Interoperability Engine Open API Terms of Use

Updated February 25, 2018

This is a legal agreement (“Agreement”) between you and California Mediterranean, LLC dba EMR Direct (“EMR Direct” or “Company”). BY ACCESSING OR USING THE SYSTEM AS A USER AND/OR AS A DEVELOPER, YOU ARE INDICATING YOUR ASSENT TO ALL OF THE TERMS AND CONDITIONS OF THIS AGREEMENT AND CONSENTING TO BE BOUND BY IT. IF YOU ARE ACCESSING OR USING THE SYSTEM ON BEHALF OF AN ENTITY ACTING AS A USER AND/OR AS A DEVELOPER, you represent and warrant that you have authority to bind that entity to this Agreement and by accepting this Agreement, you are doing so on behalf of that entity (and all references to “you” in this Agreement refer to that entity).

1. Definitions.

“Codes” means access codes, identification codes, tokens, private security keys, passwords and/or public security certificates that Company may issue to you to access or use with the System.

“Computer” means any computing device containing one or more central processing units, including but not limited to desktop and laptop personal computers, tablet devices and smartphones.

“Data Holder” means any third party that provides data that can be accessed through the System.

“Developer” means a person or entity other than Company that produces or provides software or services through which a User can access the System.

“Documentation” means any printed documentation regarding the System, any electronic documentation regarding the System, and any other online or other documentation that is generally made available by Company to Users or Developers regarding the System.

“Excessive Use” means access or use of the System by a Developer or User that exceeds two times the 99th percentile of system use observed by Company for all Developers and/or Users, or is otherwise identified as an outlier by Company, as measured by a suitable metric determined by Company, examples including but not limited to bandwidth utilized or number or size of data requests processed.

“HIPAA” means the Health Insurance Portability and Accountability Act of 1996 and the regulations promulgated thereunder.

“HITECH” means the Health Information Technology for Economic and Clinical Health Act under Title XIII of the American Recovery and Reinvestment Act of 2009 and the regulations promulgated thereunder.

“PHI” means Protected Health Information as defined by HIPAA.

“System” means the Interoperability Engine Open Application Programming Interfaces (“APIs”), as provided and documented by Company, any applicable related website or network resources intended for use with these APIs, the HealthToGo client application, any other software used to access these APIs provided by Company to you in connection with this Agreement, any Company websites or network resources, Documentation, Codes, and any related services, programs, functions and information provided by Company to you, and any updates or upgrades thereto provided by Company in Company’s sole discretion.

“User” means a person or other entity who accesses the System directly or through any software or service.

2. Permitted Access. You will only access (or attempt to access) the System by the means described in the Documentation. You will not misrepresent or mask your identity or the identity of your client application. If Company assigns you developer credentials (e.g. client IDs), you must use them with the applicable APIs.

3. Access Restrictions. YOU WILL NOT, EITHER ON YOUR OWN BEHALF OR THROUGH ANY AGENT OR THIRD PARTY, DECOMPILE, DISASSEMBLE, REVERSE ENGINEER, OR OTHERWISE ATTEMPT TO DERIVE OR EXTRACT THE SOURCE CODE FROM ANY API OR ANY RELATED SOFTWARE, OR MODIFY OR CREATE DERIVATIVE WORKS BASED ON ANY COMPONENT OF THE SYSTEM OR ANY DOCUMENTATION. For example, but without limitation, you shall not yourself or through any agent or third party: (i) translate any software code provided by Company in connection with this Agreement, including without limitation for the purpose of reverse engineering or to discover the structure, sequence or organization of the software or any portion thereof, (ii) monitor, interfere with, or reverse engineer the technical aspects of the System, (iii) intentionally compromise the security of the System or take any action intentionally, or neglect or omit to take, any action that compromises the security of the System, (iv) sell, lease, license or sublicense the System or Documentation except as expressly authorized under this Agreement. You shall not use the System for any purpose that is unlawful or prohibited by this Agreement. You are solely responsible for obtaining all equipment and developing or obtaining software required to access the System, for ensuring the compatibility thereof with the System in accordance with the Documentation, for determining the suitability of said equipment and software for the purpose of using the System, and for paying all fees including, without limitation, all taxes and Internet access fees, necessary to use the System. Your responsibilities under the immediately preceding sentence include determining the suitability of any computers or devices, including mobile devices, browser software or other third party software, network configuration and internet service, or other hardware or software, including but not limited to any software provided by Company, used by you to access the System, including but not limited to the assessment of a device’s or software’s ability to maintain the security and privacy of your Codes and of any data, including PHI, viewed, downloaded, or otherwise accessed or transmitted through the System. If you are (or become) a Covered Entity or Business Associate as defined in HIPAA, you agree that you will not use the HealthToGo client application component of the System for any purpose.

