PDR SECURE, LLC (“PDR Secure”), a Delaware Limited Liability corporation with offices at Five Paragon Drive, Montvale, NJ 07645 maintains the PDR Secure (or related) online adverse event reporting service, i.e. certain computer database/software products, which may be accompanied by documentation, and which PDR Secure creates and/or licenses from third parties, markets, sublicenses, distributes and supports, including any updates thereto to receive adverse event reports of various kinds, distribute these reports to key stakeholders, analyze the data and then report such information with the purpose of increasing patient safety (the “Service”). As a user of the Service, the person or entity agreeing to this agreement (the “Provider”) agrees to all of the terms and conditions set forth herein and will not use the Service until and unless Provider has expressly agreed to these terms and conditions. This Agreement is effective (the “Effective Date”) upon the date Provider takes affirmative action of acceptance. Provider and PDR Secure are each sometimes referred to as a “Party” and collectively sometimes referred to as the “Parties”.
WHEREAS, PDR Secure has been designated as a Patient Safety Organization (“PSO”) pursuant to the Federal Patient Safety and Quality Improvement Act of 2005 and its effectuating rules and regulations (the “Act”) and it is organized and operated to preserve confidentiality and security of patient safety work product, and to avail of all available protections of the Act.
WHEREAS, Provider wishes to voluntarily participate in PDR Secure’s data collection, reporting, and evaluation activities through the use of PDR Secure’s adverse event reporting systems.
NOW THEREFORE, in consideration of these premises and the mutual covenants herein contained, the Parties hereby agree as follows:
1. DEFINITIONS
The parties hereby adopt and incorporate by reference the definitions at 42 Code of Federal Regulations, Part 3 (the Regulations), §3.20. The following additional definitions shall apply to this Agreement:
De-Identified Data (“DID”) – are data that do not contain identifying information about individuals, including patients or Providers, or entities, including Provider facilities.
HIPAA – shall mean the Health Insurance Portability and Accountability Act of 1996.
HIPAA Privacy Rule – shall mean the HIPAA Privacy regulations at 45 CFR Subpart E.
Patient Safety Work Product (“PSWP”) – is data that is received by a PSO and is subject to the protections of the Act.
Protected Health Information (“PHI”) – shall mean individually identifiable health information, as further described in the HIPAA Privacy Rule.
2. PDR SECURE’S RESPONSIBILITIES
During the Term, PDR Secure shall to do the following:
2.1. PDR Secure will develop the Service which will be for the collection, management, and analysis of information received from and/or reported to participating Providers, to be accessed through the PDR Secure portal.
2.2. PDR Secure will provide information and support, as necessary, to facilitate Provider’s understanding of, use and/or participation in the Service and other Patient Safety activities.
2.3. PDR Secure will collect and maintain reported information once it is accepted into its database as PSWP. PDR Secure will not accept PHI.
2.4. PDR Secure will assemble a knowledgeable workforce, and in collaboration with its workforce will develop and conduct Patient Safety Activities, including but not limited to data collection, appropriate studies, evaluative activities, reports, and recommendations, including, where feasible, “best practices” recommendations; and will offer the results to participating Providers.
2.5. As required by law, PDR Secure will promptly notify a Provider of any breaches in confidentiality or security, and will take immediate remedial measures as appropriate to effectively address the breach.
2.6. In the event PDR Secure receives a request, subpoena, or other attempt of an outside party or agency to access confidential PSWP provided by Provider, PDR Secure will assert all applicable privileges, and will promptly notify Provider. In the event there is an applicable exception or disclosure permission that would require PDR Secure to provide access to confidential PSWP provided by Provider, PDR Secure will promptly notify Provider.
3. PROVIDER’S RESPONSIBILITIES
All participation in the Service by Providers is voluntary and non-exclusive. Participating Providers will be offered the opportunity to collect and submit non-PHI information to PDR Secure, to participate in evaluations, and to receive the results of such activities. A Provider who participates by providing data to PDR Secure shall do the following:
3.1. Provider will use its best efforts to promptly provide non-PHI data and information that are timely, accurate and complete with respect to the reported matters. Reported information will clearly delineate that information which is PSWP and that which is not PSWP. In this latter regard, Provider acknowledges and understands that:
1. Information that is collected, maintained or developed separately, or exists separately, from Provider’s Patient Safety Evaluation System (“PSES”) as developed and implemented by Provider, is not PSWP.
