, Inc. (“Bomi,” “we,” “us,” or “our”) and the practice or other legal entity identified during registration or in an Order Form (“Customer,” “you,” or “your”). An “Order Form” is an ordering document accepted by both parties that identifies Services, fees, or other commercial terms. “Bomi EHR” means Bomi’s hosted electronic health record and its related software features, including its software features for claims, billing, payments, and the Client Portal. The “Services” are the Bomi EHR products and features identified in your Order Form or account. “Bomi Managed Billing” means Bomi’s separately purchased managed billing service. “Bomi Credentialing” means Bomi’s separately purchased managed credentialing and payer enrollment service. Bomi Managed Billing and Bomi Credentialing are not part of Bomi EHR or the Services under these Terms, even if they exchange information with or otherwise integrate with Bomi EHR.

The individual accepting these Terms represents that they have legal authority to bind Customer. Authorized Users use the Services on Customer’s behalf but do not become personally responsible for Customer’s payment or indemnification obligations solely by using the Services. Patients and clients are not parties to these business Terms; any direct use of a client portal is governed by separate terms presented to them when that portal is offered.

You accept these Terms by affirmatively agreeing during registration, signing an Order Form that incorporates them, or using the Services after an authorized representative has accepted them. If you lack authority or do not agree, do not create or use an account.

2. Accounts and Authorized Users

Customer may authorize employees, contractors, and other workforce members to use its account (“Authorized Users”). Customer’s primary administrative Authorized User is the “Account Owner.” Customer is responsible for assigning appropriate permissions, promptly removing access when authority ends, and ensuring Authorized Users comply with these Terms. Customer is responsible for activity performed through its account to the extent caused by Customer’s or an Authorized User’s acts or omissions.

The Services use passwordless or other authentication methods that we make available. Each Authorized User must have an individual account and may not share an authentication link, login, or other credential with another person. Customer and Authorized Users must protect their email accounts, devices, authentication links, and other credentials and promptly notify us of suspected unauthorized access. Bomi may require reasonable verification before changing an Account Owner. If an Account Owner dies, becomes incapacitated, or loses authority, Customer must designate a successor with documented authority. Bomi will not select a successor for Customer without reliable evidence of authority from Customer, a court-appointed representative, a custodian of records, or another legally authorized person.

Customer will purchase and maintain the number and type of user licenses required by its Order Form. In any twelve-month period, Bomi may only once use Services usage records and request reasonably necessary, nonclinical records to verify compliance with user-license limits. Bomi will not inspect clinical content for this purpose. If an audit shows unlicensed use, Customer will promptly purchase the required licenses and pay the corresponding fees from the earliest date of unlicensed use reasonably supported by the records. Bomi will treat records received through an audit as Customer’s Confidential Information.

3. Customer Responsibilities

Customer will:

  • use the Services only in compliance with applicable law, professional duties, payer requirements, and these Terms;
  • obtain required notices, consents, permissions, and legal authority for Customer Data and Customer’s instructions to Bomi;
  • configure access appropriately and maintain reasonable administrative, technical, and physical safeguards within Customer’s control;
  • maintain accurate account, billing, and contact information; and
  • independently review clinical, billing, coding, scheduling, and other professional outputs before relying on them.

The Services support, but do not replace, Customer’s professional judgment. Bomi does not practice medicine, psychotherapy, law, or accounting and does not direct diagnosis or treatment.

3.1 EHR Claims and Billing Features

When Customer uses EHR features to prepare, transmit, correct, appeal, or otherwise support an insurance claim, Customer remains the healthcare provider and party seeking reimbursement. Under these Terms, Bomi provides Bomi EHR software tools and does not act as Customer’s managed billing service or billing agent. Bomi Managed Billing is a separate managed service available only under its own Order Form and terms. Customer is responsible for the truth, accuracy, completeness, medical necessity, coding, documentation, authorization, timely filing, and legal and payer compliance of each claim, including when a Bomi EHR feature transmits the claim. Customer will review claim information when the Services provide a review opportunity and will promptly notify Bomi of known errors or overpayments.

Bomi does not guarantee reimbursement, payer or clearinghouse acceptance, eligibility or benefit determinations, payment timing or amount, or clearinghouse or payer availability. This does not excuse Bomi from performing its express obligations with reasonable care. Customer will maintain an appropriate compliance program; promptly investigate and report suspected fraud, waste, abuse, false claims, and overpayments when applicable law requires; preserve relevant records; and reasonably cooperate with lawful payer or government audits, investigations, corrective actions, and repayment obligations. Any Bomi Managed Billing or Bomi Credentialing managed service must be separately ordered and is outside these Terms.

3.2 Customer Communications

As between the parties, Customer is the sender of calls, text messages, emails, and other communications that Customer initiates or directs through the Services. Customer is responsible for the message content, recipient instructions, and obtaining and documenting any consent required by the Telephone Consumer Protection Act, CAN-SPAM Act, and other applicable law, including prior express written consent when required. Customer will provide required notices, honor opt-out and revocation requests, maintain suppression records, and not direct Bomi to contact a recipient contrary to those choices. Bomi remains responsible for laws that apply directly to Bomi’s own conduct.