4. User Submissions; HIPAA and HITECH; Responsibilities.

A. As requested by Company, you agree to furnish Company with information describing the results of your use of the System, including (a) Developer’s name and contact information and the names of any Users and other participants, and (b) reasonably comprehensive information concerning any errors, problems, difficulties, or suggestions regarding the access to or use of the System. You will also promptly respond to any reasonable questions provided by Company regarding the System. You acknowledge and agree that all information provided in accordance with this section shall be considered User Submissions and subject to the provisions for same set forth in Section 4.D. below.

B. You will access or use the System only as and to the extent permitted by any applicable import or export laws, the security and privacy rules of HIPAA, HITECH, and any other applicable law or regulation. You will only request access to PHI or other information through the System that you are authorized to receive under applicable law and regulation. If you are a Developer, you will require your Users to comply with (and not knowingly enable them to violate) the terms of this Agreement and applicable law or regulation.

You acknowledge that Company is not a Covered Entity. You agree that you will not intentionally submit to Company or otherwise share with Company any PHI and will not provide Company with access to any PHI except as required for you to use the System. You acknowledge and agree that the APIs only act as a conduit to transfer PHI or any other data between you and a Data Holder, that any information received by you through the System is disclosed to you by the Data Holder providing that information, and that any information transmitted by your through the System is disclosed by you to the Data Holder. You and Company agree that you and Company do not intend to become each other’s Business Associate by virtue of entering into this Agreement or your use of the System. As a result, this Agreement is not intended to serve as a Business Associate Agreement between you and Company.

C. You acknowledge that the System is a data transport tool and is not intended to serve as a medical record. If you are a User, you agree that it is your sole responsibility to ensure that the content of any data accessed through the System is incorporated into a patient’s medical record, when applicable. You agree that it is your sole responsibility to fulfill any and all obligations that are required by HIPAA, HITECH, or other governmental statute or regulation, including but not limited to entering into any required Business Associate Agreement with applicable Data Holders or other entities and, if you are a User, providing or obtaining any and all necessary consents, prior to use, disclosure, or transmission of any PHI or other data accessed through the System. You agree that Company has no obligation to archive or otherwise store any PHI or other data transferred through the System. You acknowledge that the data you request may not be accessible through the System when (i) you are denied access by Data Holder to any or all of the data requested or the Data Holder does not respond to your request for any reason, (ii) your request or the data provided by a Data Holder is not in a format recognized by the System, (iii) your request would cause transfer size or frequency to exceed the allowable maximum permitted by Company, or would otherwise constitute Excessive Use, (iv) the Codes you use to access the System are invalid, (v) this Agreement terminates, or (vi) for any other reason. You are solely responsible for obtaining any Codes or other credentials, including any required credentials issued by a Data Holder or other third party, needed to use the System or access PHI or other data through the System. You acknowledge that Company does not control the content of data accessed through the System, that data accessed through the System may contain software viruses or other malicious content, that it is your sole responsibility to protect your computer systems from viruses, and that Company has no responsibility to protect your computer systems from viruses or other malware. You agree that Company, in its sole discretion, reserves the right not to enable Software or System for any particular Developer or User, should Company determine, in its sole discretion, that use by the Developer or User is a threat to Company’s systems or negatively impacts the use of the System by other Users.

D. You may make submissions of certain data and information to Company (the “User Submissions”), such as feedback related to the System. You understand that User Submissions are not and shall not be deemed to be your confidential and/or proprietary information, regardless of whether any submission is marked “Confidential” and/or “Proprietary”. All User Submissions of any type, and the responses of Company or any other entity, if any, and all intellectual property rights therein, including any derivatives, modifications, updates and improvements thereto, shall be owned solely by Company, and you hereby irrevocably assign to Company all such rights in the User Submissions. You hereby warrant that the User Submissions are and will be in compliance with all applicable laws and regulations, and will not contain PHI. Company has a right to use User Submissions, to which it is given access in any form, to evaluate, test or improve the System or for other lawful purpose. You will make User Submissions and will provide Company access to software-generated data only in accordance with HIPAA/HITECH, applicable state privacy laws and other applicable laws.

