Terms and Conditions

PHILIPS HEALTHSUITE DIGITAL PLATFORM MASTER SUBSCRIPTION AGREEMENT

This subscription agreement (“Agreement”) is made by and between you (“Client”) and Philips North America, LLC (“Philips”) and is effective on the date that Client accepts these terms as outlined herein.

The Agreement references and fully incorporates the documents found at https://www.hsdp.io/legal.

The Agreement is effective as of the time that Client agrees to the form of Agreement on the HealthSuite Digital Platform website. This Agreement’s terms may be modified by Philips at any time and Philips will provide notice to Client that such terms have changed.

Philips has developed and manages a proprietary cloud-based digital platform, known as HealthSuite Digital Platform (HSDP), that allows customers to develop and run connected healthcare applications and build decision support algorithms and machine learning applications, among other features and functions (as defined further below, the “HSDP Platform”). Client wishes to access and use the HSDP Platform, and Philips is willing to grant such access and use, all in accordance with this Agreement and pursuant to individual Service Orders (defined below) as the parties may sign from time to time under this Agreement.

1. Definitions.

“Acceptable Use Policy” means the Acceptable Use Policy which can be found at https://www.hsdp.io/legal/acceptable-use.

“Affiliate” means, in relation to either party, any legal entity which is directly or indirectly, as of the Effective Date or thereafter: (a) owned or controlled by that party; (b) owning or controlling that party; or (c) owned or controlled by the legal entity owning or controlling that party, but in each case any such legal entity shall only be considered an Affiliate for as long as such ownership or control exists. For the purpose of this definition, an entity is controlled if more than fifty percent (50%) of its voting stock is owned by the controlling entity or if such controlling entity has the ability to direct the business activities of the entity or to appoint the majority of the directors of the entity concerned.

“API” means any application programming interface(s) of Philips or any third party (that may consist of code, instructions and/or other data and information), as may be made available to Client by Philips from time to time in its discretion, and that are intended to permit a Client Application to interface with the HSDP Platform.

“Applicable Laws” means all laws, ordinances, rules, regulations, orders, licenses, permits, judgments, decisions or other requirements of any governmental authority in any territory that has jurisdiction over the parties, whether those laws, etc., are in effect as of the Effective Date or later come into effect during the term of this Agreement.

“Client Application” means the software or application that Client uploads to the HSDP Platform as permitted herein.

“Client Data” means: (a) any and all information, data, materials, works, expressions or other content uploaded, submitted, posted, transferred, transmitted or otherwise provided or made available through a Client Application for processing by or through the HSDP Platform; and (b) any and all information, data, materials, works, expressions or other content, collected, downloaded or otherwise received by Philips from a User through the HSDP Platform for Client’s use in a Client Application pursuant to this Agreement or any Service Order.
“Client Materials” means Client Data and Client Applications, collectively.

“HIPAA” means the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations, including the Privacy Rule and Security Rule, and guidance issued by the Secretary of the Department of Health and Human Services, all as amended from time to time.

“HITECH Act” means Subtitle D of the Health Information Technology for Economic and Clinical Health Act (as incorporated in Title XIII of the American Recovery and Reinvestment Act of 2009 and to be codified at 42 U.S.C. §17921-17954) and its implementing regulations and guidance issued by the Secretary of the Department of Health and Human Services, all as amended from time to time.

“HSDP Materials” means all command line tools, devices, documents, data, know-how, methods, processes, sample code, software, software libraries, and other inventions, works, technologies and materials, including any and all Service software, computer hardware, programs, reports and specifications, client software and deliverables provided or used by HSDP in connection with running, maintaining and providing access to the HSDP Platform.

“HSDP Platform” means Philips’ proprietary HealthSuite digital platform (HSDP), including software-based services and tools, as may be further described in a Service Order, that is made available by Philips to Client hereunder, including all content therein (other than Client Materials) and related materials and documentation, and any upgrades, updates and derivative works of any of the foregoing.

“Philips Policies” means, collectively, the HSDP Information Security Policy, the Philips Business Continuity Policy, and the Service Level Agreement.

“Professional Services” means those ancillary services provided by Philips in connection with the delivery of Services to the Client but invoiced as a separate line item from the Services itself such as, by way of example, set up, implementation, training, customization and other professional services.

“Service Order Form” means a service order signed or otherwised agreed upon by both Philips and Client that identifies the HSDP Platform that Philips will make available to Client on a subscription basis pursuant to this Agreement (including applicable fees and charges, the applicable Client Application(s), the Subscription Period, and such other terms as the parties may agree).

“Subscription Period” means the term of Client’s subscription to the HSDP Platform (including any trial period) as identified in a Service Order.

“User” means an employee, contractor, [or customer] that Client authorizes to access the HSDP Platform on behalf of Client. For avoidance of doubt, an entity or person solely authorized to use the Client Application, shall not be considered a User hereunder.

2. Scope.

2.1 Access to the HSDP Platform.
Subject to Client’s compliance with the terms of this Agreement (including the Acceptable Use Policy), Philips hereby grants to Client a nonexclusive, limited, nontransferable, non-sublicensable, right to access and use the HSDP Platform for the term of the applicable Subscription Period and in strict accordance with this Agreement. Client may copy (but not modify) and distribute internally HSDP documentation solely as reasonably necessary to support its activities under the foregoing subscription. Client will use the HSDP Platform only to host or develop Client Applications on behalf of itself and its customers and not for any other third party. Client is solely responsible for all use (whether or not authorized) of the HSDP Platform and HSDP Materials under its account, and for the quality and integrity of data that it uploads to the HSDP Platform. Except as otherwise expressly agreed in writing between the parties, Philips is not responsible for ensuring that the HSDP Platform, or any portion thereof, is in compliance with Client’s criteria for legal or regulatory compliance. Client will promptly notify Philips if Client becomes aware of any breach of the terms of this Agreement that may affect the HSDP Platform, Philips, or other Philips customers.

2.2 Users.
Client shall ensure that Users comply with the terms of this Agreement and that the terms of Client’s agreements with each User are no less protective of Philips than those outlined in this Agreement. As between Client and Philips, Client will be solely responsible and liable for the acts and omissions of Users. Client will take all reasonable precautions to prevent unauthorized access to or use of the HSDP Platform and notify Philips promptly of any such unauthorized access or use. If Client becomes aware of any violation of its obligations under this Agreement by a User, Client will immediately terminate such User’s access to the HSDP Platform and Client Applications.

2.3 Restrictions.
Client shall not use, or allow others to use, the HSDP Platform in any manner other than as expressly allowed in this Agreement. Client may not, and shall ensure that its personnel and contractors do not: (a) reverse engineer, decompile, disassemble, re-engineer or otherwise create or attempt to create or permit, allow, or assist others to create the source code of the HSDP Platform or its structural framework; (b) sublicense, subcontract, translate or sell any rights to the HSDP Platform, or to use the HSDP Platform to host third party applications (except as expressly agreed to in writing by Philips); (c) use any robot, spider, site search or retrieval mechanism or other manual or automatic device or process to retrieve, index, data mine, or in any way reproduce or circumvent the navigational structure or presentation of the HSDP Platform; (d) harvest or collect information about or from other users of the HSDP Platform; (e) except as expressly agreed in writing by Philips, to probe, scan or test the vulnerability of the HSDP Platform, nor breach the security or authentication measures on the HSDP Platform; (f) access (or attempt to access) the HSDP Platform, its related systems or networks, or administrative interface of the HSDP Platform by any means other than through the interface provided by Philips, nor take any action that imposes an unreasonable or disproportionately large load on the infrastructure of the HSDP Platform; (g) create Internet “links” to the HSDP Platform or “frame” or “mirror” any content therein; (h) engage in any activity that intentionally interferes with or disrupts the integrity or performance HSDP Platform (or the servers and networks connected thereto) or attempt to disable or circumvent any security mechanisms used by Philips or any Philips applications (provided that Client may request in writing to test or have tested the security of the HSDP Platform); (i) use the HSDP Platform in whole or in part for benchmarking purposes, or for any illegal purpose, or any other purpose except as expressly provided under this Agreement (including without limitation allowing any access to or use of the HSDP Platform by any person or entity that is not a User); (j) modify, alter, tamper with, repair, or otherwise create derivative works of the HSDP Platform or any software included with or as part of the HSDP Platform; (k) use, or permit the use of, the HSDP Platform in connection with the development of any product or service that is in direct competition with services or features provided by the HSDP Platform; (l) use or authorize the use of the HSDP Platform in any manner or for any purpose that is unlawful; (m) access the HSDP Platform for the purpose of bringing an intellectual property infringement claim against Philips; (n) develop Client Applications to simulate or act as a single application or otherwise access the HSDP Platform in a manner intended to avoid incurring fees; or (o) facilitate or encourage any violations of this Section 2.3.

2.4 Service Levels.
The HSDP Platform shall comply with the service levels set forth in the Service Level Agreement.

2.5 Client Materials.
Unless otherwise expressly agreed in writing by the parties, Client is solely responsible for the development, content, operation, maintenance, and use of Client Materials. For example, Client is solely responsible for the technical operation of Client Materials, including ensuring that calls Client makes to the HSDP Platform are compatible with each applicable and then-current applicable API and properly handling and processing notices that are sent to Client (or any Client Affiliate) by any person claiming that Client Materials violates such person’s rights, including notices pursuant to the Digital Millennium Copyright Act.

2.6 Client Data.
Philips will use and process Client Data to the extent necessary for the performance of this Agreement and will obtain no rights in such Client Data by virtue of its use under this Agreement. Notwithstanding the foregoing, Philips will also collect Client’s de-identified data that results from the performance of Client Applications, including data related to any error, issue and enhancement and operation of the HSDP Platform, and the data that Philips would have independent of Client’s use of the HSDP Platform (“HSDP Data”) and Client agrees that Philips shall have all rights and ownership with respect to HSDP Data. Client acknowledges that Philips may access Client Data to respond to any technical problems or Client queries and to ensure the proper working of the HSDP Platform, and its access is limited in such purposes.

2.7 API.
If a Service Order provides that Philips will deliver APIs and related materials to Client for purposes of facilitating Client Applications hosted on the HSDP Platform, then the API Terms set forth at https://www.hsdp.io/legal/api-terms shall govern such items and their use.

