Patient360 Passthrough Terms

1. Health Gorilla Pass Through Terms For Patient360 

To provide the Services in the Agreement via the Health Gorilla Technology, Health Gorilla has contracts with both the CommonWell HealthAlliance (“CommonWell”), and The Sequoia Project dba Carequality (“Carequality”,) that require that you accept additional terms and conditions.  These terms and conditions must also be passed along to your Employees, End Users and/or Eligible Users.  Collectively, these Terms and Conditions of Carequality and Terms and Conditions of CommonWell shall constitute the collective “Pass Through Terms.”  Customer is required to accept the most current version of these Terms and Conditions, which can be found at: https://www.commonwellalliance.org/wp-content/uploads/2019/05/CommonWell-EULA-Version-13Jan2021-1.pdf and https://carequality.org/resources/.

The Terms and Conditions are included here as a matter of convenience for your reference:

Commonwell Health End User License Agreement (Effective Date 1/13/2021)

THIS COMMONWELL HEALTH ALLIANCE (“ALLIANCE”) END USER LICENSE AGREEMENT (“EULA”) SETS FORTH THE TERMS AND CONDITIONS BETWEEN ALLIANCE AND AN AUTHORIZED USER OF ITS SERVICES (TOGETHER THE “PARTIES”). BY ACCESSING OR USING THE SERVICES OR RESULTS OF THE SERVICES IN ANY WAY, INCLUDING WITHOUT LIMITATION, USING ALLIANCE NETWORKS, DATA OR OTHERWISE PARTICIPATING IN THE SERVICES, YOU AGREE TO BE BOUND BY THIS EULA. IF YOU DO NOT AGREE TO THE TERMS OF THIS EULA YOU MAY NOT ACCESS OR USE THE SERVICES. IF YOU ARE ENTERING INTO THIS EULA ON BEHALF OF A CORPORATION OR OTHER ENTITY, YOU REPRESENT THAT YOU HAVE THE AUTHORITY TO AGREE TO THE EULA ON BEHALF OF SUCH ENTITY AND THAT SUCH ENTITY AND ITS AFFILIATES ALSO AGREE TO AND ARE BOUND BY THE EULA. IF YOU DO NOT HAVE SUCH AUTHORITY, OR SUCH ENTITY DOES NOT AGREE WITH THESE TERMS, YOU AND THEY MAY NOT USE THE SERVICES. 

The term “Authorized User” means a party that accesses or uses the Services in accordance with an authorized Use Case that has agreed to this EULA either directly or by reference with a party authorized by Alliance or an Authorized User to use this EULA as set forth in Section 2.2. Capitalized terms not otherwise defined in tis EULA are defined in Section 8 of this EULA. Authorized User understands and agrees that this EULA is a legally binding agreement between such party and the Alliance, and that Service Provider is a third-party beneficiary of the EULA. 1 Introduction The Alliance has been established to define and promote a national infrastructure with common standards and policies with regard to its Services that enable trusted data sharing among its Members who participate in the Services, their Authorized Users, and Affiliated Networks on a nation-wide basis. In order to further the foregoing mission, Alliance has procured certain services, through its Service Provider, which is made available to Authorized Users under the terms and conditions of this EULA and terms incorporated herein by reference. Therefore, for good and valuable consideration the sufficiency of which the Parties confirm, the Parties hereby agree to the above and the following terms and conditions. 


2 Required Minimum Terms 

2.1 Minimum Terms. If Authorized User is not an End User, Authorized User shall ensure that this EULA is incorporated in its entirety, either directly or by reference, into a legally binding agreement (“Downstream Agreement(s)”) between Authorized User and any subsequent downstream authorized user (each a “Downstream Authorized User”) before such Downstream Authorized User is allowed access to or provides access to the Services. 

2.2 Application of this EULA. Each Downstream Authorized User and subsequent downstream authorized users that receives this EULA from an Upstream Authorized User shall be deemed the Authorized User as such term is used in this EULA and shall comply with the obligations applicable to Authorized User in this EULA. 

3 Authorized User Obligations 

3.1 Health Data. Authorized User understands and agrees that the Services may involve the exchange of Health Data of Authorized User, and each Licensed User, and others that may submit Health Data involved in an approved Use Case, and that such Health Data may be used and disclosed by Alliance for the operation of the Services. 

3.2 Authority and Consent. Authorized User represents and warrants that: (a) it has all rights and authority necessary to agree to and comply with the use of Health Data as provided in this EULA and applicable Use Cases, (b) all Health Data provided to Alliance and Service Provider or exchanged through the Services by Authorized User and its Licensed User, if any, is provided with the full authority and consent of the owner of such Health Data, and (c) Authorized User shall use or disclose data received from other participants in the Services only in accordance with Applicable Laws, including but not limited to obtaining any and all required consents, and only in accordance with an authorized Use Case. 

3.3 Informed Consent. Authorized User shall provide, or ensure that reasonable and required training is provided, to End Users regarding the use of the Services in accordance with the terms and conditions of this EULA, Alliance Policies, Applicable Law, and any applicable Documentation. Authorized User shall ensure that any and all required Patient and Individual User consents are obtained, and: (a) made with full transparency and education; (b) adequate to allow for all Services approved by the Alliance; (c) made only after the patient has had sufficient time to review educational material; (d) commensurate with circumstances for why health information is exchanged; (e) not used for discriminatory purposes or as a condition for receiving medical treatment; (f) consistent with patient expectations; (g) revocable at any time, and (h) recorded in a manner that allows confirmation of the name of the person and the existence and details of the consent. 

3.4 Limitations of Use. Authorized User understands and agrees that unless expressly authorized in Section 4 (Permissions and Limitations) of this EULA the following are prohibited: (a) marketing, selling, licensing or distributing the Services; (b) licensing or sub-license the Services to any person or entity; (c) renting, leasing, providing access to, or granting a security interest in, or otherwise transferring or attempting to transfer any rights in or to the Services; (d) removing, altering, defacing any legends, restrictions, product identifications, or copyright, trademark or other proprietary notices from the Services or the Alliance Specification, or; (e) reverse engineering or otherwise deriving the source code or the reasonable equivalent thereof, of the Services, or any software related thereto or therein. For the purpose of this Section, the Services include all Service Provider and Alliance materials, software, technologies and Documentation related to the Services. 

3.5 Compliance with Applicable Laws and Alliance Policies. Authorized User shall: (a) use the Services only in accordance with the terms and conditions of this EULA; and (b) be and remain compliant with all Applicable Laws in its use of the Services, including laws that become effective during the use of the Services. 

3.6 Compliance with Alliance Policies. Authorized User represents and warrants that it will, and shall require its Downstream Authorized Users to, comply with all applicable Alliance Policies, including but not limited to the Alliance Data, Security, and Privacy Policy available at www.commonwellalliance.org/data-and-security, where such policies may be updated from time to time. 

3.7 Business Associate Agreements. Authorized User represents and warrants that it has and will maintain a business associate agreement in conformance with Applicable Laws with each Downstream Authorized User that is applicable to and covers the use and disclosure of Health Data for participation in the Services. 