E. If the Company (i) determines that a statute or regulation, including any interpretation thereof (e.g., an advisory opinion) (collectively referred to in this subsection as a “Law”) to become effective as of a certain date which, if or when implemented, would have the effect of subjecting the Company to civil or criminal prosecution under state and/or federal laws, or any other material adverse proceeding on the basis of such party’s participation herein, or (ii) receives notice of an actual or threatened decision, finding or action by any governmental or private agency or party or court (collectively referred to in this subsection as an “Action”), which, if or when implemented, would have the effect of subjecting Company to civil or criminal prosecution under state and/or federal laws, or any other material adverse proceeding on the basis of such party’s participation herein, then Company shall amend this Agreement to the minimum extent necessary, as determined reasonably by the Company, in order to comply with such Law or to avoid the Action, as applicable and Company shall have the power to amend this Agreement for this purpose without your consent or the consent of any other person or entity. If the Company determines that compliance with such requirements is impossible, then this Agreement may be terminated by the Company without penalty and without prior written notice.

5. Codes.

A. Company may limit the number of Users who can use the System at any given time. You warrant to Company that (a) all information supplied by you is true, correct and complete, (b) no unauthorized entity has ever had access to your Codes, and (c) you have not included trademarks in your token request unless you also possess the rights to use the respective names, nor have you otherwise misrepresented the identity of your legal organization or software. You are solely responsible for use and proper protection of your Codes, and agree to take all reasonable precautions to protect the security and integrity of the Codes and to prevent their unauthorized use. You acknowledge and agree that you are solely responsible for all actions taken that utilize your Codes, unless such actions are taken by Company, its subcontractors or agents without your approval.

B. If Company determines in its sole discretion that you are or may be using a Code issued by Company for purposes other than those allowed by this agreement, Company may, in its sole discretion, revoke the Code. Company may modify a Code or its metadata issued to you if Company determines, in its sole discretion, that such modification is required to meet the initial or ongoing inclusion or interoperability requirements of a trust community or equivalent in which Company participates or intends to participate, or that Company or Developer do not meet or have ceased to meet the inclusion requirements for a trust community or equivalent. You will cease use of all Codes following expiration or revocation of the corresponding Code or upon termination of this Agreement. You will promptly notify Company if any information in your Code or its associated metadata is inaccurate or has changed. You will protect all Codes to which you have access from unauthorized access. Without limiting the last sentence of Section 7, this Section 5 will survive any termination of this Agreement.

6. Proprietary Rights and Audits. The System, Documentation and all content and all information with regard thereto or contained therein including, but not limited to, data, evaluation and test results, any reports, questionnaires or other documentation provided to Company under this Agreement (the “Company Information”) and any User Submissions, including any compilations of any participant information that are created in connection with or as part of the System are proprietary products of Company and its licensors and are protected under various intellectual property laws. Except for the rights expressly granted pursuant to Section 2 above, Company and its licensors retain all right, title, and interest in and to the System and Documentation, all other Company Information and the User Submissions, including all intellectual property rights therein. Company may modify the System and Documentation at any time and from time to time and the definitions of System or Documentation shall be deemed to also include such modifications and such System and Documentation as modified.

7. Term and Termination. The term of this Agreement shall begin on the date of your acceptance of this Agreement, first use of the System, or upon issuance of Codes to you, whichever occurs earliest. This Agreement will automatically terminate without notice to you upon expiration of Codes issued to you. Upon any termination, all rights granted to you under this Agreement shall immediately terminate and, if you have been issued any Code(s) from Company, you shall destroy and discard (or cause to be destroyed or discarded) and cease use of all copies of such Code(s). The terms of this Agreement that give the parties rights beyond termination of this Agreement will survive any termination of this Agreement.

