Exhibit 10.26
DP#510975
CPD#6000185
MICROSOFT HEALTHVAULT SOLUTION PROVIDER AGREEMENT
| | Microsoft |
| Business Name: | Microsoft Corporation |
| Street Address: | One Microsoft Way |
| City, State, Zip Code: | Redmond, WA 98052-6399 |
| Microsoft Business Contact: | Name: Beatrice Pang Phone: 425 707 8995 Email: bpang@microsoft.com |
| Microsoft Technical Contact: | Name: Kalpita Deobhakta Phone: 425 703 8268 Email: kalpitad@microsoft.com |
| Send a copy of all notices via fax to: | Legal & Corporate Affairs, Health Solutions Group Fax no. (425) 936-7329 |
| | Company |
| Business Name: | Vemics, Inc. |
| Form of Business organization: | Corporation |
| Place of organization (if incorporated): | Nevada |
| Street Address: | 3600 Bee Caves Road, Suite 216 |
| City, State, Zip Code: | Austin, Texas, 78746 |
| Company Business Contact: | Name: Tom C. Dorsett Phone: (512) 791-0003 Fax: (512) 233-5190 Email: tdorsett@vemics.com |
| Company Technical Contact: | Name: John Dogru Phone: (512) 382-4312 Fax: (512) 233-5190 Email: idogru@vemics.com |
| Additional Contact for Notice (if applicable): | Name: Fred Zolla Fax: (512) 233-5190 Email: fzolla@vemics.com |
| Agreement Effective Date: | February 15, 2008 |
| Microsoft DealPoint No.: | |
By signing below, Microsoft and Company agree to enter into this Agreement. Each Party represents and warrants to the other that it has the authority to enter into this Agreement, and that it has all rights necessary to perform under this Agreement. The Parties agree that if the Agreement Effective Date is not filled in above, the Agreement Effective Date will be the later of the two signature dates filled in below. Each Party is responsible for its own costs and expenses associated with this Agreement except as otherwise provided in this Agreement or as may be otherwise agreed in writing by their authorized representatives.
| Microsoft | Company |
| Signature: /s/ Nate McLemore | Signature: /s/ Tom C. Dorsett |
| Print Name: Nate McLemore | Print Name: Tom C. Dorsett |
Print Title: Director of Business Development | Print Title: President of Healthcare Solutions |
| Date: 2/20/08 | Date: 2/19/08 |
1. DEFINITIONS.
Wherever used in this Agreement, these terms have the following defined meanings:
Affiliate means an entity that directly or indirectly controls, is controlled by, or is under common control with a Party, where "control" means ownership of more than a 50% interest of voting securities in a Party, or the ability to direct the management and policies of a Party whether through contract or otherwise.
Agreement means this Microsoft HealthVault Solution Provider Agreement (including Exhibits), as it may be amended from time-to-time.
Company Solutions means Company's hardware, software, services or other solutions that are compatible with HealthVault and more fully described in Exhibit A.
End-User Data means the personal information and other data of an End-User that Company accesses, transmits or stores in connection with a HealthVault Account.
End-User means a custodian of, and other users to whom a custodian grants access to, a HealthVault Account.
HealthVault means Microsoft's online health platform that enables an End-User and their designees to collect, store, retrieve, manage and use personal health information and other health-related data.
HealthVault Account means the End-User initiated and controlled online account holding End-User defined and controlled information within HealthVault.
HealthVault Requirements means (a) any requirements included in Exhibit A; and (b) the Operating Requirements and Privacy Requirements.
HealthVault Technology means HealthVault, and any other technology provided by Microsoft for Company's use in connection with HealthVault, including any software development kit(s), application programming interface(s), hosted database(s), and any associated software, hardware, and documentation.
Microsoft means Microsoft Corporation and its Affiliates involved in the development and/or operation of HealthVault.
Operating Requirements means the then current minimum requirements for operation with HealthVault (the current version of which is attached as Exhibit B).
Party or Parties means Microsoft or Company individually or collectively, as the context requires.
