TechCare 5.0 Terms and Conditions

Data Protection

You will not create Applications and/or Integrations which violate the applicable data protection laws and regulations.

You will not create Applications and/or Integrations which enable Customers to circumvent or violate the terms or policies of other platforms, applications, integrations, or any entity that has a relationship with the Customer.

Your Application and/or Integration should clearly explain your data privacy practices, and be prepared to tell Users how you plan to use the data that is being shared. This detail should be included in an easily accessible privacy policy which explains to Customers how their data will be collected, used, and processed and what control Users have over their data.

Your Application and/or Integration should not collect, store, and/or use personal data (meaning any information relating to an identified or identifiable natural person) without the consent of the data subject or a lawful basis to collect, store, or use such information.

If your Application and/or Integration stores the personal data for a Customer and the Customer requests for their data or Content to be erased, you must erase their data and/or Content.

If your Application and/or Integration stores the personal data for a Customer and the Customer modifies their data, you must either erase or update the data.

Security

You will enforce a form of authentication for your Application and/or Integration, and will audit logins to secure your Application and/or Integration with the TechCare API Platform.

You will securely handle any Customer credentials using industry-standard protocols.

You will not make any misleading and/or deceptive statements about your Application functionality, performance, origin, or data use.

You will not transmit any viruses or other code that may damage, detrimentally interfere with, surreptitiously intercept, or expropriate any system

You will not attempt to reverse engineer or otherwise derive source code, trade secrets, or know-how in our APIs.


MFA Use Case: Users of TechCare 5.0 are required to perform multi-factor authentication (MFA) before accessing the application. One-time passcodes (OTP) sent over SMS to a previously verified mobile number and provider are utilized. The applications is also compatible with MFA performed at the operating system and/or network level.

The app is responsible for protecting itself from potential misbehaving or malicious values passed to its redirect URL (e.g., values injected with executable code, such as SQL) and for protecting authorization codes, access tokens, and refresh tokens from unauthorized access and use. The app developer must be aware of potential threats, such as malicious apps running on the same platform, counterfeit authorization servers, and counterfeit resource servers, and implement countermeasures to help protect both the app itself and any sensitive information it may hold. For background, see the OAuth 2.0 Threat Model and Security Considerations.

Specific requirements are:

  • Apps SHALL ensure that sensitive information (authentication secrets, authorization codes, tokens) is transmitted ONLY to authenticated servers, over TLS-secured channels.
  • Apps SHALL generate an unpredictable state parameter for each user session; SHALL include state with all authorization requests; and SHALL validate the state value for any request sent to its redirect URL.
  • An app SHALL NOT execute untrusted user-supplied inputs as code.
  • App SHALL NOT forward values passed back to its redirect URL to any other arbitrary or user-provided URL (a practice known as an “open redirector”).
  • An app SHALL NOT store bearer tokens in cookies that are transmitted as clear text.
  • Apps SHOULD persist tokens and other sensitive data in app-specific storage locations only, and SHOULD NOT persist them in system-wide-discoverable locations.
  • Compliance with Laws

    Allowing impersonation of Users or otherwise allowing for false representations within your Application and/or Integration.

    Infringing on anyone else's intellectual property rights


    If requested, you must provide us with proof of compliance with this policy. Violations of this policy may result in removal from our marketplace, token revocation, developer suspension, having your Application and/or Integration blocked, Customer notification, legal action or any other action deemed necessary solely by NaphCare, Inc. If you violate this policy we may or may not provide notice before taking action. Please note that we may periodically audit Applications and Integrations. If you fail an audit before notifying us of any issues, penalties will be more severe.

    Fees & Limitations

    Please see Costs and Limitations Section of https://www.techcareehr.com/

    Restrictions, Rights and Liability

    Intellectual Property Rights. You acknowledge and agree that the Certified TECHCARE EHR APIs and TECHCARE’s software, products and services are proprietary in nature, that NaphCare, Inc. claims all intellectual property rights therein as well as in all modifications, enhancements and alterations thereto, and that NaphCare, Inc. neither grants nor otherwise transfers any rights of ownership therein to you or any third party. No rights or licenses are granted by NaphCare other than those rights expressly granted in these Terms, and NaphCare reserves all rights not expressly granted.

