xxxvii. Compliance with Data Privacy Laws. The Company and its subsidiaries are, and at all prior times were, in material compliance with all applicable state and federal data privacy and security laws and regulations, including without limitation HIPAA, and the Company and its subsidiaries have taken commercially reasonable actions to prepare to comply with, and since May 25, 2018, have been and currently are in material compliance with, the European Union General Data Protection Regulation (GDPR) (EU 2016/679) (collectively, the Privacy Laws). To ensure compliance with the Privacy Laws, the Company and its subsidiaries have in place, comply with, and take appropriate steps reasonably designed to ensure compliance in all material respects with the Companys policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling, and analysis of Personal Data (the Policies). The Company further certifies that neither it nor any subsidiary: (i) has received written notice of any actual or potential liability under or relating to, or actual or potential violation of, any of the Privacy Laws; (ii) is currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action initiated by a governmental authority pursuant to any Privacy Law; or (iii) is a party to any order, decree, or settlement agreement issued by a governmental authority that imposes any obligation or liability under any Privacy Law.
xxxviii. Compliance with Health Care Laws. The Company and its subsidiaries are, and at all times have been, in compliance with all applicable Health Care Laws, except to the extent that any non-compliance would not, individually or in the aggregate, reasonably be expected to result in a Material Adverse Change. For purposes of this Agreement, Health Care Laws means: (i) the Federal Food, Drug, and Cosmetic Act (21 U.S.C. Section 301 et seq.), the Public Health Service Act (42 U.S.C. Section 201 et seq.), and the regulations promulgated thereunder; (ii) all applicable federal, state, local and foreign health care fraud and abuse laws, including, without limitation, the Anti-Kickback Statute (42 U.S.C. Section 1320a-7b(b)), the Civil False Claims Act (31 U.S.C. Section 3729 et seq.), the criminal false statements law (42 U.S.C. Section 1320a-7b(a)), 18 U.S.C. Sections 286 and 287, the health care fraud criminal provisions under HIPAA (42 U.S.C. Section 1320d et seq.), the Stark Law (42 U.S.C. Section 1395nn), the civil monetary penalties law (42 U.S.C. Section 1320a-7a), the exclusion law (42 U.S.C. Section 1320a-7), the Physician Payments Sunshine Act (42 U.S.C. Section 1320-7h), and applicable laws governing government funded or sponsored healthcare programs; (iii) HIPAA, as amended by the Health Information Technology for Economic and Clinical Health Act (42 U.S.C. Section 17921 et seq.); (iv) the Patient Protection and Affordable Care Act of 2010, as amended by the Health Care and Education Reconciliation Act of 2010; (v) licensure, quality, safety and accreditation requirements under applicable federal, state, local or foreign laws or regulatory bodies; and (vi) all other local, state, federal, national, supranational and foreign laws, relating to the regulation of the Company or its subsidiaries, and (vii) the directives and regulations promulgated pursuant to such statutes and any state or non-U.S. counterpart thereof. Neither the Company nor any of its subsidiaries has received written notice of any claim, action, suit, proceeding, hearing, enforcement, investigation, arbitration or other action from any court or arbitrator or governmental or regulatory authority or third party alleging that any product operation or activity is in violation of any Health Care Laws nor, to the Companys knowledge, is any such claim, action, suit, proceeding, hearing, enforcement, investigation, arbitration or other action threatened, except in each case as would not, individually or in the aggregate, reasonably be