2. However, with respect to PSWP maintained as part of Provider’s PSES, up and until such time that the information has been reported to PDR Secure, Provider may reclassify information as being or not being PSWP. Once PSWP has been reported to PDR Secure, it is not possible to reclassify the information.
3. Provider will cooperate, as appropriate, with reasonable follow-up requests from PDR Secure for information and/or clarification regarding reported information.
3.2. Provider will not provide any information to PDR Secure that can be considered to be PHI or Information that in any way would identify other individuals such as other providers or patients) or facilities.
3.3. Provider shall maintain the confidentiality of Provider’s PSWP, and shall not disclose PSWP, except as otherwise permitted by the Act. Provider shall be solely responsible for appropriately managing its internal uses of PSWP as necessary to maintain applicable protections of the Act. Provider understands and agrees that it may not use PSWP to fulfill external reporting, regulatory, or accreditation obligations. Except as otherwise permitted by the Act, Provider will not disclose other providers’ PSWP, nor use it in any manner other than Patient Safety Activities conducted as part of Provider’s PSES.
3.4. Provider shall be solely responsible for compliance with the Act as well as its own decision-making with respect to participating in PDR Secure Patient Safety Activities, including but not limited to creating its own PSES, assessing the merits of and determining whether and how to implement the results and recommendations emanating from PDR Secure Patient Safety Activities.
3.5. In the event Provider participates in and reports the same PSWP to other PSOs, Provider with notify PDR Secure and use best efforts to communicate and cooperate with all PSO recipients of Provider’s PSWP, so they may take measures to avoid duplication of data that may be aggregated by cooperating PSOs.
3.6. In cases where Provider’s PSWP is sought by litigants in cases where Provider (or its providers) is/are parties, Provider maintains primary responsibility for defending against attempts to access Provider’s PSWP. PDR Secure and its counsel may cooperate as necessary to protect Provider’s PSWP. In cases where Provider’s PSWP is sought by agencies investigating Provider or its providers, Provider (or its providers) maintains primary responsibility for defending against attempts to access Provider’s PSWP. PDR Secure and its counsel may cooperate as necessary to protect Provider’s PSWP. In cases where Provider’s PSWP is sought by other litigants or interested parties, the parties shall meet and confer as to the appropriate allocation of responsibility and response.
3.7. Provider acknowledges that prior to submission to PDR Secure’s PSO database and it becoming PSWP, PDR Secure may route Drug and Device Adverse Event Reports directly to the FDA and/or the applicable manufacturers. Once submission to the PDR Secure PSO database occurs, all reports will be de-identified as DID prior to any further disclosure.
4. CONFIDENTIALITY
The Parties may from time to time receive from one another certain non-public information (other than PWSP) that is proprietary or confidential to the disclosing Party, its subsidiaries and affiliates, and their respective officers, agents, employees, consultants, licensors, suppliers and customers, including but not limited to business plans, systems configurations, technologies, data files, reports, projections, initiatives, customer data, transactional data and information concerning or relating to patient(s) and patient(s) treatment, care and medical history (collectively, the “Confidential Information”). The recipient of such Confidential Information shall hold such Confidential Information in confidence, shall not use it except to further its relationship with the other Party under this Agreement, and shall not publish or disclose it to third parties unless authorized in writing by the disclosing Party. Notwithstanding the foregoing, Confidential Information does not include the following information: (i) information that is or was independently developed by the receiving Party without use of or reference to any Confidential Information, (ii) information that is or was received from a third party that did not have any confidentiality or other similar obligation or restriction on use or disclosure to the disclosing Party with respect to such information; or (iii) information that becomes or was a part of the public domain through no breach of this Agreement by the receiving Party.
5. GRANT OF RIGHTS/ACCESS TO THE SERVICE
A. During the term, PDR Secure shall grant to Provider a nonexclusive, nontransferable, limited license to use the Service pursuant to this Agreement during the Term within the U.S., its territories and possession solely pursuant to the terms and conditions set forth in the Agreement.