3.8 Account Management. Authorized User, when it access the Services via a log-in portal, shall require each person accessing the Services, through such features, to enter his or her login credentials (“Login Credentials”) in order to access the Services. Authorized Users shall obligate Permitted Users who access the Services through log in portals to comply with this Section 3.8. Authorized User is fully responsible for all uses of Login Credentials issued to or created for or by Authorized User. Authorized User is responsible for authentication and identity management of each person that accesses the Services and to ensure such Login Credentials are unique to each person and that such information remains secure. Authorized User shall ensure that each person accessing clinical data using the Services is properly identified, authenticated and authorized under Applicable Laws to access such Health Data. 

3.9 Breach Detection and Notification. Authorized User shall comply with all applicable breach notification requirements pursuant to 45 CFR § 164.410. Authorized User shall make reasonable efforts to notify Alliance of any Breach of Confidentiality or Security within three (3) days from discovery, and shall report any Breach in accordance with the Alliance Breach Incident Notification Policy available at www.commonwellalliance.org/commonwell-breach-incident-notification-policy. 

3.10 Data Backup. Authorized User is responsible for providing or operating data back-up services, and other procedures and controls appropriate to maintain the integrity and continuity of their operations, including the protection of their data and PHI and of their End Users. 

3.11 Carequality Services. The Services may include products and services to Authorized User which involve access to, use of, and re-disclosure of information that the Alliance obtains by virtue of being a Carequality Implementer (“Carequality Services.”). If Authorized User has access to or uses Carequality Services, Authorized User hereby agrees that: (a) with regards to such Carequality Services, Authorized User agrees to and shall comply with the Carequality Connection Terms; (b) acknowledges that the Carequality Connection Terms constitute a binding written agreement between Authorized User and Alliance, and (c) Authorized User consents and has adequate authority to consent to Authorized User and its Licensed Users (that use Carequality services) to participate in the Carequality Services, including but not limited to any applicable Exchange Activity (as that term is defined in the Carequality Connection Terms). “Carequality Connection Terms” means the Carequality terms and conditions, as updated from time to time and available from Carequality here: Carequality here: https://carequality.org/resources/. For the purpose of this EULA “Carequality Implementer” has the meaning provided in the Carequality Connection Terms. 

3.12 ROI Services. 

3.12.1 If Authorized User participates in the ROI Services as a Data Retrieval Vendor under a ROI Use Case, Authorized User represents and warrants that it shall copy with the following terms (“ROI Connection Terms”): 

3.12.1.1 Authorized User shall be certified in accordance with the ROI Certification Process prior to participation (such certified Authorized User to be referred to as “ROI Member”), and; 

3.12.1.2 Authorized User represents and warrants that it: (i) has obtained and stored all necessary directives, consents and authorizations required under Applicable Law for the use and disclosure of PHI in accordance with the applicable ROI Use Case, and (ii) shall not direct the use and disclosure of PHI as otherwise prohibited by the applicable Use Case or Applicable Law. 

3.12.2 Where Authorized User provides ROI Services to Downstream Authorized Users, it represents and warrants that it shall include the ROI Connection Terms, and the following in its Downstream Agreements: 

3.12.2.1 The ROI Connection Terms constitute a binding written agreement between such ROI Member andAlliance, and; 

3.12.2.2 Service Provider and Alliance shall be third-party beneficiaries of the payment terms between Authorized User and any Data Retrieval Vendor and any Data Requestor. 

3.13 Connectors. If Authorized User will be operating as a Connector, Authorized User represents and warrants that it shall comply with the following terms (“Connector Terms”): 

3.13.1 When required for a Use Case, Authorized User will be certified pursuant to a mutually approved Connector Certification Process for the applicable Use Case prior to participation (such certified Authorized User to be referred to as “Connector”), and; 

3.13.2 Authorized User represents and warrants that it: (i) has obtained and stored all necessary directives, consents and authorizations required under Applicable Law for the use and disclosure of PHI in accordance with a Connector Use Case, and (ii) shall not direct the use and disclosure of PHI except as permitted by the Connector Use Case. 

3.13.3 Authorized User represents and warrants that it shall inform Alliance of its connections on a monthly basis, using an approved report format, such report to include a directory of all applicable Downstream Authorized Users. 

4 Permissions and Limitations 

4.1 License to Authorized User. Conditioned upon compliance with the terms and conditions of this EULA, Authorized User is hereby granted a limited, nonexclusive, non-transferable, non-sublicensable license to access the Services, only for purposes approved by the Alliance in an approved Use Case, and to allow access to the Services by Licensed Users and Downstream Authorized Users in accordance with an approved Use Case. 

4.2 License to Licensed Users. Conditioned upon compliance with the terms and conditions of this EULA, Licensed User is hereby granted a limited, nonexclusive, non-transferable, non-sublicensable, license, to access and use the Services, only for purposes approved by the Alliance in an approved Use Case, and only for its own internal or individual use. 

 4.3 Alliance License to use Data and PHI. Authorized User(s) grants Alliance the right to use data, including but not limited to Data, PHI and de-identified PHI acquired through the Services, solely to provide the Services, and solely for the benefit of the Alliance and the Services, and for system administration of the Services within the scope of the EULA, and for no other purpose. Notwithstanding the foregoing, nothing herein shall be deemed to restrict Alliance from using Data and PHI to improve or enhance the Services, and to provide the Services in accordance with approved Use Cases. Alliance may de-identify PHI and store Health Data and de-identified PHI for the sole purposes of performance testing, monitoring, trouble shooting, and improving the Services. For the avoidance of doubt, any reference to Alliance in Section 4 shall mean Alliance and its Service Provider(s). 

4.4 Alliance Data Use Limitations. Without limitation, except as permitted in Section 4 or otherwise permitted by the EULA, Alliance shall not modify, transform, conduct analysis on, or otherwise use Data and PHI in any manner except as necessary to provide the Services. 

4.5 Limited License to Alliance Marks. Subject to the terms and conditions of this EULA, Alliance grants Authorized User a non-exclusive, non-transferable right to use and display the Alliance trademarks and service marks provided by Alliance, as may be updated from time to time in Alliance’s sole discretion (the “Alliance Marks”), to advertise and promote the Services and otherwise as necessary or appropriate for Authorized User to exercise its rights or perform its obligations under this EULA, all subject to Authorized User’s compliance with the Alliance’s Trademark Usage Guidelines, available on request, as may be modified from time to time. Authorized User acknowledges and agrees that Alliance owns the Alliance Marks and that any and all goodwill and other proprietary rights that are created by or that result from Authorized User’s use of the Alliance Marks inure solely to the benefit of Alliance. All use of Alliance Marks are at the sole discretion of the Alliance, and Alliance has the sole and exclusive right to deny the use of Alliance Marks by any party. 

4.6 Limited License to Authorized User Marks. Subject to the terms and conditions of this EULA, Authorized User grants Alliance a non-exclusive, non-transferable right to use and display the Authorized User trademarks and service marks provided or made available by Authorized User, as may be updated from time to time in Authorized User’s sole discretion (the “Authorized User Marks”), to advertise and promote the Services and otherwise as necessary or appropriate for Alliance to exercise its rights or perform its obligations under this EULA. Alliance acknowledges and agrees that Authorized User owns the Authorized User Marks and that any and all goodwill and other proprietary rights that are created by or that result from Alliance’s use of the Authorized User Marks inure solely to the benefit of Authorized User. 