Privacy Requirements means the then current minimum privacy requirements for HealthVault (the current version of which is attached as Exhibit C).
Provider Page means the Web-pages hosted on HealthVault that list HealthVault compatible solutions.
Term means the period described in Section 6 (Term and Termination).
2. DEVELOPMENT AND DEPLOYMENT OF COMPANY SOLUTIONS.
2.1 Compatibility. Company Solutions must comply with the HealthVault Requirements. Company will not offer or knowingly allow use of Company Solutions for other than health-related purposes.
2.2 Evaluation. Microsoft will assess Company Solutions prior to enabling Company Solutions access to HealthVault. Microsoft may require Company to make modifications or error corrections to Company Solutions for compliance, interoperability, usability or performance with HealthVault prior to deployment.
2.3 Deployment. If Microsoft determines in its discretion that the Company Solutions meet the HealthVault Requirements, then Microsoft will enable Company Solutions to access HealthVault.
2.4 Provider Page. If Company Solutions are approved for deployment, then Microsoft will place on the Provider Page information provided by Company about Company Solutions, which information may include a hypertext link to Company's web site. The size and placement of the information will be at Microsoft's sole discretion. Microsoft may change the type of information allowed or required on the Provider Page. The Provider Page may include branding, content, data, text and other information from both Microsoft and third parties.
2.5 Microsoft Support. Microsoft will make available online technical information, access to a HealthVault development environment, and publicly available development forums. Additional Microsoft technical support may be provided via e-mail or, on Company's request and subject to availability, at Microsoft's then-current published hourly rates for scheduled technical services. Company's support requests must be communicated via the Company Technical Contact identified above.
3. ACCESS TO HEALTHVAULT.
3.1 Revisions. Microsoft may revise the Operating Requirements and Privacy Requirements on 30 days prior written notice which may be provided via email to the Company contacts above. Microsoft may release new versions of HealthVault and the HealthVault Technologies at any time in its sole discretion.
3.2 Review of Company Solutions. Microsoft has the right but not the obligation to evaluate Company's Solutions for continued compliance with the terms of this Agreement. Company will cooperate with Microsoft in any such evaluation by providing information, records, data and other materials reasonably requested. Microsoft will notify Company of, and Company will promptly remedy any material nonconformities.
3.3 Suspension of Company Solutions. Microsoft may suspend, until remedied, access between HealthVault and Company Solutions at any time on written notice (which may be provided via email to the Company contacts above) for material failure to comply with HealthVault Requirements.
3.4 Suspension of HealthVault. Microsoft may suspend operation or access to relevant portion(s) of HealthVault during any period Microsoft believes it is unable to prevent unauthorized access or other threats to the security and integrity of End-User Data.
3.5 No Third Party Access. Company shall not re-sell, or otherwise allow third parties to access or use HealthVault or HealthVault Technology without express prior written permission of an authorized Microsoft representative.
3.6 Compliance with Laws. HealthVault does not hold designated record sets as defined under the U.S. Health Insurance Portability and Accountability Act of 1996 and the regulations promulgated thereunder (HIPAA), nor medical records as defined under state law. If Company provides healthcare- related services that are regulated under state or federal law, Company acknowledges and agrees that (i) Microsoft is not a business associate for purposes of HIPAA, (ii) Microsoft does not act as Company's agent, (iii) Company will not use data located in a HealthVault Account as the basis for any decisions about individuals, but will make such decisions only using a copy of End User Data received and copied into Company's own system, and (iv) Company is responsible for determining the form of and obtaining consent and/or authorization, if any, required by HIPAA, state or other laws or regulations prior to transmitting any End User Data to HealthVault. Each Party is responsible for compliance with all laws, rules, and regulations applicable to its products and services in all jurisdictions in which they are anticipated to be used, manufactured and/or sold.
4. LICENSES.
4.1 Company Solutions. Company grants to Microsoft for the Term and a commercially reasonable wind-down period thereafter, on a non-exclusive and royalty-free basis, all rights necessary to enable Microsoft to test, integrate and deploy Company Solutions with HealthVault and to perform all obligations and services described in this Agreement.