D. Except as expressly permitted in this Agreement, Provider shall not: (i) modify the content of the Service, (ii) access the Service by any means other than through PDR Secure authorized interfaces; (iii) use the Service for the benefit of a third party or give any third party beneficial use of the Service, including, without limitation, any parent, subsidiary, or affiliated company, without the express written consent of PDR Secure, including unauthorized manipulation or unauthorized display or use of the Service by using framing or similar navigational technology; (iv) modify or remove any copyright, trademark, disclaimer notices, proprietary markings or restrictive legends placed on the Service; (v) use the Service or any portion of the Service for commercial use; (vi) violate any applicable local, state, national or international law or use the Service for any purpose that is unlawful or prohibited by these terms and conditions; (vii) use the Service in any manner that could damage, disable, overburden or impair PDR Secure's servers or networks, or interfere with any other user's use and enjoyment of the Service; or (viii) attempt to gain unauthorized access to any of the Service, services, accounts, computer systems or networks connected to PDR Secure through hacking, password mining or any other means.
E. PROVIDER IS ENTIRELY RESPONSIBLE FOR ANY AND ALL ACTIVITIES AND CONDUCT, WHETHER BY PROVIDER OR ANYONE ELSE, THAT ARE CONDUCTED THROUGH PROVIDER’S ACCOUNT. Provider agrees to notify PDR Secure immediately of any unauthorized use of Provider’s account or any other breach of security. PDR Secure will not be liable for any loss or damages of any kind that may arise as a result of any unauthorized use of Provider’s account access, either with or without Provider’s knowledge.
6. TERM AND TERMINATION
Term. This Agreement shall be effective as of the Effective Date and shall remain in effect thereafter for one (1) year (the “Initial Term”). The Initial Term shall renew automatically for consecutive one (1) year periods (each a “Renewal Term” and collectively with the Initial Term, the “Term”) unless terminated by a Party with prior written notice to that effect at least ninety (90) days prior to the expiration of the then current Initial Term or any Renewal Term. If neither party provides notice of termination as set out above, this Agreement shall continue on the then current terms and conditions.
A. Termination. PDR Secure may terminate this Agreement for any or no reason upon sixty (60) days notice to Provider. This Agreement may be terminated by either party immediately or on shortened notice, for cause, as next provided: (a) In the event PDR Secure is decertified as a PSO, termination shall be effective as of the date of PDR Secure’s termination as a PSO; or (b) In the event of either party’s material breach of this Agreement, the non-breaching party shall give written notice of breach, and the breaching party shall have 30 days to cure and communicate, in writing, its cure to the non-breaching party. Failure to cure or communicate cure within this timeframe shall be grounds for immediate termination.
B. Effect of Termination; Survival. Termination does not affect the parties’ obligations that have accrued prior to the termination and which are intended to survive termination of this Agreement. Sections 4, 5, 6 and 7 shall survive any expiration or termination of this Agreement.
7. WARRANTIES
A. Except as specifically provided herein, the Service is provided “as is,” "AS AVAILABLE", AND WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS, IMPLIED OR STATUTORY, INCLUDING, WITHOUT LIMITATION, WARRANTIES OF TITLE, NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. WITHOUT LIMITING THE GENERALITY OF THE FOREGOING, PDR SECURE AND ITS THIRD PARTY LICENSORS SUPPLIERS AND AGENTS DO NOT WARRANT AND EXPRESSLY DISCLAIM THAT: (i) PROVIDER’S USE OF THE SERVICE AND ACCESS TO AND USE OF ALL OF THE TOOLS AND FEATURES THEREON WILL BE UNINTERRUPTED, ERROR-FREE, OR SECURE, (ii) THAT ANY INFORMATION OBTAINED THEREIN IS ACCURATE, RELIABLE OR COMPLETE, (iii) THAT DEFECTS WILL BE CORRECTED, (iv) THAT THE SERVICE SHALL BE AVAILABLE WITHOUT DELAY, FAILURE, INTERRUPTION OR CORRUPTION DUE TO LOCAL EXCHANGES, INTER-EXCHANGES, CARRIER LINES, ROUTES, SWITCHES AND OTHER EQUIPMENT OWNED BY THIRD-PARTIES or (v) THAT ANY SOFTWARE, SERVICES, PRODUCT OR SERVER(S) ON WHICH THE SERVICE ARE HOSTED ARE FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS. PROVIDER’S USE OF THE SERVICE AND ANY INFORMATION OR MATERIALS PROVIDED ON OR THROUGH THE SERVICE IS ENTIRELY AT PROVIDER’S OWN RISK.
