Development Pack: means a collection of information, tools and utilities a supplier will need to integrate with the Medical Interoperability Gateway (MIG).
1. Use of the Development Pack
a) Your access to, and use of, the Development Pack is subject to your compliance with the following terms.
b) The Development Pack and the associated test system are available for use in their current state.
c) We have no obligation to support or monitor the test system being used for integration.
e) The Development Pack and associated test system are intended to be used for integration with the MIG for use of HGL’s services and testing the successful integration in order to complete accreditation (as detailed below). It is not intended for use in a live environment and should not be used for any clinical or medical purpose (and where being used for test purposes you shall ensure that appropriate alternative and back-up facilities are in place).
f) In relation to the Development Pack (and any associated test system), you shall:
- not adjust, repair or maintain the Development Pack and you shall not request, permit or authorise anyone other than HGL to carry out any adjustments, repairs or maintenance of the Development Pack;
- provide to HGL, in a timely manner, such information and assistance as it may require in relation to your use or proposed use of the Development Pack and ensure that any such information is accurate in all material respects;
- ensure that only competent trained employees (or persons under their supervision) are allowed to operate or use the Development Pack and that adequate security measurements are put in place to ensure that no unauthorised third party can have access to or use of the Development Pack in general;
- only use the Development Pack for the purpose for which it is provided and in accordance with all relevant operating manuals or instructions issued by HGL and not use the Development Pack for any illegal or fraudulent purpose;
- maintain accurate and up-to-date records of the number and location of all copies of the Development Pack (and make the same available to HGL upon request);
- comply, at all times and in relation to all of their activities using the Development Pack, with all applicable laws, regulations, rules and obligations regarding such activities;
- not resell, lease, hire or otherwise make available the Development Pack or any part of it to any third party or in any way use it on behalf of any third party;
- not reverse engineer, decompile, disassemble, translate, modify, alter, create any derivative works based upon, or change the Development Pack or any part thereof, or determine or attempt to determine any source code, algorithms, methods or techniques embodied in the Development Pack or any part thereof, without the prior express written consent of HGL;
- keep in strict confidence all technical or commercial know-how, specifications, inventions, processes or initiatives which are of a confidential nature relating to the Development Pack or HGL and which have been disclosed to you, and any other confidential information concerning HGL’s business or its products which you may obtain;
- not remove from the Development Pack, or alter, any of trade marks, trade names, logos, patent or copyright notices, or other notices or markings, or add any other notices or markings to the Development Pack, without the prior express written consent of HGL;
- undergo such training as HGL requires in relation to HGL’s services or solutions (including, the Development Pack);
- immediately notify HGL of any perceived errors or issues in respect of the Development Pack; and
- accept and promptly switch to/implement any updates or patches as may be required by HGL in respect of the Development Pack from time to time.
a) If you wish to make live use of the MIG, whether in relation to a providing or a consuming system then you must first successfully complete our accreditation process.
b) Further to your use of the Development Pack you may submit a number of scripts to us (in such form (and accompanied by such information) as we may specify from time to time) for review. We will review those scripts according to our standard accreditation and review process (as may be updated from time to time). If we are satisfied that your scripts (and solution and proposed usage) are compliant with our accreditation criteria then we will notify you accordingly and you will be deemed to have been accredited in respect of the MIG. If we are not satisfied, or we feel that further information is required, then we will contact you accordingly (and we may, at our discretion, engage with you to see what changes may be required).
c) The accreditation is without limit in time, provided always that:
- we may require reaccreditation on an annual basis; and/or
- if you make any material changes to your solution (or your proposed use of the MIG) then you must promptly notify us and we may require you to undergo reaccreditation; and/or
- we may suspend your accreditation if we (acting reasonably) believe that such changes could have an adverse effect on the MIG.
If your accreditation if suspended, or revoked, then you must cease to use the MIG, unless or until the relevant issues are resolved.
