This is a legal agreement (“Agreement”) between you and PHI Medical Office Solutions of Shawnee, KS, product PhyGeneSys (“Company,” “PHI” or “PhyGeneSys”). BY USING THE SYSTEM AS A USER AND/OR AS A DEVELOPER, YOU ARE INDICATING YOUR CONSENT TO ALL OF THE TERMS AND CONDITIONS OF THIS AGREEMENT AND CONSENTING TO BE BOUND BY ITS TERMS. IF YOU ARE ACCESSING OR USING THE SYSTEM ON BEHALF OF AN ENTITY ACTING AS A USER AND/OR AS A DEVELOPER, you represent and warrant that you have authority to bind that entity to this Agreement and by accepting this Agreement, you are doing so on behalf of that entity (and all references to “you” in this Agreement refer to that entity).
1.1 “Codes” means access codes, identification codes, tokens, private security keys, passwords and/or public security certificates that Company may issue to you to access or use with the System, Company's Public Key Infrastructure (PKI), and any services, programs, functions and information provided by Company to you.
1.2 “Computer” means any computing device containing one or more central processing units, including but not limited to desktop and laptop personal computers, tablet devices and smartphones.
1.3 “Data Holder” means any third party that provides data that can be accessed through the System.
1.4 “Developer” means a person or entity other than Company that produces or provides software or services through which a User can access the System.
1.5 “Documentation” means any printed documentation regarding the System, any electronic documentation regarding the System, and any other online or other documentation that is generally made available by Company to Users or Developers regarding the System.
1.6 “Excessive Use” means access or use of the System by a Developer or User that exceeds two times the 99th percentile of system use observed by Company for all Developers and/or Users, or is otherwise identified as an outlier by Company, as measured by a suitable metric determined by Company, examples including but not limited to bandwidth utilized or number or size of data requests processed.
1.7 “HIPAA” means the Health Insurance Portability and Accountability Act of 1996 and the regulations promulgated thereunder.
1.8 “HITECH” means the Health Information Technology for Economic and Clinical Health Act under Title XIII of the American Recovery and Reinvestment Act of 2009 and the regulations promulgated thereunder.
1.9 "Software" means the PHI Medical Office Solutions Application Programming Interface (API) software, access to any applicable related website or network resources intended for use with the software, and any other software provided by Company to you in connection with this agreement, as applicable, in the form intended by Company for use by you, as documented by the Company, and any updates or upgrades thereto provided by Company in Company's sole discretion.
1.10 "System" Interoperability Engine Open Application Programming Interfaces (“APIs”), as provided and documented by Company, any applicable related website or network resources intended for use with these APIs, the HealthToGo client application, any other software used to access these APIs provided by Company to you in connection with this Agreement, any Company websites or network resources, Documentation, Codes, and any related services, programs, functions and information provided by Company to you, and any updates or upgrades thereto provided by Company in Company’s sole discretion.
1.11 “User” means any end user, person or other entity, who accesses the System directly or through any software or service.
2. Permitted Access:
You will only access (or attempt to access) the System by the means described in the Documentation. You will not misrepresent or mask your identity or the identity of your client application. If Company assigns you developer credentials (e.g. client IDs), you must use them with the applicable APIs.
3. License Restrictions.
3.1 YOU WILL NOT, EITHER ON YOUR OWN BEHALF OR THROUGH ANY AGENT OR THIRD PARTY, DECOMPILE, DISASSEMBLE, REVERSE ENGINEER, OR OTHERWISE ATTEMPT TO DERIVE OR EXTRACT THE SOURCE CODE FROM ANY API OR ANY RELATED SOFTWARE, OR MODIFY OR CREATE DERIVATIVE WORKS BASED ON ANY COMPONENT OF THE SYSTEM OR ANY DOCUMENTATION.
