This Agreement is made as of the Date in which a User Account is created by and between Nuance
Communications Inc. ("Nuance"), a Delaware corporation having offices at 1 Wayside Road, Burlington,
Massachusetts 01803, and Account User ("Client"). Nuance and Client are sometimes referred to
individually as a "Party" in this Agreement, and collectively, as the "Parties".
1.1"Accelerator" means a Nuance software tool that
Client, its Affiliates, and Clients that are Spokes may download to access
and use the Hosted Services.
1.2"Authorized User" is as defined below in Section
2.1 of this Schedule.
1.3"Hosted Services" means Nuance PowerShare service
for medical image exchange including an Image Repository, Accelerator and related
services subject to the terms of this Schedule and the Applicable Order.
1.4"Image Repository" is the cloud storage location
for Client's Studies. The Image Repository retains a Study for a period of 45 days.
1.5"Study" or "Clinical Image/Shared Study" means a
medical study performed on a patient as defined in the Digital Imaging and
Communications in Medicine (DICOM) Standard section PS3.3-2011. A Study may also be a
non-DICOM image wrapped in a DICOM header. A Study consists of a collection of one or
more series of medical images, presentation states, and/or structure reporting documents
that are logically related for the purpose of diagnosing a patient. Each Study is
associated with a single patient. A Study may include composite instances that are
created by a single modality, multiple modalities or by multiple devices of the same
modality. A Study will pertain to a single study instance Unique Identifier ("UID")
and "Studies" means one or more Study.
1.6"Required Consents" means all consents, licenses or
approvals that give Nuance the right and/or license to access, use, copy, distribute,
grant access, adapt, display, and perform the Hosted Services with Client's or a third
party's products, data, services and other materials without infringing on the rights of
providers, licensors, or owners of such products, data, services or materials.
2. GRANT OF RIGHTS
2.1Hosted Services. Subject to the terms and
conditions of this Schedule, Nuance hereby grants Client a revocable, non-exclusive,
non-transferable, limited right to (i) access and use the Hosted Services during the
Service Term provided that such access and use is in a manner commensurate with the
intended use of the Hosted Services and (ii) download the Accelerator and applicable
connectivity software for use solely with the Hosted Services. Client may connect the
PowerShare Services and/or the Accelerator to a third-party provider's image sharing and
viewing software or hosted services upon payment of a fee by such third-party provider
or the Client to Nuance. Client, on behalf of itself and its employees and contractors
("Authorized Users"), acknowledges and agrees that under no circumstances shall Nuance's
Hosted Services be used as an Image Repository for the original version of a Study or
any of the contents of a Study.
2.2eUnityVIEWER. eUnity provides the
capability to display medical image data and associated clinical reports. Your access
and use of the eUnity Viewer is subject to the following additional terms and conditions:
Use. Mammographic images and digitized film screen images must not be
reviewed for primary image interpretation. Exported files are not diagnostic
quality images and should not be used for diagnostic purposes. Display monitors
used for reading medical images for diagnostic purposes must comply with
applicable regulatory approvals and with quality control requirements for
their use and maintenance.
Requirements. Client must comply with all Facility, Physician, and other
System Requirements and Facility Requirements as identified in eUnity's
documentation, located in the help files, before using the eUnity viewer.
If the Client cannot comply with all of the Requirements then Client not use
the eUnity viewer for diagnostic and calibration purposes.
2.3Restrictions. Client will not, and if
applicable, will not allow any Authorized User to access or use the Hosted Services for
personal use or for the benefit of any unauthorized third party. Client shall not (i)
allow anyone other than an Authorized User to access or use the Hosted Services, or any
component thereof, or (ii) interfere with or disrupt the integrity or performance of the
Hosted Services. Client shall not permit anyone to subject the Hosted Services or its
infrastructure to security testing including penetration testing, network discovery,
port and service identification, vulnerability scanning, password cracking, or remote
3. NUANCE RESPONSIBILITIES
3.1Nuance agrees to retain each Study for a period of
45 days. Communications and network interoperability requirements for the Hosted
Services are described in the PowerShare Specifications available at www.nuance.com.
