These Terms and Conditions were last updated on November 10, 2021.
Historical versions (V1 04 AUG 2016) are maintained and available at either https://florencehc.com/compliance/, the Florence Compliance Team’s self-audit portal, and/or by emailing email@example.com.
Section 1 Definitions
- “Administrative Rights” means the rights to administer and direct the use of a Provider’s account, including the authority to provide, request, issue, administer and limit the access rights to other user accounts issued to such Provider’s Authorized Workforce or Services Users, as well as the rights to integrate, connect, or otherwise share Your Information with, or receive Protected Health Information from, third parties through the Services.
- “Authorized Workforce” means those natural persons who are members of your Workforce who you have identified (by their legal names, and the legal names of their employers) in your account as authorized to access the Services on your behalf.
- “Confidential Information” means any information relating to either Parties’ business, financial affairs, current or future products or technology, trade secrets, workforce, customers, clients, patients, study participants or any other information that is treated or designated by the disclosing Party as confidential or proprietary. Confidential Information does not include information that made publicly available or that becomes known to the general public other than as a result of a breach of an obligation by the receiving Party.
- “Credentials” means any unique identifier, password, token, credential, any combination thereof, or other means we may utilize from time to time for authorizing access to all or any portion of the Services.
- “Data” means all information in any form including de-identified or otherwise, whether or not Confidential Information or proprietary, collected or created by, or delivered to us, including any documents uploaded into Service, or furnished, disclosed or otherwise made available to us, directly or indirectly, by or on behalf of any Services User, including data of or pertaining to any derivatives of such data.
- Florence Products means eBinders, eISF, eTMF, eHub, ePrinter, eConsent, and/or other Florence software or tools (as applicable and made available to the end user).
- “HIPAA” means the administrative simplification provisions of the United States (US) Health Insurance Portability and Accountability Act of 1996 (HIPAA), and the regulations promulgated thereunder, including the Privacy Rule and the Security Rule, as amended.
- “Personal Information” means any information relating to an identified or identifiable natural person.
- “Policies and Procedures” means our rules, regulations, policies and procedures for access to and use of the Services, as changed from time to time and as posted electronically on our Internet website.
- “Privacy Rule” means the Standards for Privacy of Individually Identifiable Health Information at US Food and Drug Administration (FDA) Code of Federal Regulations (CFR): 45 CFR Part 160 and Part 164, Subparts A and E, as amended.
- “Protected Health Information” has the meaning given it in the Privacy Rule.
- “Provider” has the same meaning as “health care provider” given in US FDA 45 CFR §160.103 and includes researchers or other members of the Authorized Workforce or Services Users.
- “Provider of Record” has the meaning given in Section 3.1.1.
- “Security Rule” means the Security Standards for the Protection of electronic Protected Health Information at US FDA 45 CFR Part 160 and Part 164, Subparts A and C, as amended.
- “Services” means the services provided by us to you for the Purpose.
- “Workforce” means a Provider’s employees, volunteers, trainees, and other persons whose conduct, in the performance of work for Provider, is under the direct control of such Provider, whether or not they are paid by the Provider, and shall also include any of Provider’s sponsors or other corporate partners (e.g., contract research organization) and their employees or other persons under their direct control.
- “Your Health Information” means Protected Health Information (as defined in HIPAA) that you or your Workforce or Services Users input or upload onto the Services or that we receive on your behalf from your patients, study participants, authorized service providers, or our third-party partners and other participants.
- “Your Information” means information that you or your Workforce or Services Users input or upload onto the Services, including Your Personal Information and Your Health Information.
- “Your Personal Information” means Personal Information that you or your Workforce or Services Users enter or upload onto the Services. If Your Personal Information includes Personal Data of individuals in the European Economic Area (EEA), United Kingdom (UK) and/or Switzerland, such Personal Data is regulated by the General Data Protection Regulation (“GDPR”), or its equivalent national law, and subject to Florence’s Data Processing Agreement (DPA), which is available at either: https://florencehc.com/compliance/, the Florence Compliance Team’s self-audit portal, and/or by emailing firstname.lastname@example.org.
Section 2 Grant of Right to Use the Services
You will not:
- use the Services for time-sharing, rental or service bureau purposes;
- make the Services, in whole or in part, available to any other person, entity or business;
- copy, reverse engineer, decompile or disassemble the Services, in whole or in part, or otherwise attempt to discover the source code to the software used by the Services; or
- modify, combine, integrate, render interoperable, or otherwise access for purposes of automating data conversion or transfer, the Services or associated software with any other software or services not provided or approved by us.