8. Disclaimers.

A. YOU ACKNOWLEDGE AND AGREE THAT THE DOCUMENTATION, SYSTEM AND ANY OTHER SOFTWARE, MATERIALS OR CONTENT ARE PROVIDED TO YOU “AS-IS,” WITH NO WARRANTY WHATSOEVER, EITHER EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION, THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE OR USE, ANY WARRANTY OF NON-INFRINGEMENT, OR ANY WARRANTY THAT THE OPERATION OF THE SYSTEM WILL BE UNINTERRUPTED OR ERROR FREE. COMPANY DISCLAIMS ANY LIABILITY FOR UNAUTHORIZED THIRD PARTY ACCESS, OR RELIANCE ON THE SYSTEM BY YOU OR ANY THIRD PARTY. COMPANY DISCLAIMS ANY LIABILITY FOR ANY DAMAGES TO YOUR COMPUTER OR ANY THIRD PARTY’S COMPUTER OR OTHER PROPERTY CAUSED BY OR ARISING FROM YOUR USE OF THE SYSTEM, WHETHER DUE TO INFECTION BY A SOFTWARE VIRUS OR OTHER MALWARE OR OTHER CAUSE. COMPANY DISCLAIMS ANY LIABILITY RESULTING FROM ANY UNAUTHORIZED ACCESS TO DATA ARISING FROM OR RELATED TO YOUR USE OF THE SYSTEM, INCLUDING BUT NOT LIMITED TO LIABILITY FOR COSTS, DAMAGES, ATTORNEYS’ FEES, OR ANY LIABILITY ARISING FROM OR RELATING TO ANY REGULATORY ACTION BY ANY STATE OR FEDERAL AGENCY. You agree that you and the Company are independent contractors and that neither has any fiduciary responsibility to the other. In furtherance of the immediately preceding sentence, each of you and the Company agree to never assert for its own benefit that the other has any fiduciary duties and to the extent permitted by applicable law, you and Company hereby disclaim any fiduciary relationship between Company on one hand and you on the other hand. You further acknowledge that some content, including but not limited to any health data, client application names, and other information related to client applications, has been supplied by third parties and that Company makes no warranty whatsoever with respect to such content. Company has not attempted to nor has it verified the accuracy or completeness of such content, nor does Company have any obligation to update or correct any such content. You acknowledge that use of the System may require that data is supplied by or passes through systems that are not controlled by Company, including, without limitation, internet service providers, third party applications, routers, domain name system (DNS) servers, and systems run by Developers, Data Holders, or other third parties, and you agree that Company is not responsible for the timeliness, reliability or availability of those systems. Third party Developers may have registered a client application (“app”) with Company or undergone validation of an app by Company to indicate compatibility with the System. Such a registration or validation, or an app’s ability to connect to the System, is not a guarantee or warranty of the functionality or security of the app, and does not represent an endorsement by Company or its partners. If you are a User, you acknowledge that Company does not provide technical support related to your use of an app to access the System.

B. You acknowledge that the System is designed to facilitate secure delivery of health content over the Internet. You acknowledge and agree that each user’s needs and data are unique, and that your inputs and information and your use to generate customized reports and outputs or other data based on your own needs and data, may cause your experience to differ from that of other users and that you assume the entire risk of your reliance on the System and any reports, information or any other content generated thereby. You will not use (and, if you are a Developer, will require your Users not to use) the System in urgent, critical, emergency, life-threatening, time sensitive or mission critical scenarios, including for communication of critical medical results, as a substitute for direct oral person-to-person communication in such circumstances, or for any activity where the use or failure of the System could lead to death or personal injury.