Hosted Services and PowerShare Specifications are subject to change at Nuance's
discretion. Nuance reserves the right to establish a maximum amount of network bandwidth,
memory, or other functionality and a maximum amount of Clinical Images/Shared Studies
that Client may store, post or transmit on or through the Hosted Services.
4. CLIENT RESPONSIBILITIES
4.1Infrastructure and Services. Client is
responsible for all computer hardware, software and communications equipment required
to access and use the Hosted Services including paying all ISP, telecommunications, etc.
access charges incurred, and agrees to: (i) provide Nuance secure, remote access to its
networks and/or computing technology as necessary; and (ii) provide telecommunications
including Internet connectivity, firewall, and all equipment and operating system
software necessary for Authorized Users to access and use Hosted Services. Nuance has
no responsibility for any modification/enhancement costs incurred to implement Client's
or an Authorized User's interface or connection to the Hosted Services.
4.2Registration and Account Security. Client
shall not provide false personal information or create an account for anyone other
than for Client without permission. Client shall keep contact information accurate
and up-to-date. Client shall not share or distribute its password or other account
information or allow anyone to access its account in a manner that would compromise
the security of the account. Client shall not transfer its account to anyone without
Nuance's written permission.
4.3Responsibility For Accounts. Client is
responsible for is passwords, and all activity with Authorized User accounts including
that of users you provision and dealings with third parties that take place through
your account or associated accounts. Client must keep accounts and passwords
confidential. Client must immediately notify Nuance about any possible misuse of
accounts or any security incident related to the online service.
4.4Required Consents. Client shall promptly
obtain and supply Nuance all Required Consents reasonably necessary to provide the
Hosted Services. Client, on behalf of itself and its Authorized Users grants Nuance a
non-exclusive, worldwide right and license to use, copy, distribute, grant access,
adapt, display, and perform related services with its Studies so that Nuance may fully
perform the Hosted Services.
5. OWNERSHIP. As between the Parties, the
Hosted Services and all Nuance software are, and at all times shall remain, Nuance's sole
and exclusive property, including all copyrights and other intellectual property rights
therein or thereto. Client agrees that neither Client nor any Third Party shall obtain any
express or implied rights in or to any part of the Application Services or Nuance software.
All rights not expressly granted are reserved by Nuance.
6. TERM AND TERMINATION
6.1Service Term. This Schedule shall remain in
full force and effect until it is effectively terminated by either party.
6.2Termination. Upon termination of this
Agreement ("Termination Date") all rights granted to Client under this agreement
shall terminate, Client and its Authorized Users shall immediately cease using the
7. MEDICAL CARE RESPONSIBILITY. Client and
its Authorized Users have all responsibility to identify and correct any inaccuracies and
errors in the Studies before using and/or relying on the content, results or other Hosted
Services output. Client acknowledges Nuance does not provide medical practice advice.
Client will consult with and rely exclusively on its own physicians or other medical
direction to review and conduct necessary revisions and approval of any and all medical
practice-related content, results or output provided by the Hosted Services. Nuance assumes
no responsibility for any of the foregoing, and Client agrees to indemnify and hold Nuance
harmless from and against any damages, claims or other liabilities for the wrongful death or
personal injury of a third party directly or indirectly caused or arising out of (i) Client's
use or non-use of the Hosted Services, (ii) any content, results or output from the Hosted
Services, (iii) all medical practice-related recommendations provided by Nuance, and (iv)
Client's failure to identify and correct any inaccuracies and errors in the content, results
or output of the Hosted Services.
8. REPRESENTATIONS AND WARRANTIES. Nuance
represents and warrants that it is authorized to enter into this Agreement. Client represents
and warrants that (a) all information Client provides to Nuance to access to the Hosted
Services is correct and not misleading, and (b) Client is authorized to enter into this Agreement.
9. DISCLAIMERS. Client acknowledges and
agrees that Nuance is providing the Hosted Services and any other services free of charge.
