A Spoke may connect the PowerShare Services or the Accelerator (as defined below) to a third party provider's image sharing and viewing software or hosted services upon payment of a fee by such third party provider or the Spoke to Nuance. Please contact your Nuance contact if you want to make such a connection (See Section 2.1 below).
Your rights to use PowerShare may be subject to a separate written agreement with Nuance or with any of Nuance's authorized resellers, intended to govern your use of the PowerShare Services. In such case your rights and obligations to use the PowerShare Services are governed by such separate written agreement.
This Agreement is made as of the Date in which a User Account is created by and between Nuance Communications Inc ("Nuance"), a Delaware corporation having offices at 1 Wayside Road, Burlington, Massachusetts 01803, and Account User ("Client"). Nuance and Client are sometimes referred to individually as a "Party" in this Agreement, and collectively, as the "Parties".
1.1 "Accelerator" means a Nuance software tool that Client, its Affiliates, and Clients that are Spokes may download to access and use the Hosted Services.
1.2 "Authorized User" is as defined below in Section 2.1 of this Schedule.
1.3 "Hosted Services" means Nuance PowerShare service for medical image exchange including an Image Repository, Accelerator and related services subject to the terms of this Schedule and the Applicable Order.
1.4 "Image Repository" is the cloud storage location for Client's Studies. The Image Repository retains a Study for a period of 45 days.
1.5 "Study" or "Clinical Image/Shared Study" means a medical study performed on a patient as defined in the Digital Imaging and Communications in Medicine (DICOM) Standard section PS3.3-2011. A Study may also be a non-DICOM image wrapped in a DICOM header. A Study consists of a collection of one or more series of medical images, presentation states, and/or structure reporting documents that are logically related for the purpose of diagnosing a patient. Each Study is associated with a single patient. A Study may include composite instances that are created by a single modality, multiple modalities or by multiple devices of the same modality. A Study will pertain to a single study instance Unique Identifier ("UID") and "Studies" means one or more Study.
1.6 "Required Consents" means all consents, licenses or approvals that give Nuance the right and/or license to access, use, copy, distribute, grant access, adapt, display, and perform the Hosted Services with Client's or a third Party's products, data, services and other materials without infringing on the rights of providers, licensors, or owners of such products, data, services or materials.
2. GRANT OF RIGHTS
2.1 Hosted Services. Subject to the terms and conditions of this Schedule, Nuance hereby grants Client a revocable, non-exclusive, non-transferable, limited right to (i) access and use the Hosted Services during the Service Term provided that such access and use is in a manner commensurate with the intended use of the Hosted Services and (ii) download the Accelerator and applicable connectivity software for use solely with the Hosted Services. Client may connect the PowerShare Services and/or the Accelerator to a third party provider's image sharing and viewing software or hosted services upon payment of a fee by such third party provider or the Client to Nuance. Client, on behalf of itself and its employees and contractors ("Authorized Users"), acknowledges and agrees that under no circumstances shall Nuance's Hosted Services be used as an Image Repository for the original version of a Study or any of the contents of a Study.
2.2 eUnityVIEWER. eUnity provides the capability to display medical image data and associated clinical reports. Your access and use of the eUnity Viewer is subject to the following additional terms and conditions:
(a) Diagnostic Use. Mammographic images and digitized film screen images must not be reviewed for primary image interpretation. Exported files are not diagnostic quality images and should not be used for diagnostic purposes. Display monitors used for reading medical images for diagnostic purposes must comply with applicable regulatory approvals and with quality control requirements for their use and maintenance.
(b) System Requirements. Client must comply with all Facility, Physician, and other System Requirements and Facility Requirements as identified in eUnity's documentation, located in the help files, before using the eUnity viewer. If the Client cannot comply with all of the Requirements then Client not use the eUnity viewer for diagnostic and calibration purposes.
2.3 Restrictions. Client will not, and if applicable, will not allow any Authorized User to access or use the Hosted Services for personal use or for the benefit of any unauthorized third party. Client shall not (i) allow anyone other than an Authorized User to access or use the Hosted Services, or any component thereof, or (ii) interfere with or disrupt the integrity or performance of the Hosted Services. Client shall not permit anyone to subject the Hosted Services or its infrastructure to security testing including penetration testing, network discovery, port and service identification, vulnerability scanning, password cracking, or remote access testing.