B. PROVIDER EXPRESSLY AGREES AS A CONDITION OF USING THE SERVICE THAT NEITHER PDR SECURE NOR ITS PDR SECURE’S PARENT AND AFFILIATED COMPANIES, AND THEIR RESPECTIVE DIRECTORS, OFFICERS, EMPLOYEES, CONTRACTORS, AGENTS OR SPONSORS ARE RESPONSIBLE OR LIABLE TO PROVIDER OR ANYONE ELSE FOR ANY LOSS OR INJURY OR ANY INDIRECT, INCIDENTAL, CONSEQUENTIAL, SPECIAL, EXEMPLARY, PUNITIVE OR OTHER DAMAGES UNDER ANY CONTRACT, NEGLIGENCE, STRICT LIABILITY OR OTHER THEORY ARISING OUT OF OR RELATING IN ANY WAY TO (i) THE USE OF OR INABILITY TO USE THE SERVICE; (ii) ANY CONTENT CONTAINED ON THE SERVICE; (iii) STATEMENTS OR CONDUCT POSTED OR MADE PUBLICLY AVAILABLE ON THE SERVICE; (iv) ANY PRODUCT OR SERVICE PURCHASED OR OBTAINED THROUGH THE SERVICE; (v) ANY ACTION TAKEN IN RESPONSE TO OR AS A RESULT OF ANY INFORMATION AVAILABLE ON THE SERVICE; (vi) ANY DAMAGE CAUSED BY LOSS OF ACCESS TO, DELETION OF, FAILURE TO STORE, FAILURE TO BACK UP, OR ALTERATION OF ANY CONTENT ON THE SERVICE, or (vii) ANY OTHER MATTER RELATING TO THE SERVICE.
C. IN NO EVENT SHALL PDR SECURE'S TOTAL LIABILITY TO PROVIDER FOR ANY AND ALL DAMAGES, LOSSES, AND CAUSES OF ACTION (WHETHER IN CONTRACT, TORT [INCLUDING, BUT NOT LIMITED TO, NEGLIGENCE], STATUTORY, OR OTHERWISE) EXCEED THE TOTAL OF ALL PAYMENTS MADE BY PROVIDER TO PDR SECURE UNDER THIS AGREEMENT DURING THE THREE (3) MONTHS IMMEDIATELY PRECEDING THE DATE ON WHICH THE CLAIM AROSE.
D. PDR Secure makes no representation or warranty that the Service is appropriate or available for use in locations outside the United States. Those who choose to access the Service from other locations do so on their own initiative and at their own risk, and are responsible for compliance with local laws, if and to the extent applicable. PDR Secure reserves the right, at any time in PDR Secure’s sole discretion, to limit the availability and accessibility of the Service to any person, geographic area, or jurisdiction it so desires.
E. Regardless of the form of action, no action arising from this Agreement may be brought by Provider (including its Authorized Personnel) more than three (3) months after the cause of action arises.
F. Provider, at its own expense, agrees to indemnify, defend and hold harmless PDR Secure, PDR Secure’s parent and affiliated companies and their respective directors, officers, employees and agents against any and all claims, actions, demands, liabilities, losses, damages, judgments, settlements, costs and expenses (including reasonable attorneys’ fees) (collectively, “Losses”) insofar as such Losses (or actions in respect thereof) arise out of, are related to, or are in any way connected with any use of the Service. PDR Secure agrees to give Provider the opportunity to defend or negotiate a settlement of any claim, and to cooperate, to the extent reasonable with Provider, at Provider's sole expense, in defending or settling such claim. Provider shall not have the right, without PDR Secure’s prior written consent, to settle any claim if such settlement (i) contains a stipulation to or admission or acknowledgement of, any liability or wrongdoing (whether in contract, tort or otherwise) or the incurrence of any costs or expenses, on the part of PDR Secure, (ii) imposes any obligation upon PDR Secure; or (iii) would otherwise have a material adverse effect on PDR Secure’s business. PDR Secure reserves the right, at its own expense, to participate in the defense of any matter otherwise subject to indemnification by Provider.