4.7 Retention of Rights and Termination of License. The Services are licensed and not sold. Except for the rights specifically granted in Section 4, Service Provider, Alliance, and their licensors retain all rights title and interest in and to their Intellectual Property, and there are no implied licenses thereto, whether implied, statutory, or otherwise. The Services and all additions or modifications to the Services, including derivative works thereof, all Intellectual Property rights associated therewith, are the sole and exclusive property of Alliance and Service Provider, or their licensors. Any license granted in Section 4 of this EULA shall automatically lapse in the event of a breach or any of the terms and conditions of this EULA, including but not limited to a breach of Section 3.4 (Limitations of Use). 

5 Suspension of Services 

Alliance and Service Provider each retain the right to suspend or terminate the Services provided to Authorized User or any Licensed User at any time in the event that Authorized User or Licensed User is not in material compliance with this EULA, or where such suspension is determined at the sole discretion of Alliance to be in the best interest of the Alliance, its Members, Authorized Users, or to protect the performance, integrity or security of the Services. 


6 Disclaimers and Limitations of Liability 

6.1 Alliance disclaims all representations and warranties with regards to the accuracy and or completeness of any Data and Health Data provided or accessed through the Services. 

6.2 Health Data, including content, disclosed or received through the Services may not be a complete clinical record or history with respect to any individual, and any such data or content is not a substitute for a healthcare provider’s professional judgment for or in the proper treatment of a patient. It is the responsibility of any treating Provider to confirm the accuracy and completeness of any Health Data or clinical records used for treatment purposes and it is the responsibility of the Provider to obtain whatever information the provider deems necessary, in his/her professional judgment, for the proper treatment of a patient. 

6.3 Providers are solely responsible for any decisions or actions taken involving patient care or patient care management, whether or not those decisions or actions were made or taken using information received through the Services, and Alliance assumes no responsibility or role in the care of any Patient or Individual User. 

6.4 Notice to Individual Users. If the End User is an Individual User, all Data and Health Data is provided to such individual on an as-is, as available basis, with no warranty of any kind, and for information purposes only. Neither the Services nor any Data or Health Data provided in or through the Services shall be deemed medical advice or medical care. 

6.5 LIMITATION OF LIABILITY. IN NO EVENT WILL ALLIANCE OR SERVICE PROVIDER BE LIABLE TO AUTHORIZED USER, LICENSED USERS, INDIVIDUAL USERS, OR ANY OTHER PARTY, UNDER, IN CONNECTION WITH, OR RELATED TO THE EULA OR THE SERVICES, INCLUDING FOR ANY SPECIAL, INCIDENTAL, INDIRECT, OR CONSEQUENTIAL DAMAGES OF ANY KIND, INCLUDING, BUT NOT LIMITED TO, LOST PROFITS OR LOSS OF GOODWILL, LOST DATA, WHETHER BASED ON BREACH OF CONTRACT, WARRANTY, TORT, PRODUCT LIABILITY, OR OTHERWISE, AND WHETHER OR NOT ALLIANCE OR SERVICE PROVIDER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ALLIANCE AND SERVICE PROVIDER’S ENTIRE AGGREGATE, CUMULATIVE LIABILITY FOR ANY AND ALL LOSS OR DAMAGE, DIRECT OR INDIRECT, FOR ANY CAUSE WHATSOEVER AND REGARDLESS OF THE FORM OF ACTION, RELATED TO THE EULA AND THE SERVICES, OR USE THEREOF, SHALL BE LIMITED TO $5,000 (USD). 

6.6 THE ALLIANCE AND SERVICE PROVIDER CANNOT REVIEW OR CONFIRM THE ACCURACY OF DATA, HEALTH DATA, OR PHI THAT IS USED IN THE SERVICES. THEREFORE, THE SERVICES AND ANY DATA IN OR ACCESSED THROUGH THE SERVICES ARE PROVIDED ON AN "AS-IS" AND "AS-AVAILABLE" BASIS. ALLIANCE AND SERVICES PROVIDER EXPRESSLY DISCLAIM ALL WARRANTIES OF ANY KIND, WHATSOEVER, WHETHER EXPRESS OR IMPLIED, OR OTHERWISE, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT OF INTELLECTUAL PROPERTY WITH RESPECT TO THE SERVICES, INCLUDING THE RESULTS OF THE SERVICES. 

ALLIANCE AND SERVICE PROVIDER MAKE NO WARRANTIES AND DISCLAIM ALL WARRANTIES THAT: (A) THE SERVICES WILL BE AVAILABLE ON AN UNINTERRUPTED, TIMELY, SECURE, OR ERROR-FREE BASIS; (B) ANY RESULTS OBTAINED FROM THE USE OF THE SERVICES WILL BE ACCURATE OR RELIABLE; (C) THE SERVICES WILL MEET A USER’S REQUIREMENTS. ANY HEALTH DATA, DATA, OR PHI ACCESSED OR OTHERWISE OBTAINED ON OR THROUGH THE USE OF THE SERVICES ARE AT AUTHORIZED USER’S, INDIVIDUAL USER’S, AND ANY OTHER USERS’ OWN DISCRETION AND RISK. ALLIANCE RESERVES THE RIGHT TO MODIFY OR DISCONTINUE THE SERVICES WITHOUT NOTICE AND SHALL NOT BE LIABLE FOR ANY LOSS OR DAMAGES RESULTING THEREFROM. 

7 General Terms 

7.1 Certification. At Alliance’s written request, Authorized User will furnish Alliance with a certification signed by an officer of Authorized User verifying that Authorized User is in compliance with the terms and conditions of this EULA including with regards to any payment terms or obligations. At Alliance’s request, Authorized User will furnish Alliance with any detail or documentation supporting such certification, as reasonably requested by Alliance. 

7.2 Export Control. This EULA is subject to governmental laws, orders and other restrictions regarding the export, import, re-export or use (“Control Laws”) of the Services and Documentation, including technical data and related information (“Regulated Materials”). Authorized User shall comply, and Authorized User shall cause its Downstream Authorized Users to comply, with all Control Laws relating to the Regulated Materials in effect in, or which may be imposed from time to time by, the United States or any country into which any Regulated Materials are shipped, transferred, or released. 

7.3 Insurance. Authorized User agrees, at its own expense, to maintain policies as follows: (a) commercial general liability insurance with a minimum limit of $3,000,000 per occurrence and $3,000,000 annual aggregate; (b) professional errors and omissions liability insurance with $3,000,000 per claim and $3,000,000 annual aggregate; and (c) cyber and HIPAA cyber insurance liability insurance with $3,000,000 per claim and $3,000,000 annual aggregate. 