3.3 United States Use and Professional Eligibility

The Services are offered for business and clinical use in the United States by Authorized Users who are at least eighteen years old. Bomi does not represent that the Services are appropriate or legally compliant for use in another country. Customer is responsible for any access or use outside the United States. Customer will ensure that each clinical Authorized User holds all licenses, registrations, supervision, and other authority required for their services and uses the Services only within their lawful scope of practice.

Customer represents and warrants that neither Customer nor any Authorized User is excluded, suspended, debarred, or otherwise ineligible to participate in Medicare, Medicaid, another federal healthcare program, or a government procurement or nonprocurement program applicable to Customer’s use of the Services, including as reflected in an active exclusion record in the U.S. Department of Health and Human Services Office of Inspector General’s List of Excluded Individuals/Entities (“LEIE”) or the System for Award Management (“SAM.gov”). Customer will screen Customer and Authorized Users against applicable exclusion lists before permitting access and periodically thereafter as required by law, payer contract, or a reasonable compliance program. Customer will not permit an excluded, suspended, debarred, or otherwise ineligible person or entity to use the Services to furnish, order, prescribe, document, code, or bill for items or services for which payment may be made by an affected program. Customer will promptly notify Bomi of any actual or reasonably suspected change in that status, stop the affected use or submission, and cooperate with lawful corrective action. Bomi may restrict the affected user, submission, or function as permitted by Section 11.

3.4 No Emergency or Crisis Use

THE SERVICES ARE NOT AN EMERGENCY SERVICE OR CRISIS HOTLINE AND MUST NOT BE USED AS THE SOLE METHOD TO SEEK, PROVIDE, OR COORDINATE HELP FOR AN EMERGENCY OR OTHER TIME-SENSITIVE MEDICAL OR MENTAL-HEALTH NEED. Bomi does not continuously monitor Customer Data, portal messages, telehealth communications, reminders, notifications, or other communications for crisis content, threats, self-harm, harm to others, abuse, or medical or mental-health emergencies. Bomi does not guarantee that any communication will be delivered, reviewed, or answered within a particular time.

Customer is responsible for establishing, staffing, documenting, and communicating appropriate emergency and crisis-response procedures; giving patients and clients instructions not to use the Services for emergencies and an appropriate urgent-contact method; and monitoring and responding to communications according to Customer’s professional duties and representations. Unless an Order Form expressly states otherwise, Bomi does not independently verify a patient’s or client’s identity, physical location, age, decision-making authority, or emergency contact. Customer and its Authorized Users are responsible for performing those checks when clinically or legally appropriate, assessing whether telehealth or another remote interaction is appropriate, obtaining informed consent, complying with licensure and mandated-reporting duties, exercising clinical judgment, and directing people to appropriate emergency or crisis resources. In the United States, immediate danger or a medical emergency should be directed to 911 or the nearest emergency facility; suicide, mental-health, or substance-use crisis support is available by calling or texting 988. Bomi provides technology and does not provide professional, diagnostic, emergency, or crisis-response services.

3.5 Electronic Signatures and Records

Customer consents to use electronic records and signatures for its agreements and transactions with Bomi to the extent permitted by law. These electronic records may include these Terms, the BAA, Order Forms, notices, invoices, payment-processor or tax documents, and records created, delivered, acknowledged, or signed through the Services, subject to any separate consent or delivery process required by law. Customer agrees that an electronic signature, initial, checkbox acceptance, or other affirmative electronic act by its authorized representative or an Authorized User acting within their authority memorializes the signer’s intent and may be attributed to Customer with the same effect as a handwritten signature. This does not make an Authorized User personally responsible for Customer’s obligations solely because the user acted on Customer’s behalf.

Customer acknowledges that it can access, download, retain, and print electronic records using ordinary supported hardware and software. Customer may request an available paper copy or prospectively withdraw its consent to electronic records for transactions with Bomi by authenticated notice under Section 21. Withdrawal takes effect after a reasonable processing period, does not affect a record or signature made before it takes effect, and may prevent Bomi from offering a transaction or Service that requires electronic delivery. This paragraph does not replace any additional consumer disclosure, hardware or software notice, affirmative consent, or other process required for a particular record.

When Customer uses the Services to obtain or rely on an electronic signature, acknowledgment, consent, or record from a patient, client, Authorized User, or other person, Customer is responsible for deciding whether electronic form is appropriate and for satisfying applicable identity, attribution, disclosure, consent, access, accessibility, delivery, copy, and retention requirements. Bomi provides the technology and is not a witness, notary, attorney, or guarantor of the validity or enforceability of a particular signature or record. A requirement for separate consent, a particular form of signature, notarization, witnessing, or a paper record must be satisfied separately.

4. Acceptable Use

Customer and Authorized Users will not:

  • share credentials, impersonate another person or organization, create a false or misleading account, or create accounts through an automated process;
  • scrape, crawl, index, bulk extract, harvest, or use a bot, spider, or other automated means to access the Services, except through a documented API within its approved scope and limits;
  • circumvent a rate limit, access control, security measure, limit on licensed users, feature restriction, or other usage control, or use an API outside its documentation or assigned credentials;
  • resell, sublicense, timeshare, or use the Services as a service bureau for a third party, except as an Order Form expressly permits;
  • reverse engineer, copy, extract a model from, use nonpublic aspects of the Services for competitive benchmarking, or use Bomi’s Confidential Information to build a competing product, except to the limited extent a restriction is prohibited by law; this does not prohibit lawful interoperability or independent development without Bomi’s Confidential Information;
  • send unsolicited bulk communications, spam, or messages that violate a recipient’s expressed preferences or applicable law;
  • create or facilitate a false, fraudulent, duplicative, misleading, unsupported, or unlawful claim, appointment, eligibility inquiry, payment, or credentialing submission;
  • access the Services without authorization; probe or test vulnerabilities except under Bomi’s written security-testing policy; introduce malware or malicious code; attack another system through the Services; or interfere with the Services’ security, integrity, availability, or operation;
  • impose an excessive or abusive load, including by making requests at a volume or frequency that a reasonable user would understand could degrade the Services;
  • upload data Customer lacks authority to process or instruct Bomi to process, or continue uploading a category of specially regulated or unsupported data after Bomi gives a clear written or in-product warning that the Services do not support it;
  • use the Services to violate law, infringe rights, harass others, or facilitate fraud; or
  • remove, obscure, or alter a copyright, trademark, attribution, or other proprietary notice in the Services or documentation.

Bomi may reasonably investigate suspected violations, request Customer’s cooperation, preserve relevant evidence, limit affected functions as permitted by Section 11, and cooperate with a lawful investigation or legal process. This paragraph does not expand Bomi’s suspension rights or permit Bomi to use PHI or clinical-record access as commercial leverage. The scope, notice, restoration, read-only access, export, continuity-of-care, and other protections in Section 11 continue to apply.

5. Fees and Payment

Customer will pay the fees, taxes, and other charges stated in the applicable Order Form. Except as stated in an Order Form, fees are billed in accordance with the billing cadence shown at purchase and are noncancelable and nonrefundable. Except where an Order Form expressly provides otherwise or law requires, Bomi provides no refund or credit for partial use, cancellation, termination, expiration, downgrade, or unused Services, and termination does not relieve Customer of fees paid or payable for a committed term. Bomi may, in its sole discretion, provide a refund, credit, or other accommodation, but doing so once does not require Bomi to do so again. Customer may dispute an invoice in good faith by giving us written notice describing the dispute within thirty days after the invoice date. Undisputed overdue amounts may accrue interest at the lesser of 1.5% per month or the maximum lawful rate. After notice and expiration of the applicable cure period, Customer will reimburse reasonable out-of-pocket costs Bomi incurs to collect undisputed overdue amounts, including reasonable attorneys’ fees, to the extent permitted by law.

Bomi-Caused Termination. Notwithstanding the foregoing, if (i) Customer terminates an affected Service under Section 10, 12, 15, or 18 of these Terms or Section 9 of the BAA because of Bomi’s uncured material breach, Bomi’s permanent discontinuation of the affected Service, a material reduction in core prepaid functionality for which Bomi does not provide substantially equivalent functionality, an uncured breach of Bomi’s express warranty, or a materially adverse change to these Terms; or (ii) Bomi terminates an affected Service for convenience or permanently discontinues it for business reasons, then Customer will not owe fees attributable to periods after the effective termination or discontinuation date for the affected Service, and Bomi will refund prepaid fees attributable to the unused period after that date. This paragraph does not provide a refund for Services already provided or for termination caused by Customer’s breach.

Bomi may change recurring fees effective at the start of a renewal term by giving Customer at least thirty days’ advance notice. If Bomi gives notice fewer than thirty days before a renewal date, the fee change will take effect at the following renewal. Fee changes do not apply during a prepaid, noncancelable committed term unless an Order Form expressly permits them or they result from Customer’s added users, usage, products, or Services.

Payment-processing, telehealth, artificial intelligence, and other optional EHR products may be subject to a separate Order Form. If a payment processor collects card-verification values or full card numbers, Bomi does not receive a license to use them for unrelated purposes and will not retain card-verification values after authorization. Customer’s and Bomi’s respective merchant, settlement, refund, dispute, and processor obligations are governed by the applicable Order Form and processor terms presented to Customer.

6. Customer Data and Operational Data

6.1 Ownership

“Customer Data” means information, records, files, communications, images, audio, video, payment information, and other content submitted to or generated for Customer through the Services, including Protected Health Information (“PHI”); Customer’s original forms, custom text, customer-created templates, configurations, mappings, policies, and content; and completed clinical, billing, and other records and outputs generated for a patient or Customer. Customer Data excludes Bomi Technology and Third-Party Materials defined in Section 14. As between the parties, Customer retains all right, title, and interest in Customer Data. Bomi acquires no ownership in Customer Data.

6.2 Limited Processing Authorization

Customer grants Bomi a limited, nonexclusive license during the Term to host, transmit, reproduce, display, and otherwise process Customer Data only as necessary to provide, secure, maintain, support, and improve the Services for Customer; follow Customer’s documented instructions; prevent or address fraud, security, or technical problems; and comply with applicable law. Bomi may sublicense these rights only to authorized subprocessors that are bound by appropriate written confidentiality, privacy, security, and data-processing obligations. The license ends when Customer Data is deleted, except for data retained in protected backups or as required by law and subject to the continuing protections of these Terms and the BAA.

6.3 Restrictions

Bomi will not sell or license Customer Data, whether identifiable or deidentified, to data brokers, advertisers, employers, insurers, or unrelated third parties; or use identifiable Customer Data for advertising, unrelated marketing, or data brokerage. PHI may be used or disclosed only as authorized by the Business Associate Agreement (“BAA”) or required by law. As stated in Section 7 of the BAA, Customer authorizes Bomi to deidentify PHI under the conditions in that Section. Deidentified data must satisfy HIPAA’s deidentification standard and other applicable law, and Bomi will not attempt to reidentify it or attribute it to a patient or Customer.