2.8 Trial Period.
Client may elect to use the HSDP Platform on a trial basis for a period no longer than ninety (90) days from creation of an Client account. During this trial period, Client shall not incur any fees for use of the HSDP Platform and, unless otherwise specified herein, all terms of this Agreement shall apply. If Client wishes to continue they can enter the become a client process online to continue using the HSDP Platform. Notwithstanding anything to the contrary in this Agreement or its attachments, any Client Data uploaded during the trial period may not be accessable after the end of the trial period unless Client has entered into a Service Order Form with Philips.

3. Data Privacy and Security; Business Continuity.

3.1 Privacy and Security.
Philips shall comply with the data privacy and security obligations set forth in the HSDP Information Security Policy.

3.2 Business Continuity.
Philips has and shall maintain a business continuity/disaster recovery plan as set forth in the Philips Business Continuity Policy.

4. Client Obligations.

4.1 Client Responsibilities.
Client will access and use the HSDP Platform in accordance with all Applicable Laws, including pertaining to the protection and disclosure of personally identifiable information.

4.2 Account Security.
Client shall ensure the security of its account ID, password, and connectivity with the HSDP Platform. If any administrative account ID or password is stolen or otherwise compromised, Client shall immediately change the password and inform Philips of the compromise. Philips may change the authorization method for access to the HSDP Platform if it determines in its sole discretion that there are circumstances justifying such changes.

4.3 Client Security and Backup.
Client is responsible for properly configuring and using the HSDP Platform and taking steps to maintain appropriate security, protection, and backup of Client Materials, which may include use of encryption technology to protect Client Materials from unauthorized access and routine archiving of Client Materials. Log-in credentials and private keys generated by the HSDP Platform are for Client’s internal use only and Client may not sell, transfer or sublicense them to any other entity or person, except that Client may disclose its private key to its agents and subcontractors performing work on behalf of Client.

4.4 Suspension.
Philips may immediately suspend provision of the HSDP Platform at any time, without notice to Client and without liability, if: (a) Philips suspects or receives notice that the HSDP Platform or the use thereof actually or allegedly: (i) infringes, misappropriates or violates any third party’s rights; (ii) violates any Applicable Laws; (iii) violates the Acceptable Use Policy; or (iv) poses a security risk or may adversely impact to Philips’ or its third party vendors’ systems, or (b) Client has ceased to operate in the ordinary course, made an assignment for the benefit of creditors or similar disposition of Client’s assets, or become the subject of any bankruptcy, reorganization, liquidation, dissolution or similar proceeding. If Philips suspends provision of or access to the HSDP Platform for any of the foregoing reasons, Client shall remain responsible for all fees and charges Client has incurred through the date of suspension. Philips may suspend Client’s and its users’ access to and use of the HSDP Platform in order to comply with Applicable Laws, or upon having reason to believe that any improper activity or potential damage to Philips-related products or services or other customers is associated with Client’s or its users’ use of or access to the HSDP Platform.

4.5 User Support.
Client is responsible for providing customer service (if any) to Users, and Philips does not provide any support or services to Users.

5. Fees and Payment.

5.1 Fees.
Client shall pay Philips the fees and charges as described in the applicable Service Order and Statement of Work. Philips may change its fees and payment policies for the HSDP Platform by notifying Client at least fifteen (15) days before the beginning of the billing cycle in which such change will take effect.

5.2 Invoices.
Unless set forth otherwise in a Service Order or Statement of Work, Philips shall invoice Client for all fees thirty (30) days in advance, and payments are due on the first day of each calendar month, and in arrears for usage fees incurred in the previous billing cycle. Any outstanding balance becomes immediately due and payable upon termination of this Agreement.

5.3 Payment Terms.
All billing and payment will be in United States dollars only. All fees and payments hereunder are nonrefundable and exclusive of all taxes, including, but not limited to, sales, use, excise, value-added, goods and services, consumption, and other similar taxes or duties (except taxes on the income of Philips), and Client shall pay such taxes, whether federal, state, local, or municipal.

5.4 Philips’ Rights.
Amounts outstanding beyond ten (10) days from the due date will be subject to a late payment charge at the lesser of one and one half percent (1.5%) per month or the highest rate permissible under Applicable Law for the actual number of days elapsed. If Client fails to make payments when due, Philips may, upon ten (10) days notice to Client and without limiting any of its other available remedies, suspend Client’s access and use of the HSDP Platform until such payments are made. To the fullest extent permitted by law, refunds (if any) are at the discretion of Philips and only in the form of credit for the HSDP Platform. Philips is not obligated to extend credit. Client acknowledges and agrees that any credit card and related billing and payment information that Client provides to Philips may be shared by Philips with companies who work on Philips’s behalf, such as payment processors and/or credit agencies, solely for the purposes of checking credit, effecting payment to Philips and servicing Client’s account. Philips may also provide information in response to valid legal process, such as subpoenas, search warrants and court orders, or to establish or exercise its legal rights or defend against legal claims. Philips shall not be liable for any use or disclosure of such information by such third parties.

6. Term and Termination.

6.1 Term.
The term of this Agreement will commence on the Effective Date and continue through the last-to-expire of the Subscription Periods unless and otherwise terminated in accordance with this Section 7.

6.2 Termination.
Either party may terminate this Agreement or a Service Order or a Statement of Work if the other party commits any material breach of this Agreement or Service Order or Statement of Work, respectively, and fails to remedy such breach within fifteen (15) days after notice of such breach. Philips may also terminate access to the HSDP Platform immediately if: (a) Client violates (or gives Philips reason to believe it has violated) any provision of the Acceptable Use Policy; (b) Client is in breach of Section 6 (Fees and Payment); (c) if Philips determines, in its sole discretion, that its provision of any of the HSDP Platform is prohibited by Applicable Law, or has become impractical or unfeasible for any legal or regulatory reason; or (d) subject to Applicable Law, upon Client’s liquidation, commencement of dissolution proceedings, disposal of Client assets or change of control, a failure to continue business, assignment for the benefit of creditors, or if Client become the subject of bankruptcy or similar proceeding. If all Service Orders and Statements of Work under this Agreement have expired or been terminated, then either party may terminate this Agreement for convenience by notice to the other party. Termination of this Agreement shall automatically terminate each outstanding Service Order and Statement of Work.

6.3 Effect of Termination or Expiration.
Upon expiration or termination of this Agreement or a Service Order, Client will notify Users that their access to the HSDP Platform has terminated, and Philips may withhold, remove or discard any content, data, or other information that Users post or upload to the HSDP Platform. Philips is not obligated to store, maintain or provide a copy of any content or data that Client or Users made available or provided when using the HSDP Platform. Upon expiration or termination of a Service Order, Client’s right to access or use the HSDP Platform under the terminated Service Order shall immediately cease. Client’s payment obligations, and Sections 1-4,6-8 and 10-14 will survive expiration or termination of this Agreement.

7. Ownership.

7.1 Reservation of Rights.
As between the parties, Philips (including its Affiliates) exclusively owns and reserves all right, title and interest of all copyrights, patents, trademarks, trade secrets, know-how, databases, trade names, trademarks, service marks, titles, and logos, and any goodwill appurtenant thereto and other intellectual property rights relating to or residing in the HSDP Platform, HSDP Materials, and Philips’s Confidential Information, and any updates, improvements, modifications and enhancements (including error corrections and enhancements) to any of the foregoing, and all derivative works of any of the foregoing, and no right, title or interest in any of the foregoing are transferred to Client as a result of this Agreement or Client’s access to or use of such items. The parties further agree that Philips, by providing the HSDP Platform hereunder, in no way asserts or acquires any ownership interest in Client Materials or Client’s Confidential Information. Nothing in this Agreement will be deemed to grant, by implication, estoppel, or otherwise, a license under any of Philips’ or its licensors’ existing or future rights. Products acquired for use within or for any United States federal agency are provided with “LIMITED RIGHTS” and “RESTRICTED RIGHTS” as defined in DFARS 252.227-7013 and FAR 52.227-19. During and after the term of this Agreement, Client will not assert, nor will Client authorize, assist, or encourage any third party to assert, against Philips or any of its Affiliates, customers, vendors, business partners, or licensors, any patent infringement or other intellectual property infringement claim regarding any Philips products or services that Client has used in connection with this Agreement, including the HSDP Platform, and Client will not contest or assist others in contesting the validity of any of Philips’ rights.

7.2 Client Name.
Philips, in its sole discretion, may use Client trade names, trademarks, service marks, logos, domain names and other distinctive brand features in presentations, marketing materials (including on the Philips web site and in Philips’s collateral marketing materials relating to the HSDP Platform), customer lists, financial reports, use cases, and web site listings (including links to Client website) for the purpose of advertising or publicizing Client’s use of the HSDP Platform, provided Philips uses Client’s name and logo in such form as provided by Client to Philips for such purpose.

7.3 Feedback.
Client may choose to provide to Philips or Philips may invite Client to submit comments or ideas about the HSDP Platform or other products or services provided to Client hereunder, including without limitation about how to improve the HSDP Platform or related products and services (“Feedback”). By submitting Feedback, Client agrees that its disclosure is gratuitous, unsolicited and without restriction and will not place Philips under any fiduciary or other obligation, and that Philips is free to use the Feedback without any compensation or accounting to Client, and to disclose the Feedback on a non-confidential basis or otherwise to anyone.

7.4 Client Data.
As between the parties, Client has and shall retain sole and exclusive title and ownership of all Client Materials. Client grants to Philips a limited and nonexclusive license to use, copy, modify, distribute and display Client Materials for purposes of providing the HSDP Platform and related services to Client in accordance with this Agreement and as otherwise expressly authorized by this Agreement.

8. HSDP Platform Specifications and Requirements.

As between the parties, Client is responsible for obtaining and maintaining all computer hardware, software, communications and office equipment needed to access and use the HSDP Platform, and for paying all associated third-party access charges. Philips may monitor any and all use of the HSDP Platform by Client and its users. Philips may make upgrades and improvements to the HSDP Platform available to Client from time to time. Philips may, at any time, modify the HSDP Platform, or delete or substitute old features with new features, including as may be necessary to meet Applicable Laws or industry-standard requirements or demands or requirements of third party service providers.