7.4 Books and Records. If required by Section 952 of the Omnibus Reconciliation Act of 1980, 42 U.S.C. Section 1395x(v)(1)(1), for a period of four years after the Services are furnished, each Party agrees to make available, upon the written request of the Secretary of Health and Human Services, the Comptroller General, or their representatives, this EULA and such books, documents, and records as may be necessary to verify the nature and extent of the Services with a value or cost of $10,000 or more over a twelve month period. 

7.5 Governing Law and Venue. This EULA is governed by and will be construed in accordance with the laws of the State of Delaware, exclusive of its rules governing choice of law and conflict of laws and any version of the Uniform Commercial Code. 

7.6 Assignment. Authorized User may not transfer, assign, sublicense or otherwise delegate any of its rights or obligations under this EULA, by operation of law or otherwise. 

7.7 Severability. If any part of a provision of this EULA is found illegal or unenforceable, it will be enforced to the maximum extent permissible, and the legality and enforceability of the remainder of that provision and all other provisions of this EULA will not be affected. 

7.8 Construction of Agreement. This EULA will not be presumptively construed for or against any party. 

7.9 Order of Precedence. In the event of any conflict or inconsistency between or among Applicable Law, this EULA, Downstream Agreements, and Alliance Policies, the following shall be the order of precedence to the extent of such conflict or inconsistency: (i) Applicable Law, (ii) this EULA, (iii) Alliance Policies, (iv) applicable Downstream Authorized User Agreement, then (v) any other terms and conditions. 

7.10 Entire Agreement. This EULA, including the Policies and documents incorporated by reference, constitute the complete and exclusive agreement between the Parties with respect to the subject matter hereof, superseding and replacing all prior agreements, communications, and understandings (written and oral) regarding its subject matter, including without limitation any letter of intent executed between the Parties. 


8 Definitions. In addition to terms defined elsewhere in this EULA, the following defined terms shall apply: 

“Affiliated Networks” means networks that operate with or connect to the Alliance Services and/or network, including those currently existing and those that may come to exist in the future. 

“Alliance Policies” means all policies approved by the Alliance relating to the Alliance or the Services, as updated from time to time. 

“Alliance Specification” means each document designated a “CommonWell Health Alliance Specification” as finally adopted and approved by the Alliance. The most current version of the Alliance Specification may be obtained here: https://www.commonwellalliance.org/connect-to-the-network/use-cases-andspecifications/ 

“Applicable Laws” means all laws (including common law), statutes, rules, regulations, ordinances, formal written guidance, codes, permits and other authorizations and approvals having the effect of law of the United States, any applicable foreign country or any domestic or foreign state, county, city or other political subdivision, including without limitation agreements and operating procedures required to operate with any government agency or government sponsored healthcare exchange. 

“Breach” has the meaning provided for in 45 CFR 164.402 (Definitions, effective March 26, 2013; 78 Federal Register 5695) or its successor.

 “Breach of Confidentiality or Security” means an incident that compromises the security or privacy of information of Alliance, Service Provider, or any Member.

 “Connector” means a Member that contracts directly with an EHR Vendor in a manner that allows the EHR Vendor to allow its customers access to the Services. 

“Connector Use Case” means a Use Case authorizing an Authorized User to participate in a service involving a Connector. 

“Data” means the information and files that an Authorized User may receive from or deliver to Alliance, or a Service Provider, through the Services, but not PHI. 

“Data Requestor” means an entity requesting clinical data pursuant to an approved ROI Use Case. 

“Data Retrieval Vendor” means a ROI Member who contracts with a Data Requestor to fulfil health record requests through the ROI Services. 

“Documentation” means the user documentation containing the operational, functional, or technical descriptions of the Services as may be modified from time to time by Alliance or Service Provider. 

“Downstream Authorized User” means a party with a written agreement directly with an Authorized User requiring compliance with this EULA, and each subsequent Downstream Authorized User. 

“EHR Vendor” or “EHR” means an electronic health records provider, or as it relates to ROI Services, it means an ROI Member that provides the Alliance with access to a patient record. 

“End User” means the last person or party in the chain of Authorized Users in an authorized Use Case, which may be a Provider, Individual User, or other final consumer of the Services in accordance with an approved Use Case. 

“Health Data” means health information, including information and PHI that is received, transmitted, stored or maintained through the Services. 

“HIPAA” means the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations.

 “Individual User” means an individual that uses the Services on an individual basis, and where such individual is not a Patient, for example a PHR user or Licensed User. 

“Intellectual Property” means all forms of legal rights and protections in any country of the world regarding intellectual property rights, including all right, title and interest arising under common and statutory law to all: patents, trademarks, copyrights, trade secrets, and other industrial property rights and other rights to inventions or designs, and all applications, registrations, issuances, divisions, continuations, continuation in-part, renewals, reissuances and extensions of the foregoing. 

“Licensed User(s)” means a third party authorized by an Authorized User to accesses or use the Services in accordance with an authorized Alliance Use Case.

 “Member” means legal entity that is a party to a valid Alliance Membership Agreement with Alliance. 

“Patient” means an individual that has access to or is a recipient of the Services through or on behalf of a Provider.

 “Permitted User(s)” means users permitted by Authorized User to access or use the Services on behalf of Authorized User or its Licensed Users, including Authorized User personnel who access the Services through Login Credentials in order to access the Services. Authorized User is responsible for its Permitted Users compliance with this EULA. 

“Personal Health Record” or “PHR” means is an electronic application through which Individual Users can access, maintain and/or manage their health information. 

“Provider” means a healthcare provider facility, practice group, physician (including any individual or legal entity), or other health care provider permitted by a Authorized User to access the Services or any enrollment user interface to utilize the Services. 

“Protected Health Information” or “PHI” means will have the same meaning as the term “protected health information” in 45 C.F.R. § 160.103, as applied to the information created, received, maintained or transmitted by Alliance on behalf of its Members. All references to PHI include Electronic PHI. 

“ROI Certification Process” means the process by which new ROI Members certify compliance with the ROI Services Connection Terms. Service Provider shall be responsible for certification, onboarding, and setup support for ROI Members.

 “ROI Services” means services related to requests for patient data in accordance with an approve Use Case, for example fulfillment of payer requests for patient data. 

“Services” means the services approved and offered by or on behalf of the Alliance in accordance with an approved Use Case. Services may also include offerings from Affiliated Networks.

 “Service Provider” means a party that Alliance has contracted with to provide the Services (or a subset of the Services). 

“Upstream Authorized User” means the upstream party from whom the Downstream Authorized User receives this EULA and the right to receive or use the Services pursuant to a Use Case. 

“Use Case” means a use case approved by the Alliance, as further defined in the Alliance Specification, including a list of technical specifications, obligations, and events, necessary to implement a compliant implementation of such use case. 


Carequality Connection Terms (Effective 08/01/2022)

As used herein, “Organization” refers to the Carequality Connection upon which these Carequality Connection Terms are binding and “Sponsoring Implementer” refers to the party that is imposing these Carequality Connection Terms on Organization. Organization and Sponsoring Implementer may be referred to in this Agreement as a “Party” or referred to collectively as “Parties.”