Consequently, Client agrees that it will take all precautions and safeguards necessary to
protect its data and systems from loss or damage. THE HOSTED SERVICES ARE PROVIDED
"AS IS" AND NUANCE MAKES NO WARRANTIES, EXPRESS OR IMPLIED, BY OPERATION OF LAW OR OTHERWISE,
INCLUDING WITHOUT LIMITATION THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NON-INFRINGEMENT. NO REPRESENTATION OR OTHER AFFIRMATION OF FACT, INCLUDING BUT NOT LIMITED
TO STATEMENTS REGARDING CAPACITY, SUITABILITY FOR USE OR PERFORMANCE OF THE HOSTED SERVICES,
OR PRODUCTS, WHETHER MADE BY NUANCE EMPLOYEES OR OTHERWISE WILL BE DEEMED TO BE A WARRANTY
BY NUANCE FOR ANY PURPOSE OR GIVE RISE TO ANY LIABILITY OF NUANCE WHATSOEVER.
10. LIMITATION OF LIABILITIES. GIVEN THE NATURE OF
THIS AGREEMENT, NUANCE SHALL NOT BE RESPONSIBLE OR LIABLE TO CLIENT OR ANY THIRD PARTY FOR
ANY DAMAGES, DIRECT OR OTHERWISE EXCEEDING FIVE ($5.00 USD) UNITED STATE DOLLARS. THE
PROVISIONS OF THIS SECTION WILL APPLY IF LOSS, DAMAGE OR INJURY, IRRESPECTIVE OF CAUSE OR
ORIGIN, RESULTS DIRECTLY OR INDIRECTLY TO PERSON OR PROPERTY FROM PERFORMANCE OR NONPERFORMANCE
OF OBLIGATIONS IMPOSED BY THIS AGREEMENT OR FROM NEGLIGENCE, ACTIVE OR OTHERWISE, OF NUANCE, ITS
AGENTS OR EMPLOYEES. UNDER NO CIRCUMSTANCES SHALL NUANCE HAVE ANY LIABILITY FOR ANY INDIRECT,
INCIDENTAL, SPECIAL OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, LOSS OF REVENUES,
LOSS OF PROFITS OR DAMAGES OF BUSINESS REPUTATION), REGARDLESS OF HOW SUCH DAMAGES ARISE AND
REGARDLESS OF WHETHER OR NOT A PARTY WAS ADVISED SUCH DAMAGES MIGHT ARISE. CLIENT WAIVES ALL
REMEDIES THAT MIGHT OTHERWISE BE AVAILABLE UNDER THE LAWS OF ANY JURISDICTION.
11. HIPAA; CLIENT DATA.
11.1Confidentiality of Patient Information
under HIPAA. When Nuance is acting as a business associate under HIPAA, the Parties
agree to abide by the terms of the Business Associate Agreement, which is attached and
made part of this Agreement (the "Business Associate Agreement").
11.2Confidential Information. Client shall not
disclose or use Nuance's Confidential Information (as defined below) except as provided
in this Agreement while this Agreement is in effect and for three years following
termination or expiration of this Agreement, provided, however, that the foregoing
restriction shall be perpetual as to all software. Client may disclose Confidential
Information to its agents or employees who have a need to know and who are bound in
writing by confidentiality terms no less restrictive than those contained herein.
Notwithstanding the foregoing, Confidential Information may be disclosed if required
by law, provided, however, that Client shall notify Nuance of such requirement
immediately in writing and will reasonably cooperate with Nuance in obtaining a
protective or similar order. "Confidential Information" means (a) the Applicable
Software and related technology, algorithms, and information contained therein,
including related trade secrets; and (b) any other information, including but not
limited to product plans, designs, prices, non-published financial information,
business opportunities, research, development, and know-how designated as confidential
at the time of disclosure or that Client should know is confidential. "Confidential
Information" does not include information that (i) can be demonstrated by written
records was in Client's possession prior to disclosure by Nuance; (ii) is or becomes
publicly known or readily ascertainable without breach of this Agreement; (iii) is
lawfully received by Client from a third party without an obligation of confidentiality;
(iv) is disclosed by Nuance to a third party without an obligation of confidentiality
on the part of the third party; (v) is independently developed by Client; (vi) Protected
Health Information (which shall be governed by the applicable Business Associate Agreement);
or (vii) is disclosed by Client with Nuance's prior written consent.