9. Confidentiality.

9.1 Confidential Information.
Each party acknowledges and understands that all information that one party receives or is otherwise obtained by the other, its Affiliates, employees, representatives or other agents during the term of this Agreement (the “Receiving Party”) from, or on behalf of, the other party (the “Disclosing Party”) (or any of its Affiliates or their respective customers and clients) which is marked confidential or should reasonably be understood to be confidential because, without limitation, the disclosure of such information could result in competitive or other disadvantage to the Disclosing Party, shall be deemed “Confidential Information”. Confidential Information may include, but is not limited to: (a) documents, records, communications, reports, forecasts, projections, product and service specifications, risk management strategies, regulatory matters and related strategies, formulae and algorithms, designs, pricing methods and policies, processes, methods of operation, techniques, procedures, tools, business opportunities and strategies, proposals, personnel information, policies, trade secrets, ideas, concepts, know-how, intangible rights, inventions, research and development, source code, systems, architecture, computer programs and database technologies, proprietary programs or initiatives, and such other trade secrets or information as may be supplied by or on behalf of the Disclosing Party and which is not generally ascertainable from public or published information; (b) non-public business, operational or financial results and projections, product development initiatives, expansion plans and revenue and expense information; and (c) information which a reasonable person should know is confidential. The HSDP Platform and HSDP Materials constitute Philips’ Confidential Information.

9.2 Exceptions.
The term Confidential Information shall not include any information that is: (a) already known to the Receiving Party at the time of the disclosure; (b) publicly known at the time of the disclosure or becomes publicly known through no wrongful act or failure of the Receiving Party; or (c) subsequently disclosed to the Receiving Party on a non-confidential basis by a third party not having a confidential relationship with the Disclosing Party, provided that such third party rightfully acquired such information. A disclosure of Confidential Information shall not be a violation of this provision if it is legally compelled to be disclosed pursuant to a subpoena, summons, order or other judicial or governmental process, provided the Receiving Party provides prompt notice of any such subpoena, order, etc. to the Disclosing Party so that such party will have the opportunity to reasonably allow for an opportunity for the Disclosing Party to secure an appropriate protective order or other measure limiting disclosure. The Receiving Party shall cooperate with the Disclosing Party, at the Disclosing Party’s cost and expense, in Disclosing Party’s reasonable, lawful efforts to resist, limit or delay disclosure. Disclosure of any of the Confidential Information under the circumstances described in the preceding sentence shall not be deemed to render such Confidential Information as non-confidential and Receiving Party’s obligations with respect to such Confidential Information shall not be changed or lessened by virtue of any such disclosure.

9.3 Obligations.
Both parties shall maintain as confidential and shall not disclose (except to those Affiliates, employees, attorneys, accountants and other advisors, agents or subcontractors (“Representatives”) on a need-to-know basis and who have in turn been advised of and are bound by confidentiality obligations consistent with this Agreement), copy, or use for purposes other than in connection with performance of this Agreement, the other party’s Confidential Information. Each party agrees to protect the other party’s Confidential Information with the same degree of care a reasonably prudent person would exercise to protect its own confidential information and to prevent the unauthorized, negligent, or inadvertent use, disclosure, or publication thereof. Each party shall be liable under this Agreement to the other for any use or disclosure in violation of this Agreement by its Representatives.

10. Warranties and Disclaimer.

10.1 Client Warranties.
Client represents and warrants and covenants that: (a) it has all rights, licenses and clearances necessary to use the HSDP Platform; (b) the HSDP Platform shall be accessed by Client and its authorized users only; (c) Client will comply with all Applicable Laws with respect to its and its users’ access and use of the HSDP Platform; (d) Client has received all third party consents and certifications necessary for the transmission of Client Materials to the HSDP Platform, and to allow Philips to use Client Materials as permitted herein; and (e) except to the extent caused by the HSDP Platform or Philips, Client Applications and all associated services, products, materials, uploaded data, content, and information used by Client in connection with this Agreement as well as Client’s access to and use of the HSDP Platform do not, and will not, during the term of this Agreement operate in any manner that would violate any Applicable Laws, including those under HIPAA and the HITECH Act.

10.2 Disclaimers.
PHILIPS HEREBY DISCLAIMS ANY AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, TITLE, NON-INFRINGEMENT, NON-INFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE, WITH RESPECT TO ALL MATTERS RELATING TO THIS AGREEMENT. ALL SERVICES AND MATERIALS AND THE HSDP PLATFORM ARE PROVIDED “AS IS” TO THE FULLEST EXTENT PERMITTED BY LAW. PHILIPS DOES NOT REPRESENT THAT ITS PRODUCTS OR SERVICES OR THE HSDP PLATFORM WILL MEET CUSTOMER’S REQUIREMENTS OR THAT OPERATION OF THE HSDP PLATFORM WILL BE UNINTERRUPTED OR ERROR FREE, OR THAT ERRORS OR DEFECTS CAN BE CORRECTED. TO THE EXTENT ANY SUCH DISCLAIMER CONFLICTS WITH APPLICABLE LAW, THE SCOPE AND DURATION OF ANY APPLICABLE WARRANTY WILL BE THE MINIMUM PERMITTED UNDER SUCH LAW. CUSTOMER ACKNOWLEDGES THAT PHILIPS IS NOT RESPONSIBLE FOR THE INTEGRITY OF DATA AND INFORMATION, INCLUDING WITHOUT LIMITATION, CUSTOMER CONTENT, INCLUDING COMPLETENESS, ACCURACY, VALIDITY, AUTHORIZATION FOR USE AND INTEGRITY OVER TIME, AND PHILIPS SHALL NOT BE RESPONSIBLE FOR ANY LOSS, DAMAGE OR LIABILITY ARISING OUT OF CUSTOMER MATERIALS, INCLUDING ANY MISTAKES CONTAINED IN CUSTOMER DATA OR THE USE OR TRANSMISSION OF CUSTOMER DATA. CUSTOMER ACCEPTS SOLE RESPONSIBILITY FOR, AND ACKNOWLEDGES THAT IT EXERCISES ITS OWN INDEPENDENT JUDGMENT IN, ITS SELECTION AND USE OF CUSTOMER MATERIALS AND ANY RESULTS OBTAINED THEREFROM. PHILIPS DOES NOT ENDORSE, SUGGEST, ADVOCATE, CONTROL, OR OTHERWISE REQUIRE THAT THE HSDP PLATFORM IS USED BY CLIENT AND THEREFORE, CLIENT UNDERSTANDS AND ACKNOWLEDGES THAT EVEN IF ANY OF THE HSDP PLATFORM CONTRIBUTES IN PART TO ANY INTELLECTUAL PROPERTY INFRINGEMENT, PHILIPS IS NOT DIRECTLY OR INDIRECTLY LIABLE UNDER ANY THEORY OF LAW.

11. Indemnification.

11.1 By Philips.
11.1.1 Philips, at its own expense, shall: (a) defend, or at its option settle, any claim, suit or proceeding brought by a third party against the Client or its officers, directors, employees and agents to the extent alleging that the HSDP Platform (other than Client Materials) infringes such third party’s intellectual property right (a “Claim”) and (b) pay any final and non-appealable judgment entered or settlement against Client on such Claim; provided, however, that Philips shall not be responsible for any compromise or settlement made without its prior consent.

11.1.2 Philips will only have obligations and liability for a Claim caused solely by the infringement of a third party’s (and not an Affiliate of Client) intellectual property rights solely by the HSDP Platform where there are no obligations or liability for infringement by combinations of the HSDP Platform with any other product, service, software, data or method not supplied by Philips, including any third party content (not owned by Philips) that may be accessible on the Platform. Further, Philips will have no obligations or liability for a Claim arising from: (a) Client’s or any User’s use of the HSDP Platform after Philips has notified Client to discontinue such use; (b) any unauthorized use or modification of the HSDP Platform; (c) any use of the HSDP Platform, or any other act, by the Client or a User, that is in breach of this Agreement; (d) any claim of inducement or contributory infringement; or (e) any claim of willful infringement directed at anyone other than Philips.

11.1.3 In addition, if the HSDP Platform is or may become the subject of a Claim, Philips may, at its option: (i) modify or replace the affected parts so the HSDP Platform become non-infringing or (ii) if the foregoing cannot reasonably be accomplished, terminate this Agreement and refund Client for any prepaid and unused fees. Philips shall have no obligation with respect to any infringement claim based upon Client’s or its users’ combination, operation or use of the HSDP Platform with non-Philips information or services if the infringement claim would have been avoided had such combination, operation or use not occurred. Where infringement claims arise with respect to third party products, Philips’s sole obligation is to pass through to Client any indemnity that may be available to Client under the terms and conditions of the agreement between Philips and such third party vendor. THIS SECTION STATES THE ENTIRE LIABILITY OF PHILIPS FOR ANY INFRINGEMENT INVOLVING THE HSDP PLATFORM.

11.2
By Client. Client will indemnify, hold harmless and, if instructed by Philips in writing, defend, Philips and its Affiliates and its and their licensors, suppliers, officers, directors, employees and agents, from and against any and all liabilities, costs, damages, claims and expenses, including reasonable attorneys’ fees, arising from or related to any actual or alleged: (a) breach of this Agreement by Client and/or its users; (b) Client’s and its users’ use of the HSDP Platform or any component thereof; (c) negligent act or omission or willful misconduct of Client or its users; (d) Client’s and users’ activities under this Agreement and Client’s or Users’ acts or omissions in connection with the provision and access and use of the HSDP Platform, including without limitation, any intellectual property or privacy claims relating to Client Materials or the use, development, design, production, advertising or marketing of Client Materials; (e) claim of personal injury or product liability related to the use of the Client Application; and/or (f) dispute between Client and its users or Client and its employees, agents and/or contractors, provided, however, that Client shall not be obligated to indemnify Philips or its Affiliates to the extent the claim is directly caused by Philips’s gross negligence, willful misconduct, and/or breach of this Agreement.

11.3
Process. Each party’s indemnification obligation under this Section 12 is conditional upon: (a) the indemnified party (“Indemnified Party”) promptly notifying the indemnifying party (“Indemnifying Party”) of any claim; (b) the Indemnifying Party having sole and exclusive authority to control and direct the investigation, preparation, defense and settlement of the claim (provided that the Indemnifying Party will obtain the Indemnified Party’s consent in connection with any act or forbearance required by the Indemnified Party, which consent will not be unreasonably withheld); and (c) the Indemnified Party fully cooperating with the Indemnifying Party, at the Indemnifying Party’s expense, in such defense and settlement. The Indemnified Party shall have the right, at its cost, to employ counsel of its choice to participate in the defense of such claim.