Bomi may use properly deidentified information and non-identifying aggregate results derived from it for internal security, analytics, benchmarking, research, product development and improvement, and development of insights and tools. Bomi may disclose that information only to contracted service providers acting for Bomi under written use and reidentification restrictions or in benchmark, research, or similar outputs that do not identify and cannot reasonably be linked to an individual or Customer.

As provided in the BAA, Customer may opt out by written notice to privacy@billwithbomi.com from future use of its source data in cross-customer product-improvement analytics. The opt-out takes effect within thirty days and survives termination. Bomi may retain previously created deidentified data, statistics, and non-reversible aggregate results, but will not create new cross-customer analytics from Customer’s source data after the opt-out takes effect.

6.4 AI and Machine Learning

Bomi will not use PHI or other identifiable Customer Data to train, fine-tune, evaluate, or improve any general-purpose, cross-customer, product-specific, or customer-specific artificial-intelligence or machine-learning model unless Customer has expressly agreed in an applicable Order Form or other feature-specific writing and all required legal bases and individual authorizations have been obtained. This restriction does not prohibit Bomi’s permitted use of properly deidentified information and non-identifying aggregate results under Section 6.3, provided they remain deidentified and cannot reasonably be linked to an individual or Customer.

Bomi may process identifiable Customer Data through an approved model solely for ordinary inference, customer-specific retrieval, summarization, transcription, or workflow processing needed to provide a Customer-specific feature expressly ordered by Customer and governed by an applicable Order Form or other feature-specific written terms. Each applicable model provider must be bound by appropriate privacy and security obligations, including a downstream BAA when required, and contractually prohibited from retaining inputs or outputs beyond the permitted processing or using them to train, fine-tune, evaluate, or improve its own or any third party’s models.

AI-generated output is draft output, may be incomplete or inaccurate, and must be reviewed and approved by an appropriately qualified Authorized User before it is used for clinical care, documentation, coding, claims, or patient communications.

The applicable Order Form or other feature-specific written terms will address recording and transcription consent; model and provider identity; prompt, transcript, and output retention; clinician review; prohibited autonomous decisions and patient-facing communications; state-specific restrictions; incident handling; and whether the feature is beta or production.

6.5 Operational Data

“Operational Data” means technical telemetry about the configuration, performance, security, and use of the Services. Operational Data does not include PHI or information that identifies a patient. Bomi may use Operational Data to operate, secure, support, analyze, and improve the Services and may disclose it only in a form that does not identify Customer or an individual, except to subprocessors or as required by law.

7. Privacy, PHI, and Regulated Data

The Business Associate Agreement (“BAA”) applies when Bomi creates, receives, maintains, or transmits PHI as a business associate or subcontractor business associate. The BAA controls over these Terms and any other agreement to the extent of a conflict concerning PHI. Each party will perform the privacy and security obligations allocated to it by applicable law and the BAA; neither party shifts its own legal obligations to the other.

Customer is responsible for identifying whether its organization or particular records are subject to 42 C.F.R. Part 2, state minor-consent or parental-access rules, psychotherapy-note restrictions, or laws governing HIV/STI, genetic, reproductive-health, or similarly protected information. Customer must use available configurations appropriately and must not submit specially regulated data unless the Services and an applicable addendum support it. Bomi does not promise that a configuration automatically satisfies every jurisdiction’s requirements.

Personal information outside the BAA is governed by Bomi’s Privacy Policy. Bomi will not use advertising pixels or tracking technologies in authenticated EHR areas in a manner that impermissibly discloses PHI.

8. Security and Confidentiality

8.1 Security

Bomi will maintain reasonable administrative, technical, and physical safeguards designed to protect the confidentiality, integrity, and availability of Customer Data, consistent with applicable law and the BAA. No service can guarantee absolute security. Customer remains responsible for safeguards within its control, including endpoint and email security, access decisions, workforce practices, and secure use of exported data.

8.2 Mutual Confidentiality

“Confidential Information” means nonpublic information disclosed by a party that reasonably should be understood as confidential, including Customer Data, pricing, credentials, payer and business information, source code, product plans, and security information. The receiving party will use Confidential Information only to perform or exercise rights under the parties’ agreements, protect it using at least reasonable care, and disclose it only to personnel and contractors with a need to know who are bound by confidentiality duties. Confidential Information excludes information the recipient can show was lawfully known without restriction, independently developed, publicly available without breach, or rightfully received from another source.

A recipient may disclose Confidential Information when legally required, but, where lawful, will give prompt notice and reasonable assistance so the disclosing party may seek protection. These duties continue for five years after disclosure and for as long as required by law for trade secrets, PHI, and other regulated data.

9. Subprocessors and Third-Party Services

Bomi may use subprocessors to operate the Services and remains responsible for performing its obligations under these Terms and the BAA. Bomi will require subprocessors to protect Customer Data through appropriate written terms and will execute downstream business associate agreements when HIPAA requires them.