3. NUANCE RESPONSIBILITIES
3.1 Nuance agrees to retain each Study for a period of 45 days. Communications and network interoperability requirements for the Hosted Services are described in the PowerShare Specifications available at www.Nuance.com. Hosted Services and PowerShare Specifications are subject to change at Nuance's discretion. Nuance reserves the right to establish a maximum amount of network bandwidth, memory, or other functionality and a maximum amount of Clinical Images/Shared Studies that Client may store, post or transmit on or through the Hosted Services.
4. CLIENT RESPONSIBILITIES
4.1 Infrastructure and Services. Client is responsible for all computer hardware, software and communications equipment required to access and use the Hosted Services including paying all ISP, telecommunications, etc. access charges incurred, and agrees to: (i) provide Nuance secure, remote access to its networks and/or computing technology as necessary; and (ii) provide telecommunications including Internet connectivity, firewall, and all equipment and operating system software necessary for Authorized Users to access and use Hosted Services. Nuance has no responsibility for any modification/enhancement costs incurred to implement Client's or an Authorized User's interface or connection to the Hosted Services.
4.2 Registration and Account Security. Client shall not provide false personal information or create an account for anyone other than for Client without permission. Client shall keep contact information accurate and up-to-date. Client shall not share or distribute its password or other account information or allow anyone to access its account in a manner that would compromise the security of the account. Client shall not transfer its account to anyone without Nuance's written permission.
4.3 Responsibility For Accounts. Client is responsible for is passwords, and all activity with Authorized User accounts including that of users you provision and dealings with third parties that take place through your account or associated accounts. Client must keep accounts and passwords confidential. Client must immediately notify Nuance about any possible misuse of accounts or any security incident related to the online service.
4.4 Required Consents. Client shall promptly obtain and supply Nuance all Required Consents reasonably necessary to provide the Hosted Services. Client, on behalf of itself and its Authorized Users grants Nuance a non-exclusive, worldwide right and license to use, copy, distribute, grant access, adapt, display, and perform related services with its Studies so that Nuance may fully perform the Hosted Services.
5. OWNERSHIP. As between the Parties, the Hosted Services and all Nuance software are, and at all times shall remain, Nuance's sole and exclusive property, including all copyrights and other intellectual property rights therein or thereto. Client agrees that neither Client nor any Third Party shall obtain any express or implied rights in or to any part of the Application Services or Nuance software. All rights not expressly granted are reserved by Nuance.
6. TERM AND TERMINATION
6.1 Service Term. This Schedule shall remain in full force and effect until it is effectively terminated by either party.
6.2 Termination. Upon termination of this Agreement ("Termination Date") all rights granted to Client under this agreement shall terminate, Client and its Authorized Users shall immediately cease using the Hosted Services.
7. MEDICAL CARE RESPONSIBILITY. Client and its Authorized Users have all responsibility to identify and correct any inaccuracies and errors in the Studies before using and/or relying on the content, results or other Hosted Services output. Client acknowledges Nuance does not provide medical practice advice. Client will consult with and rely exclusively on its own physicians or other medical direction to review and conduct necessary revisions and approval of any and all medical practice-related content, results or output provided by the Hosted Services. Nuance assumes no responsibility for any of the foregoing, and Client agrees to indemnify and hold Nuance harmless from and against any damages, claims or other liabilities for the wrongful death or personal injury of a third party directly or indirectly caused or arising out of (i) Client's use or non-use of the Hosted Services, (ii) any content, results or output from the Hosted Services, (iii) all medical practice-related recommendations provided by Nuance, and (iv) Client's failure to identify and correct any inaccuracies and errors in the content, results or output of the Hosted Services.
8. REPRESENTATIONS AND WARRANTIES. Nuance represents and warrants that it is authorized to enter into this Agreement. Client represents and warrants that (a) all information Client provides to Nuance to access to the Hosted Services is correct and not misleading, and (b) Client is authorized to enter into this Agreement.
