Legal

Government Addendum

Effective Date: February 2026

Document Version: 1.0

1. Purpose

This Government Addendum ("Addendum") sets forth supplemental terms and conditions that apply when a government or public sector entity ("Government Customer") enters into an agreement with Rymeda, Inc. ("Rymeda," "we," "us," or "our") for the use of the Rymeda healthcare platform and related services.

This Addendum supplements and modifies the Terms of Service, the Master Service Agreement (if applicable), and any other agreements between Rymeda and the Government Customer (collectively, the "Underlying Agreement"). To the extent of any conflict between this Addendum and the Underlying Agreement, this Addendum shall control with respect to the government-specific terms set forth herein.

2. Applicability

This Addendum applies to the following Government Customer categories:

CategoryExamplesAdditional Provisions
Federal GovernmentFederal agencies, departments, military branches, federal healthcare facilities (VA, DoD, IHS)FAR/DFARS, FedRAMP alignment, FISMA, Government Data Rights
State GovernmentState agencies, state health departments, state-run healthcare systems, state universitiesState procurement laws, state data privacy requirements, state-specific terms
Local GovernmentCounties, municipalities, public health districts, community health centers, tribal organizationsLocal procurement ordinances, intergovernmental agreements
Government-Affiliated EntitiesFederally Qualified Health Centers (FQHCs), government-funded research institutions, public hospitalsGrant compliance, specific funder requirements

3. FAR/DFARS Compliance

Where the Government Customer is a federal agency and the services are procured under a federal contract or order subject to the Federal Acquisition Regulation (FAR), the following provisions apply:

3.1 Commercial Computer Software

The Rymeda platform is classified as "commercial computer software" and "commercial computer software documentation" as those terms are used in FAR 12.212 and DFARS 227.7202. In accordance with FAR 12.212 and DFARS 227.7202-1 through 227.7202-4, all U.S. Government end users acquire the platform with only those rights set forth in this Addendum and the Underlying Agreement.

3.2 FAR Clauses

To the extent required by applicable law or regulation, the following FAR clauses are incorporated by reference:

  • FAR 52.227-19: Commercial Computer Software License (applicable to civilian agencies)
  • FAR 52.212-4: Contract Terms and Conditions — Commercial Products and Commercial Services
  • FAR 52.212-5: Contract Terms and Conditions Required to Implement Statutes or Executive Orders — Commercial Products and Commercial Services
  • FAR 52.204-21: Basic Safeguarding of Covered Contractor Information Systems

3.3 DFARS Clauses

For Department of Defense customers, the following DFARS clauses are incorporated by reference, as applicable:

  • DFARS 252.227-7014: Rights in Other Than Commercial Computer Software and Other Than Commercial Computer Software Documentation
  • DFARS 252.227-7015: Technical Data — Commercial Products and Commercial Services
  • DFARS 252.204-7012: Safeguarding Covered Defense Information and Cyber Incident Reporting (where applicable)

4. FedRAMP Alignment

FedRAMP Status Disclosure

As of the effective date of this Addendum, Rymeda, Inc. is not FedRAMP Authorized. However, Rymeda's security architecture is aligned with FedRAMP Moderate baseline controls (NIST SP 800-53 Rev. 5) and we are actively pursuing FedRAMP authorization through the Joint Authorization Board (JAB) process.

4.1 Current Security Posture

Rymeda's security controls are aligned with the following frameworks:

  • NIST SP 800-53 Rev. 5: Moderate baseline controls for information systems
  • NIST SP 800-171: Protecting Controlled Unclassified Information (CUI)
  • SOC 2 Type II: Annual independent audit of security, availability, and confidentiality
  • HIPAA Security Rule: Administrative, physical, and technical safeguards for ePHI

4.2 Government Customer Acknowledgment

Government Customers requiring FedRAMP Authorized cloud services should evaluate whether Rymeda's current security posture meets their specific authorization requirements. Rymeda will cooperate with Government Customers in providing security documentation, completing security questionnaires, and supporting Agency Authority to Operate (ATO) processes where applicable.

5. Government Data Rights

5.1 Government Data

The Government Customer retains unlimited rights in all data created by or on behalf of the Government Customer using the Rymeda platform, including but not limited to patient records, clinical documentation, billing data, and administrative data ("Government Data"). "Unlimited rights" means the right to use, disclose, reproduce, prepare derivative works, distribute copies to the public, and perform publicly and display publicly, in any manner and for any purpose, and to have or permit others to do so.

5.2 Software Rights

The Government Customer receives limited rights in Rymeda's proprietary software, in accordance with DFARS 252.227-7014 (for DoD) or FAR 52.227-19 (for civilian agencies). Limited rights mean that the software may be used, modified, reproduced, released, performed, displayed, or disclosed within the Government, but may not be released or disclosed outside the Government without Rymeda's written permission.