12. Limitations of Liability.

UNDER NO CIRCUMSTANCES AND UNDER NO LEGAL THEORY, WHETHER IN TORT, CONTRACT, OR OTHERWISE, WILL PHILIPS OR ITS AFFILIATES OR SUPPLIERS OR LICENSORS BE LIABLE TO CUSTOMER OR ITS AFFILIATES OR ANY OTHER THIRD PARTY FOR ANY INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL OR PUNITIVE DAMAGES OF ANY CHARACTER, INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF GOODWILL, LOST PROFITS, LOST SALES OR BUSINESS, WORK STOPPAGE, COMPUTER FAILURE OR MALFUNCTION, LOST DATA, OR FOR ANY AND ALL OTHER DAMAGES OR LOSSES, EVEN IF PHILIPS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. UNDER NO CIRCUMSTANCES AND UNDER NO LEGAL THEORY, WHETHER IN TORT, CONTRACT, OR OTHERWISE, WILL PHILIPS OR ITS AFFILIATES OR SUPPLIERS OR LICENSORS BE LIABLE TO CUSTOMER OR ITS AFFILIATES OR ANY THIRD PARTY FOR ANY DIRECT DAMAGES, COSTS, OR LIABILITIES IN EXCESS OF THE AMOUNTS PAID BY CUSTOMER UNDER THE SERVICE ORDER OR STATEMENT OF WORK (AS APPLICABLE) UNDER WHICH THE LIABILITY AROSE DURING THE TWELVE (12) MONTHS PRECEDING THE INCIDENT OR CLAIM.

13. General.

13.1 Assignment.
Neither party may assign this Agreement without the prior written consent of the party; except that (i) either party may, without the prior written consent of the other party, assign this Agreement to an entity that acquires all or substantially all of its assets or business related to the subject matter of this Agreement, and (ii) Philips may, without the prior written consent of the other party, assign this Agreement to an Affiliate. Any attempted assignment, delegation, or transfer by Client in violation hereof will be null and void. This Agreement shall bind the parties’ successors and permitted assigns.

13.2 Force Majeure.
Except with respect to Client’s payment obligations, a party is not liable under this Agreement for non-performance caused by events or conditions beyond that party’s control if the party makes reasonable efforts to perform. Either party may terminate this Agreement on written notice to the other party if such event continues more than 30 thirty (30) days.

13.3 Governing Law.
This Agreement shall be governed by and construed in accordance with the internal laws of the Commonwealth of Massachusetts without reference to the conflict of laws provisions thereof and, for avoidance of doubt, without reference to the UN Convention on the International Sale of Goods. For any disputes relating to the interpretation, execution or enforcement of this Agreement or arising from the dealings between Philips, Client and any third parties under this Agreement shall be dealt with under the exclusive jurisdiction and venue of the courts of the Commonwealth of Massachusetts, and the parties irrevocably submit for all purposes to the jurisdiction of each such court.

13.4 Disputes.
The parties will attempt to resolve any dispute related to this Agreement through good faith and informal negotiations. If initial negotiation does not resolve the dispute, each party will escalate the dispute to the executive sponsor of this Agreement to attempt to resolve the dispute. If the parties are unable to resolve the dispute through negotiation, the parties will select a mutually agreed mediator in a mutually agreed location to attempt to resolve the dispute. In the event of any adjudication of any dispute under this Agreement, the prevailing party in such action may seek to recover reimbursement of its attorneys’ fees and related costs by the other party.

13.5 Independent Contractors.
Client and Philips are independent contractors and nothing in this Agreement will be deemed to create any agency, employee-employer relationship, partnership, or joint venture between the parties. Each party will be solely responsible for all of its employees and agents and its labor costs and expenses arising in connection therewith and for any and all claims, liabilities or damages or debts of any type whatsoever that may arise on account of its activities, or those of its employees or agents, in the performance of this Agreement. Neither party will have or represent that such party has the right, power or authority to bind, contract or commit the other party or to create any obligation on behalf of the other party.

13.6 Notices.
Any notice or consent required or permitted to be given under this Agreement will be given in writing to the party at the address specified in this Agreement by personal delivery, certified mail, return receipt requested, or by overnight delivery and will be effective upon receipt. Notices to Philips should be sent to the attention of its General Counsel. Email notices shall not suffice under this Section.

13.7 Unenforceability.
If any provision of this Agreement is held by a court of law or other tribunal of competent jurisdiction to be illegal, invalid, or unenforceable, the legality, validity, and enforceability of the remaining provisions of this Agreement will not be affected or impaired thereby and the illegal, invalid, or unenforceable provision will be deemed modified to the minimum extent necessary such that it is legal, valid, and enforceable and accomplishes the intention of the parties to the fullest extent possible, and, in any event, the remainder of this Agreement will continue in full force and effect.

13.8 Modification and Waivers.
No modification or amendment to this Agreement, nor any waiver of any rights, will be effective unless consented to in a writing signed by both parties. Any waiver of any breach or default by either party will not constitute a waiver of any other right or any subsequent breach or default. Failure or delay by either party to enforce any provision of this Agreement will not be deemed a waiver of future enforcement of that or any other provision.

13.9 Export Law Compliance.
Client shall comply with all applicable export and re-export control laws and regulations, including the Export Administration Regulations maintained by the United States Department of Commerce, in performing this Agreement. Client shall not, directly or indirectly, sell, export, re-export, transfer, divert, or otherwise dispose of any software, source code, or technology (including products derived from or based on such technology) received from or made available by Philips under this Agreement to any country (or national thereof) subject to antiterrorism controls or U.S. embargo, or to any other person, entity, or destination prohibited by the laws or regulations of the United States, without obtaining prior authorization from the competent government authorities as required by those laws and regulations. Client agrees to indemnify, to the fullest extent permitted by law, Philips from and against any fines or penalties that may arise as a result of Client’s breach of this provision.

13.10 Equitable Remedies.
Each party acknowledges that a breach of its obligations under this Agreement could cause irreparable harm to the other party and that monetary damages may be difficult to ascertain. Therefore, without prejudice to the rights and remedies otherwise available to it, each party shall be entitled to receive relief by way of injunction or specific performance in any court of competent jurisdiction without the need of posting a bond or other security.

13.11 No Third Party Beneficiaries.
This Agreement is made and entered into for the sole protection and benefit of the parties hereto, and no other person or entity shall be a direct or indirect beneficiary of, or shall have any direct or indirect cause of action or claim in connection with this Agreement, including any Affiliate of any party.

13.12 Remedies Cumulative.
The enumeration herein of specific remedies shall not be exclusive of any other remedies. Any delay or failure by any party to this Agreement to exercise any right, power, remedy or privilege herein contained, or now or hereafter existing under any applicable statute or law, shall not be construed to be a waiver of such right, power, remedy or privilege, nor to limit the exercise of such right, power, remedy, or privilege, nor shall it preclude the further exercise thereof or the exercise of any other right, power, remedy or privilege.

13.13 Entire Agreement.
This Agreement, together with the Acceptable use Policy, the API Terms, the Philips Policies, and each Service Order and Statement of Work, supersedes all prior and contemporaneous proposals, statements, sales materials or presentations and agreements, oral and written relating to the subject matter of this Agreement. If a provision in the main body of this Agreement directly conflicts with a provision in a Service Order or Statement of Work, the conflicting provision in the Service Order or Statement of Work will supersede for purposes of such Service Order or Statement of Work only; provided, however, that no Service Order may supersede the provisions of Section 11 (Indemnification) or Section 12 (Limitation of Liability). No oral or written information or advice given by Philips, its agents or employees will create a warranty or in any way increase the scope of the warranties in this Agreement. There will be no force or effect to any different or additional terms of any related purchase order or similar form even if signed by the parties, and terms on a purchase order, payment document, or other document submitted by Client shall be void and have no force or effect.

13.14
Counterparts. This Agreement may be executed in two or more counterparts, each of which will be deemed an original, but all of which together shall constitute one and the same instrument.

-----------------------------------

API TERMS

These API Terms are made pursuant to that certain Philips HSDP Master Subscription Agreement entered into by and between Philips and Client (“Agreement”). Capitalized terms used but not defined in these API Terms have the meanings ascribed to them in the Agreement.

Definitions

“API Key” means the unique string identifying each Client Application and/or Client as a user of an API, assigned by Philips to Client in Philips’ discretion, to enable Client to access and/or use such API. The API Key may include separate “keys” for development purposes (each a

“Development Key”) and production purposes (each a “Production Key”), and/or other unique identifier(s) assigned by Philips to each Client Application and/or Client.

“API Marks” means the trade names, trademarks, service marks and associated logos of Philips.

“API Materials” means any and all of the API, the API Key, and the Specifications (including any copies, portions, extracts and derivatives thereof) and any related materials (excluding the API Marks) made available by or on behalf of Philips to Client pursuant to this Agreement or otherwise in connection with the API.

“HealthSuite Data” means any data, content, materials and other information (including accompanying metadata) that at any time is transmitted to or from, stored on, or accessible through the HSDP Platform, or is otherwise made available by Philips to Client in connection with the HSDP Platform.

“Profile” means a defined category specified by Philips with which User Data may be associated.

“Specifications” means any specifications and documentation related to the API that Philips may make available from time to time in its discretion, and includes any software code (other than the API Key) that Philips may make available specifically for the purpose of enabling a Client Application to access or use the API or to permit a Client Application to interface with the HSDP Platform (for example, code to be embedded in a Client Application to facilitate communication through the API or with the HSDP Platform).

“User Data” means any HealthSuite Data collected from Users (whether by Philips, Client or third parties), including any such data that identifies or can be used to identify an individual.

1. API License.

Subject to the terms of this Agreement and the Specifications, Philips grants to Client a limited, revocable, nonexclusive, non-sublicensable, non-transferable, non-assignable right, solely while this Agreement is in effect: (a) to access and use the API Materials owned by Philips (the “HSDP API Materials”) solely to develop Client Applications for such purposes as may be: (i) set forth in the Specifications and/or any Service Order or Statement of work and/or (ii) communicated by Philips in writing from time to time in its discretion (such development activities, “Development”) and (b) to use the API Key that may be generated, activated and provided to Client by Philips, in Philips’ discretion, solely to access an applicable API owned by Philips (an “HSDP API”) as made available to Client by Philips, or to permit Client Applications to interface with the HSDP Platform, solely as described in the Specifications and/or any Service Order or Statement of Work. Notwithstanding anything to the contrary herein, Client’s rights in and to any API Materials owned by third parties are limited to the rights granted to Client by such third parties. API Keys may be subject to activation, suspension and/or deactivation by Philips to ensure usage consistent with this Agreement and all applicable requirements, and for any other reason in Philips’ discretion. API Materials and HealthSuite Data (including User Data and other personal or personally identifiable information) constitute Confidential Information of Philips. Notwithstanding anything to the contrary in this Agreement, nothing in Section 10 of the Agreement (Confidentiality) shall apply to the extent that it would constitute a control over the end use of any HealthSuite Data supplied by the U.S. Department of Health and Human Services (HHS) and transmitted to Client using an HHS API.

