Welcome to portal.imbio.com, the website and online service of Imbio, LLC (collectively “Imbio”, “We”, “Us” and “Our”). This Portal Terms and Conditions Agreement (the “Agreement”) is made by and between Imbio, LLC, a Minnesota corporation located at 807 Broadway St NE, Suite 350, Minneapolis MN 55413, and the customer accepting this agreement (customer hereinafter referred to as “Customer”, “You” and “Your”).
You have indicated that You wish to subscribe to the Portal software services offered by Imbio as defined herein, and Imbio agrees to make services, software or applications owned, controlled, or offered by Imbio (which may include, as applicable, content and offline components such as associated media, printed materials, and electronic documentation) (collectively the “Services”) available to You for the purpose of either (i) a limited time (the “Trial Period”) for the purpose of evaluating the Services, or (i) an ongoing use of the Services, subject to the completion of any additional subscription, research or beta use agreement as may be required by Imbio.
BY ACCEPTING THIS AGREEMENT, EITHER BY CLICKING A BOX INDICATING YOUR ACCEPTANCE OR BY EXECUTING AN ORDER FORM OR QUOTATION THAT REFERENCES THIS AGREEMENT, YOU AGREE TO THE TERMS OF THIS AGREEMENT. IF YOU ARE ENTERING INTO THIS AGREEMENT ON BEHALF OF A COMPANY OR OTHER LEGAL ENTITY, YOU REPRESENT THAT YOU HAVE THE AUTHORITY TO BIND SUCH ENTITY AND ITS AFFILIATES TO THESE TERMS AND CONDITIONS, IN WHICH CASE THE TERMS “YOU” OR “YOUR” SHALL REFER TO SUCH ENTITY AND ITS AFFILIATES. IF YOU DO NOT HAVE SUCH AUTHORITY, OR IF YOU DO NOT AGREE WITH THESE TERMS AND CONDITIONS, YOU MUST NOT ACCEPT THIS AGREEMENT AND MAY NOT USE THE SERVICES.
Services provided to Customer include Imbio’s image analysis services as made available via the Portal website, and as may be updated or amended by Imbio in its sole discretion, and are subject to the terms and conditions (collectively the “Terms”) of this Agreement. If you have a separate Subscription Agreement, Beta Agreement or Research Agreement with Imbio, the separate Subscription, Beta or Research agreement takes precedence over this Portal agreement where any conflicts may exist.
TERM AND TERMINATION.
1.1 Term and Termination. This Agreement commences on the date You first accept it and continues until (i) any Trial Period set forth herein has expired or has been terminated, or (ii) any related subscription, research or beta use agreement expires or is terminated.
1.2 Trial Periods. If You are subscribing to the Services for a Trial Period, such Trial Period for this agreement begins upon your first login to Portal and continues for the lesser of (a) the number of days indicated on the Imbio web site as the offered trial period at the time at which You request Your trial, or (b) the expiration of the trial credits offered to You to utilize the Services. In no circumstance, will a Trial Period exceed ninety (90) days. Either party may terminate a Trial Period for any reason or no reason upon seven (7) days notice to the other party.
1.3 Cessation of Use. Upon expiration or termination of this Agreement, You may no longer utilize the Services and We will terminate your access to the Services. We will delete all of Your data and any outputs You generate as you utilize the Services within thirty (30) days of the expiration or termination of this Agreement.
USE OF SERVICES
2.1 Your Responsibilities. Subject to Your use of Services in accordance with the terms of this Agreement, Imbio hereby grants You a non-exclusive, non-transferable right to permit Your employees or other users authorized by You (“Users”) to use the Services during the term of this Agreement solely for Your internal business operations. You will (a) be responsible for Users’ compliance with this Agreement and be responsible for any breach of this Agreement by the Users, (b) be solely responsible for the accuracy, quality, integrity and legality of Your data and the means by which You acquired Your data, (c) use Services only in accordance with any documentation provided by Imbio and applicable laws and government regulations.