1. Definitions: As used herein, the following terms have the following meanings: 

1.1. Adverse Security Event: The unauthorized acquisition, access, disclosure, or use of individually identifiable health information (as defined in the HIPAA Regulations) while such information is being transmitted between Implementers or Carequality Connections as specified by a Carequality Implementation Guide and pursuant to a valid CCA or Carequality Connection Terms, as applicable, but shall not include (i) any unauthorized acquisition, access, disclosure or use of encrypted data; (ii) any unintentional acquisition, access, disclosure, or use of health information if (I) such acquisition, access, disclosure, or use was made in good faith and within the course and scope of the employment, or if not an employee, as a member of the workforce of an End User; and (II) such health information is not further acquired, accessed, disclosed or used by the End User; or (iii) any acquisition, access, disclosure or use of information that was not directly related to use of the Carequality Elements. 

1.2. Applicable Law: (i) If Organization is not a Federal agency, all applicable statutes and regulations of the State(s) or jurisdiction(s) in which Organization operates, as well as all applicable Federal statutes, and regulations; or (ii) if Organization is a Federal agency, all applicable Federal statutes, regulations, standards and policy requirements of the Organization agency. 

1.3. Business Associate: An organization that is defined as a “business associate” in 45 C.F.R. § 160.103 of the HIPAA Regulations. 

1.4. Business Day(s): Monday through Friday excluding federal or state holidays. 

1.5. Carequality Connection: An organization that is properly listed in the Carequality Directory in accordance with the requirements of Section 15 of the CCA. 

1.6. Carequality Directory: A set of information that includes entries for all organizations who have been accepted as Carequality Implementers, along with those organizations’ Carequality Connections, which serves as the definitive reference for identifying those organizations who are valid participants in exchange activities through the Carequality Elements, and for obtaining the information needed to establish technical connectivity with such organizations. 

1.7. Carequality Elements: Those elements that have been adopted by Carequality to support widespread interoperability among Implementers including, but not limited to, the Carequality Connected Agreement, the Carequality Connection Terms, the Carequality Directory, Implementation Guides, and the Carequality Policies. 

1.8. Carequality Policies: Those policies and procedures adopted by Carequality which are binding on Carequality, Implementers, Carequality Connections or all of them.  

1.9. Carequality Use Case: A combination of a set of functional needs and a particular technical architecture for addressing those needs, for which the Carequality Steering Committee (“Steering Committee”) has adopted an Implementation Guide. 

1.10. Confidential Information: Proprietary or confidential materials or information of a Discloser in any medium or format that a Discloser labels as such upon disclosure or given the nature of the information or the circumstances surrounding its disclosure, reasonably should be considered confidential. With respect to Carequality, Confidential Information also includes those components of the Carequality Elements that the Carequality Steering Committee determines should be labeled Confidential. Notwithstanding any label to the contrary, Confidential Information does not include any Contribution (even if included in a Carequality Element); any information which is or becomes known publicly through no fault of a Recipient; is learned of by a Recipient from a third party entitled to disclose it; is already known to a Recipient before receipt from a Discloser as documented by the Recipient’s written records; or, is independently developed by Recipient without reference to, reliance on, or use of, Discloser’s Confidential Information. 

1.11. Contribution: Any submission by a Discloser to Carequality intended by the Discloser to be considered for inclusion in any of the Carequality Elements, including comments submitted on any media, oral discussions at meetings of any work group, committee or sub-committee or other types of submissions. 

1.12. Covered Entity: An organization that is defined as a “covered entity” in 45 C.F.R. § 160.103 of the HIPAA Regulations. 

1.13. Discloser: The entity that discloses Confidential Information to a Recipient. 

1.14. Dispute: Any controversy, dispute, or disagreement arising out of or relating to the interpretation or implementation of the Carequality Elements. 

1.15. End User: An individual or program generating a request for information, responding to a request for information, publishing information to a list of recipients or receiving published information through the Carequality Elements. 

1.16. Exchange Activity: Any use of the capability provided or supported by the Carequality Elements to exchange information among Implementers or their Carequality Connection. 

1.17. Governmental Entity: A local, state or Federal agency. 

1.18. HIPAA Regulations: The Standards for Privacy of Individually Identifiable Health Information and the Security Standards for the Protection of Electronic Protected Health Information (45 C.F.R. Parts 160 and 164) promulgated by the U.S. Department of Health and Human Services under the Health Insurance Portability and Accountability Act (HIPAA) of 1996, as in effect on the effective date of the Enforcing Agreement and as may be amended, modified, or renumbered. 

1.19. Implementation Guide: A guide adopted by Carequality that sets forth the technical specifications and additional business rules that apply to Implementers and Carequality Connections who declare support for a specific Carequality Use Case. Additional business rules will include, but not be limited to, permitted purposes for the Carequality Use Case, roles associated with the Carequality Use Case and specifications on compliance with Section 8 of these Carequality Connection Terms (“NonDiscrimination”). 

1.20. Implementer: An organization that has signed the Carequality Connected Agreement and been accepted as such by Carequality. 

1.21. Organization Business Rule: A data sharing restriction that Organization has adopted for itself and its End Users. An Organization Business Rule may only be based on a policy decision that Organization has made with respect to the handling of patient data identified as clinically or legally sensitive, or to the consent or authorization that is required to share data with other Implementers and Carequality Connections. It is not necessary that the Organization Business Rule be required by Applicable Law or be based on Applicable Law.

1.22. Organization: The Carequality Connection on which these Carequality Connection Terms are binding. 

1.23. Recipient: The entity that receives Confidential Information from a Discloser. 

1.24. Sponsoring Implementer: The entity that is a party to the Carequality Connected Agreement and is ensuring that these Carequality Connection Terms are legally binding on Organization, either directly through contract or some other appropriate relationship with Organization, or by relying on one or more intermediaries. This term is used to distinguish this specific entity from other Implementers, and applies to that entity both during the period in which it is seeking to attain Implementer status, and after it is accepted as an Implementer. 

2. Recognition as a Carequality Connection

2.1. Organization. Upon Sponsoring Implementer determining to its satisfaction that Organization has met the requirements to be a Carequality Connection, and Sponsoring Implementer’s inclusion of Organization in the Carequality Directory, Organization shall be recognized as a Carequality Connection, subject to all obligations, terms and conditions contained herein and entitled to all rights and benefits conferred upon Carequality Connections including, but not limited to, inclusion in the Carequality Directory. 

2.2. Sub-Organization Entities. Sponsoring Implementer may delegate to Organization the authority to identify to Carequality those of Organization’s subsidiary and related entities that Organization wishes to be listed in the Carequality directory as Carequality Connections of Sponsoring Implementer (“SubOrganization Entities”). Such entities include, but are not limited to, separately branded business divisions, individual hospitals, individual clinics or medical offices, and otherwise-unaffiliated entities who contract with Organization for use of Organization’s electronic health record system. For all SubOrganization Entities that Organization identifies, it shall ensure that each Sub-Organization Entity is legally required to comply with these CC Terms. In addition, Organization shall work cooperatively with Sponsoring Implementer to assure that its Sub-Organization Entities are not already listed in the Carequality Directory by another Carequality Implementer. 