    Waiver, Release and Limitation of Liability. You acknowledge and agree that neither NaphCare nor any of its affiliates will have any responsibility or liability with respect to your or any third party’s distribution, implementation, commercialization, use, or other form of exploitation of any app, software, solution, service or other technology created by you or another third party. As between you and NaphCare, you are solely responsible and liable for all representations, warranties, support and other obligations made by you to any third party related to any app, software, solution, service or other technology created by you, including claims arising from product liability, breach of warranty, and intellectual property infringement. YOU HEREBY RELEASE AND FOREVER WAIVE ANY AND ALL CLAIMS YOU MAY HAVE AGAINST NaphCare, ITS OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, INFORMATION PROVIDERS OR SUPPLIERS FOR LOSSES OR DAMAGES YOU SUSTAIN IN CONNECTION WITH YOUR USE OF THE CERTIFIED TECHCARE EHR API AND ANY TECHCARE or NAPHCARE WEBSITES. NAPHCARE MAKES NO REPRESENTATIONS ABOUT THE SUITABILITY, RELIABILITY, AVAILABILITY, TIMELINESS AND ACCURACY OF THE CERTIFIED TECHCARE APIs OR OTHER INFORMATION, TECHNOLOGY, SOFTWARE, PRODUCTS AND SERVICES PROVIDED BY TECHCARE FOR ANY PURPOSE. ALL SUCH TECHNOLOGY, INFORMATION, SOFTWARE, PRODUCTS AND SERVICES ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. NAPHCARE HEREBY DISCLAIMS ALL WARRANTIES AND CONDITIONS WITH REGARD TO THE CERTIFIED TECHCARE APIs, OTHER TECHNOLOGY, INFORMATION, SOFTWARE, SOLUTIONS, PRODUCTS AND SERVICES, INCLUDING ALL IMPLIED WARRANTIES AND CONDITIONS OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. TO THE FULLEST EXTENT PERMITTED BY LAW, IN NO EVENT SHALL TECHCARE, ITS OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, AND/OR ITS SUPPLIERS BE LIABLE FOR ANY DIRECT, INDIRECT, PUNITIVE, INCIDENTAL, SPECIAL, CONSEQUENTIAL DAMAGES OR ANY OTHER DAMAGES WHATSOEVER INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF USE, DATA OR PROFITS, ARISING OUT OF OR IN ANY WAY CONNECTED WITH THE ACCESS, USE OR PERFORMANCE OF THE CERTIFIED TECHCARE APIs, WITH THE DELAY OR INABILITY TO USE THE CERTIFIED TECHCARE EHR APIs OR RELATED TECHNOLOGY, SOFTWARE OR SERVICES, THE PROVISION OF OR FAILURE TO PROVIDE THE CERTIFIED TECHCARE APIs, SOFTWARE OR SERVICES, OR FOR ANY INFORMATION, SOFTWARE, PRODUCTS AND SERVICES OBTAINED FROM NAPHCARE, OR OTHERWISE ARISING OUT OF THE USE OF THE CERTIFIED TECHCARE APIs, WHETHER BASED ON CONTRACT, TORT, NEGLIGENCE, STRICT LIABILITY OR OTHERWISE, EVEN IF NAPHCARE HAS BEEN ADVISED OF THE POSSIBILITY OF DAMAGES. BECAUSE SOME STATES/JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES, THE ABOVE LIMITATION MAY NOT APPLY TO YOU. IF YOU ARE DISSATISFIED WITH ANY PORTION OF THE CERTIFIED TECHCARE EHR APIs, OR WITH THESE TERMS OF USE, YOUR SOLE AND EXCLUSIVE REMEDY IS TO DISCONTINUE USING THE CERTIFIED TECHCARE EHR APIs. NOTWITHSTANDING THE FOREGOING PARAGRAPH, THE TOTAL LIABILITY OF TECHCARE, ITS OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, INFORMATION PROVIDERS AND SUPPLIERS, IF ANY, FOR LOSSES OR DAMAGES SHALL NOT EXCEED THE FEES PAID BY YOU FOR THE USE OF THE PARTICULAR TECHNOLOGY, SOFTWARE, PRODUCT, INFORMATION OR SERVICE PROVIDED BY NAPHCARE.