9. DISCLAIMERS. Client acknowledges and agrees that Nuance is providing the Hosted Services and any other services free of charge. Consequently, Client agrees that it will take all precautions and safeguards necessary to protect its data and systems from loss or damage. THE HOSTED SERVICES, ARE PROVIDED "AS IS" AND NUANCE MAKES NO WARRANTIES, EXPRESS OR IMPLIED, BY OPERATION OF LAW OR OTHERWISE, INCLUDING WITHOUT LIMITATION THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. NO REPRESENTATION OR OTHER AFFIRMATION OF FACT, INCLUDING BUT NOT LIMITED TO STATEMENTS REGARDING CAPACITY, SUITABILITY FOR USE OR PERFORMANCE OF THE HOSTED SERVICES, OR PRODUCTS, WHETHER MADE BY NUANCE EMPLOYEES OR OTHERWISE WILL BE DEEMED TO BE A WARRANTY BY NUANCE FOR ANY PURPOSE OR GIVE RISE TO ANY LIABILITY OF NUANCE WHATSOEVER.
10. Limitation of Liabilities. GIVEN THE NATURE OF THIS AGREEMENT, NUANCE SHALL NOT BE RESPONSIBLE OR LIABLE TO CLIENT OR ANY THIRD PARTY FOR ANY DAMAGES, DIRECT OR OTHERWISE EXCEEDING FIVE ($5.00 USD) UNITED STATE DOLLARS. THE PROVISIONS OF THIS SECTION WILL APPLY IF LOSS, DAMAGE OR INJURY, IRRESPECTIVE OF CAUSE OR ORIGIN, RESULTS DIRECTLY OR INDIRECTLY TO PERSON OR PROPERTY FROM PERFORMANCE OR NONPERFORMANCE OF OBLIGATIONS IMPOSED BY THIS AGREEMENT OR FROM NEGLIGENCE, ACTIVE OR OTHERWISE, OF NUANCE, ITS AGENTS OR EMPLOYEES. UNDER NO CIRCUMSTANCES SHALL NUANCE HAVE ANY LIABILITY FOR ANY INDIRECT, INCIDENTAL, SPECIAL OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, LOSS OF REVENUES, LOSS OF PROFITS OR DAMAGES OF BUSINESS REPUTATION), REGARDLESS OF HOW SUCH DAMAGES ARISE AND REGARDLESS OF WHETHER OR NOT A PARTY WAS ADVISED SUCH DAMAGES MIGHT ARISE. CLIENT WAIVES ALL REMEDIES THAT MIGHT OTHERWISE BE AVAILABLE UNDER THE LAWS OF ANY JURISDICTION.
11. HIPAA; CLIENT DATA.
11.1 Confidentiality of Patient Information under HIPAA. When Nuance is acting as a business associate under HIPAA, the Parties agree to abide by the terms of the Business Associate Agreement, which is attached and made part of this Agreement (the "Business Associate Agreement").
11.2 Confidential Information. Client shall not disclose or use Nuance's Confidential Information (as defined below) except as provided in this Agreement while this Agreement is in effect and for three years following termination or expiration of this Agreement, provided, however, that the foregoing restriction shall be perpetual as to all software. Client may disclose Confidential Information to its agents or employees who have a need to know and who are bound in writing by confidentiality terms no less restrictive than those contained herein. Notwithstanding the foregoing, Confidential Information may be disclosed if required by law, provided, however, that Client shall notify Nuance of such requirement immediately in writing and will reasonably cooperate with Nuance in obtaining a protective or similar order. "Confidential Information" means (a) the Applicable Software and related technology, algorithms, and information contained therein, including related trade secrets; and (b) any other information, including but not limited to product plans, designs, prices, non-published financial information, business opportunities, research, development, and know-how designated as confidential at the time of disclosure or that Client should know is confidential. "Confidential Information" does not include information that (i) can be demonstrated by written records was in Client's possession prior to disclosure by Nuance; (ii) is or becomes publicly known or readily ascertainable without breach of this Agreement; (iii) is lawfully received by Client from a third party without an obligation of confidentiality; (iv) is disclosed by Nuance to a third party without an obligation of confidentiality on the part of the third party; (v) is independently developed by Client; (vi) Protected Health Information (which shall be governed by the applicable Business Associate Agreement); or (vii) is disclosed by Client with Nuance's prior written consent.