3.1.1 For example, but without limitation, you shall not yourself or through any agent or third party:
(i) translate any software code provided by Company in connection with this Agreement, including without limitation for the purpose of reverse engineering or to discover the structure, sequence or organization of the software or any portion thereof,
(ii) monitor, interfere with, or reverse engineer the technical aspects of the System,
(iii) intentionally compromise the security of the System or take any action intentionally, or neglect or omit to take, any action that compromises the security of the System,
(iv) sell, lease, license or sublicense the System or Documentation except as expressly authorized under this Agreement. You shall not use the System for any purpose that is unlawful or prohibited by this Agreement. You are solely responsible for obtaining all equipment and developing or obtaining software required to access the System, for ensuring the compatibility thereof with the System in accordance with the Documentation, for determining the suitability of said equipment and software for the purpose of using the System, and for paying all fees including, without limitation, all taxes and Internet access fees, necessary to use the System. Your responsibilities under the immediately preceding sentence include determining the suitability of any computers or devices, including mobile devices, browser software or other third party software, network configuration and internet service, or other hardware or software, including but not limited to any software provided by Company, used by you to access the System, including but not limited to the assessment of a device’s or software’s ability to maintain the security and privacy of your Codes and of any data, including Protected Health Information as defined by HIPAA, viewed, downloaded, or otherwise accessed or transmitted through the System. If you are (or become) a Covered Entity or Business Associate as defined in HIPAA, you agree that you will not use the HealthToGo client application component of the System for any purpose.
4. User Submissions; HIPAA and HITECH; User Responsibilities:
4.1 As requested by the Company, you shall furnish Company with information regarding the results of your use of the System, including (a) Developer’s name and contact information and the names of any Users and other participants, and (b) reasonably comprehensive information concerning any errors, problems, difficulties, or suggestions regarding the access to or use of the System. You will also promptly respond to any reasonable questions provided by Company regarding the System. You acknowledge and agree that all information provided in accordance with this section shall be considered User Submissions and subject to the provisions for same set forth in 4.6 below.
4.2 You will access or use the System only as and to the extent permitted by any applicable import or export laws, the security and privacy rules of HIPAA, HITECH, and any other applicable law or regulation. You will only request access to Protected Health Information as defined by HIPAA or other information through the System that you are authorized to receive under applicable law and regulation. If you are a Developer, you will require your Users to comply with (and not knowingly enable them to violate) the terms of this Agreement and applicable law or regulation.
4.3 You acknowledge that Company is not a Covered Entity. You agree that you will not intentionally submit to Company or otherwise share with Company any Protected Health Information as defined by HIPAA and will not provide Company with access to any Protected Health Information as defined by HIPAA except as required for you to use the System. You acknowledge and agree that the APIs only act as a conduit to transfer Protected Health Information as defined by HIPAA or any other data between you and a Data Holder, that any information received by you through the System is disclosed to you by the Data Holder providing that information, and that any information transmitted by your through the System is disclosed by you to the Data Holder. You and Company agree that you and Company do not intend to become each other’s Business Associate by virtue of entering into this Agreement or your use of the System. As a result, this Agreement is not intended to serve as a Business Associate Agreement between you and Company.
4.4 YOU ATTEST THAT YOU ARE AUTHORIZED TO ACCESS THE Protected Health Information as defined by HIPAA YOU ARE REQUESTING THROUGH THE SYSTEM, AND YOU AGREE TO HANDLE AND PROCESS SUCH INFORMATION ACCORDING TO ANY AND ALL APPLICABLE LAWS. If you are a Developer, you agree to maintain suitable facilities, management, operational, and physical controls to protect Protected Health Information as defined by HIPAA and any Codes consistent with the security and privacy controls imposed by HIPAA, HITECH, and any other federal, state, and local laws, where applicable, and to treat all Codes with no less care and protection than that afforded to Protected Health Information. You acknowledge and agree that you shall use the System only as and to the extent permitted by applicable law, including any applicable import or export laws, and only for applications related to the secure access to health information over the Internet, in a manner compliant with the security and privacy rules of HIPAA, HITECH, and any other applicable law or regulation. You acknowledge and agree that Company is not a Covered Entity. You agree that you will not intentionally submit to Company or otherwise share with Company any Protected Health Information and will not provide Company with access to any Protected Health Information except as required for you to Use the System. You acknowledge and agree that Company only acts as a conduit to transfer Protected Health Information or any other data between you and a Data Holder.
