cknowledge that they have had an opportunity to seek such independent legal advice. The Parties each acknowledge that such Party has read and understand the provisions contained herein and acknowledge receipt of a copy of this Agreement.

[Signature Page Follows]

IN WITNESS WHEREOF, the Parties hereto affix their signatures and execute this Agreement as of the day and year first above written.

DEGREE WELLNESS FRANCHISE, LLC A Delaware limited liability company Its: Its: OWNERS: ASSIGNEE: -and- , Individually and on behalf of any entities or persons that may own, operate or have an interest in the Franchise

EXHIBIT J

SUPPLEMENTAL AGREEMENTS

(INCLUDING HIPAA BUSINESS ASSOCIATE AGREEMENT)

BUSINESS ASSOCIATE AGREEMENT

This Business Associate Agreement ("Agreement") is made and entered into this [Date] by and between:

WELLNESS PROVIDER THERAPIES, P.A., a professional medical association ("Covered Entity"), with offices located at 7901 4th St N, Ste 300, St. Petersburg, FL 33702 and [MSO], [Type of Corporation] ("Business Associate"). with offices located at FRANCHISEE ADDRESS.

(Covered Entity and Business Associate are sometimes individually referred to herein as a "Party" or collectively as the "Parties.")

RECITALS

WHEREAS, Business Associate has been engaged to provide certain services to Covered Entity pursuant to a separate agreement (the "Services Agreement"), and, in connection with those services, Covered Entity may need to disclose to Business Associate, or Business Associate may need to create on Covered Entity's behalf, certain Protected Health Information (as defined below) that is subject to protection under the Health Insurance Portability and Accountability Act of 1996, Public Law 104- 191 ("HIPAA"), the Health Information Technology for Economic and Clinical Health Act, Public Law 111-005 ("HITECH Act"), and regulations promulgated thereunder by the U.S. Department of Health and Human Services to implement certain privacy and security provisions of HIPAA (the "HIPAA Regulations"), codified at 45 C.F.R. Parts 160 and 164; and

WHEREAS, pursuant to the HIPAA Regulations, all business associates (as defined at 45 C.F.R. § 160.103), including Business Associate, of Covered Entity, as a condition of doing business with Covered Entity, must agree in writing to certain mandatory provisions regarding the privacy and security of PHI.

NOW THEREFORE, IN CONSIDERATION OF THE FOREGOING, and the mutual promises and covenants contained herein, Covered Entity and Business Associate agree as follows:

AGREEMENT

• 1. Definitions. Capitalized terms used, but not otherwise defined, in this Agreement shall have the meanings set forth in HIPAA, the HIPAA Regulations and the HITECH Act.

• (a) "Breach" shall have the meaning given to such term in 45 C.F.R. § 164.402, and shall include the unauthorized acquisition, access, use, or disclosure of PHI which compromises the security or privacy of such information.

• (b) "Data Aggregation" shall have the meaning given to such phrase under the Privacy Rule, including, but not limited to, 45 C.F.R. § 164.501.

• (c) "Designated Record Set" means a group of records maintained by or for Covered Entity that may include (i) medical records and billing records about Individuals maintained by or for a covered healthcare provider, (ii) the enrollment, payment, claims adjudication, and case or medical Administrative record systems maintained by or for a health plan, or (iii) records used, in whole or in part, by or for Covered Entity to make decisions about Individuals.

• (d) "Electronic Health Record" shall have the meaning given to such phrase in the HITECH Act, including, but not limited to, 42 U.S.C. § 17921(5).

• (e) "Electronic Protected Health Information" ("ePHI") means individually identifiable health information that is transmitted by, or maintained in, electronic media.

• (f) "Health Care Operations" shall have the meaning given to such phrase under the Privacy Rule, including, but not limited to, 45 C.F.R. § 164.501.

• (g) "Individual" has the same meaning as the term "individual" in 45 C.F.R. § 160.103 and shall include a person who qualifies as a personal representative in accordance with 45 C.F.R. § 164.502(g).

• (h) "Privacy Rule" shall mean the Standards for Privacy of Individually Identifiable Health Information codified at 45 C.F.R. Part 160 and Part 164, Subparts A and E, as amended by the HITECH Act and as may otherwise be amended from time to time.

• (i) "Protected Health Information ("PHI")" means any information, whether oral or recorded in any form or medium: (i) that relates to the past, present or future physical or mental condition of an Individual; the provision of healthcare to an Individual; or the past, present or future payment for the provision of healthcare to an Individual; and (ii) that identifies the Individual or with respect to which there is a reasonable basis to believe the information can be used to identify that Individual; and (iii) shall include the definition as set forth in the Privacy Rule including, but not limited to, 45 C.F.R. § 160.103. PHI excludes individually identifiable health information regarding a person who has been deceased for more than fifty (50) years. For purposes of this Agreement, PHI shall include ePHI.

• (j) "Required By Law" shall have the same meaning as the phrase "required by law" in 45 C.F.R. § 164.103.

Source: Item 23 — Receipts (FDD pages 66–257)