Customer may choose to connect independent third-party products or direct Bomi to exchange Customer Data with them. Those products are governed by their own terms, and Bomi is not responsible for their acts or omissions after data is transmitted at Customer’s direction. This limitation does not apply to a provider Bomi selects as its own subprocessor and does not reduce Bomi’s obligations under these Terms or the BAA.

10. Availability, Maintenance, and Changes

Bomi will use commercially reasonable efforts to maintain the Services. Maintenance, emergencies, internet failures, third-party outages, and events outside reasonable control may interrupt them. We will provide reasonable notice of planned material interruptions when practicable and will work to restore affected functionality. Any uptime commitment, support target, service credit, recovery objective, or maintenance window applies only if stated in an Order Form.

We may improve or modify the Services. We will give at least thirty days’ notice before a change that materially reduces core prepaid functionality, unless a shorter period is reasonably necessary for security, safety, or law. If such a reduction materially harms Customer’s use and we do not provide substantially equivalent functionality, Customer’s sole remedy is to terminate the affected Service before the reduction takes effect, subject to Section 5.

Bomi may identify a feature or Service as beta, preview, pilot, trial, evaluation, early access, or free (collectively, “Preview Services”). Use of Preview Services is optional. Unless an Order Form states otherwise, Bomi may modify or discontinue a Preview Service at any time, and production availability, support, uptime, and service-credit commitments do not apply to it. Bomi will not begin charging for a free trial without Customer’s authorization and advance disclosure of the applicable fees. The confidentiality, privacy, security, and BAA obligations in the parties’ agreements apply to Preview Services that process Customer Data.

11. Suspension

Bomi may immediately suspend only the affected account, user, integration, or feature, to the extent reasonably practicable, when necessary to contain an imminent security threat, prevent unlawful or fraudulent activity, protect patients or the Services, or comply with a binding legal requirement. We will notify Customer as soon as reasonably practicable unless prohibited by law or doing so would increase the risk, and will restore access when the basis for suspension is resolved.

For nonpayment of undisputed amounts, Bomi may suspend paid features only after written notice and at least fifteen days to cure. During a commercial suspension or payment dispute, Bomi will not use PHI as leverage and will preserve read-only access to clinical records, legally required patient-rights functions, and available export tools for authorized users, subject to reasonable security controls. Bomi will preserve emergency clinical and continuity-of-care access to the extent reasonably practicable, but need not maintain an access path that would perpetuate an active compromise or create an unreasonable risk to patients or Customer Data. Where reasonably practicable, Bomi will provide a secure alternative method of access or export while the affected path is contained. Nothing in this Section authorizes Bomi to violate HIPAA, the BAA, applicable patient-access duties, or information-blocking law.

Bomi may quarantine, restrict, correct, or delete Customer Data only under Customer’s documented instruction or a documented security, legal, or retention procedure. We will preserve original records and notify Customer where reasonably practicable and legally permitted.

12. Term and Termination

These Terms begin when accepted and continue while Customer has an active account or Order Form (the “Term”). Unless an Order Form states otherwise, a month-to-month subscription automatically renews for successive one-month terms until canceled, and a fixed-term subscription automatically renews for successive periods equal to the shorter of the expiring term or one year. Customer may cancel a month-to-month subscription before its next renewal date through the process shown in the Services, with cancellation effective at the end of the then-current billing period. Either party may prevent renewal of a fixed-term subscription by giving at least thirty days’ written notice before the current term ends. Bomi may prevent renewal of a month-to-month subscription by giving at least thirty days’ written notice.

Either party may terminate for a material breach that remains uncured thirty days after written notice, except that the cure period is fifteen days for undisputed nonpayment. A party may terminate immediately if the other party becomes insolvent, ceases business without a successor, or materially breaches confidentiality, data-use restrictions, or law in a manner that cannot reasonably be cured.

Bomi may permanently discontinue a Service for business reasons with at least ninety days’ notice where practicable and will reasonably cooperate with transition. In that event, the Bomi-Caused Termination paragraph in Section 5 applies to fees paid or payable for the discontinued Service. Bomi’s applicable BAA, confidentiality, privacy, security, and data-return duties survive discontinuation, insolvency, or shutdown to the maximum extent enforceable. Any permitted transfer of the parties’ agreement is subject to the written-assumption requirements in Section 21.

13. Data Export, Retention, and Deletion

As between the parties, Customer is the legal custodian or controller of its clinical, billing, and business records. Customer is responsible for determining and satisfying applicable retention periods and for lawful responses to patients, clients, payers, licensing boards, courts, and regulators. Bomi acts as Customer’s service provider and, where applicable, business associate. Bomi does not assume Customer’s independent record-retention or response duties after the contractual transition and deletion periods end. Customer is responsible for timely exporting and preserving the records it must retain.

Customer may use available self-service export tools throughout the Term. For sixty days after termination, Bomi will provide authorized users read-only access to Customer Data and available export tools, including during a good-faith billing dispute, unless access is legally prohibited or creates an unresolved material security risk. Export capabilities and formats may vary by data type, but Bomi will provide Customer Data in reasonably accessible and usable electronic formats. Customer may request reasonable migration assistance at rates disclosed in advance.

After the transition period, Bomi will delete Customer Data from active systems in accordance with its documented retention procedures and the BAA, unless Customer requests earlier deletion or law requires retention. Customer Data in protected backups will remain isolated from ordinary use, remain subject to these Terms and the BAA, and be deleted through Bomi’s ordinary backup lifecycle. Legal holds may delay deletion only for affected data. On written request, Bomi will confirm completion of deletion, subject to lawful retention and technically protected backups. If return or destruction of PHI is infeasible, the BAA governs continued protection and restricted use.