9. Limitation of Liability. IN NO EVENT AND UNDER NO CIRCUMSTANCES SHALL COMPANY OR ITS AFFILIATES, EMPLOYEES, OFFICERS OR LICENSORS BE LIABLE UNDER THIS AGREEMENT, WHETHER WITH RESPECT TO THE SYSTEM OR DOCUMENTATION PROVIDED HEREUNDER OR OTHERWISE, (I) FOR ANY INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, EXEMPLARY, RELIANCE OR PUNITIVE DAMAGES OR LOSS OF PROFITS, LOSS OF BUSINESS, LOSS OF REVENUE, LOSS OF DATA, LOSS OF GOODWILL, LOSS OF BUSINESS OPPORTUNITIES, OR BUSINESS INTERRUPTION, HOWEVER CAUSED AND UNDER ANY THEORY OF LIABILITY, INCLUDING BUT NOT LIMITED TO CONTRACT, TORT (INCLUDING PRODUCTS LIABILITY, STRICT LIABILITY AND NEGLIGENCE), STATUTORY OR OTHERWISE, WHETHER OR NOT COMPANY WAS OR SHOULD HAVE BEEN AWARE OR ADVISED OF THE POSSIBILITY OF SUCH DAMAGE, (II) FOR ANY LIABILITY ARISING FROM INFORMATION INCLUDED IN OR EXCLUDED FROM DATA ACCESSED BY YOU THROUGH THE SYSTEM, UNLESS THE FAULT IN THE INFORMATION IS DUE TO FRAUD OR WILLFUL MISCONDUCT OF THE COMPANY, (III) ARISING FROM THE USAGE OF A CODE THAT IS NOT VALID OR HAS NOT BEEN USED IN CONFORMANCE WITH THIS AGREEMENT, (IV) ARISING FROM COMPROMISE OF YOUR CODES, OR (V) FOR ANY MATTER OUTSIDE THE COMPANY’S CONTROL INCLUDING, WITHOUT LIMITATION, IF COMPANY CANNOT REVOKE A CODE OR TERMINATE ACCESS TO DATA FOR ANY REASON OUTSIDE OF COMPANY’S CONTROL. IN NO EVENT SHALL COMPANY’S OR ITS LICENSORS’ AGGREGATE LIABILITY ARISING OUT OF THIS AGREEMENT EXCEED THE NET AMOUNT COMPANY HAS ACTUALLY RECEIVED FROM YOU TO ACCESS THE SYSTEM IN THE TWELVE MONTHS PRECEDING THE FIRST CLAIM MADE BY YOU AGAINST THE COMPANY. THIS LIMITATION OF LIABILITY SHALL NOT APPLY TO LIABILITY FOR DEATH OR PERSONAL INJURY TO THE EXTENT APPLICABLE LAW PROHIBITS SUCH LIMITATION. THE FOREGOING LIMITATIONS SHALL APPLY NOTWITHSTANDING THE FAILURE OF ESSENTIAL PURPOSE OF ANY LIMITED REMEDY STATED IN THIS AGREEMENT. You agree that you are solely responsible for any loss or damage resulting from your failing to meet the requirements of this agreement for the protection of your Codes.

10. Indemnification. Unless prohibited by applicable law, you agree to indemnify, defend, and hold Company, its subsidiaries, officers, employees, agents, contractors, and licensors harmless from and against all claims, damages, and expenses (“Claims”) arising out of or related to your use or, if you are a Developer, your end users’ use of the System, other than those Claims arising out of or related to the Company’s gross negligence, willful misconduct or fraud in providing the System.

11. Privacy. Privacy policy can be found at http://www.interopengine.com/privacy.html. If you are a Developer, you agree that we may also display on our websites your logo or any information you submit to us during registration of your client application.

12. Miscellaneous. No waiver or modification of the Agreement shall be valid unless made in writing signed by each party, except Company may modify the terms of this Agreement without written notice by posting the modified Agreement on this website. Your continued use of the System after such modification shall constitute acceptance of the modified Agreement. The waiver of a breach of any term hereof shall in no way be construed as a waiver of any other term or breach hereof. This Agreement is governed by the laws of the State of California without reference to conflict of laws principles. All disputes arising out of this Agreement shall be subject to the exclusive jurisdiction of the state and federal courts located in San Diego, California, and the parties agree and submit to the personal and exclusive jurisdiction and venue of these courts. Notwithstanding the foregoing, Company shall have the right to pursue protection of its intellectual property rights in any court of competent jurisdiction. You may not assign this Agreement or any rights or obligations hereunder without the prior written consent of Company. You must give any required notice to the Company via certified mail. Company may give notices to you through this website or in the sole discretion of the Company through any other method reasonably calculated and intended to provide actual notice to you, provided that any notice from Company received by you or your representative or agent shall be effective, and you shall be deemed to have received any notice that Company attempts to give using means reasonably calculated and intended to provide actual notice to you. Subject to the foregoing, this Agreement will inure to the benefit of and be binding upon the parties and their respective successors and permitted assigns. Any attempted assignment in violation of this section shall be null and void. If any provision of this Agreement shall be held by a court of competent jurisdiction to be contrary to law, the remaining provisions of this Agreement shall remain in full force and effect. Nonperformance of Company shall be excused to the extent that performance is rendered impossible by strike, fire, flood, earthquake or other natural disaster, failure of any electrical, communication, or other system over which Company has no control, acts of war or terrorism, acts of God, governmental acts or restrictions or for any other reason when failure to perform is beyond the reasonable control of Company whether or not the Company could have taken precautions to provide for backup or an alternate data center in another geographic location or otherwise. This Agreement constitutes the entire understanding and agreement with respect to its subject matter, and supersedes any and all prior or contemporaneous representations, understandings and agreements whether oral or written between the parties relating to the subject matter of this Agreement, all of which are merged in this Agreement.

Copyright Notice: © 2019 EMR Direct. All rights reserved.