3. Suspension and Termination. 

3.1. Suspension. Sponsoring Implementer or Carequality may suspend Organization’s ability to participate in any exchange activity under the Carequality Connection Terms in the event that Sponsoring Implementer or Carequality determines, following completion of a preliminary investigation, that (i) Organization has breached a material provision of these Carequality Connection Terms and failed to cure such breach within fifteen (15) days or such other period of time that the Parties have agreed to, of receiving notice of same; or (ii) there is a substantial likelihood that Organization’s acts or omissions create an immediate threat or will cause irreparable harm to Carequality, Sponsoring Implementer, another Implementer, Carequality Connection, End User or individual (collectively, a “Threat Condition”). Organization may provide notice to Sponsoring Implementer that it wishes to temporarily remove itself from the Carequality Directory in the event that Organization or any of Organization’s End Users cannot comply with these Carequality Connection Terms. 

 3.2. Termination. Sponsoring Implementer may terminate Organization’s status as a Carequality Connection with immediate effect by giving notice to Organization if: (i) Organization is in material breach of any of these Carequality Connection Terms and fails to remedy such breach within 30 days after receiving notice of such breach; or (ii) Organization breaches a material provision of these Carequality Connection Terms where such breach is not capable of remedy. Subject to the terms of any agreement between Organization and Sponsoring Implementer, Organization may voluntarily terminate its status as a Carequality Connection at any time by providing written notice to Sponsoring Implementer and to Carequality at least 60 prior to the effective date of the termination. The notice shall indicate the reason(s) for Organization deciding to terminate its status as a Carequality Connection. If Organization is a U.S. federal agency, then the Contract Disputes Act (“CDA”), 41 U.S.C. sections 7101 et seq., shall govern alleged breaches under these Carequality Connection Terms. 

4. Legal Requirements. Organization shall, at all times, fully comply with all Applicable Law relating to these Carequality Connection Terms and the use of the Carequality Elements. To further support the privacy, confidentiality, and security of health information exchanged pursuant to these Carequality Connection Terms, Organization agrees that when acting as a Carequality Connection, it will comply with the provisions of the HIPAA Regulations that are applicable to Business Associates as a minimum contractual standard of conduct even if Organization is not a Covered Entity, a Business Associate, or a Governmental Entity. Notwithstanding any provision of these Carequality Connection Terms to the contrary, an Organization that is a federal agency and is not otherwise subject to the HIPAA Regulations shall not be required to comply with the HIPAA Regulations under these Carequality Connection Terms. 

5. Compliance with the Implementation. Guides and Carequality Policies. Organization shall implement and maintain support of at least one Carequality Use Case and shall indicate to Sponsoring Implementer the Organization’s role in such Carequality Use Case (“Carequality Use Case Role”). For all Carequality Use Cases supported by Organization, Organization shall comply with all components (unless such components are designated as optional) set forth in the applicable Implementation Guide that apply to (i) the Organization’s Carequality Use Case Role or (ii) all Carequality Connections. Organization is encouraged, but not required, to comply with all optional components of the applicable Implementation Guide(s). Organization also agrees that, if it is not in compliance with all applicable components of the Implementation Guide(s) and all Carequality Policies applicable to Carequality Connections, Sponsoring Implementer may exercise its right to suspend Organization in accordance with Section 3.1. Notwithstanding any provision of these Carequality Connection Terms to the contrary, if Organization is a U.S. federal agency, no change in policies or procedures shall apply to such agency until the agency has received 60 days’ prior written notice of the change and has assented in writing to the change. If the agency does not assent or does not object based on federal law to the change(s) in writing within 60 days, the change(s) shall apply to the agency. In the event of an agency objection based on federal law, if the objection is not resolved prior to the effective date of the change(s) to which the agency objects, the agency may voluntarily and/or selectively suspend participation or Carequality may suspend the agency if the agency is unable to comply with the change(s) pending continued efforts to reach a resolution. 

6. Non-Discrimination. With respect to Implementers and Implementers’ Carequality Connections that have implemented the same Carequality Use Case as Organization and Organization’s End Users, neither Organization nor its End Users shall unfairly or unreasonably limit exchange or interoperability with such Implementers or their Carequality Connections. Each Carequality Use Case’s Implementation Guide will provide specific requirements for compliance with this requirement in the context of that Carequality Use Case. 

7. Organization Autonomy. To the extent that Organization has adopted Organization Business Rules, Organization is permitted to continue acting in accordance with such Organization Business Rules, even if 23 they restrict Organization’s ability to support exchange of information with other Implementers or Carequality Connections or to meet the requirements of Section 6 above, provided that Organization applies such Organization Business Rules consistently with respect to other Implementers and Carequality Connections and the Organization Business Rules do not impose conditions that would unfairly or unreasonably limit interoperability. 

8. Accountability. 

8.1. Organization Accountability. Organization shall be responsible for any harm to Carequality, its Sponsoring Implementer, other Carequality Connections of its Sponsoring Implementer, other Implementers and their Carequality Connections which harm is caused by Organization’s, or its End Users, acts and omissions. Organization shall not be responsible for the acts or omissions of any Implementer or other Carequality Connection. Notwithstanding any provision in these Carequality Connection Terms to the contrary, Organization shall not be liable for any act or omission if a cause of action for such act or omission is otherwise prohibited by Applicable Law. This section shall not be construed as a hold harmless or indemnification provision. 

8.2. Carequality Accountability. Organization will not hold Carequality, or anyone acting on its behalf, including but not limited to members of the Steering Committee, Advisory Council, Dispute Resolution Panel or any work group, or subcommittee, of any of these or Carequality’s contractors, employees or agents liable for any damages, losses, liabilities or injuries arising from or related to these Carequality Connection Terms. This section shall not be construed as an indemnification provision. 

8.3. Limitation on Liability. Notwithstanding anything in these Carequality Connection Terms to the contrary excluding section 

8.4, in no event shall Carequality’s, Sponsoring Implementer’s or Organization’s total liability to each other and all third party beneficiaries arising from or relating to these Carequality Connection Terms exceed an aggregate amount equal to three million dollars ($3,000,000), whether a claim for any such liability or damages is premised upon breach of contract, breach of warranty, negligence, strict liability, or any other theories of liability, even if the entity whose conduct creates the liability has been apprised of the possibility or likelihood of such damages occurring. 8.4. Federal agencies. Notwithstanding any provision of these Carequality Connection Terms to the contrary, if Organization is a U.S. federal agency nothing in these Carequality Connection Terms shall be construed to limit in any way the sovereign immunity enjoyed by federal agencies or to limit the ability of the federal agency to seek to recover damages from Carequality, Implementers, or their Carequality Connections. 

9. Dispute Resolution

9.1. Organization acknowledges that it may be in its best interest to resolve Disputes between or among Organization, or its End Users, and Carequality, other Implementers or their Carequality Connections through a collaborative, collegial process rather than through civil litigation. Organization has reached this conclusion based upon the fact that the legal and factual issues involved in these Carequality Connection Terms are unique, novel, and complex and limited case law exists which addresses the legal issues that could arise from these Carequality Connection Terms or the Enforcing Agreement. Organization acknowledges that Carequality has adopted a Dispute Resolution Process which Organization agrees to follow. Further, Organization agrees to use its best efforts to resolve Disputes with Carequality, other Carequality Connections and their Implementers or with another Implementer directly if the Dispute does not involve another Implementers’ Carequality Connections, through discussions with those involved in such Dispute before even submitting the Dispute to its Implementer pursuant to the Dispute Resolution Process. If Organization requires assistance in identifying contact information for another Carequality Connection, or an Implementer, it shall seek that assistance from Sponsoring Implementer. 

