...

1.  Application – Any software application, website, or product you create or service you offer using the FHIR API service (defined below).

2.  API Documentation – The documentation, data and information regarding the use of the FHIR API through the Developer Site.

3.  Data – means any data and content uploaded, posted, transmitted or otherwise made available by users via the Services, including messages, files, comments, profile information and anything else entered or uploaded into the Service by a user of the Service.

4.  Developer Site – FHIR API’s Developer site is found at https://cfhir-ehrdevpresentationdev.patientvault.com/

5.  NeoDeck / NeoMed Brand – The NeoDeck and NeoMed brand and brand assets, including names, logos, trade names and trademarks.

6.  NeoDeck Service(s) / NeoMed Service(s) – NeoDeck’s real-time communication, messaging, archiving and search services and related systems and technologies, as well as the website http://www.neodeckholdings.com/ (the “Site”), and all software, applications, data, reports, text, images, and other content made available by or on behalf of NeoDeck through any of the foregoing. The “Service” does not include Data or any software application or service that is provided by you or a third party (including Applications), whether or not NeoDeck designates them as “official integrations”.

7. Documentation, Access, and Fees. In order to connect your Developer App to the Certified FHIR APIs, you will be required to register as an API Developer and register your Developer App. Upon registering your Developer App, NeoDeck will provide an API key that may be passed with each API request. In addition, we will provide credentials to a sandbox database that you may use for testing. Certified FHIR API access is provided to Developer free of charge. NeoDeck may, at its sole discretion, introduce reasonable fees to continue using the Certified FHIR API, provided, however, that such fees would be subject to applicable law. Consequently, no additional support services are provided to Developer as part of these Terms. If additional support services are required, Developer can contact NeoDeck.

...

2.  Protections. The network, operating system and software of your web servers, databases, and computer systems (collectively, “Your Systems”) must be properly configured to securely operate your Application and store Data. Your Application must use reasonable security measures to protect your users’ information. You must not architect or select Your Systems in a manner to avoid the foregoing obligation.

3.  Reporting. You must promptly report any security deficiencies in, or intrusions to, your Systems to NeoDeck in writing via email to cs@nd-soft.com or subsequent contact information posted on the Developer Site. This includes any unauthorized access, use, disclosure or destruction of Data. You will work with NeoDeck to immediately correct any security deficiency and will immediately disconnect any intrusions or intruder. In the event of any security deficiency or intrusion involving the Application, NeoMed’s API Service or Data, you will make no public statements regarding such deficiencies or intrusions (e.g., press, blogs, social media, bulletin boards, etc.) without prior written and express permission from NeoDeck in each instance.

4. HIPAA. Developer understands and agrees that these Terms prohibit the access to and use of NeoMed end-users’ hosted application data including all Protected Health Information (“PHI”) as defined by the Health Insurance Portability and Accountability Act (“HIPAA”), unless such access is arranged directly between the Developer and the NeoMed end-user, whose relationship with the Developer may require a separate Business Associate Agreement between those two parties and otherwise comply with all applicable laws.

5. Confidentiality. Developer acknowledges and agrees that the Access Credentials comprise highly sensitive and confidential information of NeoMed (“NeoMed Confidential Information”). Developer agrees to treat the Access Credentials, together with any other information or documentation provided by NeoMed in connection with the Access Credentials, whether in tangible, electronic, oral or other format, as highly confidential information and retain it in confidence using the same degree of care it uses with respect to its own highly confidential information, but in no event less than reasonable care for such information. Developer specifically agrees that the NeoMed Confidential Information will be accessible only by those employees and third-party consultants who (i) are directly involved with the Developer Programs; (ii) have a definite need to access the NeoMed Confidential Information and other information; and (iii) have entered into appropriate agreements with Developer binding them, as individuals or business entities, to the terms of agreements, including without limitation these Terms, entered into between Developer and third parties. NeoMed shall treat confidential information received from Developer on the same basis as set forth above (“Developer Confidential Information”).

   Confidential Information of either party hereunder shall not include information that: (a) is or becomes a part of the public domain through no act or omission of the other party; (b) was in the other party's lawful possession prior to the disclosure and had not been obtained by the other party either directly or indirectly from the disclosing party; (c) is lawfully disclosed to the other party by a third party without restriction on disclosure; or (d) is independently developed by the other party. For the avoidance of doubt, nothing in these Terms shall be construed to prohibit or restrict any communication in a manner that violates the Condition of Certification at 45 C.F.R. § 170.403(a). Further, Developer shall not impose any prohibition or restriction on any third party that prohibits or restricts any communication in a manner that violates the Condition of Certification.

   The confidentiality obligations under this Section of these Terms shall survive termination of Developer’s access to the Access Credentials for any reason. The parties acknowledge that money damages will not be an adequate remedy if the Confidentiality provisions of these Terms are breached and, therefore, either party may, in addition to any other legal or equitable remedies, seek injunctive or other equitable relief against such breach or threatened breach without the necessity of posting any bond or surety. In the event that either party is requested or required for the purposes of legal, administrative, or arbitration to disclose any Confidential Information, the party receiving such disclosure request will provide the other party with immediate written notice of any such request or requirement so that such party may seek an appropriate protective order or other relief.

Government Access

...

You will not knowingly:

1.  Allow or assist any government entities, law enforcement, or other organizations to conduct surveillance or obtain data using your access to the API in order to avoid serving legal process directly on NeoDeck. Any such use by you for law enforcement purposes is a breach of this API TOS.

2.  Display, distribute or otherwise make available Data or any Application to any person or entity that you reasonably believe will use Data to violate the Universal Declaration of Human Rights (located at http://www.un.org/en/documents/udhr/), including without limitation Articles 12, 18, or 19. You will not conduct and your Application will not provide analyses or research that isolates a small group of individuals or any single individual for any unlawful or discriminatory purposes. Exemptions to these restrictions may be requested for exigent circumstances and are subject to prior written approval from NeoDeck.

...