4.2 Marks. Each Party grants to the other for the Term and a commercially reasonable wind-down period thereafter, on a non-exclusive and royalty-free basis, the rights necessary to use, reproduce, and display the trademarks, logos, or similar identifiers provided hereunder ("Marks"), only as described in this Agreement. Company will comply with all branding and user interface requirements and restrictions that accompany Microsoft Marks. Microsoft will comply with any Company branding requirements and restrictions agreed to in Exhibit A. Neither Party will use the other Party's Marks to (i) imply endorsement, sponsorship, or affiliation by the other Party except as allowed by this Agreement or (ii) to disparage the other Party or its products or services. All goodwill will inure to the benefit of the Party that provides the Mark. Each Party will correct and remedy any deficiencies in its use of the other Party's Marks promptly after notice.
4.3 Company Input. If Company provides Microsoft with comments or suggestions about HealthVault Technology ("Feedback") without a separate Agreement about that Feedback, Company hereby grants Microsoft, under all applicable Company intellectual property rights, a non-exclusive, worldwide, perpetual, irrevocable, royalty-free license to (a) make, use, copy, modify and create derivative technologies of the Feedback, (b) publicly perform, display, import, broadcast, transmit, distribute, license (including the right to further sublicense), offer to sell, and sell, rent, lease or lend the Feedback and derivatives thereof.
4.4 Other License Terms. Company's use of the HealthVault software development kit and any other Microsoft materials that come with a separate license, is subject to those license terms, which are incorporated herein by reference. All rights not expressly granted in this Agreement are reserved.
5. PRESS RELEASES. Neither Party will issue a press release or similar publicity regarding this Agreement or the relationship between the Parties without the prior written consent of the other Party.
6. TERM AND TERMINATION. The Term of this Agreement is one (1) year from the Effective Date and will automatically renew on each anniversary of the Effective Date for successive one (1) year periods, unless either Party terminates by providing the other Party with 60 days written notice prior to the anniversary date. Either Party may terminate this Agreement at any time (i) if the other Party is in material breach and fails to cure within ten (10) days after written notice, or (ii) for no reason on thirty (30) days prior written notice. Sections 7, 8, 9, 10 and 11 shall survive the termination of this Agreement.
7. DISCLAIMER OF WARRANTIES. ALL SOFTWARE, TECHNOLOGY, SERVICES, DOCUMENTATION, MATERIALS, OR INFORMATION PROVIDED BY EITHER PARTY TO THE OTHER PARTY IS PROVIDED "AS IS," WITHOUT WARRANTY OF ANY KIND AND THE ENTIRE RISK AS TO SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH THE RECIPIENT. TO THE EXTENT PERMITTED BY APPLICABLE LAW, EACH PARTY DISCLAIMS ALL OTHER STATUTORY REPRESENTATIONS, CONDITIONS AND WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
8. EXCLUSION OF DAMAGES: LIMITATION OF LIABILITY. NEITHER PARTY WILL BE LIABLE FOR ANY SPECIAL, PUNITIVE, INCIDENTAL, INDIRECT, OR CONSEQUENTIAL DAMAGES (INCLUDING BUT NOT LIMITED TO, LOST PROFITS, LOSS OR BREACH OF DATA OR INFORMATION, BUSINESS INTERRUPTION, OR OTHER LOSSES) ARISING OUT OF OR RELATED TO THIS AGREEMENT, EVEN IN THE EVENT OF A FINDING OF FAULT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, BREACH OF CONTRACT OR BREACH OF WARRANTY BY EITHER PARTY OR ANY SUPPLIER, AND EVEN IF A PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. NEITHER PARTY'S AGGREGATE LIABILITY FOR ALL CLAIMS, ACTIONS AND/OR OMISSIONS ARISING FROM OR RELATED TO THIS AGREEMENT WILL EXCEED TEN THOUSAND DOLLARS (U.S. $10,000.00). THE FOREGOING LIMITATIONS, EXCLUSIONS AND DISCLAIMERS APPLY TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, EVEN IF ANY REMEDY FAILS ITS ESSENTIAL PURPOSE. NONE OF THE LIMITATIONS AND EXCLUSIONS IN THIS SECTION 8 APPLY TO CLAIMS UNDER SECTION 9 (INDEMNIFICATION) OR BREACHES OF SECTION 10 (CONFIDENTIALITY).