2.2 Usage Restrictions; Reservation of Rights. All title, rights, ownership and copyrights in and to the software used in providing the Services, the accompanying media and printed materials are owned at all times by Imbio or its licensors. You will not (a) make any Service available to, or use any Service or Content for the benefit of, anyone other than You or Your Users, (b) use a Service to store or transmit infringing, libelous, or otherwise unlawful or tortious material, or to store or transmit material in violation of third-party privacy rights (including, but not limited to, the PHI of patients, as defined by the laws and regulations commonly referred to as HIPAA), or (c) attempt to defeat, avoid, by-pass, remove, deactivate, or otherwise circumvent any software protection mechanisms in the Services. Subject to the limited rights expressly granted hereunder, We and Our licensors reserve all of Our/their right, title and interest in and to the Services, including all of Our/their related intellectual property rights. No rights are granted to You hereunder other than as expressly set forth herein.
2.3 Medical Use. You understand that the Services offered by us involve software used to supplement the treatment of patients undergoing medical procedures. The Services are only to be used as a supplement to standard methods of interpreting radiological images. If any of the Services You utilize under the terms of this Agreement are identified by Imbio as a beta application (for example, identified as Beta Products, Beta Software, Beta Applications, Research Use Only, or Investigational Use Only) (collectively, “Beta Services”), You understand that such Beta Services are not intended for clinical usage, and You agree that You will not use the Beta Services for clinical patient treatment purposes. Any Beta Services will be identified by Imbio on the Portal website or will produce outputs labeled to indicate beta, research or investigational use only.
PATIENT PRIVACY AND PROTECTED HEALTH INFORMATION
3.1 HIPAA Compliance. Imbio represents that, to the extent required by law, the Services provided under this Agreement will comply in all material respects with the privacy standards adopted by the U.S. Department of Health and Human Services as they may be amended from time to time, 45 C.F.R. parts 160 and 164, subparts A and E (“the Privacy Rule”) and the security standards adopted by the U.S. Department of Health and Human Services as they may be amended from time to time, 45 C.F.R. parts 160, 162 and 164, subpart C (“the Security Rule”). Collectively, the Privacy Rule and the Security Rule are referred to herein as “HIPAA Rules.”
3.2 Business Associate Agreement. To the extent that HIPAA Rules (45 C.F.R. Section 164.504(e)) may require a “Business associate contract” between You or the Legal Entity that You represent as a covered entity, and Imbio as a business associate, attached and incorporated herein and agreed to by the parties is Exhibit A, “HIPAA Business Associate Agreement”. Terms of Exhibit A shall be considered binding upon your acceptant of this Agreement and shall remain in effect during the term of the Agreement including any extensions.
3.3 GDPR Compliance. Imbio represents that, to the extent required by law, the Services provided under this Agreement will comply in all material respects with the EU General Data Protection Regulation 2016/679 referred to herein as “GDPR”. If You are a User to which GDPR protections apply, You acknowledge that Imbio collects your personal information through the Portal registration process and through Your Portal online user profile. This information is retained to document and support Your subscription and may be used by Imbio to contact You regarding Your subscription, Your use of the Services and product notices or other marketing communications related to the Services You are using so long as You maintain an active subscription to the Services. Imbio shall not sell, share or otherwise transfer any of Your personal information to any 3rd party other than as may be required for performing the Services and Imbio communications authorized herein. You may contact IMBIO at firstname.lastname@example.org to edit, correct, change, or delete your personal information at any time, or to terminate your use of the Services under a Trial Period at any time.
3.4 Non-U.S. and EU Users or Entities. IMBIO DOES NOT WARRANT OR REPRESENT that the Services provided hereunder meet all international laws and regulations regarding personal or patient privacy and protected health information, except for the representations in sections 3.1 and 3.3 of this Agreement. IMBIO DOES REPRESENT that We shall take substantially the same measure of care and apply the same internal policies, procedures and standards in managing and protecting Your data as We do to meet the HIPAA compliance standards per section 3.1 of this agreement, for all users of the Services. If You or the Legal Entity you represent are not subject to or protected by the representations in sections 3.1 and 3.3 of this Agreement, You are responsible to ensure that Your use of the Services and any data that You may uploaded to Imbio shall comply with Your internal processes and policies, and any applicable governmental laws or regulatory requirements pertaining to patient privacy and protected patient health information. You hereby accept sole liability for non-compliance with laws or regulations regarding patient privacy and protected health information.