2. Application Integration Environment.

Notwithstanding anything to the contrary herein, Client may only conduct Development authorized by this Agreement against Philips’ designated application integration environment, as made available by Philips to Client for such purposes (such environment, the “AIE”). Client may not conduct Development against any production version of the HSDP Platform, or otherwise in Philips’ production environment. If Philips provides Client with a Development Key, Client may use only such Development Key (and not any Production Key) in connection with any Development. Client may not use, request, receive, provide or transmit any HealthSuite Data or any other “live” data (including Client Data and any real credit card or other payment information or any other personal or personally identifiable information) in connection with any Development or the AIE.

3. Client Application Submission.

Notwithstanding anything to the contrary herein, Client shall submit all Client Applications to Philips prior to any use of such Client Application (or any related API Key or other API Materials) with the HSDP Platform or otherwise in Philips’ production environment. By submitting a Client Application to Philips, Client represents and warrants that such Client Application complies with this Agreement and the Specifications and, if applicable, a Service Order or Statement of Work. Client shall not hide, misrepresent or obscure any features, content, services or functionality in such Client Application. Philips shall have the right (but not the obligation) to review and test such Client Application, and reserves the right to delay the activation of any API Key for such Client Application until the completion of any such review and testing. Client shall provide any materials, data and other information as may be requested by Philips to confirm that such Client Application complies with this Agreement and the Specifications and, if applicable, the applicable Service Order or Statement of work. Philips may reject any Client Application for any reason and at any time (including at any time after the activation of an API Key for such Client Application), in its sole discretion. Upon any change to a Client Application or any API Materials that affect a Client Application, Client shall resubmit such Client Application to Philips pursuant to this Section 3.

4. Restrictions.

4.1 General.
Client may use only those API Materials that are provided by Philips to Client. Client may not use any key or means of access to the API other than the API Key provided by Philips to Client. Client may not permit or enable any third party to use or access any API Materials. Except as otherwise expressly permitted in this Agreement, Client will not, and Client will not permit or enable a Client Application or any third party to: (a) use any API Materials for any purpose or in any manner other than expressly permitted in Section 1 of these API Terms; (b) rent, sell, lease, lend, convey, redistribute or otherwise provide any third party with access to any API Materials; (c) modify, decompile, reverse engineer, alter, tamper with or create derivative works of any API Materials; (d) falsify or alter the API Key or otherwise obscure or alter the sources of queries coming from a Client Application; or (e) access legacy or internal application programming interfaces or data feeds that are used by Philips but that are not available or intended by Philips to be available through the API. Client will cause all API calls made by a Client Application to include Client’s API Key.

4.2 Conformance and Noninterference.
Client will cause each Client Application and Client’s use of the API to conform with and not interfere with, circumvent, or render ineffective: (a) the Specifications and any other policies, terms and conditions that govern access to and/or use of the API (including any terms and conditions of any applicable Service Order or Statement of Work) and (b) any restrictions implemented in connection with the API, including any geographically-based restrictions (e.g., geo-blocking or reverse-IP lookup). Client will not, and Client will not permit or enable a Client Application or any third party to, interfere with the proper workings of any API Materials or the HSDP Platform, or create or distribute any service or application that adversely affects the functionality or performance of any API Materials, the HSDP Platform, or any websites, products or services of Philips or any of its Affiliates, licensors, suppliers (including suppliers of HealthSuite Data and API Materials), business partners or customers. Philips may, in its sole discretion, set and change quotas and other limits on API usage, which may include the number of calls Client may make to the HSDP Platform or otherwise using the API during a particular period, the minimum required time between any such calls, and/or the maximum file size that may be transmitted to or from the HSDP Platform or otherwise using the API. Client will not, and Client will not permit or enable a Client Application or any third party to, exceed or circumvent any such quotas or limits, including by aggregating accounts or obtaining multiple API keys. Without limiting the foregoing, Client will not use the API in a manner that exceeds reasonable request volume or constitutes excessive or abusive use.

4.3 Responsibility and Compliance.
Client is responsible for all activities that occur using the API Key or any Client Application, regardless of whether those activities are undertaken by Client, a User, or any other person or entity. Client will not, and Client will not permit or enable a Client Application or any third party to, access or use any API Materials or access, transmit, receive or use any HealthSuite Data in a manner or for a purpose: (a) that violates any Applicable Laws or privacy policy; (b) that violates Philips’ intellectual property rights or any third party’s intellectual property or other rights; (c) that a User would reasonably consider to be deceptive, unethical, false or misleading; or (e) that is inconsistent with this Agreement, the Specifications or any Service Order. Client will not use any marketing material or documentation that refers to Philips or its products or services without receiving written prior approval from Philips.

4.4 Security and Harmful Code.
Client will ensure that each Client Application contains protections that are adequate to keep secure and prevent the interception of any data transmitted to and from such Client Application or the HSDP Platform. Client will ensure that each Application transmits data with a protocol at least as secure as 128-bit SSL encryption, and in any event with protocols that are at least as secure as those being accepted by the API and/or the HealthSuite Platform. Client will not attempt to circumvent any security measures or technical limitations of the API and/or the HealthSuite Platform. Client will immediately notify Philips of any security deficiencies (including without limitation any actual or suspected theft, loss or misuse of data or actual or suspected vulnerabilities that may result in a theft, loss or misuse of data) that Client discovers or suspects in connection with the API, any Application or HealthSuite Data, such notification to be made via the contact information provided on the HealthSuite Platform’s developer website, as currently located at https://www.hsdp.io.

Client will not include (or permit to be included) in or in connection with a Client Application any spyware, malware, virus, worm, trojan horse or other malicious or harmful code, or any software application not expressly and knowingly authorized by each applicable User prior to being downloaded or installed.

5. HealthSuite Data.

Client will only request such HealthSuite Data as is necessary to operate each Client Application and that Philips and the User have authorized Client to request. Client shall comply with all Applicable Laws with respect to HealthSuite Data. Client will delete any and all HealthSuite Data upon request by Philips. In addition, and unless otherwise approved by Philips for a specific Client Application, Client will not, and Client will not permit or enable a Client Application or any third party to: (a) use any automated means (e.g., scraping, crawling, spidering or robots) to access, query or obtain any HealthSuite Data or (b) except as expressly permitted by the Specifications, archive, store, modify or replace any HealthSuite Data (including by changing the order in which HealthSuite Data are originally made available by HSDP or intermixing data from sources other than HSDP with personal or personally identifiable HealthSuite Data).

6. HealthSuite Authorization.

Client will ensure that, before each User initially uses a Client Application to access the HSDP Platform, such User: (a) is presented with an authorization request for such Client Application that identifies the Profiles of User Data that the Client Application may access on the HSDP Platform, and that otherwise complies with all Specifications applicable to such authorization requests and (b) has affirmatively granted such authorization. Client will record the dates and times of such authorization for each applicable User and Client Application, and will maintain and make available such records to Philips upon request. Philips may, at any time and without reason or prior notice, require Client to re-obtain such authorization from any or all Users.

7. User Data.

In addition to complying with all terms and conditions imposed with respect to HealthSuite Data and User Data, Client will comply with the following additional terms and conditions with respect to User Data. Client will ensure that each Client Application does not collect User Data from or concerning any User unless Client first informs such User, through a Privacy Policy made available to such User prior to downloading or using such Client Application and prominently and conspicuously posted at each location(s) where such User Data is collected, about the types of User Data being collected and how such User Data may be used and disclosed, and obtains the User’s affirmative “opt-in” consent to such uses and disclosures. Such Privacy Policy will be consistent with Client’s obligations herein and with Philips’ rights under the HealthSuite Privacy Policy, currently available at https://www.hsdp.io. Client’s collection, use and disclosure of User Data shall not conflict with either the Client Privacy Policy or the HealthSuite Privacy Policy. Without limiting the foregoing, and regardless of whether the applicable User has consented, Client shall not: (a) use or disclose for marketing purposes any User Data or other personal or personally-identifiable information received by Client or a Client Application from or through Philips or the HSDP Platform, or by using any of the API Materials or (b) aggregate any such data (or use or disclose any such aggregated data) for any purpose.

8. Monitoring.

Client will provide Philips with any information or materials that Philips requests to verify Client’s compliance with these API Terms and the Specifications and, if applicable, each Service Order and Statement of Work, including a copy of each Client Application and one or more test accounts that will enable Philips to access each Client Application in its entirety free of charge. Client acknowledges and agrees that Philips may (but is not obligated to) monitor the API Materials and HealthSuite Data and Client’s access thereto and use thereof for any purpose, including to ensure quality and to verify compliance with this Agreement and any Service Order and Statement of Work. Client will provide Philips with continuous means to carry out such monitoring at no charge. Client will not interfere with such monitoring or otherwise obscure from Philips any activity in connection with the API Materials and HealthSuite Data, and Philips may use any technical means to overcome such interference.

9. Responsibility for Development.

Unless otherwise expressly agreed by the parties in writing, Client will be solely responsible for all Development and distribution of Client Applications, including all related costs, expenses, losses and liabilities.

10. Responsibility for Service; Support.

As between Client and Philips and unless otherwise agreed by the parties in writing, Client is solely responsible for all aspects of each Client Application, and Client acknowledges and agrees that Philips will not provide or be required to provide any technical or other support services to Client or any User in connection with any API Materials or HealthSuite Data, including with respect to integration of the API with a Client Application. Philips is not responsible for monitoring or policing any dispute related to a Client Application or its use or the use of any API Materials or HealthSuite Data that may arise between or among Client, any User, and/or any other third party. Client’s use of the API Materials and HealthSuite Data is at Client’s own risk, and Client is solely responsible for any damage that results from the use of the API Materials or HealthSuite Data, including any damage to Client’s or any Users’ computer systems or networks or any loss of data.