9. INDEMNIFICATION.
9.1 Indemnification. Each Party shall defend, indemnify and hold harmless the other Party from and against all damages, liabilities, costs and expenses, including without limitation reasonable attorneys' fees and other costs of defense, arising from or related to all unaffiliated third party claims that if true would constitute violation of (a) the privacy statement the Party provides to End Users; (b) any law, rule or regulation applicable (i) in the case of Microsoft, to the HealthVault Technologies, or (ii) in the case of Company, to the Company Solution; (c) any third party interest in Marks or other intellectual property provided by the Party in connection with this Agreement (excluding material provided by third parties to Microsoft in connection with their solutions); (d) the Party's marketing and promotion to End Users or (e) the HealthVault Requirements; ("Claims").
9.2 Process. The indemnified Party must promptly notify the indemnifying Party in writing of a Claim. The indemnifying Party has sole control of the defense and settlement of the Claim, except that it may not enter into any settlement that results in an admission of liability or wrongdoing on the part of the indemnified Party, or the imposition of equitable relief. The indemnified Party may employ separate counsel and participate in the defense of any Claim at its own expense.
10. CONFIDENTIALITY.
Confidential information means non-public information in any form that is designated as confidential, or a reasonable person knows or reasonably should understand to be confidential. The following types of information, however marked, are not Confidential Information: that which (i) is, or becomes, publicly available without a breach of this Agreement; (ii) was lawfully known to the receiver without an obligation to keep it confidential; (iii) is received from another source who can disclose it lawfully and without an obligation to keep it confidential; (iv) is independently developed; or (v) is a comment or suggestion one Party volunteers about the other's business, products or services.
For a period of 5 years after initial disclosure, neither Party will use the other Party's Confidential Information without the other Party's written consent except in furtherance of this business relationship or as expressly permitted by this section 10, or disclose the other Party's Confidential Information except:
| • | to employees, contractors or consultants only if they have a need to know about it for purposes of this Agreement and subject to the confidentiality obligations herein, or |
| • | if required to comply with a court order or other government demand that has the force of law, in which case the Party must seek the highest level of protection available and, when possible, give the other enough prior notice to provide a reasonable chance to seek a protective order. |
Each Party will:
| • | take reasonable steps to safeguard the other Party's Confidential Information, which steps must be at least as great as those the Party takes to protect its own confidential information, |
| • | notify the other promptly upon discovery of any unauthorized use or disclosure of Confidential Information and |
| • | cooperate in any reasonable way to help the other Party regain control of the Confidential Information and prevent further unauthorized use or disclosure. |
Neither Party is required to restrict work assignments of representatives who have had access to Confidential Information. Neither Party can control the incoming information the other Party may disclose in the course of working together, or what its representatives will remember, even without notes or other aids. The Parties agree that use of information in representatives' unaided memories in the development or deployment of their respective products or services does not create liability under this Agreement or trade secret law, and the Parties agree to limit what they disclose to each other accordingly.
11. GENERAL
11.1 Notices and Requests. Except for revisions to Privacy Requirements or Operating Requirements as described in 3.1, all notices must be sent by express courier or registered mail with a copy by fax to the contacts listed on the first page. Each Party may change its contacts on prior written notice.
11.2 Governing Law; Venue; Jurisdiction. The laws of the State of Washington govern this Agreement. If federal jurisdiction exists, the Parties each consent to exclusive jurisdiction and venue in the federal courts in King County, Washington. If not, the Parties each consent to exclusive jurisdiction and venue in the Superior Court of King County, Washington. The Parties waive all defenses of lack of personal jurisdiction and forum non conveniens. Process may be served on either Party in the manner authorized by applicable law or court rule.