The parties agree that the data exchanged by the parties under the terms of this Agreement, including but not limited to the data uploaded to and downloaded from the Portal website, as well as the information contained on the Portal website itself, are considered Confidential Information. In addition, any data, including the existence of, the user interface of, Your use of and outputs of any Beta Services shall be considered Confidential. The receiving party will use the same degree of care that it uses to protect the confidentiality of its own confidential information of like kind (but not less than reasonable care) not to use any Confidential Information of the disclosing party for any purpose outside the scope of this Agreement,. The obligations under this Section 3 shall remain in force for a term expiring two (2) years after the expiration of this Agreement.
INDEMNIFICATION & LIMITATION OF LIABILITY
5.1 Indemnification by Us. We will defend You against any claim, demand, suit or proceeding made or brought against You by a third party alleging that the use of the Services in accordance with this Agreement infringes or misappropriates such third party’s intellectual property rights (a “Claim Against You”), and will indemnify You from any damages, attorney fees and costs finally awarded against You as a result of a Claim Against You, provided You (a) promptly give Us written notice of the Claim Against You, (b) give Us sole control of the defense and settlement of the Claim Against You, and (c) give Us all reasonable assistance, at Our expense. The above defense and indemnification obligations do not apply to the extent a Claim Against You arises from Your use of the Services in a manner contrary to the instructions given to You by Us, or Your breach of this Agreement. In addition, Imbio shall not be responsible for any compromise or settlement made without its written consent. THE FOREGOING STATES THE ENTIRE LIABILITY OF IMBIO FOR INFRINGEMENT AND SHALL BE CUSTOMER’S SOLE AND EXCLUSIVE REMEDY AND IMBIO’S SOLE OBLIGATOIN AND LIABILITY FOR ANY ALLEGED INFRINGEMENT.
5.2 Indemnification by You. Except as is specified in Section 5.1, You will defend us and hold us harmless against any claim, demand, suit or proceeding made or brought against us by a third party resulting from Your use of the Services under the terms of this Agreement, including indemnifying us against any damages, costs or attorney fees as a result of any such claim.
5.3 Limitation of Liability. IMBIO ACCEPTS NO LIABILITY WITH RESPECT TO ANY INCIDENT ARISING OUT OF OR RELATED TO THIS AGREEMENT EXCEPT FOR LIABILITY ARISING DIRECTLY FROM INFRINGEMENT OR MISAPPROPRIATION OF A THIRD PARTY’S INTELLECTUAL PROPERTY RIGHTS BY IMBIO.
5.4 Exclusion of Consequential and Related Damages. IN NO EVENT WILL EITHER PARTY HAVE ANY LIABILITY TO THE OTHER PARTY FOR ANY LOST PROFITS, REVENUES OR INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, COVER OR PUNITIVE DAMAGES. THIS DISCLAIMER WILL NOT APPLY TO THE EXTENT PROHIBITED BY LAW.
6.1 Surviving Provisions. The Sections titled “Usage Restrictions,” “Reservation of Rights,” “Confidentiality,” “Indemnification & Limitation of Liability,” and “General Provisions” will survive any termination or expiration if this Agreement.
6.2 General Provisions. The parties mutually agree i) this Agreement shall be governed by the laws of the State of Minnesota, each party agrees to the applicable governing law without regard to choice or conflicts of law rules, and to the exclusive jurisdiction of the applicable courts above; ii) neither party may assign any of its rights or obligations hereunder, without the other party’s prior written consent (not to be unreasonably withheld), except that Imbio may assign this Agreement in its entirety without the other party’s consent to its affiliate or in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of its assets. used in the performance of the services hereunder; iii) the parties are independent contractors, this Agreement does not create a partnership, franchise, joint venture, agency, fiduciary or employment relationship between the parties; iv) no failure or delay by either party in exercising any right under this Agreement will constitute a waiver of that right; and v) if any provision of this Agreement is held by a court of competent jurisdiction to be contrary to law, the provision will be deemed null and void, and the remaining provisions of this Agreement will remain in effect.