11.3 Return of Confidential Information. Upon Nuance's written request, Client shall promptly return or destroy all of Nuance's Confidential Information.
11.4 Personal Data Processing Under EU GDPR. If the EU General Data Processing Regulation (GDPR) applies to the processing of Personal Data (as that term is defined in the GDPR) by Nuance under this Agreement, then to the extent you act as a controller of Personal Data you submit to Nuance and the GDPR requires a processing contract pursuant to Article 28, Attachment A will apply and will form part of this Agreement. Attachment A does not apply when Nuance acts as a controller of Personal Data, such as with respect to the customer contact information (name and email address, for example) you provide to us.
12.1 Assignment. Client shall not assign or otherwise transfer its rights, obligations or remedies under this Agreement, in whole or in part, to a third party unless such assignment is approved in writing by Nuance.
12.2 Notices. For Information on how to contact Nuance, please visit Nuance's "Engage Us" page.
12.3 Update of Terms. Nuance may modify these terms or any additional terms that apply to the Hosted Service to, for example, reflect changes to the law or changes to the Hosted Services. You should look at the terms regularly. Nuance will post notice of modifications to the terms in the Hosted Service. Changes will not apply retroactively and will become effective no sooner than fourteen days after they are posted. However, changes addressing new functions for the Hosted Services or changes made for legal reasons will be effective immediately. If you do not agree to the modified terms for a Service, you should discontinue your use of that Service. If there is a conflict between these terms and the additional terms, the additional terms will control for that conflict.
12.4 Relationship between the Parties. In all matters relating to this Agreement, Client and Nuance shall act as independent contractors. Except as may be otherwise expressly permitted hereunder, neither Party will represent that it has any authority to assume or create any obligation, expressed or implied, on behalf of the other Party, or to represent the other Party as agent, employee, or in any other capacity. Nuance shall at all times have the sole right and obligation to supervise, manage, contract, direct, procure, perform, or cause to be performed all work to be performed by Nuance hereunder unless otherwise provided herein. Nuance shall, at all times, be responsible for the compliance of its third parties involved in the delivery of the Services in accordance with the terms and conditions of this Agreement. Nothing in this Agreement shall be construed to create any contractual relationship between Client and any such third parties, nor any obligation on the part of Client, to pay or to ensure the payment of any money due any such third party.
12.5 Governing Law. This Agreement shall be governed by the laws of the Commonwealth of Massachusetts, USA, without regard to choice of law rules, and Client hereby submits to the jurisdiction of the federal and state courts located in said Commonwealth and the applicable service of process.
12.6 Partial Invalidity; Waiver. If any provision of this Agreement or the application thereof to any Party or circumstances shall be declared void, illegal or unenforceable, the remainder of this Agreement shall be valid and enforceable to the extent permitted by applicable law. In such event the Parties shall use reasonable efforts to replace the invalid or unenforceable provision by a provision that, to the extent permitted by applicable law, achieves the purposes intended under the invalid or unenforceable provision. Any deviation by a Party from the terms and conditions required under applicable laws, rules and regulations shall not be considered a breach of this Agreement. Neither a failure of a Party to exercise any power or right given such Party hereunder or to insist upon strict compliance by the other Party with its obligations hereunder, nor any custom or practice of the other Party at variance with the terms hereof, shall constitute a waiver of a Party's right to demand exact compliance with the terms of this Agreement.
12.7 No Third Party Beneficiaries. Except as expressly stated otherwise in this Agreement, nothing in this Agreement is intended to create any rights in, or confer any benefits upon, any person or entity other than the Parties to this Agreement.
