Effective Date: January 1, 2026

This Business Associate Agreement ("Agreement") is entered into by and between Forge.io Pty Ltd ("Business Associate") and the Customer identified in the Master Service Agreement ("Covered Entity").

1. Purpose and Scope

This Agreement is intended to comply with the requirements of the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"), the Health Information Technology for Economic and Clinical Health Act ("HITECH"), and their implementing regulations.

2. Obligations of Business Associate

Business Associate agrees to:

• Not use or disclose Protected Health Information (PHI) other than as permitted or required by the Agreement or as required by law;
• Use appropriate safeguards, and comply with Subpart C of 45 CFR Part 164 with respect to electronic PHI, to prevent use or disclosure of PHI other than as provided for by the Agreement;
• Report to Covered Entity any use or disclosure of PHI not provided for by the Agreement of which it becomes aware, including breaches of unsecured PHI as required at 45 CFR 164.410;

3. Permitted Uses and Disclosures

Business Associate may use or disclose PHI as necessary to perform the services set forth in the Service Agreement. In addition to other permissible purposes, Business Associate is authorized to use PHI to de-identify the information in accordance with 45 CFR 164.514(a)-(c).