14. Intellectual Property

14.1 Bomi Technology

“Bomi Technology” means the Services, documentation, standard template library, software, schemas, interface designs, generalized workflows, algorithms, methods, underlying tools, and related technology and improvements. Bomi and its licensors own Bomi Technology. Subject to payment and compliance with these Terms, Bomi grants Customer a limited, nonexclusive, nontransferable right during the Term for Authorized Users to use Bomi Technology through the Services for Customer’s internal business and clinical operations.

14.2 Customer Materials and Outputs

Customer owns its original forms, custom text, customer-created templates, configurations, mappings, policies, and content. Completed records and outputs generated through the Services for a patient or Customer are Customer Data. Customer’s ownership of those materials, records, and outputs does not transfer ownership of Bomi Technology used to create, structure, display, or deliver them. Bomi retains all rights in the underlying tools and generalized functionality.

14.3 Third-Party Materials

“Third-Party Materials” include code sets, payer content, government and industry forms, clinical vocabularies, and other materials Bomi does not own. They remain the property of their respective owners and are subject to applicable license, attribution, access, use, and redistribution restrictions. Neither party receives ownership of Third-Party Materials under these Terms.

14.4 Feedback and Publicity

Customer grants Bomi a perpetual, irrevocable, transferable, sublicensable right to use feedback voluntarily provided about the Services, without identifying Customer or an individual and without using Customer Data. Feedback does not include Customer’s name, logo, trademarks, testimonial, endorsement, or case study. Bomi may use any of those publicly only with Customer’s prior written approval for the specific use. Customer may withdraw that approval prospectively on reasonable written notice, but Bomi is not required to recall materials already distributed in accordance with the approval.

15. Warranties and Disclaimers

Each party warrants that it has authority to enter into these Terms. Bomi warrants that it will provide the Services in a professional and workmanlike manner and will not materially reduce the security or core functionality of a prepaid Service during its committed term, except as permitted by these Terms. Customer’s exclusive remedy for breach of this warranty is reperformance; if Bomi cannot cure a material breach within thirty days after notice, Customer may terminate the affected Service, subject to Section 5.

EXCEPT FOR EXPRESS WARRANTIES IN THE PARTIES’ AGREEMENTS AND TO THE MAXIMUM EXTENT PERMITTED BY LAW, THE SERVICES ARE PROVIDED “AS IS” AND “AS AVAILABLE,” AND EACH PARTY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT. BOMI DOES NOT WARRANT THAT THE SERVICES WILL BE UNINTERRUPTED OR ERROR-FREE OR THAT CUSTOMER’S USE ALONE WILL ENSURE COMPLIANCE WITH LAW. THIS DISCLAIMER DOES NOT LIMIT BOMI’S EXPRESS OBLIGATIONS UNDER THE BAA OR AN ORDER FORM.

16. Indemnification

“Claim” means a third-party claim, demand, action, suit, payer audit, subpoena, governmental investigation, or regulatory proceeding. “Losses” means finally awarded damages, approved settlement amounts, reasonable attorneys’ and professional fees, and reasonable investigation, subpoena-response, notification, remediation, and corrective-action costs, plus penalties and fines to the extent they are legally indemnifiable. Losses are covered only to the extent attributable to conduct for which this Section assigns responsibility to Customer.

Customer will defend Bomi, its affiliates, and their respective directors, officers, employees, and agents against Claims and will indemnify and hold them harmless from Losses, in each case to the extent caused by:

  • false, inaccurate, incomplete, unsupported, duplicative, misleading, or unlawful claims, reimbursement requests, eligibility inquiries, or other submissions based on Customer Data or Customer’s instructions;
  • Customer’s clinical documentation, medical-necessity decisions, coding, modifiers, credential information, licensure, payer enrollment, participation status, federal healthcare program exclusion, suspension, debarment, ineligibility, or professional services;
  • Customer’s failure to obtain a required patient, telehealth, recording, transcription, messaging, payment, or other consent, notice, authorization, or permission;
  • a payer or patient communication Bomi sends at Customer’s direction or using content or recipient information Customer supplies;
  • Customer’s emergency or crisis protocols, monitoring or response decisions, failure to respond to a communication, or failure to direct a patient or client to appropriate emergency or crisis resources;
  • Customer’s failure to report, refund, or return an identified overpayment when required by law or payer agreement;
  • allegations that Customer Data, Customer’s instructions, or Customer’s use of the Services infringes intellectual property rights or violates privacy, publicity, confidentiality, or other third-party rights;
  • a third-party product, integration, processor, or other service Customer selects or directs Bomi to connect; or
  • Customer’s unauthorized use of the Services or material violation of law or these Terms.

Customer has no obligation to the extent a Claim or Loss is caused by Bomi’s breach of the parties’ agreements, negligence, or willful misconduct.

The indemnified party must promptly notify the indemnifying party, provide reasonable cooperation at the indemnifying party’s expense, and allow it to control the defense. Delay relieves an obligation only to the extent it materially prejudices the defense. No settlement may admit fault, impose nonmonetary obligations, or fail to fully release the indemnified party without that party’s prior written consent, not to be unreasonably withheld. Bomi may control its own response to a subpoena, payer audit, governmental investigation, or regulatory proceeding, while keeping Customer reasonably informed where lawful.

17. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY LAW, NEITHER PARTY WILL BE LIABLE FOR INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES, OR LOST PROFITS, REVENUE, OR GOODWILL, EVEN IF ADVISED OF THEIR POSSIBILITY. THIS EXCLUSION DOES NOT APPLY TO DATA RESTORATION OR LEGALLY REQUIRED NOTICE COSTS THAT CONSTITUTE DIRECT DAMAGES.

EXCEPT AS PROVIDED BELOW, EACH PARTY’S TOTAL AGGREGATE LIABILITY ARISING OUT OF OR RELATING TO THE PARTIES’ AGREEMENTS WILL NOT EXCEED THE FEES PAID OR PAYABLE BY CUSTOMER FOR THE AFFECTED SERVICE DURING THE TWELVE MONTHS BEFORE THE EVENT GIVING RISE TO LIABILITY. IF THE AFFECTED SERVICE HAS BEEN PROVIDED FOR FEWER THAN TWELVE MONTHS, THE CAP USES FEES PAID OR PAYABLE FROM ITS START THROUGH THAT EVENT. IF THE AFFECTED SERVICE IS FREE OR A TRIAL, THE CAP IS ONE HUNDRED U.S. DOLLARS (US $100). FOR A PARTY’S BREACH OF CONFIDENTIALITY, PRIVACY, SECURITY, THE DATA-USE RESTRICTIONS IN SECTION 6, THE BAA, OR GROSS NEGLIGENCE, THE CAP IS THREE TIMES THE APPLICABLE AMOUNT.

No exclusion or cap applies to fraud, willful misconduct, intentional misuse of Customer Data, Customer’s payment or indemnification obligations, or liability that cannot lawfully be limited. The limits apply in the aggregate across all theories of liability, even if a limited remedy fails of its essential purpose, and do not enlarge a remedy otherwise available.

18. Changes to Legal Terms

Bomi may update these Terms to reflect changes in law, security, products, or business operations. A nonmaterial or customer-beneficial change may take effect when posted. We will give at least thirty days’ advance notice of a materially adverse change by email to Customer’s account contact or through a prominent in-product notice. A shorter period may apply if reasonably necessary to address law or an urgent security risk. Section 5 exclusively governs fee changes. If Customer objects to a materially adverse change, Customer may terminate the affected Service before the change takes effect, subject to Section 5. No change applies retroactively or reduces Bomi’s obligations for previously processed Customer Data.

19. Disputes

19.1 Informal Resolution and Individual Arbitration

Before filing a claim, each party will give individualized written notice identifying the claimant, the relevant account, the factual and legal basis of the claim, the requested relief, and information reasonably sufficient to evaluate the dispute, and will allow thirty days for good-faith executive-level resolution. Except for claims seeking injunctive relief for misuse of intellectual property, Confidential Information, or Customer Data, any unresolved dispute will be resolved by binding arbitration administered by the American Arbitration Association (“AAA”) under its Commercial Arbitration Rules by one arbitrator. Arbitration will occur remotely unless the parties agree otherwise. The legal seat of arbitration is Wilmington, Delaware, and a remote hearing does not change the seat. Each party may bring an individual claim in small claims court if eligible.

Notwithstanding the AAA rules, the state and federal courts located in Delaware, and not an arbitrator, will exclusively decide whether a dispute is subject to arbitration and the formation, scope, enforceability, and satisfaction of conditions precedent of this Section, including the class waiver and coordinated-claims process. The arbitrator will decide the merits of an arbitrable dispute and may award any individual remedy available under applicable law. Judgment on an award may be entered in any court with jurisdiction.

AAA administrative fees and arbitrator compensation will be allocated under the applicable AAA rules and fee schedules. Each party will pay its own attorneys’ fees and costs unless an Order Form, applicable law, or the final award provides otherwise. Arbitration submissions, evidence, hearings, and awards are confidential, except disclosure is permitted to the extent reasonably necessary to conduct the proceeding, obtain legal or insurance advice, comply with law or a regulatory duty, or confirm, enforce, or challenge an award.

19.2 Coordinated Claims

If coordinated demands qualify as a mass arbitration under the AAA’s Mass Arbitration Supplementary Rules, those rules apply. Each claimant must satisfy Section 19.1. After the AAA begins administering the mass arbitration, counsel for the parties will meet and confer to select ten demands to proceed first as individual bellwether arbitrations, five selected by each side. If they cannot agree on implementation, the AAA or a Process Arbitrator will decide. The remaining demands will be stayed, and merits-case filing fees and arbitrator compensation for them will not become due, while the bellwethers proceed.

After the bellwether awards become final, the parties will participate in one global mediation for at least sixty days unless they settle sooner. If claims remain unresolved, they will proceed in sequential batches of no more than twenty-five demands. Each demand remains an individual arbitration and receives an individual decision and individual relief. The parties may agree, or the AAA or Process Arbitrator may direct, a different staged process when necessary for fairness, efficiency, or consistency with applicable AAA rules. Any limitations period will be tolled for an individual claim from Bomi’s receipt of a notice that complies with Section 19.1 until that demand becomes eligible to proceed under this Section. A court of competent jurisdiction may enforce this staged process.