11.3Return of Confidential Information. Upon
Nuance's written request, Client shall promptly return or destroy all of Nuance's
11.4Personal Data Processing Under EU GDPR. If
the EU General Data Processing Regulation (GDPR) applies to the processing of Personal
Data (as that term is defined in the GDPR) by Nuance under this Agreement, then to the
extent you act as a controller of Personal Data you submit to Nuance and the GDPR
requires a processing contract pursuant to Article 28, Attachment A will apply and will
form part of this Agreement. Attachment A does not apply when Nuance acts as a
controller of Personal Data, such as with respect to the customer contact information
(name and email address, for example) you provide to us.
11.5Processing of Personal Data Internationally. If the Client
Data Nuance processes are that of data subjects outside of the US and EU, certain data protection laws may
apply. Company, acting as a data controller, is responsible for obtaining the Required Consents needed for
Nuance to process the data in accordance with this Agreement as well as implementing any mechanism legally
required to permit transfers, as defined under applicable data protection law, of Client Data.
12.1Assignment. Client shall not assign or
otherwise transfer its rights, obligations or remedies under this Agreement, in whole
or in part, to a third party unless such assignment is approved in writing by Nuance.
12.2Notices. For Information on how to contact
Nuance, please visit Nuance's "Engage Us" page.
12.3Update of Terms. Nuance may modify these
terms or any additional terms that apply to the Hosted Service to, for example, reflect
changes to the law or changes to the Hosted Services. You should look at the terms
regularly. Nuance will post notice of modifications to the terms in the Hosted Service.
Changes will not apply retroactively and will become effective no sooner than fourteen
days after they are posted. However, changes addressing new functions for the Hosted
Services or changes made for legal reasons will be effective immediately. If you do not
agree to the modified terms for a Service, you should discontinue your use of that Service.
If there is a conflict between these terms and the additional terms, the additional
terms will control for that conflict.
12.4Relationship between the Parties. In all
matters relating to this Agreement, Client and Nuance shall act as independent
contractors. Except as may be otherwise expressly permitted hereunder, neither Party
will represent that it has any authority to assume or create any obligation, expressed
or implied, on behalf of the other Party, or to represent the other Party as agent,
employee, or in any other capacity. Nuance shall at all times have the sole right and
obligation to supervise, manage, contract, direct, procure, perform, or cause to be
performed all work to be performed by Nuance hereunder unless otherwise provided herein.
Nuance shall, at all times, be responsible for the compliance of its third parties
involved in the delivery of the Services in accordance with the terms and conditions of
this Agreement. Nothing in this Agreement shall be construed to create any contractual
relationship between Client and any such third parties, nor any obligation on the part
of Client, to pay or to ensure the payment of any money due any such third party.
12.5Governing Law. This Agreement shall be
governed by the laws of the Commonwealth of Massachusetts, USA, without regard to
choice of law rules, and Client hereby submits to the jurisdiction of the federal
and state courts located in said Commonwealth and the applicable service of process.
12.6Partial Invalidity; Waiver. If any provision
of this Agreement or the application thereof to any Party or circumstances shall be
declared void, illegal or unenforceable, the remainder of this Agreement shall be valid
and enforceable to the extent permitted by applicable law. In such event the Parties
shall use reasonable efforts to replace the invalid or unenforceable provision by a
provision that, to the extent permitted by applicable law, achieves the purposes
intended under the invalid or unenforceable provision. Any deviation by a Party from
the terms and conditions required under applicable laws, rules and regulations shall
not be considered a breach of this Agreement. Neither a failure of a Party to exercise
any power or right given such Party hereunder or to insist upon strict compliance by
the other Party with its obligations hereunder, nor any custom or practice of the other
Party at variance with the terms hereof, shall constitute a waiver of a Party's right
to demand exact compliance with the terms of this Agreement.
12.7No Third Party Beneficiaries. Except as
expressly stated otherwise in this Agreement, nothing in this Agreement is intended to
create any rights in, or confer any benefits upon, any person or entity other than the
Parties to this Agreement.