5.3 Data Portability and Export

Government Customers may export all Government Data at any time in structured, machine-readable formats (JSON, CSV) through the platform's export functionality. Upon termination, Rymeda will provide a thirty (30)-day data export window and, at the Government Customer's request, provide data in the format specified by the Government Customer, subject to technical feasibility.

6. CJIS and ITAR Disclaimer

Not In Scope

The Rymeda platform is a healthcare technology platform designed for clinical documentation, practice management, and related healthcare services. The following regulatory frameworks are not currently in scope for the Rymeda platform:

  • Criminal Justice Information Services (CJIS) Security Policy: Rymeda does not process, store, or transmit Criminal Justice Information (CJI) and is not CJIS compliant. Government Customers requiring CJIS compliance should not use the Rymeda platform for CJIS data.
  • International Traffic in Arms Regulations (ITAR): Rymeda does not process, store, or transmit ITAR-controlled technical data or defense articles. The platform is not designed for use with ITAR-regulated information.
  • Classified Information: Rymeda does not hold a facility security clearance and is not authorized to process classified information at any level (Confidential, Secret, or Top Secret).

7. Section 508 Accessibility Compliance

Rymeda is committed to ensuring that the Rymeda platform is accessible to individuals with disabilities in compliance with Section 508 of the Rehabilitation Act of 1973, as amended (29 U.S.C. §794d), and the Web Content Accessibility Guidelines (WCAG) 2.1 Level AA.

7.1 Accessibility Standards

  • The Rymeda platform is designed and tested against WCAG 2.1 Level AA criteria
  • A Voluntary Product Accessibility Template (VPAT) based on the ITI VPAT 2.5 (WCAG edition) is available upon request
  • Accessibility testing is conducted regularly using both automated tools and manual testing with assistive technologies
  • An accessibility feedback mechanism is available for users to report barriers

7.2 Accessibility Statement

For detailed information about our accessibility practices, conformance status, and feedback mechanisms, see our Accessibility Statement.

8. HIPAA Government Obligations

Government healthcare entities using the Rymeda platform operate as "Covered Entities" under HIPAA (45 CFR §160.103), and Rymeda operates as a "Business Associate" with respect to PHI processed on behalf of such Government Customers.

8.1 Business Associate Agreement

All Government Customers that are Covered Entities must execute (or be deemed to have accepted) the Rymeda Business Associate Agreement. The BAA governs all uses and disclosures of PHI and incorporates the safeguards required by the HIPAA Security Rule (45 CFR Part 164, Subpart C).

8.2 Government-Specific HIPAA Provisions

  • HHS/OIG Cooperation: Rymeda shall cooperate with any investigation by the HHS Office for Civil Rights (OCR) or the OIG relating to the Government Customer's use of the platform
  • Accounting of Disclosures: Rymeda maintains detailed accounting of all PHI disclosures, available for audit by the Government Customer and regulatory authorities
  • Government Breach Response: In the event of a breach affecting a Government Customer, Rymeda will coordinate with the Government Customer's designated HIPAA privacy and security officials and comply with any additional government-specific breach reporting timelines

9. Insurance & Indemnification

9.1 Insurance

Rymeda, Inc. maintains the following insurance coverage:

  • Commercial General Liability: $2,000,000 per occurrence / $4,000,000 aggregate
  • Professional Liability / Errors & Omissions: $5,000,000 per claim / $5,000,000 aggregate
  • Cyber Liability / Data Breach: $5,000,000 per claim / $5,000,000 aggregate
  • Workers' Compensation: As required by applicable state law

Certificates of insurance are available upon request to legal@rymeda.com.

9.2 Government-Specific Indemnification

Rymeda acknowledges that certain Government Customers may be prohibited by law from providing indemnification or certain liability protections. Where the Government Customer is a state, local, or federal entity that cannot legally indemnify Rymeda:

  • Mutual indemnification clauses in the Underlying Agreement shall be modified to the extent required by applicable law
  • Government Customer's liability shall be limited to the extent permitted by applicable sovereign immunity, tort claims act, or similar statutory provisions
  • Rymeda's indemnification obligations to the Government Customer remain in effect as set forth in the Underlying Agreement

10. Governing Law

This Addendum shall be governed by and construed in accordance with:

  • Federal Government Customers: Federal law, including the Contract Disputes Act (41 U.S.C. §§7101-7109), shall govern disputes arising under or relating to federal procurement. The Federal Acquisition Regulation and applicable agency supplements apply.
  • State Government Customers: The laws of the Government Customer's state shall govern, unless preempted by federal law (e.g., HIPAA). Venue shall be as specified by applicable state procurement regulations.
  • Local Government Customers: The laws of the state in which the Government Customer is located shall govern, subject to applicable local ordinances and procurement requirements.