11. Compliance With Laws.

Client will comply with all Applicable Laws related to the Development, marketing, sale, distribution and use of each Client Application. Upon Philips’ request, Client will promptly provide to Philips copies of any regulatory approvals or other clearances. Client shall not seek any regulatory permissions or make any determinations that may result in Philips, its Affiliates or the HSDP Platform being deemed regulated or that may impose any obligations or limitations on Philips or its Affiliates.

12. Trademarks.

Subject to the terms and conditions of this Agreement, Philips may grant to Client in certain circumstances, and solely during the term of this Agreement, a limited, non-exclusive, non-transferable, non-sublicensable license to use the API Marks, solely: (a) in connection with a Client Application for which Philips has issued Client a then-valid Production Key and (b) consistent with good trademark practice and strictly in accordance with Philips’ Brand Usage Guidelines provided to Client by Philips, as applicable. Client will not use the API Marks without a license from Philips, which must be requested by the Client and explicitly granted in writing by Philips. No license to API Marks is granted by this Agreement. Philips may update the Brand Usage Guidelines and the API Marks from time to time, and Client shall comply with the then-current Brand Usage Guidelines and use only the then-current API Marks. Client agrees that Philips and its Affiliates and licensors own and maintain all right, title and interest in and to the API Marks, and Client acknowledges the value of the API Marks, and that any and all goodwill generated by Client in the API Marks will inure to the sole benefit of Philips and its Affiliates and licensors, as applicable. Client shall not alter the API Marks, or use the API Marks in any manner that might prejudice, tarnish or damage the reputation of Philips or its Affiliates or licensors, the API Marks, or the products or services of Philips or its Affiliates or licensors. Philips may monitor Client’s use of the API Marks, and, at Philips’ request, Client will provide to Philips copies of any materials bearing the API Marks. Philips may terminate the rights granted to Client under this Section 12 for any reason and without prior notice. Upon such termination, Client shall immediately cease all use of the API Marks. Neither this Agreement nor the use of the API Marks by Client shall create, or be deemed to create, responsibility or liability on the part of Philips for the acts or omissions of Client.

13. Changes.

Philips may change any API Materials or HealthSuite Data at any time, and for any or no reason, and Philips bears no responsibility or liability for such actions. Philips reserves the right to release subsequent versions of the API and to require Client to use the most recent version thereof, and Client agrees that it is Client’s responsibility to ensure, at Client’s own cost, that Client’s access to and use of any API Materials is compatible with Philips’ then-current requirements.

14. Philips Rights.

Philips reserves the right in its discretion to immediately suspend (temporarily or permanently), terminate or revoke Client’s, a Client Application’s and/or any User’s access to or use of any or all API Materials, API Marks, HealthSuite Data and/or the HealthSuite Platform (including by revoking or suspending any API Key), in whole or in part, at any time and for any reason (including if Philips knows of or suspects that such Client, Application or User has a security deficiency, or has inappropriately accessed, used or disclosed HealthSuite Data, is using any of the API Materials to make accessible any material that infringes Philips’ or any third party’s rights, is not using the API Marks in accordance with Philips Brand Usage Guidelines, or may otherwise threaten or damage the reputation(s) of the HSDP Platform, Philips, or any of its Affiliates), with or without cause or notice to Client, and Philips bears no responsibility or liability for any such suspension, termination or revocation. Upon any such suspension, termination or revocation of Client’s and/or a Client Application’s access to the API by Philips, any and all licenses Client may have with respect to the API Materials, API Marks and HealthSuite Data will immediately terminate, and Client will immediately cease using all API Materials, API Marks and HealthSuite Data and delete any API Materials, API Marks and HealthSuite Data in its possession or control.

15. Indemnification.

Client will indemnify, and hold harmless Philips and its Affiliates and its and their licensors, suppliers, officers, directors, employees and agents, from and against any and all liabilities, costs, damages, claims and expenses, including reasonable attorneys’ fees, arising from or related to (i) Client’s access to, use of or other activities in connection with the API or any other API Materials, or the API Marks or HealthSuite Data; (ii) transactions conducted through the Client Application or User Data transmitted through the Client Application; (iii) the operation of Client’s business in connection with the API Materials, API Marks or HealthSuite Data, (iv) any suspension or termination of a Client Application or a Client Application’s access to or use of the HSDP Platform (including any suspension or termination by Philips); (v) any breach by Client of these API Terms; or (vi) any claim that a Client Application (including any component thereof), or the development of any Client Application (including any component thereof), infringes, misappropriates or violates any third-party intellectual property or proprietary rights. At Philips’ sole election, Client will assume control of the defense and settlement of any third party claim that is subject to indemnification pursuant to this Section 15, provided that Philips may at any time thereafter elect to take over control of the defense and settlement of any such claim, and provided that Client will not settle any such claim without Philips’ express prior written consent.

16. Disclaimers.

CUSTOMER ACKNOWLEDGES THAT CUSTOMER IS RESPONSIBLE FOR OBTAINING AND MAINTAINING ALL TELEPHONE, COMPUTER HARDWARE, SOFTWARE AND OTHER EQUIPMENT, MATERIALS AND THIRD-PARTY LICENSES AND CONSENTS NEEDED TO USE EACH CUSTOMER APPLICATION AND THE API MATERIALS AND API MARKS, AND FOR ALL CHARGES RELATED THERETO. CUSTOMER’S USE OF ANY API MATERIALS, API MARKS AND HEALTHSUITE DATA PROVIDED IN CONNECTION WITH THIS AGREEMENT AND ANY APPLICATION IS ENTIRELY AT CUSTOMER’S OWN RISK.

PHILIPS DOES NOT MANDATE, ENDORSE, SUGGEST, ADVOCATE, CONTROL, OR OTHERWISE REQUIRE CUSTOMER’S DEVELOPMENT OR USE OF ANY PARTICULAR FEATURE, FUNCTION, CODED INSTRUCTION, OR APPLICATION. PHILIPS DOES NOT MANDATE, ENDORSE, SUGGEST, ADVOCATE, OR OTHERWISE IMPOSE ANY CONTROL ON CUSTOMER’S CHOICE OF AVAILABLE API MATERIALS (OR COMBINATIONS THEREOF) OR SERVICES TO ENABLE A FEATURE, FUNCTION, CODED INSTRUCTION, OR APPLICATION. PHILIPS DOES NOT MANDATE, ENDORSE, SUGGEST, ADVOCATE, OR OTHERWISE IMPOSE ANY CONTROL ON CUSTOMER’S CHOICE OF AVAILABLE SECURITY PROTECTIONS AS LONG AS EACH APPLICATION TRANSMITS DATA WITH A PROTOCOL AT LEAST AS SECURE AS 128-BIT SSL ENCRYPTION.

CUSTOMER HAS THE SOLE DISCRETION TO:

1. DEFINE OR DEVELOP FEATURES,FUNCTIONS,CODED INSTRUCTIONS, OR APPLICATIONS,
2. CHOOSE THE API MATERIALS (OR COMBINATIONS THEREOF) OR SERVICES THAT WOULD ENABLE DESIRED FEATURES,FUNCTIONS,CODED INSTRUCTIONS, OR APPLICATIONS
3. CHOOSE SECURITY PROTECTIONS THAT MEET THE REQUIREMENTS OF THIS AGREEMENT.

CUSTOMER’S CHOICE OF API MATERIALS or services TO ENABLE FEATURES, FUNCTIONS, coded INSTRUCTIONS OR APPLICATIONS, and CUSTOMER’S choice of security protections IS AT THE CUSTOMER’S OWN CONTROL AND RISK. CUSTOMER understands and acknowledges that even if CUSTOMER’S FEATURES, FUNCTIONS, coded INSTRUCTIONS, APPLICATIONS, or security protection choice contribute in part to any intellectual property infringement AS A RESULT OF USE OF THE API MATERIALS or services, philips IS NOT directly or indirectly liable under any theory of law.

Limited Remedy. CUSTOMER’S SOLE REMEDY FOR DISSATISFACTION WITH ANY API MATERIALS, API MARKS, HEALTHSUITE DATA, OR APPLICATION INTEGRATION ENVIRONMENT IS TO STOP USING THE API MATERIALS, API MARKS, HEALTHSUITE DATA, OR APPLICATION INTEGRATION ENVIRONMENT AS APPLICABLE. THE SOLE AND EXCLUSIVE MAXIMUM LIABILITY OF PHILIPS AND ITS AFFILIATES AND ITS AND THEIR LICENSORS, SUPPLIERS, SERVICE PROVIDERS, BUSINESS PARTNERS FOR ANY DAMAGES, LOSSES AND CAUSES OF ACTION, WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE), INDEMNITY OR OTHERWISE, IN CONNECTION WITH THE API MATERIALS, API MARKS, HEALTHSUITE DATA, APPLICATION INTEGRATION ENVIRONMENT OR THESE API TERMS, WILL BE LIMITED TO THE TOTAL AMOUNTS PAID BY CUSTOMER, IF ANY, TO PHILIPS TO USE THE API KEY.

-----------------------------------

ACCEPTABLE USE POLICY

This Acceptable Use Policy describes actions that Philips prohibits when any person uses the HSDP Platform. Philips may modify this Acceptable Use Policy at any time by posting a revised version on the HSDP website. By using the Services or accessing the HSDP website, Client agrees to the latest version of this Acceptable User Policy. In the event of a conflict between this Acceptable Use Policy and the Agreement, the Agreement shall govern. Capitalized terms used in this Exhibit that are not defined herein have the meanings ascribed to them in the Agreement or in the other Exhibits or Service Orders entered into pursuant to the Agreement.
The HSDP Platform may not be used in any illegal, abusive or other manner that interferes with the business or activities of any other party, including being used in violation of HIPAA. The following list gives examples of prohibited actions, including types of email and content. This list is provided by way of example and should not be considered exhaustive.

Prohibited Actions

• Attempting to bypass or break any security mechanism on the HSDP Platform or using the HSDP Platform in any other manner that poses a security or service risk to Philips or any of its users or customers.
• Testing or reverse-engineering the HSDP Platform in order to find limitations, vulnerabilities or evade filtering capabilities.
• Removing any copyright, trademark or other proprietary rights notices contained in or on the HSDP Platform.
• Reformatting or framing any portion of the web pages that are part of the HSDP Platform’s administration display without Philips’s permission.
• Using the HSDP Platform in connection with illegal peer-to-peer file sharing.
• Launching or facilitating, whether intentionally or unintentionally, a denial of service attack on the HSDP Platform or engaging in any other conduct that adversely impacts the availability, reliability or stability of the HSDP Platform.
• Reusing, without explicit permission, HSDP Material, policies, or other content provided by Philips.
• Utilizing the HSDP Platform in a way that knowingly violates HIPAA rules.