4.5 You acknowledge that the System is a data transport tool and is not intended to serve as a medical record. If you are a User, you agree that it is your sole responsibility to ensure that the content of any data accessed through the System is incorporated into a patient’s medical record, when applicable. You agree that it is your sole responsibility to fulfill any and all obligations that are required by HIPAA, HITECH, or other governmental statute or regulation, including but not limited to entering into any required Business Associate Agreement with applicable Data Holders or other entities and, if you are a User, providing or obtaining any and all necessary consents, prior to use, disclosure, or transmission of any Protected Health Information as defined by HIPAA or other data accessed through the System. You agree that Company has no obligation to archive or otherwise store any Protected Health Information as defined by HIPAA or other data transferred through the System. You acknowledge that the data you request may not be accessible through the System when (i) you are denied access by Data Holder to any or all of the data requested or the Data Holder does not respond to your request for any reason, (ii) your request or the data provided by a Data Holder is not in a format recognized by the System, (iii) your request would cause transfer size or frequency to exceed the allowable maximum permitted by Company, or would otherwise constitute Excessive Use, (iv) the Codes you use to access the System are invalid, (v) this Agreement terminates, or (vi) for any other reason. You are solely responsible for obtaining any Codes or other credentials, including any required credentials issued by a Data Holder or other third party, needed to use the System or access Protected Health Information as defined by HIPAA or other data through the System. You acknowledge that Company does not control the content of data accessed through the System, that data accessed through the System may contain software viruses or other malicious content, that it is your sole responsibility to protect your computer systems from viruses, and that Company has no responsibility to protect your computer systems from viruses or other malware. You agree that Company, in its sole discretion, reserves the right not to enable Software or System for any Developer or User, should Company determine, in its sole discretion, that use by the Developer or User is a threat to Company’s systems or negatively impacts the use of the System by other Users.
4.6 Developers may make submissions of certain data and information to Company (the “User Submissions”), such as feedback related to the System. You understand that User Submissions are not and shall not be deemed to be your confidential and/or proprietary information, regardless of whether any submission is marked “Confidential” and/or “Proprietary.” All User Submissions of any type, and the responses of Company or any other entity, if any, and all intellectual property rights therein, including any derivatives, modifications, updates and improvements thereto, shall be owned solely by Company, and you hereby irrevocably assign to Company all such rights in the User Submissions. You hereby warrant that the User Submissions are and will follow all applicable laws and regulations and will not contain Protected Health Information as defined by HIPAA. Company has a right to use User Submissions, to which it is given access in any form, to evaluate, test or improve the System or for other lawful purpose. You will make User Submissions and will provide Company access to software-generated data only in accordance with HIPAA/HITECH, applicable state privacy laws and other applicable laws.
4.7 If the Company (i) determines that a statute or regulation, including any interpretation thereof (e.g., an advisory opinion) (collectively referred to in this subsection as a “Law”) to become effective as of a certain date which, if or when implemented, would have the effect of subjecting the Company to civil or criminal prosecution under state and/or federal laws, or any other material adverse proceeding on the basis of such party’s participation herein, or (ii) receives notice of an actual or threatened decision, finding or action by any governmental or private agency or party or court (collectively referred to in this subsection as an “Action”), which, if or when implemented, would have the effect of subjecting Company to civil or criminal prosecution under state and/or federal laws, or any other material adverse proceeding on the basis of such party’s participation herein, then Company shall amend this Agreement to the minimum extent necessary, as determined reasonably by the Company, in order to comply with such Law or to avoid the Action, as applicable and Company shall have the power to amend this Agreement for this purpose without your consent or the consent of any other person or entity. If the Company determines that compliance with such requirements is impossible, then this Agreement may be terminated by the Company without penalty and without prior written notice.
5.1 Company may limit the number of Users who can use the System at any given time. You warrant to Company that (a) all information supplied by you is true, correct and complete, (b) no unauthorized entity has ever had access to your Codes, and (c) you have not included trademarks in your token request unless you also possess the rights to use the respective names, nor have you otherwise misrepresented the identity of your legal organization or software. You are solely responsible for use and proper protection of your Codes and agree to take all reasonable precautions to protect the security and integrity of the Codes and to prevent their unauthorized use. You acknowledge and agree that you are solely responsible for all actions taken that utilize your Codes, unless such actions are taken by Company, its subcontractors or agents without your approval.
5.2 If Company determines in its sole discretion that you are or may be using a Code issued by Company for purposes other than those allowed by this agreement, Company may, in its sole discretion, revoke the Code. Company may modify a Code or its metadata issued to you if Company determines, in its sole discretion, that such modification is required to meet the initial or ongoing inclusion or interoperability requirements of a trust community or equivalent in which Company participates or intends to participate, or that Company or Developer do not meet or have ceased to meet the inclusion requirements for a trust community or equivalent. You will cease use of all Codes following expiration or revocation of the corresponding Code or upon termination of this Agreement. You will promptly notify Company if any information in your Code or its associated metadata is inaccurate or has changed. You will protect all Codes to which you have access from unauthorized access. Without limiting the last sentence of Section 7, this Section 5 will survive any termination of this Agreement.