9.2. If, despite using its best efforts, Organization cannot resolve any Dispute through discussions with the other parties involved, then Organization will notify the Sponsoring Implementer of the Dispute and request that the Implementer initiate the Dispute Resolution Process. Organization is required to undertake these efforts in the event of a Dispute before seeking any other recourse. 

9.3. Notwithstanding the above, Organization may be relieved of its obligation to participate in the Dispute Resolution Process if Organization (i) believes that another Implementer’s or Carequality Connection’s act or omission will cause irreparable harm to Organization or another organization or individual (e.g. Implementer, Carequality Connection, End User or consumer) and (ii) pursues immediate injunctive relief against such Implementer or Carequality Connection in a court of competent jurisdiction. Organization must inform its Sponsoring Implementer of such action within two business days of filing for the injunctive relief and of the result of the action within 24 hours of learning of same. If the injunctive relief sought is not granted and Organization chooses to pursue the Dispute, the Dispute must be submitted to the Organization’s Sponsoring Implementer in accordance with the Dispute Resolution Process so that the Sponsoring Implementer can determine next steps. 

10. Cooperation. Organization understands and acknowledges that numerous activities with respect to Carequality shall likely involve its Sponsoring Implementer, other Implementers and their Carequality Connections, employees, agents, and third party contractors, vendors, or consultants. To the extent not legally prohibited, Organization shall: (a) respond in a timely manner to inquiries from Carequality, its Sponsoring Implementer, other Implementers or their Carequality Connections about possible issues related to the Carequality Use Case(s) in which Organization is involved; (b) collaboratively participate in discussions coordinated by Carequality to address differing interpretations of requirements set forth in an applicable Implementation Guide(s) prior to pursuing the Dispute Resolution Process; (c) make reasonable efforts to notify its Sponsoring Implementer when persistent and widespread connectivity failures are occurring with its Sponsoring Implementer or with other Implementers or their Carequality Connections, so that all those affected can investigate the problems and identify the root cause(s) of the connectivity failures; (d) work cooperatively, including without limitation facilitating contact with other Implementers or their Carequality Connections, to address the root cause(s) of persistent and widespread connectivity failures; (e) subject to Organization’s right to restrict or condition its cooperation or disclosure of information in the interest of preserving privileges in any foreseeable dispute or litigation or protecting Organization’s confidential information, provide reasonable information to others in support of collaborative efforts to resolve issues or Disputes; (f) provide information and other relevant assistance to Sponsoring Implementer in connection with this Section 10; and (g) subject to Organization’s right to restrict or condition its cooperation or disclosure of information in the interest of preserving privileges in any foreseeable litigation or protecting Organization’s Confidential Information, provide reasonable information to aid the efforts of Organization’s Sponsoring Implementer, other Implementers or their Carequality Connections to understand, contain, and mitigate an Adverse Security Event, at the request of such Implementer or Carequality Connection. In no case shall Organization be required to disclose individually identifiable health information in violation of Applicable Law. In seeking another’s cooperation, Organization shall make all reasonable efforts to accommodate the other’s schedules and reasonable operational concerns. 

11. Adverse Security Event Reporting. 

11.1. As soon as reasonably practicable, but no later than five (5) business days after determining that an Adverse Security Event has occurred and is likely to have an adverse impact on an Implementer(s) 25 or Carequality Connection(s), Organization shall provide Sponsoring Implementer with notification of the Event through the notification protocol specified by Sponsoring Implementer. The notification should include sufficient information for Sponsoring Implementer to understand the nature of the Adverse Security Event and identify other Implementers or Carequality Connections that may be impacted by the Adverse Security Event. Notwithstanding the foregoing, Organization agrees that (a) within one (1) hour of learning that an Adverse Security Event occurred and that such Event may involve an Implementer or Carequality Connection that is a Federal agency, it shall alert the Federal agency in accordance with the procedures and contacts provided by such Federal agency, and (b) that within twenty-four (24) hours after determining that an Adverse Security Event has occurred and is likely to have an adverse impact on an Implementer(s) or Carequality Connection(s) that is a Federal agency, Organization shall provide a notification to the Federal agency in accordance with the procedures and contacts provided by such Federal agency, and Organization shall copy Sponsoring Implementer and Carequality on any such notification. 

11.2. This Section 11 shall not be deemed to supersede Organization’s obligations (if any) under relevant security incident, breach notification or confidentiality provisions of Applicable Law. Compliance with this Section 11 shall not relieve Organization of any other security incident or breach reporting requirements under Applicable Law including, but not limited to, those related to consumers. 

12. Acceptable Use. Carequality has adopted permitted purposes for the use of the Carequality Elements that are specifically set out in the Implementation Guide for each Carequality Use Case. Organization shall only engage in exchange activities through the Carequality Elements for permitted purposes as defined in the Implementation Guides. If Organization does not comply with these permitted purposes or other applicable provisions in the Implementation Guide, Carequality may exercise its right to suspend Organization in accordance with Section 3 of these Carequality Connection Terms. If Organization is not a Covered Entity or Governmental entity, then (i) Organization may only use the interoperability available through Carequality to transmit or receive information on behalf of its End Users and not on its own behalf; and (ii) Organization will not re-use, re-disclose, aggregate, de-identify or sell any information transacted by its End Users for its own benefit unless its respective Carequality Connections or End Users have given Organization the explicit written authority to do so. 

13. Confidentiality

13.1. Organization agrees to use any Confidential Information that it obtains solely for the purpose of performing its obligations under the Carequality Connection Terms, and for no other purpose. Organization will disclose the Confidential Information it receives only to its employees and agents who require such knowledge and use in the ordinary course and scope of their employment or retention, and are obligated to protect the confidentiality of such Confidential Information. In the event Organization has any question about whether information and/or materials it receives is Confidential Information, it shall treat the same as if it were Confidential Information. For the avoidance of doubt, the Carequality Elements that are not labeled as Confidential Information by the Carequality Steering Committee are not confidential and are not covered by the provisions of this section. 

13.2. Organization may be given access to all or a portion of the Carequality Directory by Sponsoring Implementer. The Carequality Directory is intended to be used by Implementers, Carequality Connections, and End Users to create and maintain operational connectivity under the Carequality Elements, including the development and maintenance of effective user interfaces for relevant systems. Organization agrees that it will only use and disclose information contained in the Carequality Directory as necessary to advance the intended use of the Carequality Directory. For example, Organization is permitted to disclose information contained in the Carequality Directory to the personnel of its EHR vendor who are engaged in assisting Organization with establishing and  maintaining connectivity via the Carequality Elements. Further, Organization shall not use the information contained in the Carequality Directory for marketing or any form of promotion of its own products and services, unless this use and disclosure is part of an effort by Organization to expand, or otherwise improve, connectivity via the Carequality Elements, and any promotion of Organization’s own products or services is only incidental to the primary purpose. In no event shall Organization use the information contained in the Carequality Directory in a manner that should be reasonably expected to have a detrimental effect on another Implementer, Carequality Connection, End User, or other individual or organization. 