11.3 No Partnership. The Parties are operating as independent contractors, and nothing in this Agreement will be construed as creating a partnership, franchise, joint venture, employer-employee or agency relationship.
11.4 Waiver. Any delay or failure of either Party to exercise a right or remedy will not result in a waiver of that, or any other, right or remedy. No waiver will be effective unless made in writing and signed by an authorized representative of the waiving Party.
11.5 Severability. If any provision of this Agreement is unenforceable, the Parties (or, if the Parties cannot agree, a court) will revise it so that it can be enforced. Even if no revision is possible, the rest of this Agreement will remain in place.
11.6 Assignment. This Agreement will be binding on the Parties and their successors and assigns. Either Party may assign this Agreement to an Affiliate on written notice. If assignment is the result of merger or acquisition, the non-assigning Party shall have the right to terminate this Agreement. All other assignment requires prior written consent of the non-assigning Party.
11.7 Interpretation. This Agreement will be interpreted according to the plain meaning of its terms without any presumption that it should be construed either in favor of or against either Party.
11.8 Entire Agreement. This Agreement is the entire agreement between the Parties about this subject and supersedes all prior and contemporaneous agreements or communications. This Agreement may not be modified except by a written agreement signed by authorized representatives of the Parties.
EXHIBIT A
DESCRIPTION, DEVELOPMENT, MARKETING & INSURANCE REQUIREMENTS
| 1. | DESCRIPTION OF COMPANY SOLUTIONS INCLUDING SERVICE WEBSITE, URL, ETC.: |
Vemics iMedicor™ is a HIPAA compliant, collaborative online portal designed for and by medical professionals to facilitate practice productivity and the rapid, secure exchange of medical records, educational content and ideas in real-time. Basic services are provided free of charge in exchange for participation in practice relevant, ACCME accredited educational programming. Advanced services are available on a fee-for-service basis.
Free basic services include:
• Secure medical record / image transfer online
• Secure messaging
• Professional online community for consults and referrals
• Practice relevant CME/CEU program available in both on-demand and fully interactive live online formats)
Fee based services include:
• Voice-recognition driven document creation and management (NuScribe)
• Real-time video, voice and data communication and collaboration
• ePrescribing
2. DESCRIPTION OF DEVELOPMENT/FUNCTIONAL COMMITMENTS:
DocuSign Envelope ID: 81291746-6B9A-48FF-9505-C21D66C8084F
Company will integrate Company Solutions with HealthVault and pilot the integrated offering at pilot client sites, leveraging any applicable HealthVault platform elements, such as universal sign-in account for patients, data storage, authentication, data interchange, device connectivity, search and other features.
Patients using Company Solutions shall each be provided with HealthVault Accounts and have the ability to input, upload, store, view and interact with their health data while using Company Solutions. Company Solutions shall allow patients to save a copy of their health data from the Vemics iMedicor™ systems to their corresponding HealthVault Accounts.
Microsoft will provide Company with a software development kit (SDK) and reasonable program account management resources to assist in Company's integration to HealthVault at no cost to Company.
3. ONBOARDING SCHEDULE AND REQUIREMENTS TO GO LIVE ON HEALTHVAULT:
3.1 Development requirement milestones, if any:
Company shall develop a project plan, which outlines the project and key milestones for the initial phase of the integration, no later than February 22, 2008. Company shall reasonably incorporate feedback from Microsoft.
Company shall complete the integration of Vemics iMedicor™ with HealthVault no later than May 1, 2008 and commercially deploy Company Solutions at pilot client sites on or before August 31, 2008.
3.2 Other requirements, if any: None.
4. MARKETING.
4.1 Company will, in compliance with Microsoft's HealthVault branding guidelines (provided separately):
(a) Feature Company Solution on the homepage of Company's Web site;
(b) Indicate HealthVault compatibility on all relevant Company materials regarding Company Solution;
(c) Promote HealthVault in all relevant Company marketing materials regarding Company Solutions, subject to Microsoft prior written approval; and
(d) Permit Microsoft to list or feature Company Solution in a variety of marketing opportunities, subject to Company prior written approval.