3. Use of service and commitment
b) Where, in relation to your use of the MIG we process any personal data on your behalf then:
- each party will comply with DP Law insofar as it relates to them in respect of the MIG and their respective roles as a data controller and data processor (DP Law meaning: (i) the Data Protection Act 1998 (which implements Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data); and (ii) (from 25 May 2018 onwards) Regulation (EU) 2016/679 (the “General Data Protection Regulation” or “GDPR”) (or any applicable law seeking to implement the same, or equivalent terms, including the Data Protection Bill) and ‘data controller’, ‘data processor’, ‘processing’, ‘data subject’ and ‘personal data’ all having the meanings ascribed to them under the DP Law);
- we will process the relevant personal data only on your documented instructions, including with regard to transfers of personal data to a third country or an international organisation, unless required to do so by any applicable law to which we are subject; in such a case, we will inform you of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest;
- we will ensure that persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;
- we will implement and maintain technical and organisational measures designed to protect the relevant personal data from unauthorised use or access, loss, destruction, theft or disclosure (such measures to be commensurate with the harm that may result from unlawful processing or accidental loss of the relevant personal data and the nature of the personal data itself);
- we will not appoint any sub-processor without your prior consent (and in accordance with the requirements of DP Law);
- we will, taking into account the nature of the processing and at your reasonable expense, assist you by taking appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of your obligation to respond to requests for exercising a data subject’s rights laid down in the DP Law;
- we will, upon request, delete or return all the relevant personal data in our possession to you after the end of your use of the MIG;
- we will make available to you such information as is necessary to demonstrate compliance with the obligations set out in this section 3(b) and allow for and contribute to such audits as you may reasonably require pursuant to your obligations under the DP Law; and
c) In connection with your use of the MIG you shall:
- keep the environments that connect to the MIG, both test and live, up to date and you will install any operating system updates as soon as they become available. If at any point we have concerns over the security of your environments we reserve the right to disconnect you from the MIG;
- not copy the MIG or merge or incorporate the MIG (or any part thereof) with or into any other software nor (subject to any rights under any applicable law that cannot be excluded) attempt to disassemble, decompile, modify, adapt or reverse engineer the MIG;
- not translate, modify, lease, rent, assign, transfer, disclose, loan, redistribute, sub-lease, sub-license or create derivative works from the MIG;
- not use the MIG or any part thereof as a component of or a base for products or services prepared for commercial sale, sublicense, lease, access or distribution;
- use the MIG in accordance with any user documentation, guides or training (and any other reasonable instructions received from time to time) provided by HGL from time to time;
- not sub-license, assign, novate, transfer, sell, lease, rent, charge or otherwise deal in or encumber the MIG (in whole or in part);
- not provide or otherwise make available the MIG to any person other than your employees or as specified herein without HGL’s prior written consent; and
- not use the MIG in order to provide a bureau service (or any similar service) on behalf of any third party.
d) You shall:
- co-operate with HGL in all matters relating to the provision of element of the MIG (including, providing such assistance (and access, including, remote access, to the relevant sites, records and/or systems) as HGL may reasonably require in connection with its delivery of any element of the MIG;
- complete any preparation activities that HGL may require promptly and in accordance with any reasonable timescales so as to enable HGL to deliver any service(s) in respect of the MIG;
- obtain and maintain all necessary licences and consents and comply with all relevant legislation in relation to its receipt of any relevant service(s) and your use of the MIG;
- promptly notify HGL as soon as you become aware of: (i) any unauthorised use of the MIG; or (ii) any errors in respect of the MIG;
- comply with all applicable laws in relation to your receipt or use of any relevant service(s) and/or the MIG;
- comply with such generally applicable acceptable use and security policies as we may introduce from time to time. We may suspend or revoke your access to the MIG if your use is (in our reasonable view) excessive or outside the scope of your accredited use or if your use is causing any operational issues or clinical safety issues;
- ensure that you have in place at all times, on any device used to access the MIG adequate and appropriate protections against any computer software that contains any “time-bombs”, “worms”, “viruses”, “Trojan horses”, “protect codes”, “data destruct keys” or other programming devices that might, or might be used to, improperly access, modify, delete, damage, deactivate or disable any third party’s computer software, hardware or data;
- ensure that you implement and enforce reasonable security measures so as to minimise the risk of any unauthorised access to the MIG (including enforcing appropriate password and other login security measures); and/or
- have in place and operate data backup and archiving procedures in accordance with good industry practice.
e) You shall:
- have in place an IT environment that meets any relevant minimum specification identified for it to properly receive and use the MIG; and
- maintain all necessary network connections and environments for you to: (i) properly receive and use the MIG and/or any related service(s); (ii) access and use the full functionality of the MIG; and (iii) allow remote access as required to enable to provision of any support and maintenance (and any other diagnostic) services.