To the extent that the governing law provisions in the Underlying Agreement conflict with this Section, this Section shall control for Government Customers.

11. Order of Precedence

In the event of a conflict among the various documents governing the relationship between Rymeda and the Government Customer, the following order of precedence shall apply (highest to lowest):

1.

This Government Addendum

Government-specific terms override all other agreements

2.

Business Associate Agreement (BAA)

HIPAA PHI processing terms

3.

Data Processing Agreement (DPA)

GDPR and data protection terms

4.

Master Service Agreement (Enterprise)

Enterprise service terms (if applicable)

5.

Terms of Service

Standard platform terms and conditions

12. Termination for Convenience

The Government Customer may terminate the Underlying Agreement (and this Addendum) for convenience at any time by providing thirty (30) days' written notice to Rymeda. In the event of termination for convenience:

  • The Government Customer shall pay Rymeda for all services rendered and accepted through the effective date of termination
  • Rymeda shall provide a pro-rata refund of any prepaid fees for the unused portion of the service term
  • Rymeda shall cooperate in the orderly transition of Government Data, providing a thirty (30)-day data export window
  • Neither party shall be liable to the other for any damages arising solely from the exercise of this termination for convenience right

For federal customers, this termination for convenience right is in addition to any rights under FAR 52.249-2 (Termination for Convenience of the Government) or DFARS equivalent.

13. Anti-Corruption & Ethics

13.1 FCPA Compliance

Rymeda, Inc. complies with the U.S. Foreign Corrupt Practices Act ("FCPA") (15 U.S.C. §§78dd-1 et seq.) and prohibits any payment, offer, promise, or authorization of payment of money or anything of value to any government official, political party, or candidate for political office for the purpose of obtaining or retaining business or securing any improper advantage.

13.2 State Ethics Laws

Rymeda complies with applicable state ethics laws and regulations governing relationships with government employees and officials. Rymeda workforce members and agents are prohibited from:

  • Offering or providing gifts, meals, entertainment, or other items of value to government employees or officials involved in procurement decisions, except as permitted by applicable ethics rules
  • Engaging in any conduct that would create a conflict of interest or the appearance of a conflict of interest with government employees
  • Employing or contracting with former government employees in violation of applicable post-employment restrictions (e.g., 18 U.S.C. §207, state revolving door laws)

13.3 Anti-Kickback Statute

In addition to the provisions of the Anti-Fraud & Compliance Program, Rymeda confirms that its pricing and business arrangements with Government Customers do not involve any kickbacks, bribes, or other prohibited remuneration under the Anti-Kickback Statute (42 U.S.C. §1320a-7b(b)) or the Procurement Integrity Act (41 U.S.C. §2101 et seq.).

14. Additional Provisions

14.1 Lobbying Disclosure

If applicable, Rymeda certifies that it has not and will not use any funds received under an agreement with a Government Customer for lobbying activities, in compliance with 31 U.S.C. §1352 and FAR 52.203-12.

14.2 Debarment and Suspension

Rymeda, Inc. certifies that it is not presently debarred, suspended, proposed for debarment, declared ineligible, or voluntarily excluded from participating in covered transactions by any federal department or agency, in accordance with FAR 52.209-6 and 2 C.F.R. Part 180.

14.3 Equal Opportunity

Rymeda is an equal opportunity employer and complies with Executive Order 11246, Section 503 of the Rehabilitation Act of 1973, the Vietnam Era Veterans' Readjustment Assistance Act (VEVRAA), and all applicable federal, state, and local non-discrimination requirements.

14.4 Records Retention

Rymeda shall retain all records relating to the performance of services under a government agreement for a period of no less than three (3) years from the date of final payment, or longer as required by applicable regulations (e.g., FAR 4.705, state records retention requirements, HIPAA 6-year retention). Records shall be made available for audit and inspection by the Government Customer and applicable oversight bodies.

15. Contact Information

For questions regarding government procurement, this Addendum, or to discuss government-specific requirements:

Government Sales

inquiry@rymeda.com

Government procurement inquiries, contract negotiations, VPAT requests

Legal Department

legal@rymeda.com

Contract modifications, compliance certifications, regulatory questions

Security Team

security@rymeda.com

FedRAMP status, security documentation, ATO support

Compliance Office

legal@rymeda.com

HIPAA compliance, anti-corruption inquiries, ethics concerns

Related Policies

Terms of Service

Standard platform terms and conditions

Master Service Agreement

Enterprise service terms

Business Associate Agreement

HIPAA PHI processing terms

Data Processing Agreement

GDPR data processing terms

Anti-Fraud & Compliance Program

Healthcare fraud prevention

Accessibility Statement

Section 508 and WCAG compliance

Security

Platform security architecture

Service Level Agreement

Uptime and availability commitments