4.2 Microsoft may at its discretion:
(a) Feature Company Solution and related Company Marks:
• on the homepage and Program Page of the HealthVault Web site;
• in the default set-up for HealthVault Connection Center;
• in tradeshows, presentations, and keynote speeches; and
(b) Demonstrate Company Solution in tradeshows, presentations, and keynote speeches; and
(c) Refer reporters and bloggers to Company for quotes on Company Solutions and HealthVault.
5. Insurance.
5.1 General. Company warrants that it shall maintain sufficient insurance coverage to enable it to meet its obligations created by this Agreement and by law. Without limiting the foregoing, Company warrants that such insurance shall include Commercial General Liability (Occurrence Form) coverage with minimum limits of $2,000,000 per occurrence, to the extent this Agreement creates exposures generally covered thereby.
5.2 Professional Liability. Company shall maintain Professional Liability/Errors & Omissions Liability insurance with policy limits of not less than USD$2,000,000 each claim with a deductible of not more than One Hundred Thousand Dollars (US$100,000.00). Such insurance shall include coverage for infringement of the proprietary rights of any third party, to the extent reasonably available, including without limitation copyright and trademark infringement as related to Company performance under this Agreement. In addition, such insurance shall include coverage for the following personal injuries, unless covered, and not in any way excluded or restricted, by Company's general liability insurance: invasion of privacy, and advertising injury. Such insurance shall include coverage for contingent bodily injury/property damage. If Company solution includes hardware, such insurance shall include coverage for third party loss of use arising from the recall, removal, or of use arising from the recall, removal or withdrawal of products due to your errors, omissions, or negligent acts. Such insurance shall not contain limitations of coverage for claims arising from unauthorized/exceeded access to systems/data or for services rendered over public/private networks. Throughout the Term, the Professional Liability/Errors & Omissions Liability insurance's retroactive coverage date will be no later than the Effective Date of this Agreement. Upon termination of this Agreement, Company will either continue to maintain an active insurance policy, or purchase an extended reporting period providing coverage for claims first made and reported to the insurance company within 12 months after the end of this Agreement
EXHIBIT B
OPERATING REQUIREMENTS
Company Solutions must satisfy the following minimum requirements:
A. Support for Company Solutions. Company Technical Contact will coordinate technical issues and resolution of any problems related to Company Solutions.
B. HealthVault Technology Requirements.
1. Company Solutions must securely interoperate with HealthVault Technology and comply with all requirements in HealthVault Technology documentation. All Company Solutions services and components that access HealthVault or utilize HealthVault Technology must invoke only those features and functions supported by HealthVault Technology.
2. Company Solutions must not modify the standard HealthVault links to launch into the Company Solutions. Company Solutions must always obtain affirmative End-User approval prior to modifying any configuration, application, service, End-User data or other information stored on End User's hardware. Company Solutions must contain clear and conspicuous branding, logos and other indicators so End-Users are aware of when they are accessing features and functions made available in Company Solutions.
C. End-User Support. Company must provide direct End-User support for Company Solutions including any services. Company must provide support under terms at least as favorable to the End- User as the terms used by Company to support other online or computer system products and services. At a minimum, Company will provide commercially reasonable email support.
D. Security Vulnerabilities. Each Party will notify the other Party if it identifies security vulnerabilities related to Company Solutions, categorized as:
| Severity Rating | Description |
| Critical/Important | A vulnerability where exploitation could(a)allow the self-propagation of an Internet worm, virus, or similar security threat without End-User action; or (b) result in compromise of the confidentiality, integrity, or availability of End-User Data or the integrity or availability of processing resources. |
| Moderate/Low | A vulnerability where exploitation is mitigated to a significant degree by factors such as default configuration, auditing, or difficulty of exploitation. |
| | 1. Company must acknowledge receipt of Microsoft's notice of a) critical/important vulnerability within 4 hours and b) moderate/low vulnerability, within 24 hours of the time of Microsoft's notice by sending an e-mail to hsgse@microsoft.com (or any successor e-mail alias that Microsoft provides). |
| | 2. Company must address vulnerabilities as follows: |
| A) | For security vulnerabilities with a Critical/Important Severity Rating, Company must work with Microsoft to resolve the security vulnerability immediately. Company may elect to (a) suspend, remove or disable the features or functions involved, in whole or in part, (b) patch, correct or |
fix the vulnerability or (c) take any other action that it believes will prevent the exploitation of such vulnerability in a commercially reasonable way.