f) You are responsible for the security of any and all data you store, enter or process using the MIG and for taking appropriate backup copies of your data.
g) You accept responsibility for the selection of the MIG to achieve your intended results and acknowledge that the MIG has not been developed to meet your individual requirements.
h) You are responsible for all issues that may be caused by changes you make to your configuration or IP addresses and you will promptly inform us and your customers (as appropriate) of any such planned changes.
i) We may apply (remotely or in person) any updates, upgrades or patches in respect of the MIG (or any related solution(s)) from time to time. If any such application is scheduled to take place during operational hours and is likely to cause any disruption to your use of the same then we will endeavour to provide reasonable advance notice (but you acknowledge this may not always be possible in cases of emergency).
j) We may restrict or suspend access to, or use of, the MIG if we need to undertake any planned maintenance or if we (acting reasonably) feel this is necessary for security or clinical safety purposes.
k) We will use our reasonable efforts to ensure that the MIG remains available (subject to any planned downtime) but we do not offer any warranties or undertakings as to its availability and it is provided on an ‘as is’ basis.
l) You acknowledge that:
- the MIG forms part of a much larger network of systems and solutions that, working together, enable the flow of data as between systems; and
n) You agree that we may download and use your company logo to help promote the partnership of our working relationship, including putting the logo on the homepage of our website.
o) You must ensure that you comply with the SCCI0129 clinical safety standard (see – http://content.digital.nhs.uk/isce/publication/scci0129).
p) We may from time to time need to retrieve messages sent via our live service to check you are using the service correctly, in order to monitor that you are still performing in a manner that you were at the point of the accreditation. These will be held securely and disposed of securely following the validation.
4. Limitation of Liability
a) death or personal injury caused by its negligence;
b) fraud or fraudulent misrepresentation; or
c) any other liability which cannot be limited or excluded by applicable law.
Subject to the proviso above, we shall not be liable whether in tort (including for negligence or breach of statutory duty), contract, misrepresentation, restitution or otherwise, for any:
a) loss (whether direct or indirect) of revenue or profits;
b) loss (whether direct or indirect) of business opportunity;
c) loss (whether direct or indirect) of goodwill or injury to reputation;
d) loss (whether direct or indirect) of anticipated savings;
e) loss (whether direct or indirect) of or corruption to data or information; or
f) indirect, consequential or special loss or damage,
All warranties, conditions and other terms implied by statute or common law are, to the fullest extent permitted by law, excluded.
The obligations in this section 5 shall not apply in relation to:
a) information which is or becomes public knowledge other than as a result of a breach of this section
b)information which you knew prior to the first disclosure to you or which you received from a third party entitled to disclose the same; or
c) information which you are required to disclose by law, any Court of competent jurisdiction, any Government agency or regulatory body lawfully requesting the same or by the regulations of any stock exchange provided that (to the extent not prohibited by law or order of court, government agency or regulatory body or stock exchange regulation) you promptly notify and consult with us in advance in relation to the timing and content of such disclosure.
We may perform an inspection either ourselves (e.g. through an internal auditor) or through an external auditor. You will provide such access and assistance (and access, including, remote access, to the relevant sites, records and/or systems) as we may reasonably require in connection with any inspection or audit.
If an inspection finds material irregularities, errors or non-compliance then, without prejudice to any other remedies available to us, you will promptly remedy the same.
7. Choice of Law and Jurisdiction
This OpenHR Standards schema, examples and associated documentation (the “Schema”) is owned by Egton Medical Information Systems Limited, a company registered in England and Wales (registered number 2117205) and whose registered office is at Fulford Grange, Micklefield Lane, Rawdon, Leeds, LS19 6BA (referred to below as “we”, “us” or “our”)
- not identify or represent any document as being in the ‘OpenHR’ format unless it is in the original OpenHR document format which is produced by using the Schema;
- retain in any OpenHR documents (or any copies of the Schema) all relevant copyright, trade mark, and attribution notices from the Schema; and
Disclaimer of Warranty
Unless required by applicable law or agreed to in writing, we provide the Schema (and licence use of the Copyright) on an “AS IS” basis, without warranties or conditions of any kind, either express or implied, including, without limitation, any warranties or conditions of title, non-infringement, merchantability, or fitness for any particular purpose.
Limitation of Liability
Accepting Warranty or Additional Liability