Prohibited Content

• Content that infringes a third party’s rights (e.g., copyright) according to applicable law;
• Excessively profane content;
• Any hate-related or violent content or content that contains any other material, products or services that violate or encourage conduct that would violate any criminal laws, any other applicable laws, or any third party rights;
• Content advocating racial or ethnic intolerance;
• Content intended to advocate or advance computer hacking or cracking;
• Gambling;
• Other illegal activity, including without limitation illegal export of controlled substances or illegal software;
• Illegal drug paraphernalia;
• Phishing;
• Malicious content, sending, uploading, distributing or disseminating or offering to do the same with respect to any unlawful, defamatory, harassing, abusive, fraudulent, infringing, obscene, or otherwise objectionable content; or
• Other material, products or services that violate or encourage conduct that would violate any criminal laws, any other applicable laws, or any third-party rights.

Prohibited Email

• Transmitting any material that contains viruses, trojan horses, worms or any other malicious, harmful, or deleterious programs.
• Using the HSDP Platform in any manner that violates any applicable industry standards, third party policies or requirements that Philips may communicate to its users.
• Engaging in any unsolicited advertising, marketing or other activities, including, without limitation, any activities that violate anti-spam laws and regulations including, but not limited to, the CAN SPAM Act of 2003.
• Using the HSDP Platform in connection with any unsolicited or harassing messages (commercial or otherwise).
• Using the HSDP Platform to engage in fraudulent activity with respect to third parties.
• Violating or facilitating the violation of any local or foreign law, including laws regarding the transmission of data or software.
• Taking any action to encourage or promote any activity prohibited under this Acceptable Use Policy.
• Transmitting any material that infringes the intellectual property rights or other rights of third parties.
• Transmitting any material that is libelous, defamatory, discriminatory or otherwise malicious or harmful to any person or entity.
• Creating a false identity or forged email address or header, or otherwise attempting to mislead others as to the identity of the sender or the origin of a message, imitating or impersonating another person or his, her or its email address, or creating false accounts for the purpose of sending spam.
• Unauthorized data mining any web property (including Services) to find email addresses or other user account information.
• Sending unauthorized email via open, third-party servers.
• Sending emails to users who have requested to be removed from an applicable mailing list.
• Selling, exchanging or distributing to a third party the email addresses of any person without any legally required consent to such disclosure.
• Sending unsolicited emails to significant numbers of email addresses belonging to individuals and/or entities with whom Client or its Users have no preexisting relationship in violation of applicable law.

Client Materials on the Services and Take Down Obligations

Client agrees to promptly take down any content that violates this Acceptable Use Policy, including pursuant to a take-down request from Philips. In the event that Client elects not to comply with a request from Philips to take down certain Content, Philips reserves the right to directly take down such Client Materials or to disable Client Applications upon reasonable prior written notice.

In the event that Client becomes aware of any violation of this Agreement by a User of one of Client’s Applications, Client shall promptly terminate such users' account on the Client Application. Philips reserves the right to disable Client’s Applications in response to a violation or suspected violation of this Agreement.

Client agrees that it is solely responsible for (and that Philips has no responsibility to it or to any third party for) the Client Materials that it creates, transmits or displays while using the HSDP Platform and for the consequences of its actions (including any loss or damage which Philips may suffer) by doing so, except to the extent caused by the HSDP Platform or Philips.
Client agrees that Philips has no responsibility or liability for the deletion or failure to store any Client Materials and other communications maintained or transmitted through use of the HSDP Platform.

-----------------------------------

SERVICE LEVEL AGREEMENT

This service level agreement is agreed by HealthSuite digital platform and Client.

1.0 Purpose

The purpose of this document is to define the Service Level Agreements (SLA) that are established between Philips HealthSuite digital platform (HSDP) and (hereafter referred to as “Client”).

The objectives of this agreement are to:

• Provide clear reference to HSDP and Client service ownership, accountability, roles and/or responsibilities.
• Present a clear, concise and measurable description of service provision to Client.

Any changes or adjustments to the scope of the service detailed within this document will require a minimum of 90 days to process and implement the change. This timeframe may vary depending on the size and impact of the requested change.

This SLA can be a stand-alone document, or be part of a contract between parties, depending on the legal structure of both parties.

This agreement is effective on the date of the last signature and is automatically renewed for additional successive periods of (1) year, unless terminated by either HSDP or Client with 90 days prior notice.

2.0 Scope

The scope of the agreement defines service level expectations between the Client and HSDP for services rendered. This SLA is independent of any service agreements Client has with their end customers.

3.0 Abbreviations and Definitions

AWS: Amazon Web Services
Client: Consuming business of HSDP Services
Customer: End-user/customer of an HSDP Client
EU: European Union
HIPAA: Health Insurance Portability and Accountability Act
HSDP: HealthSuite digital platform
IaaS: Infrastructure as a Service
IMS: Incident Management System
ISO: International Organization for Standardization
PaaS: Platform as a Service
PHI: Protected Health Information
PII: Personally Identifiable Information
M2M: Machine to Machine
NIST: National Institute of Standards and Technology
Suite Proposition: An application or IaaS offering built by a Client utilizing HealthSuite digital services.
SLA: Service Level Agreement
SPI: Sensitive Personal Information
ORU/FUNLOC: Philips financial business codes required to cross-charge
RPO: Recovery Point Objective
RTO: Recovery Time Objective

4.0 Responsibilities

4.1. Client Responsibilities

Client responsibilities and/or requirements in support of this SLA include:

• Agreement to the HSDP Terms and Conditions (For details on the Subscription Agreement, please visit https://www.hsdp.io/legal)
• Client’s must manage access for users of their application and account for security and privacy (requirements or guidance) provided by HSDP during the onboarding process
• Understanding of client responsibilities on data management, all sensitive (passwords, ePHI, SPI) data which is at rest is the responsibility of the application data owner to be secure and encrypted.
• Provide understanding of the business and technological needs behind services requested.
• Provide the required design transfer documents to HSDP Operations for Go-Live and Transition to Support (key documents include Runbook, Customer Response Form and Troubleshooting documentation if applicable).
• If Client has an SLA with their customers, provide an annotated copy of the Client-customer SLA, highlighting any items that might be influenced by HSDP services.
• Utilize the HSDP Support Center for HSDP-related incidents.
• Contact the HSDP Support Team Lead for additions or changes in established service levels or for expanded Services Contact the Account Manager

4.2. HSDP Responsibilities

HSDP will provide the infrastructure, technology, people, processes and monitoring tools necessary for Client and will:

• Provide services that are available from the HSDP Service Catalogue.
• Provide instructions to Client on HSDP Incident Management for the specific business needs
• Meet response times associated with the priority assigned to incidents and service requests.
• Generate reports on service level performance.
• Provide adequate notification to Client regarding all scheduled maintenance.
• Provide the list of countries where data centers are located and PII might possibly be processed or stored (if requested).

4.3. Service Delivery Scope

The service delivery scope includes services supported by HSDP Operations teams which bring value to the Client proposition. The services detailed in the HSDP Service Catalogue can be combined for specific business needs.

4.4. Client Detailed Service Level Agreement Input

4.4.1. Overview of solution

[This section will provide a brief overview description of the solution Client is deploying and interconnects to HSDP Services if applicable. Will include a diagram of the deployment.]

5.0 Operational Processes

5.1. HSDP Security Management

HSDP adheres to the Philips Information Security, Risk Management, and Data Privacy practices which are based off of, but not limited to, globally recognized frameworks such as NIST 800-53, ISO 27001, ISO 27018 as well as HIPAA and EU Data Protection regulations.

These leading practices include IT Standards, Guidelines, and Baselines as required to assist and guide the business in translating and implementing policy, data protection and other security control requirements. A Customer may request a privacy and security audit through the HSDP Director, Privacy and Security.

After termination of the SLA, HSDP will return or destroy all personal or sensitive information (i.e. PHI) received from or created by the client on behalf of the customer, at the clients written request. If destruction is not feasible, HSDP will extend the protections of the SLA to the information and limit further uses and disclosures to those purposes that make the return or destruction of the information infeasible.

5.1.1. Use of pre-production deployments

HSDP provides the capability for multiple deployment environments to be created at the different stages of development, staging and production and the acceptable use of all deployments prior to production is that no PHI/PII or sensitive information shall be stored in the lower deployment levels.

5.1.2. Breach Notification

If HSDP becomes aware of any Security incident where such incident results in unlawful, or unauthorized access, or where access results in loss, disclosure, or alteration of Clients Content, HSDP will notify the client within 48 hours of determining existence of a Security Data Breach. Notification will be to the designated authorized caller on the Authorized Callers list, or as defined in specific business instructions provided by the client in the SLA. In addition HSDP will take reasonable and appropriate as determined by HSDP steps to mitigate the effects and to minimize any additional damage resulting from the Security Incident.

If HSDP is prohibited from providing the notification by a court or other legal requirement, HSDP will inform the designated authorized caller of the disclosure within 24 hours of the lift of the legal prohibition.

HSDP shall notify the HSDP client of any legally binding request for disclosure of by a law enforcement authority unless such a disclosure is otherwise prohibited. HSDP will engage the authorized caller identified in this SLA for investigation, and reasonable steps for responding to such requests for disclosure.

5.1.3. Offboarding

Upon termination of the Service Level Agreement or at the request of the Client to facilitate the exercise of data destruction, with regard to the client’s obligations which may in part be defined by law, by regulations or by contract, the clients authorized caller shall open a ticket in the issue management system. HSDP or Client may request confirmation in writing, defining the data to be deleted, and outlining the consequences of doing so, in order to provide an affidavit of the actions taken. HSDP is built on AWS infrastructure and will use AWS built in controls to decommission data and media securely. When the Client has a regulatory or business reason to require further controls for decommissioning data, the Client can implement data encryption at rest using customer managed keys, which are not stored in the cloud, and in addition to the AWS processes, HSDP will delete the key used to protect the decommissioned data, making it irrecoverable. )

5.2. HSDP Operational Services

5.2.1. Operational Self-Service

HSDP Operations provides the capability for clients to self-service many of the services necessary to deploy a Client Suite through the HSDP Infrastructure as a Service. As a client is onboarded they are directed instructions on accessing the environment and the service catalog of infrastructure services. The client then works with the Operations team during the development lifecycle to prepare for transfer to production and approval to manage their offering.