| | B) For vulnerabilities with a Moderate/Low Severity Rating, Company will send Microsoft within 72 hours of the initial notice a plan to resolve the security vulnerability and, unless otherwise mutually agreed, resolve the vulnerability within 7 days of the initial notice. |
| | 3. Microsoft may suspend connectivity or remove the Company Solutions until the vulnerability is resolved to Microsoft's satisfaction. |
E. Security Program. Company must implement and maintain an information security program reasonably designed to maintain the security, integrity and availability of End-User Data, and which meets a widely recognized U.S. or international security standard.
F. Geographic Restrictions. Company may not store End-User Data outside the U.S. Company acknowledges that HealthVault Accounts are currently offered only to U.S. End-Users.
G. Usability. Company Solutions must provide commercially reasonable End-User experience, including usability, performance, and availability.
H. Branding. Company will use the appropriate Microsoft Marks in accordance with the user interface and branding guidelines Microsoft provides, to promote HealthVault compatibility and indicate HealthVault functionality in Company Solutions. Company Solutions must be designed in accordance with HealthVault user interface guidelines. Neither party may use the other Party's Marks in a way that:
| n | may cause confusion about whether the products or services are products or services of the other Party; |
| n | may cause confusion about ownership of the Marks; |
| n | alters, animates or distorts the Marks or combines them with any other symbols, words, images or designs; or |
| n | on or in connection with related products, premiums or promotional items, whether sold or given away to promote the sale of the Company's Solutions without prior written consent. |
I. Installation. Company Solutions must not, automatically or otherwise, install any software on an End-User's hardware without the End-User's prior affirmative consent. No icons for any software such as a systray application or a background process shall be installed and/or displayed in the Company Solutions if such icons subvert the End-User's selection of an active service or if such icons subvert any of the End-User's choice options exposed by Windows (e.g., file extension ownership).
EXHIBIT C
PRIVACY REQUIREMENTS
If the Company receives any End-User Data, Company shall comply with the following provisions:
| | 1. Accountability. Company must maintain and comply with a privacy statement at least as protective of the security, confidentiality, integrity and accuracy of End-User Data as the HealthVault Privacy Statement, and which must comply with all legal requirements applicable to Company's collection of personal health data from its End-Users. If Company uses sub-contractors or vendors, they must agree in writing (i) to comply with the same policies and procedures as disclosed in Company's privacy statement, including (ii) that they cannot transfer End-User Data to other third parties without the End-User's explicit opt-in consent. Company will maintain and implement reasonable and appropriate technical, administrative, organizational and physical security practices to protect all End-User Data. |
| | 2. Notice. Company will present its privacy statement and terms of use in an accessible and prominent manner upon the End-User's initial use, each subsequent use, and on each webpage of Company Solution. Any new or revised privacy statements or terms of use must be presented to the End-User prior to installation or use of a Company Solution (or update/upgraded Solutions) under the new terms. Company must submit its privacy statement and terms of use (and any revisions or updates) to Microsoft, which Microsoft may publish/post on HealthVault. Receipt or publishing does not constitute Microsoft approval of Company's privacy statement or terms. Microsoft reserves the right to advise End-Users about privacy or use terms. Company will inform the End-User of the origin of all information it transfers into HealthVault. |