19.3 Class Waiver, Opt-Out, and Governing Law

EACH PARTY WAIVES A JURY TRIAL AND WILL BRING CLAIMS ONLY IN ITS INDIVIDUAL CAPACITY, NOT AS A CLASS, COLLECTIVE, CONSOLIDATED, OR REPRESENTATIVE ACTION. No arbitrator may conduct class-wide, collective, consolidated, or representative arbitration without every affected party’s written consent. An authorized representative may opt out of arbitration by emailing legal@billwithbomi.com with the subject “Arbitration Opt-Out” within thirty days after Customer first accepts these Terms. The email must identify Customer and the accepting representative and clearly state that Customer opts out of arbitration. The overnight-courier requirement in Section 21 does not apply to an arbitration opt-out.

If the waiver in the preceding paragraph is unenforceable as to a particular claim or requested remedy, only that claim or remedy will be severed and heard in court; it will not proceed in class-wide or representative arbitration. The remaining individual claims and enforceable portions of this Section will proceed in arbitration. If any other arbitration provision is unenforceable or a claim is not arbitrable, that provision or claim will be severed and exclusive jurisdiction will lie in the state and federal courts located in Delaware, with each party consenting to venue there. Delaware law governs without regard to conflict-of-law rules, except that the Federal Arbitration Act governs the interpretation and enforcement of this Section.

A later amendment to this Section will not govern a claim that accrued or conduct that occurred before the amendment’s effective date if the amendment would materially alter how that claim is resolved. The version in effect when the claim accrued or conduct occurred will govern unless the parties later agree otherwise in writing.

20. Compliance with Law

Each party will comply with laws applicable to its performance under these Terms. Customer will not use the Services in violation of applicable export controls, economic sanctions, or restricted-party rules administered by the United States or another applicable authority. Customer represents that it and its Authorized Users are not prohibited from receiving the Services under those rules.

Bomi’s Copyright and DMCA Policy identifies its registered designated agent and governs copyright notices, counter-notices, restoration, repeat infringers, and related content restrictions. Customer and Authorized Users must cooperate with that Policy and may not knowingly upload, share, or direct Bomi to process content that infringes another person’s rights.

Subject to Section 11 and the Copyright and DMCA Policy, Bomi may investigate, quarantine, remove, disable, preserve, or restrict access to affected Customer Data when Bomi reasonably believes the action is necessary to address infringement or other unlawful or Terms-violating content. Bomi will limit the action to affected material, users, or functions where reasonably practicable and will preserve original records and provide notice where applicable law or the parties’ agreements require it. Bomi has no general obligation to monitor Customer Data.

21. General Terms and Notices

Order of precedence. In a conflict, the BAA controls for PHI; an Order Form controls products, fees, and term; and these Terms control everything else.

Notices. Notices under these Terms must be in writing. Ordinary contractual notices may be sent by authenticated email. Notices to Customer may be sent to the account’s legal or administrative email address. Notices to Bomi must be sent to legal@billwithbomi.com from an email address associated with Customer’s account or another address Bomi reasonably verifies as controlled by Customer. An email notice is received on the earlier of the recipient’s written acknowledgment or the next business day after sending if the sender receives no automated delivery-failure message or other reliable notice that it was not received. Customer is responsible for keeping its notice address current.

A notice commencing litigation or arbitration, a subpoena, service of process, or a similar formal legal paper must be delivered as required by applicable law, the relevant court or tribunal rules, or the parties’ agreed procedure. Where courier delivery is permitted, Bomi’s address is Bomi Health, Inc., Attn: Legal, 1111B S Governors Ave STE 6453, Dover, DE 19904, and Customer’s address is the address in its account or Order Form. Courier delivery is not required for an ordinary contractual notice. Section 19.3 separately governs arbitration opt-outs. Operational notices may be delivered in the Services or by email.

Assignment. “Affiliate” means an entity that controls, is controlled by, or is under common control with a party. Bomi may assign the parties’ agreement to an Affiliate or in connection with a merger, reorganization, change of control, financing, or sale of all or substantially all of the assets or business to which the agreement relates, by giving Customer written notice and requiring the assignee to assume Bomi’s applicable obligations in writing. Customer may assign the parties’ agreement in connection with a comparable transaction only with Bomi’s consent, not to be unreasonably withheld, and a written assumption by the assignee. Any other assignment requires the other party’s consent, not to be unreasonably withheld. Every permitted assignee remains bound by the applicable BAA, privacy, security, confidentiality, data-return, and other surviving obligations. An invalid assignment is void.

Force majeure. Neither party is liable for delay caused by an event beyond its reasonable control if it maintains reasonable business-continuity measures and uses reasonable efforts to mitigate and resume performance. Such an event does not eliminate a party’s payment, confidentiality, security, incident-response, data-protection, or data-return duties, but performance of those duties may be delayed solely to the extent the event directly prevents performance despite those continuity and mitigation measures.

Miscellaneous. The parties are independent contractors. These Terms do not create third-party beneficiaries. Waivers must be written and are limited to the stated instance. If a provision is unenforceable, it will be modified to the minimum extent necessary and the remainder will continue. Sections that by their nature should survive termination do survive, including Section 5 as to accrued fees and payment obligations and Sections 6, 7, 8, 13, 14, 15, 16, 17, 19, and 21. The parties’ agreements are the complete agreement about the Services and supersede prior proposals and understandings on that subject.