The client will prepare an Operations and Maintenance Runbook on the services deployed and the interconnects to HSDP Platform Services. The client will select the monitoring tier necessary to meet their solution needs and work with Platform Operations to have services enabled for backup and recovery.

5.2.2. Monitoring

Monitoring occurs at several logical levels, including: IaaS, PaaS, application, function, and data. IaaS monitoring is implemented using DataDog to ensure basic operations for all servers. Packaged integrations allow for stateful services including database and queue management.

Information that is collected through monitoring is valuable input for several other processes or activities. The SLA reporting is largely based on the metrics that are collected via the different monitoring methods.

Monitoring will also be the main source of triggers for the event & incident management processes that deal with quick intervention to and resolution of service Issues. Finally, the metrics provided by monitoring are used in more tactical operational activities such as capacity and performance control and forecasting.

Monitoring services chosen determine the level of monitoring and services delivered. Please see the HSDP Service Catalogue for details on the monitoring services offered.

5.2.3. Backups / Disaster Recovery

The Service Continuity process ensures that the HSDP services will survive if major failures occur in the underlying physical and/or technical capabilities. Backups and Disaster Recovery (D/R) planning are critical elements of all information technology systems and are especially important for applications supporting health and life safety systems.

The HealthSuite digital platform is no exception and as such the HDSP Operations organization maintains disaster recovery preparation and response procedures and, where appropriate, backups of operations related data of the HSDP Infrastructure.

While HSDP Operations assumes responsibility for the planning and execution of D/R procedures for infrastructure, it does not provide those functions for client applications or the associated data. Development of backup, recovery and D/R plans requires an intimate knowledge of the types of data involved, data structure – including relationships between datasets, regulations or restrictions governing how the particular data can or must be handled, and many more factors. Since the Operations organization does not have insight into many or all of those characteristics for a particular application, the responsibility for design of effective data protection schemes, and the execution of those, lies with the product owner.

HSDP Operations provides components that can be leveraged by the client to implement those D/R capabilities and can, in certain cases, assist in execution of D/R activities developed by the client. The Operations and Maintenance Guide (Runbook) provides the specific guidelines for setting responsibilities and instructions on Backup and Disaster Recovery as directed by the HSDP Platform Operations team.

5.2.4. Change Management Policy

5.2.4.1. To the Service Offerings

HSDP may be required to change, discontinue, or deprecate any of the Service Offerings (including the Service Offerings as a whole) or change or remove features or functionality of the Service Offerings from time to time. HSDP will provide notification of any material change to or discontinuation of the Service Offerings and work with the client to consuming the service to provide alternative capabilities if a service is required to be discontinued and to develop a smooth transition for the live production system.

HSDP monitors the service offerings we have and will update those offerings as required to meet privacy and security requirements.

5.2.4.2. To the APIs

HSDP Platform Offerings are offered by API versioning. HSDP may be required to change, discontinue or deprecate any APIs for the Services from time to time but will use commercially reasonable efforts to continue supporting the previous version of any API changed, discontinued, or deprecated for 18 months after the change, discontinuation, or deprecation (except if doing so (a) would pose a security or intellectual property issue, (b) is economically or technically burdensome, or (c) is needed to comply with the law or requests of governmental entities).

At the deprecation of an API version the client will be requested to develop a transition plan to consume the latest version. All new development will be requested to use the latest API versions available.

5.2.4.3. To HSDP Platform Services

HSDP Platform Services released by the internal HSDP quality process and assumed fit for production is placed into an integration or staging environment first. HSDP Platform Services are focused on utilizing API management as updates are released, based on impact analysis, Clients may be invited to test for potential impact during a one-week period prior to release. If no clear blocking issues are reported by Clients, HSDP will move forward by rolling the update to Production.

Releases and deployments are targeted as much as possible in a zero-downtime scenario. Each change to an environment is classified. If downtime is unavoidable, or if the risk of downtime is considered possible, a maintenance window is communicated.

A maintenance window is declared when a change cannot be done without hampering the service to Clients, based on impact analysis, there is a risk that the service will not be available. If the moment of change can be chosen, it will be chosen in such a way that the majority of clients will have the least impact. In cases that Philips security is at risk or availability risks are too high, the Support Operations Manager will communicate the emergency change requirement.

5.2.4.4. HSDP Services Request Fulfilment

The standard request for additional services fall into two categories:

1. Modifications to general production service offerings – submit a ticket through the normal incident management model.
2. Request for expansion of services – please contact Account Manager.

5.3. HSDP Operational Support Processes

5.3.1. Contacting HSDP Support Operations

Standard methods for contacting HSDP Support and Operations:

• Open a new case, check status or update an existing case, or close a case by accessing
the Client Portal at https://www.hsdp.io/support
• Note that a Priority 1 (Critical / Highest) case cannot be opened via the Client Portal. For these types of cases, please contact HSDP Support by phone for immediate assistance.
• Call HSDP Support and Operations using toll free numbers for each geography. The list of available Toll Free Numbers will be provided upon Transition to Support.
• Send email to healthsuite.help@philips.com for general questions.
• Most inquiries are answered within 24 hours, Monday – Friday 8am-5pm Eastern Standard Time.
• A service case or request cannot be opened via this email address. If the Client needs assistance opening a new support case, please contact HSDP Support by phone, as outlined above.

Instructions on contacting HSDP Support and how to use the HSDP IMS are available to the Client for their respective product support training to be done at Transition to Support.

5.3.2. Hours of Coverage

HSDP support is available 24/7/365. Prioritization of service tickets submitted is outlined below.

5.3.3. Access Management

To access to the HSDP Incident Management and request fulfilment process, the Client needs to be an Authorized Caller for the HSDP services. HSDP Support Operations relies on “authorized callers” for efficient handling of service and incident. These are named persons that represent, or act on behalf of the Client, and are allowed to raise service requests for the agreed services. The Client must complete the Client Response Template as a part of the design transfer deliverables. (View diagram at https://www.hsdp.io/legal/sla/operational-processes/support/access-management)

5.3.4. Incident Priority Definitions and Response Times
An incident is a disruption of service. This disruption can be a total outage or a reduction in quality of the usual service. All parties understand that the response times apply during the support hours listed above under Hours of Coverage. (View chart of response times at https://www.hsdp.io/legal/sla/operational-processes/support/incident)

5.3.5. Prioritization

HSDP Support calculates priority based on urgency and impact. (View diagram at https://www.hsdp.io/legal/sla/operational-processes/support/prioritization)

5.3.6. HSDP Support Incident and Event Management Process Flow

The following flow describes the HSDP support and incident process in detail. (View diagrams at https://www.hsdp.io/legal/sla/operational-processes/support/process-flow)

5.3.7. Escalation

If a solution is not delivered according agreed timelines, or there is a special situation where Customer requests urgent attention, an escalation mechanism is defined. Escalation is the involvement of the next management level to either speed up resolution of an issue or service request, or to address a certain ‘stand-off’ situation.

Escalation is most often used when Severity 1 issues are not resolved within the expected or agreed timelines, but may also occur in other situations (e.g. contract / SLA negotiations or reviews, project delivery targets etc.). To ensure a fast and direct answer please follow the route as shown in the table at https://www.hsdp.io/legal/sla/operational-processes/support/escalation

5.3.8. System Performance and Availability Reporting

Without limiting any terms agreed HSDP will report its performance in the monthly SLA reports. Applicable improvement actions will be defined and tracked there to ensure the agreed HSDP services are kept at the agreed levels for the business proposition using these services.

5.3.8.1. Availability Management

Service Availability is defined per Calendar Month. This is the number of minutes within a Service Window that a service was actually available divided by the total number of minutes in the Service Window minus the actual number of minutes downtime due to planned maintenance within the Service Window, times 100%. (View diagram at https://www.hsdp.io/legal/sla/operational-processes/support/system-performance/availability)

5.3.8.2 Capacity Management

The HSDP services aim to be cost-effective by optimization of need versus available capacity. This process works optimally if accurate forecasting is available for the connected products. Looking at trends, HSDP assumes organic growth and anticipates based on that information. If, however, marketing/sales campaigns could lead to deviations in the expected amounts, HSDP needs to be informed upfront in order to properly anticipate non-linear growth.

To determine organic growth, HSDP uses the seasonality graphs built with historic information (View graph at https://www.hsdp.io/legal/sla/operational-processes/support/system-performance/capacity). This graph (blue line) reflects seasonality influences on connecting products to HSDP services. The green band below and beyond reflect the boundaries which HSDP assumes as normal organic growth. Deviations on product connection above the green band without timely notice from the business can have impact on the quality of the HSDP services. HSDP does not guarantee the SLA beyond the green bands.

5.3.9 Reporting & Communications

HealthSuite digital platform Operations delivers and supports services globally and uses hosting facilities in different locations across the world. Normal business hours of operation for HSDP related operations only are based on:

HSDP Services EST Time Zone and fall between 08:00-20:00, Monday till Friday.
All formal communication including but not limited to reporting, documentation and emails will be done in (US) English, unless otherwise agreed for a specific customer for a specific service. In such case, the agreed language of use will be confirmed and clearly scoped within the SLA.

In case an event occurs which hampers the agreed customer services, the team will send out a mail to the agreed stakeholders. These are defined with the role “outage-mail”. When service is restored, an “all-ok” message is sent. On crisis situations where the outage takes a significant amount of time, escalation within the team is moved to the next level. From there on, at regular intervals update mails will be sent. Also the role “primary contact” will be informed on the issue.

A monthly Service Report will be provided to the assigned Customer representative(s) within one working week after the end of the reported month. In addition to the default Monthly SLA Reporting, customer will receive a monthly Service Statistics report (available for the standard platform services only). The report will be distributed to an agreed list of recipients as determined by the Customer SLA Representative.

On HSDP or Customer request a service review meeting will be scheduled. Customer and SLA representative will conduct a yearly SLA Review. In case Customer has requests for additional services he is invited to contact his account manager.

5.3.10 Supporting Tools – Secure File Transfer

HSDP utilizes the Philips productivity tools to support secure file transfer. HSDP requires this service to be used for transfer of any files (including log files) to HSDP Support that could potentially contain PHI or other sensitive data. The BU must use the “Secure Data Transfer for Healthcare and Research” tool available on the Philips Software Portal under Productivity Tools. Philips SDT can also be reached directly via https://www.sdt.philips.com