6. Proprietary Rights and Audits:
The System, Documentation and all content and all information with regard thereto or contained therein including, but not limited to, data, evaluation and test results, any reports, questionnaires or other documentation provided to Company under this Agreement (the “Company Information”) and any User Submissions, including any compilations of any participant information that are created in connection with or as part of the System are proprietary products of Company and its licensors and are protected under various intellectual property laws. Except for the rights expressly granted pursuant to Section 2 above, Company and its licensors retain all right, title, and interest in and to the System and Documentation, all other Company Information and the User Submissions, including all intellectual property rights therein. Company may modify the System and Documentation at any time and from time to time and the definitions of System or Documentation shall be deemed to also include such modifications and such System and Documentation as modified.
7. Term and Termination:
The term of this Agreement shall begin on the date of your acceptance of this Agreement, first use of the System, or upon issuance of Codes to you, whichever occurs earliest. This Agreement will automatically terminate without notice to you upon expiration of Codes issued to you. Upon any termination, all rights granted to you under this Agreement shall immediately terminate and, if you have been issued any Code(s) from Company, you shall destroy and discard (or cause to be destroyed or discarded) and cease use of all copies of such Code(s). The terms of this Agreement that give the parties rights beyond termination of this Agreement will survive any termination of this Agreement.
Either you or PHI may terminate your right to use the APIs at any time, with or without cause, upon notice. PHI also reserves the right to disable your API access in a production environment at any time, with or without cause. PHI reserves the right to disable access to the PHI APIs if your App poses any security, privacy, or patient safety risks. The provisions concerning Indemnification, Waiver, Release and Limitation of Liability, and General shall survive any termination of these Terms.
8.1 YOU ACKNOWLEDGE AND AGREE THAT THE DOCUMENTATION, SYSTEM AND ANY OTHER SOFTWARE, MATERIALS OR CONTENT ARE PROVIDED TO YOU “AS-IS,” WITH NO WARRANTY WHATSOEVER, EITHER EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION, THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE OR USE, ANY WARRANTY OF NON-INFRINGEMENT, OR ANY WARRANTY THAT THE OPERATION OF THE SYSTEM WILL BE UNINTERRUPTED OR ERROR FREE. COMPANY DISCLAIMS ANY LIABILITY FOR UNAUTHORIZED THIRD-PARTY ACCESS, OR RELIANCE ON THE SYSTEM BY YOU OR ANY THIRD PARTY. COMPANY DISCLAIMS ANY LIABILITY FOR ANY DAMAGES TO YOUR COMPUTER OR ANY THIRD PARTY’S COMPUTER OR OTHER PROPERTY CAUSED BY OR ARISING FROM YOUR USE OF THE SYSTEM, WHETHER DUE TO INFECTION BY A SOFTWARE VIRUS OR OTHER MALWARE OR OTHER CAUSE. COMPANY DISCLAIMS ANY LIABILITY RESULTING FROM ANY UNAUTHORIZED ACCESS TO DATA ARISING FROM OR RELATED TO YOUR USE OF THE SYSTEM, INCLUDING BUT NOT LIMITED TO LIABILITY FOR COSTS, DAMAGES, ATTORNEYS’ FEES, OR ANY LIABILITY ARISING FROM OR RELATING TO ANY REGULATORY ACTION BY ANY STATE OR FEDERAL AGENCY. You agree that you and the Company are independent contractors and that neither has any fiduciary responsibility to the other. In furtherance of the immediately preceding sentence, each of you and the Company agree to never assert for its own benefit that the other has any fiduciary duties and to the extent permitted by applicable law, you and Company hereby disclaim any fiduciary relationship between Company on one hand and you on the other hand. You further acknowledge that some content, including but not limited to any health data, client application names, and other information related to client applications, has been supplied by third parties and that Company makes no warranty whatsoever with respect to such content. Company has not attempted to, nor has it verified the accuracy or completeness of such content, nor does Company have any obligation to update or correct any such content. You acknowledge that use of the System may require that data is supplied by or passes through systems that are not controlled by Company, including, without limitation, internet service providers, third party applications, routers, domain name system (DNS) servers, and systems run by Developers, Data Holders, or other third parties, and you agree that Company is not responsible for the timeliness, reliability or availability of those systems. Third party Developers may have registered a client application (“app”) with Company or undergone validation of an app by Company to indicate compatibility with the System. Such a registration or validation, or an app’s ability to connect to the System, is not a guarantee or warranty of the functionality or security of the app and does not represent an endorsement by Company or its partners. If you are a User, you acknowledge that Company does not provide technical support related to your use of an app to access the System.