HIPAA BUSINESS ASSOCIATE AGREEMENT
This Business Associate Agreement (this “Agreement”) is made by and between Imbio, LLC, a Minnesota corporation located at 807 Broadway St NE, Suite 350, Minneapolis MN 55413, hereinafter referred to as “Imbio” or “Business Associate”, and the customer accepting the Portal Terms and Conditions Agreement into which it is incorporated, hereinafter referred to as “Covered Entity”, (individually, a “Party” and collectively, the “Parties”).
WHEREAS, Covered Entity may from time to time enter into agreements with Imbio for the provision of services (“Service Agreements”), pursuant to which Imbio will act as a business associate (“Business Associate”) within the meaning of the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations, as the same may be amended from time to time (“HIPAA”); and
WHEREAS, both Parties are required to comply with the Health Information Technology Economic and Clinical Health (“HITECH”) Act, as well as the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and the privacy regulations promulgated pursuant to HIPAA, including, but not limited to, 45 C.F.R. Parts 160 and 164 Subpart E (the “Privacy Regulation”), and the security regulations promulgated pursuant to HIPAA, including, but not limited to 45 C.F.R. Parts 160 and 164 Subpart C (the “Security Regulation”), as may be amended from time to time.
NOW, THEREFORE, This Agreement sets forth the terms and conditions pursuant to which Protected Health Information, including electronic Protected Health Information will be handled by Business Associate and third parties during the term of the Agreement and after its termination. The Parties agree as follows:
Except as otherwise defined herein, any and all capitalized terms in this Agreement shall have the definitions set forth by HIPAA. In the event of an inconsistency between the provisions of this Agreement and mandatory provisions of HIPAA, HIPAA shall control. Where provisions of this Agreement are different from those mandated by HIPAA, but are nonetheless permitted by HIPAA, the provisions of this Agreement shall control.
OBLIGATIONS AND ACTIVITIES OF BUSINESS ASSOCIATE
Business Associate agrees to:
(a) Not use or disclose protected health information other than as permitted or required by this Agreement or by law;
(b) Use appropriate safeguards, and comply with Subpart C of 45 CFR Part 164 with respect to electronic protected health information, to prevent use or disclosure of protected health information other than as provided for by the Agreement;
(c) Report to Covered Entity any use or disclosure of protected health information not provided for by the Agreement of which it becomes aware, including breaches of unsecured protected health information as required at 45 CFR 164.410, and any security incident of which it becomes aware within seventy-two (72) hours. Covered Entity shall be responsible for any required notifications to individuals, regulatory bodies or government agencies as required by law on behalf of Covered Entity;
(d) In accordance with 45 CFR 164.502(e)(1)(ii) and 164.308(b)(2), if applicable, ensure that any subcontractors that create, receive, maintain, or transmit protected health information on behalf of the Business Associate agree to the same restrictions, conditions, and requirements that apply to the Business Associate with respect to such information;
(e) Make available protected health information in a designated record set to the Covered Entity as necessary to satisfy Covered Entity’s obligations under 45 CFR 164.524. Should Business Associate receive a request for protected health information from any individual, Business Associate shall forward such request to Covered Entity, and Covered Entity shall, in its sole discretion fulfill such requests as required by applicable law and regulations;
(f) Make any amendment(s) to protected health information in a designated record set as directed or agreed to by the Covered Entity pursuant to 45 CFR 164.526, or take other measures as necessary to satisfy Covered Entity’s obligations under 45 CFR 164.526;
(g) Maintain and make available the information required to provide an accounting of disclosures to the Covered Entity” as necessary to satisfy Covered Entity’s obligations under 45 CFR 164.528. Should Business Associate receive a request for an accounting of disclosures from any individual, Business Associate shall forward such request to Covered Entity, and Covered Entity shall, in its sole discretion fulfill such requests as required by applicable law and regulations;
(h) To the extent the Business Associate is to carry out one or more of Covered Entity’s obligation(s) under Subpart E of 45 CFR Part 164, comply with the requirements of Subpart E that apply to the Covered Entity in the performance of such obligation(s); and
(i) Make its internal practices, books, and records available to the Secretary for purposes of determining compliance with the HIPAA Rules.