GDPR PROCESSING ATTACHMENT
The following provisions will constitute the controller-processor contract required by Article
28 of the GDPR:
You agree that, when you transmit Personal
Data to Nuance so that we may deliver the Hosted Services, you are the controller of the
Personal Data and Nuance is the processor of such data. The subject-matter, nature and purpose
of the processing is provision of Hosted Services; the type of Personal Data are the Personal
Data included in the Studies you submit, and the categories of data subjects are the patients
in such Studies.
The duration of the processing is the
duration of this Agreement. All processing of your Personal Data is conducted on your
documented instructions in accordance with this Agreement unless required to do so by Union or
Member State law, in which case Nuance will inform you before processing, unless that law
prohibits such information on important grounds of public interest.
The Service is hosted by Microsoft Azure,
and you grant Nuance a specific authorization to appoint Microsoft as a sub-processor to
provide the Service to you and Salesforce.com as sub-processor to provide Nuance's support
ticketing system. You grant Nuance a general authorization to appoint other sub-processors,
including service providers, to support the delivery of the Service. Nuance will inform you of
any new or changed sub-processors, thereby giving you the opportunity to object to such changes.
We will require any sub-processors to enter into a written agreement with Nuance on the same or
equivalent terms to those in Attachment A to this Agreement, and we will remain liable to you
for any breach by the sub-processor of its agreement with Nuance.
The data that Nuance collects to provide
the Service to you, including Studies, may be transferred to the United States and stored and
processed there. By entering into this Agreement, you consent to such transfer, storage and processing. Nuance
complies with applicable EU requirements for transfers of Personal Data to the United States.
We will treat your Personal Data
confidentially and will take appropriate steps so that only authorized personnel shall have
access to your Personal Data and that such authorized personnel shall be subject to binding
obligations of confidentiality. We will implement appropriate technical and organizational
measures to meet GDPR requirements, including appropriate security under Article 32 as described
in the Technical and Organizational Measures described below, and to ensure the protection of
the rights of the data subject.
We will promptly notify you if we receive
notice from a data subject of exercise of data subject rights. You will be responsible for
addressing such requests. We will provide you with reasonable information to assist you in your
response to the data subject request, insofar this is possible, taking into account the nature
of the processing.
We will assist you in ensuring compliance
with the obligations pursuant to Articles 32 to 36 of the GDPR taking into account the nature of
processing and the information available to Nuance.
At your request, Nuance will delete or return
all collected Personal Data after the end of the Service, and delete existing copies, unless the
law requires storage of the Personal Data.
In order to satisfy your audit and inspection
rights Nuance will provide you with written information on Nuance's compliance. We will make
available to you all information necessary to demonstrate compliance with Article 28 of the GDPR
and allow for and contribute to audits, including inspections, conducted by you or an auditor
mandated by you, if necessary. We shall immediately inform you if, in our opinion, an instruction
infringes the GDPR or other EU data protection law.
We will notify you without undue delay after
becoming aware of any Personal Data breach and provide to you all information required to be
provided by a processor to a controller under Article 33(3) of the GDPR.
Technical and Organizational Measures
Workforce Clearing and Training: All Nuance personnel are subject to background checks before
access to restricted data is permitted. All personnel receive regular security training.
Physical Access Controls: All Nuance facilities are protected by physical security controls
including perimeter controls, electronic access systems, locks and cameras. Nuance stores all
production data in physically secure data centers that also maintain additional access restrictions.
Logical Access Controls: All Nuance systems and personal computers are subject to access
controls including at least username and password that must meet password complexity requirements
and automatic logoff requirements.
Data Access Controls: Access to Nuance systems storing Personal Data is granted on a need-to-know
basis and is subject to administrator approval. Data at rest is protected by either by encryption
or compensating security controls, which include segmented networks, tiered architecture, firewalls
with intrusion protection and anti-malware protections, and limiting of port access.
Data Transfer Controls: Data is protected by encryption in transit.
Entry Control: Nuance implements systems to log data access.
Availability Controls: Nuance's infrastructure systems have been designed to eliminate single
points of failure and minimize the impact of anticipated environmental risks. All data centers
operate in active/active mode with real-time application replication across the regions. Nuance
relies on geographical redundancy to support high-availability of service to its client base.
Control of Data Separation: All Customer data is logically separated.
Nuance may update these Technical and Organizational Measures at any time by publication on its
website at www.nuance.com.