8.2 You acknowledge that the System is designed to facilitate secure delivery of health content over the Internet. You acknowledge and agree that each user’s needs and data are unique, and that your inputs and information and your use to generate customized reports and outputs or other data based on your own needs and data, may cause your experience to differ from that of other users and that you assume the entire risk of your reliance on the System and any reports, information or any other content generated thereby. You will not use (and, if you are a Developer, will require your Users not to use) the System in urgent, critical, emergency, life-threatening, time sensitive or mission critical scenarios, including for communication of critical medical results, as a substitute for direct oral person-to-person communication in such circumstances, or for any activity where the use or failure of the System could lead to death or personal injury.
9. Limitation of Liability:
IN NO EVENT AND UNDER NO CIRCUMSTANCES SHALL COMPANY OR ITS AFFILIATES, EMPLOYEES, OFFICERS OR LICENSORS BE LIABLE UNDER THIS AGREEMENT, WHETHER WITH RESPECT TO THE SYSTEM OR DOCUMENTATION PROVIDED HEREUNDER OR OTHERWISE, (I) FOR ANY INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, EXEMPLARY, RELIANCE OR PUNITIVE DAMAGES OR LOSS OF PROFITS, LOSS OF BUSINESS, LOSS OF REVENUE, LOSS OF DATA, LOSS OF GOODWILL, LOSS OF BUSINESS OPPORTUNITIES, OR BUSINESS INTERRUPTION, HOWEVER CAUSED AND UNDER ANY THEORY OF LIABILITY, INCLUDING BUT NOT LIMITED TO CONTRACT, TORT (INCLUDING PRODUCTS LIABILITY, STRICT LIABILITY AND NEGLIGENCE), STATUTORY OR OTHERWISE, WHETHER OR NOT COMPANY WAS OR SHOULD HAVE BEEN AWARE OR ADVISED OF THE POSSIBILITY OF SUCH DAMAGE, (II) FOR ANY LIABILITY ARISING FROM INFORMATION INCLUDED IN OR EXCLUDED FROM DATA ACCESSED BY YOU THROUGH THE SYSTEM, UNLESS THE FAULT IN THE INFORMATION IS DUE TO FRAUD OR WILLFUL MISCONDUCT OF THE COMPANY, (III) ARISING FROM THE USAGE OF A CODE THAT IS NOT VALID OR HAS NOT BEEN USED IN CONFORMANCE WITH THIS AGREEMENT, (IV) ARISING FROM COMPROMISE OF YOUR CODES, OR (V) FOR ANY MATTER OUTSIDE THE COMPANY’S CONTROL INCLUDING, WITHOUT LIMITATION, IF COMPANY CANNOT REVOKE A CODE OR TERMINATE ACCESS TO DATA FOR ANY REASON OUTSIDE OF COMPANY’S CONTROL. IN NO EVENT SHALL COMPANY’S OR ITS LICENSORS’ AGGREGATE LIABILITY ARISING OUT OF THIS AGREEMENT EXCEED THE NET AMOUNT COMPANY HAS ACTUALLY RECEIVED FROM YOU TO ACCESS THE SYSTEM IN THE TWELVE MONTHS PRECEDING THE FIRST CLAIM MADE BY YOU AGAINST THE COMPANY. THIS LIMITATION OF LIABILITY SHALL NOT APPLY TO LIABILITY FOR DEATH OR PERSONAL INJURY TO THE EXTENT APPLICABLE LAW PROHIBITS SUCH LIMITATION. THE FOREGOING LIMITATIONS SHALL APPLY NOTWITHSTANDING THE FAILURE OF ESSENTIAL PURPOSE OF ANY LIMITED REMEDY STATED IN THIS AGREEMENT. You agree that you are solely responsible for any loss or damage resulting from your failing to meet the requirements of this agreement for the protection of your Codes.
Unless prohibited by applicable law, you agree to indemnify, defend, and hold Company, its subsidiaries, officers, employees, agents, contractors, and licensors harmless from and against all claims, damages, and expenses (“Claims”) arising out of or related to your use or, if you are a Developer, your end users’ use of the System, other than those Claims arising out of or related to the Company’s gross negligence, willful misconduct or fraud in providing the System.
2018 PHI MEDICAL OFFICE SOLUTIONS. All rights reserved.