    Indemnification. YOU AGREE TO INDEMNIFY, DEFEND AND HOLD HARMLESS NAPHCARE, ITS OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, INFORMATION PROVIDERS AND SUPPLIERS FROM AND AGAINST ALL CLAIMS, LIABILITIES, LOSSES, EXPENSES, DAMAGES AND COSTS, INCLUDING REASONABLE ATTORNEYS’ FEES, RESULTING FROM ANY VIOLATION OF THESE TERMS OR ANY ACTIVITY RELATED TO YOUR USE OF THE CERTIFIED TECHCARE APIS OR THE TECHCARE WEB SITES.

    Term and Termination. Either you or NaphCare may terminate your right to use the Certified TECHCARE EHR APIs at any time, with or without cause, upon notice. NAPHCARE also reserves the right to disable your API access in a production environment at any time, with or without cause. NAPHCARE reserves the right to disable access to the TECHCARE EHR APIs if your App poses any security, privacy, or patient safety risks. The provisions concerning Indemnification, Waiver, Release and Limitation of Liability, and General shall survive any termination of these Terms.

    Governing Law. These Terms are governed by US federal law or the laws of the State of Alabama.

    Obligations, Representations and Responsibilities

    a. Compliance. You agree to be financially responsible for your use of the Certified TechCare EHR APIs and to comply with your responsibilities and obligations as stated in these Terms. You agree to comply at all times with all applicable laws, rules and regulations relating to the use of the Certified TechCare EHR APIs. You hereby grant TechCare the right to monitor and periodically audit in a reasonable manner your use of the Certified TechCare APIs, your App and other activities related to your obligations under these Terms.

    b. Virus Warranty. You warrant that your Apps will not contain any viruses or other malicious computer instructions, devices, or techniques that can or were designed to threaten, infect, damage, disable, or shut down the TechCare EHR APIs, any technology, software, solution, equipment or any computer system.

    c. Changes. NaphCare may, in its sole and absolute discretion, make changes, modifications or updates to the Certified TechCare EHR API (including without limitation changes to the capabilities and tech specs), without notice to you.

    d. Global Availability. NaphCare makes no representations that the Certified TechCare EHR APIs are appropriate or available for use in locations outside of the United States, and access to them from such territories is at your own risk. Those who choose to access the Certified TechCare APIs from locations outside of the United States do so at their own initiative and are responsible for compliance with applicable local laws.

    e. Application developer affirmations to Certified API Developers regarding the ability of their applications to secure a refresh token, a client secret, or both, must be treated in a good faith manner

    TERMS ACCEPTANCE AND REPRESENTATION

    a. Accepting the Terms. These Terms of Use ("Terms") govern your access to and use of the Certified TechCare EHR 2015 Edition API, documentation, services, etc. By accessing or using the Certified TechCare APIs, you agree to be bound by these Terms. “Certified TechCare EHR API” means the API provided by TechCare to allow authorized access to query our Client(s) Electronic Health Record system. You represent and warrant that you are at least 18 years of age and that you possess the legal right and ability to agree to these Terms and to use the Certified TechCare APIs in accordance with these Terms.

    b. Entity Representation. If you are using the Certified TechCare API on behalf of a legal entity (i.e. a Clinical software services company), you represent that you have proper authority to act on behalf of and bind the entity to these Terms, and by accepting, you accept on behalf of the entity (and all references to “you” in the Terms refer to the entity).