PERMITTED USES AND DISCLOSURES BY BUSINESS ASSOCIATE
(a) Business Associate may only use or disclose protected health information as necessary to perform its obligations under any Service Agreement between the Parties, subject to the terms of this Agreement.
(b) Business Associate may use or disclose protected health information as required by law.
(c) Business Associate agrees to make uses and disclosures and requests for protected health information consistent with Covered Entity’s minimum necessary policies and procedures.
(d) Business Associate may not use or disclose protected health information in a manner that would violate Subpart E of 45 CFR Part 164 if done by Covered Entity.
TERM AND TERMINATION
(a) Term. This Agreement shall be effective upon your acceptance of the Portal Terms and Conditions Agreement into which it is incorporated, and will continue until either (i) the expiration or termination of all Service Agreements between the Parties, or (ii) termination for cause as authorized in paragraph (b) of this Section.
(b) Termination for Cause. Business Associate authorizes termination of this Agreement by Covered Entity, if Covered Entity determines Business Associate has violated a material term of the Agreement, and Business Associate has not cured the breach or ended the violation within thirty (30) days of receiving written notice of such violation from Covered Entity. Termination of this agreement does not in any manner affect, reduce or eliminate Covered Entity’s payment obligations under any Service Agreement between the Parties.
(c) Obligations of Business Associate Upon Termination. Upon termination of this Agreement for any reason, Business Associate, with respect to protected health information received from Covered Entity, or created, maintained, or received by Business Associate on behalf of Covered Entity, shall:
- Retain only that protected health information which is necessary for Business Associate to carry out its legal responsibilities or otherwise required by law. Business Associate shall continue to use appropriate safeguards and comply with Subpart C of 45 CFR Part 164 with respect to electronic protected health information to prevent use or disclosure of the protected health information;
- Return to Covered Entity or, if agreed to by Covered Entity, certify to the destruction of all other protected health information that the Business Associate still maintains in any form;
- Not use or disclose the protected health information retained by business associate other than for the purposes for which such protected health information was retained;
- Return to Covered Entity [or, if agreed to by Covered Entity, destroy] the protected health information retained by business associate when it is no longer needed by business associate to carry out its legal responsibilities.
(d) Survival. The obligations of Business Associate under this Section shall survive the termination of this Agreement.
Except as expressly stated herein or in HIPAA, the Parties to this Agreement do not intend to create any rights in any third parties. The obligations of Business Associate under this Section shall survive the expiration, termination, or cancellation of this Agreement, the Service Agreements and/or the business relationship of the Parties, and shall continue to bind Business Associate, its agents, employees, contractors, successors, and assigns as set forth herein.
This Agreement sets forth the entire understanding of the parties regarding the subject matter covered herein, and may be modified or amended only by a written Amendment signed by both Parties.
This Agreement will be interpreted and construed in accordance with the laws of the State of Minnesota, and each party agrees to the applicable governing law without regard to choice or conflicts of law rules, and to the exclusive jurisdiction of the applicable courts above.
If any provision of this Agreement is held invalid, illegal or unenforceable in any respect, such invalidity, illegality or unenforceability will not affect any other provisions of this Agreement, and this Agreement will be construed as if such invalid, illegal or unenforceable provision had never been contained herein. Further, if any provision of this Agreement is held to be unenforceable as written, it will be construed, by limiting and reducing it, so as to be enforceable to the extent compatible with applicable law.