...
Protections. The network, operating system and software of your web servers, databases, and computer systems (collectively, “Your Systems”) must be properly configured to securely operate your Application and store Data. Your Application must use reasonable security measures to protect your users’ information. You must not architect or select Your Systems in a manner to avoid the foregoing obligation.
Reporting. You must promptly report any security deficiencies in, or intrusions to, your Systems to NeoDeck in writing via email to cs@nd-soft.com or subsequent contact information posted on the Developer Site. This includes any unauthorized access, use, disclosure or destruction of Data. You will work with NeoDeck to immediately correct any security deficiency and will immediately disconnect any intrusions or intruder. In the event of any security deficiency or intrusion involving the Application, NeoMed’s API Service or Data, you will make no public statements regarding such deficiencies or intrusions (e.g., press, blogs, social media, bulletin boards, etc.) without prior written and express permission from NeoDeck in each instance.
HIPAA. Developer understands and agrees that these Terms prohibit the access to and use of NeoMed end-users’ hosted application data including all Protected Health Information (“PHI”) as defined by the Health Insurance Portability and Accountability Act (“HIPAA”), unless such access is arranged directly between the Developer and the NeoMed end-user, whose relationship with the Developer may require a separate Business Associate Agreement between those two parties and otherwise comply with all applicable laws.
Confidentiality. Developer acknowledges and agrees that the Access Credentials comprise highly sensitive and confidential information of NeoMed (“NeoMed Confidential Information”). Developer agrees to treat the Access Credentials, together with any other information or documentation provided by NeoMed in connection with the Access Credentials, whether in tangible, electronic, oral or other format, as highly confidential information and retain it in confidence using the same degree of care it uses with respect to its own highly confidential information, but in no event less than reasonable care for such information. Developer specifically agrees that the NeoMed Confidential Information will be accessible only by those employees and third-party consultants who (i) are directly involved with the Developer Programs; (ii) have a definite need to access the NeoMed Confidential Information and other information; and (iii) have entered into appropriate agreements with Developer binding them, as individuals or business entities, to the terms of agreements, including without limitation these Terms, entered into between Developer and third parties. NeoMed shall treat confidential information received from Developer on the same basis as set forth above (“Developer Confidential Information”).
Confidential Information of either party hereunder shall not include information that: (a) is or becomes a part of the public domain through no act or omission of the other party; (b) was in the other party's lawful possession prior to the disclosure and had not been obtained by the other party either directly or indirectly from the disclosing party; (c) is lawfully disclosed to the other party by a third party without restriction on disclosure; or (d) is independently developed by the other party. For the avoidance of doubt, nothing in these Terms shall be construed to prohibit or restrict any communication in a manner that violates the Condition of Certification at 45 C.F.R. § 170.403(a). Further, Developer shall not impose any prohibition or restriction on any third party that prohibits or restricts any communication in a manner that violates the Condition of Certification.
The confidentiality obligations under this Section of these Terms shall survive termination of Developer’s access to the Access Credentials for any reason. The parties acknowledge that money damages will not be an adequate remedy if the Confidentiality provisions of these Terms are breached and, therefore, either party may, in addition to any other legal or equitable remedies, seek injunctive or other equitable relief against such breach or threatened breach without the necessity of posting any bond or surety. In the event that either party is requested or required for the purposes of legal, administrative, or arbitration to disclose any Confidential Information, the party receiving such disclosure request will provide the other party with immediate written notice of any such request or requirement so that such party may seek an appropriate protective order or other relief.
Government Access
...
You will not knowingly:
Allow or assist any government entities, law enforcement, or other organizations to conduct surveillance or obtain data using your access to the API in order to avoid serving legal process directly on NeoDeck. Any such use by you for law enforcement purposes is a breach of this API TOS.
Display, distribute or otherwise make available Data or any Application to any person or entity that you reasonably believe will use Data to violate the Universal Declaration of Human Rights (located at http://www.un.org/en/documents/udhr/), including without limitation Articles 12, 18, or 19. You will not conduct and your Application will not provide analyses or research that isolates a small group of individuals or any single individual for any unlawful or discriminatory purposes. Exemptions to these restrictions may be requested for exigent circumstances and are subject to prior written approval from NeoDeck.
...