GDPR PROCESSING ATTACHMENT
The following provisions will constitute the controller-processor contract required by Article 28 of the GDPR:
(a)You agree that, when you transmit Personal Data to Nuance so that we may deliver the Hosted Services, you are the controller of the Personal Data and Nuance is the processor of such data. The subject-matter, nature and purpose of the processing is provision of Hosted Services; the type of Personal Data are the Personal Data included in the Studies you submit, and the categories of data subjects are the patients in such Studies.
(b)The duration of the processing is the duration of this Agreement. All processing of your Personal Data is conducted on your documented instructions in accordance with this Agreement unless required to do so by Union or Member State law, in which case Nuance will inform you before processing, unless that law prohibits such information on important grounds of public interest.
(c)The Service is hosted by Microsoft Azure, and you grant Nuance a specific authorization to appoint Microsoft as a sub-processor to provide the Service to you and Salesforce.com as sub-processor to provide Nuance's support ticketing system. You grant Nuance a general authorization to appoint other sub-processors, including service providers, to support the delivery of the Service. Nuance will inform you of any new or changed sub-processors, thereby giving you the opportunity to object to such changes. We will require any sub-processors to enter into a written agreement with Nuance on the same or equivalent terms to those in Attachment A to this Agreement, and we will remain liable to you for any breach by the sub-processor of its agreement with Nuance.
(d)The data that Nuance collects to provide the Service to you, including Studies, may be transferred to the United States and stored and processed there. By entering into this Agreement, you consent to such transfer, storage and processing. Nuance complies with applicable EU requirements for transfers of Personal Data to the United States.
(e)We will treat your Personal Data confidentially and will take appropriate steps so that only authorized personnel shall have access to your Personal Data and that such authorized personnel shall be subject to binding obligations of confidentiality. We will implement appropriate technical and organizational measures to meet GDPR requirements, including appropriate security under Article 32 as described in the Technical and Organizational Measures described below, and to ensure the protection of the rights of the data subject.
(f)We will promptly notify you if we receive notice from a data subject of exercise of data subject rights. You will be responsible for addressing such requests. We will provide you with reasonable information to assist you in your response to the data subject request, insofar this is possible, taking into account the nature of the processing.
(g)We will assist you in ensuring compliance with the obligations pursuant to Articles 32 to 36 of the GDPR taking into account the nature of processing and the information available to Nuance.
(h)At your request, Nuance will delete or return all collected Personal Data after the end of the Service, and delete existing copies, unless the law requires storage of the Personal Data.
(i)In order to satisfy your audit and inspection rights Nuance will provide you with written information on Nuance's compliance. We will make available to you all information necessary to demonstrate compliance with Article 28 of the GDPR and allow for and contribute to audits, including inspections, conducted by you or an auditor mandated by you, if necessary. We shall immediately inform you if, in our opinion, an instruction infringes the GDPR or other EU data protection law.
(j)We will notify you without undue delay after becoming aware of any Personal Data breach and provide to you all information required to be provided by a processor to a controller under Article 33(3) of the GDPR.
Technical and Organizational Measures
Workforce Clearing and Training: All Nuance personnel are subject to background checks before access to restricted data is permitted. All personnel receive regular security training.
Physical Access Controls: All Nuance facilities are protected by physical security controls including perimeter controls, electronic access systems, locks and cameras. Nuance stores all production data in physically secure data centers that also maintain additional access restrictions.
Logical Access Controls: All Nuance systems and personal computers are subject to access controls including at least username and password that must meet password complexity requirements and automatic logoff requirements.
Data Access Controls: Access to Nuance systems storing Personal Data is granted on a need-to-know basis and is subject to administrator approval. Data at rest is protected by either by encryption or compensating security controls, which include segmented networks, tiered architecture, firewalls with intrusion protection and anti-malware protections, and limiting of port access.
Data Transfer Controls: Data is protected by encryption in transit.
Entry Control: Nuance implements systems to log data access.
Availability Controls: Nuance's infrastructure systems have been designed to eliminate single points of failure and minimize the impact of anticipated environmental risks. All data centers operate in active/active mode with real-time application replication across the regions. Nuance relies on geographical redundancy to support high-availability of service to its client base.
Control of Data Separation: All Customer data is logically separated.
Nuance may update these Technical and Organizational Measures at any time by publication on its website at www.nuance.com.