14. Contributions; IP Rights; Ownership of Materials; License. Organization acknowledges that any copyrights, patent rights, trade secrets, trademarks, service marks, trade dress, and other intellectual property in or related to Carequality including, but not limited to, these Carequality Connection Terms, Implementation Guides, Carequality Elements, Carequality Policies, related materials, information, reports, processes (the “Carequality IP”), are protected under applicable United States law. Recognizing that the Carequality IP is the work product of the membership of Carequality, and that Carequality is the collective representative of all Implementers’ interests, these intellectual property rights are asserted and held by Carequality in its capacity as the representative of its total membership and licensed to Organization hereunder. This does not apply to Carequality trademarks, service marks or trade dress rights, which are discussed separately below. Organization is encouraged to provide Contributions to Carequality and understands that Carequality must obtain certain rights in such Contributions in order to include the Contribution in Carequality IP. Notwithstanding any provision of these Carequality Connection Terms to the contrary, if Applicant is a U.S. federal agency and considers certain information to be the intellectual property of the U.S. government, the agency shall not contribute such information unless and until it has entered into a written agreement with Carequality for the transfer or license of such intellectual property rights. 

14.1. With respect to each Contribution, Organization represents that: (a) no information in the Contribution is confidential; (b) Carequality may freely disclose the information in the Contribution; and (c) to the best of its knowledge, such Contribution is free of encumbrance as it relates to the intellectual property rights of others. 

14.2. To the extent that a Contribution or any portion thereof is protected by copyright or other rights of authorship, Organization grants a perpetual, irrevocable, non-exclusive, royalty-free, world-wide, sublicensable right and license to Carequality under all such copyrights and other rights in the Contribution to copy, modify, publish, display and distribute the Contribution (in whole or part) and to prepare derivative works based on or that incorporate all or part of such Contribution, in each case, for the purpose of incorporating such Contributions into the Carequality IP. Organization also grants Carequality the right: (a) to register copyright in Carequality’s name any Carequality IP even though it may include Contributions; and (b) to permit others, at Carequality’s sole discretion, to reproduce in whole or in part the resulting Carequality IP. 

14.3. Organization shall identify to Carequality, through the issuance of a letter of assurance, any patents or patent applications which Organization believes may be applicable to any Carequality Element specifically including, but not limited to, any Implementation Guide. This assurance shall be provided without coercion and shall take the form of a general disclaimer to the effect that the patent holder will not enforce any of its present or future patent(s) that would be required to implement or use the Carequality Element relevant to any person or entity using the patent(s) to comply with such Carequality Element. 

14.4. Sponsoring Implementer grants to Organization a perpetual, irrevocable, non-exclusive, royalty-free, world-wide, right and license to use, the Carequality IP for the purpose of enhancing interoperability (including through the modification of its products and services to implement the Carequality Use Cases and conform to the Implementation Guides) Organization and its End Users have and will continue to possess the usage rights to the Carequality IP as authorized by Sponsoring Implementer’s Carequality Connected Agreement and these Carequality Connection Terms. Organization retains ownership of any Contribution it provides, granting only the licenses described in this Section. Nothing shall prevent Organization from (i) changing Organization’s technology, services or any Contribution in any way, including to conform to the requirements of an Implementation Guide or (ii) making any change available to any other person or entity. Notwithstanding anything to the contrary in the Carequality Connection Terms, all right, title, and interest in any change to Organization’s technology, services or any Contribution will accrue to the benefit of, and be owned exclusively by, Organization. 

14.5. The trademarks, services marks, trade dress, business names, company names, and logos owned by Carequality, including without limitation CAREQUALITY and all Carequality logos, (collectively, the “Carequality Marks”) are an important part of maintaining the strength and reputation of Carequality and its efforts to enable the interoperable exchange of healthcare information. Organization may not use the Carequality Marks to brand any of Organization’s products or services and may not incorporate any Carequality Marks in any of Organization’s domain names except as provided in Carequality’s published guidelines on use of trademarks. Organization shall not apply for registration of any trademark, service mark, trade dress, business name or company name, or logo that incorporates any Carequality Mark or any element confusingly similar to any Carequality Mark. In connection with any non-trademark, descriptive use of Carequality Marks, Organization will use the registration symbol ® or the trademark or service mark symbols, TM or SM, as more fully set out in the Carequality guidelines on use of trademarks, and indicate in the text that the Carequality Mark used “is the registered trademark of Carequality,” “is the trademark of Carequality,” or “is the service mark of Carequality,” respectively. 

15. Disclaimers. Organization acknowledges that Implementers and Carequality Connections may be added to or removed from the Carequality Directory at any time; therefore, Organization may not rely upon the inclusion in the Carequality Directory of a particular Implementer or Carequality Connection. IT IS EXPRESSLY AGREED THAT IN NO EVENT SHALL CAREQUALITY OR ORGANIZATION BE LIABLE TO EACH OTHER OR ANY THIRD PARTY BENEFICIARY FOR ANY SPECIAL, INDIRECT, CONSEQUENTIAL, OR EXEMPLARY DAMAGES, INCLUDING BUT NOT LIMITED TO, LOSS OF PROFITS OR REVENUES, LOSS OF USE, OR LOSS OF INFORMATION OR DATA, WHETHER A CLAIM FOR ANY SUCH LIABILITY OR DAMAGES IS PREMISED UPON BREACH OF CONTRACT, BREACH OF WARRANTY, NEGLIGENCE, STRICT LIABILITY, OR ANY OTHER THEORIES OF LIABILITY, EVEN IF THE ENTITY WHOSE CONDUCT CREATES THE LIABILITY HAS BEEN APPRISED OF THE POSSIBILITY OR LIKELIHOOD OF SUCH DAMAGES OCCURRING. NO PROVISION OF THE CCA, OR THE CAREQUALITY CONNECTION TERMS, SHALL BE CONSTRUED AS AN INDEMNIFICATION REQUIREMENT FOR ANY IMPLEMENTER OR CAREQUALITY CONNECTION, INCLUDING BUT NOT LIMITED TO A FEDERAL AGENCY, THAT IS PRECLUDED BY LAW FROM INDEMNIFYING THIRD PARTIES. 

16. Miscellaneous/General 

16.1. Amendment. These Carequality Connection Terms may be amended by Carequality from time to time, subject to the requirements of Section 21.4 of the CCA. Sponsoring Implementer will inform Organization of such amendments along with their effective date, which shall be at least thirty (30) days after the date on which Sponsoring Implementer informs Organization of such amendments.  

16.2. Third Party Beneficiary. Carequality, other Carequality Connections of the Sponsoring Implementer, other Implementers and their Carequality Connections shall be deemed third party beneficiaries of these Carequality Connection Terms for purposes of enforcing Organization’s compliance with these Carequality Connection Terms.