| | 3. Consent; Information Use and Retention. Company must obtain explicit opt-in End-User consent through then-existing HealthVault mechanisms prior to accessing any End-User Data and will provide Microsoft an explanation of its intended use of each type of End-User Data it requests access to. Company will not disclose End-User Data to a third party without first obtaining explicit opt-in consent from the End-User with respect to the specific third party. Company will provide the End-User the ability to access and/or update any End-User Data that is extracted from HealthVault. Microsoft reserves the right to display to the End-User the types of data that Company asserts are required to use the Company Solutions, and the right to programmatically allow Company access to only those types of End-User Data. Company will maintain End-User Data only for purposes the End-User has consented to. Company must not attempt to identify de- identified End User Data (by, for example and without limitation, combining it with other databases of information), and must prohibit any third parties who receive de-identified End User Data from doing so. Except for data retention required by law, if Company retains End-User Data beyond an active session, the End-User must always have the ability to delete the information. |
| | 4. Breach. Company will immediately inform Microsoft in writing of any material data breach involving End-User Data. |
| 5. | Explicit opt-in consent means for the purpose of this Exhibit C, that the End-User must take an explicit action to indicate its consent before data is accessed. |
EXHIBIT D
COMPANY CUSTOMER ACCESS TO HEALTHVAULT PLATFORM
Notwithstanding anything to the contrary set forth in the Agreement, Company may allow Customers to access or use HealthVault subject to the following terms and conditions:
1. Additional Definitions for this Exhibit.
Customer means a person or entity for which Company delivers value-added services that use HealthVault Technology pursuant to a written agreement that includes terms sufficient to comply with the terms and conditions of the Agreement.
Customer Agreement means a written agreement between Company and Customer for the development of Customer Solutions.
Customer Solutions means hardware, software, services or other solutions that are (i) developed by Company for Customer; (ii) operated by a Customer or on behalf of a Customer by Company; and (iii) compatible with HealthVault.
2. Written Agreement Required.
(i) Company shall enter into a Customer Agreement that is at least as protective of Microsoft as the terms and conditions contained in the Agreement. The Customer Agreement must meet these minimum requirements:
a. It must provide that Microsoft is an intended third party beneficiary with rights to enforce the written agreement directly against Customer; and
b. To comply with the requirements that are the same as those imposed on Company by the Agreement. This includes the requirements of Sections 2.1, 3, 4.3-4.4, 5-10, 11.2, Ex. A (Sec. 5), and Ex. B-C. For avoidance of doubt, the written agreement shall provide that as an intended third party beneficiary, Microsoft has the right to suspend Customer Solutions pursuant to Sec. 3.3 of the Agreement.
(ii) Company shall not sublicense the rights licensed to Company in Section 4.2. Such rights may only be sublicensed pursuant to a separate written agreement between Company and Microsoft.
(iii) Notwithstanding anything to the contrary set forth in the Agreement (including this Ex. D), the Customer Agreement shall exclude the following provisions: 2.4 and, 2.5.
(iv) Company shall require Customers to send any notices required under Exhibits B and C directly to the appropriate Microsoft contact, in addition to Company.
(v)Within fifteen (15) days of signing a Customer Agreement and in any event prior to a Customer Solution being offered to potential End-Users, Company shall report such Customer Agreement to Microsoft. The report shall include the following information: a) the Customer name and contact information; b) a description of Customer Solution, including service website, URL, etc.; and c) onboarding schedule to go live in HealthVault. Company shall securely maintain all: a) Application I.D.s and private keys for Customer Solutions; and b) records of all HealthVault Application I.D.s issued to Customers. Company shall promptly make such Application I.D. records available to Microsoft upon request.
3. Indemnity. Company shall defend, indemnify and hold Microsoft and its Affiliates harmless from and against all damages and costs (including attorneys' fees) of any kind in connection with any breach by Company or Customer of this Exhibit D. Such Company indemnity shall not extend to any claim for which Microsoft is obligated to indemnify Company pursuant to Section 9 of the Agreement.
4. Termination. If the Agreement terminates, then Company must terminate all Customer Agreements. Sections 3 and 4 of this Exhibit D shall survive termination of any Customer Agreement.