Section 3 Access to the Services
1. Access Rights of Providers and their Authorized Workforce.
3. Restrictions. In addition, to further safeguard the confidentiality, integrity and availability of the information and other elements housed in the Services, as well as the stability of the Services, you agree you will not, nor attempt to, or authorize anyone to, or attempt to:
3.1. abuse or misuse the Services, including gaining or attempting to gain unauthorized access to the Services, or altering or destroying information housed in the Services, except in accordance with accepted practices;
3.2. use the Services in a manner that interferes with other Users’ use of the Services;
3.4. use any ad blocking mechanism, device, or tool to prevent the placement of advertisements in the Services;
3.5. circumvent any technical measures we have put in place to safeguard the Services or the confidentiality, integrity or accessibility of any information housed thereon, or any technical measures we have put in place to restrict access to the Services solely to the class of persons expressly so authorized pursuant to Sections 3.1.1 through 3.1.4; and
3.6. access any portion of the Services other than with a commercial browser (such as Edge, Mozilla Firefox or Chrome) or mobile applications developed and operated by us.
4.1. You will implement and maintain appropriate administrative, physical and technical safeguards to protect information within the Services. Such safeguards shall comply with federal, state, and local requirements, including the Privacy Rule and the Security Rule, whether or not you are otherwise subject to HIPAA. You will maintain appropriate security with regard to all personnel, systems, and administrative processes used by you or members of your Workforce or Services Users to transmit, store and process electronic health information through the use of the Services.
4.2. You will immediately notify us of any breach or suspected breach of the security of the Services of which you become aware, or any unauthorized use or disclosure of information within or obtained from the Services, and you will take such action to mitigate the breach, suspected breach, or unauthorized use or disclosure of information within or obtained from the Services as we may direct and will cooperate with us in investigating and mitigating the same.
5. User Identification. We authorize you and your Authorized Workforce and Services Users to use the Credentials uniquely assigned to, or selected by, each such individual User. You acquire no ownership rights in any such Credentials, and such Credentials may be revoked or changed at any time in the discretion of us or the Provider of Record. You will adopt and maintain reasonable and appropriate security precautions for your Credentials to prevent their disclosure to or use by unauthorized persons. Each member of your Authorized Workforce and Services Users shall have and use a unique identifier. You will ensure that no member of your Workforce or Services Users uses Credentials assigned to another Workforce or Services Users member.
6. No Third-Party Access. Except as required by law, you will not permit any third party (other than the persons who satisfy the definition of Authorized Workforce and meet the requirements of Section 3.1.3 or Services Users in accordance with Section 3.1.4) to use or access the Services without our prior written agreement. Nor will you authorize or assist any person or entity in accessing, or attempting to access, any portion of the Services via any means other than a commercial browser (such as Edge, Mozilla Firefox or Chrome) or a mobile app that we have authored and provided to you. You will promptly notify us of any order or demand for compulsory disclosure of health information if the disclosure requires access to or use of the Services. You will cooperate fully with us in connection with any such demand.
7.1. require each member of your Authorized Workforce and Services Users to have unique Credentials, and will provide to us the name(s) of each such member for which you are seeking Credentials;
7.4. ensure that only the person to whom a specific set of Credentials have been assigned accesses the Services with such Credentials; and
7.5. immediately notify us of the termination of employment of any member of your Authorized Workforce or Services Users, or of your withdrawal of authorization for any such person to access the Services.
9. Professional Responsibility. You will be solely responsible for the professional and technical services you provide. We make no representations concerning the completeness, accuracy or utility of any information submitted to and maintained in the Services or concerning the qualifications or competence of persons who placed it there. We have no liability for the consequences to you or your patients or others regarding your use of the Services.
10. Cooperation. You will cooperate with us in the administration of the Services, including providing reasonable assistance in evaluating the Services and collecting and reporting data requested by us for purposes of administering the Services.
Section 4 Use of Information
1. Purpose of Services. The Services will allow you to upload, store, edit and share clinical and regulatory research documents and data solely for the purposes outlined in any applicable agreement between the Services Users and Florence’s contracted customer (“Purpose”). You authorize us, as your business associate, to use and disclose Your Information as follows, subject to the recipient’s agreement to comply with applicable laws and regulations relating to the use and disclosure of health information, and subject also to any other relevant provisions herein:
1.1. We will permit unrestricted access to Your Health Information to you and your Authorized Workforce. You are responsible for ensuring that your use of Your Health Information is consistent with the relevant legal restrictions.
1.2. We will permit access to Your Information by your Authorized Workforce or Services Users and anyone with whom your Authorized Workforce or Services Users elects to share Your Health Information. You acknowledge that once your Authorized Workforce or Services Users have granted access to Your Health Information, we have no control over the uses and disclosures that the provider makes of Your Health Information, and the recipient may be subject to its own legal or regulatory obligations (including HIPAA) to retain such information and make such information available as required by applicable law or regulation.
1.3. We may create limited data sets from your operational Information and disclose them in connection with performing the Services.
1.4. We may use Your Health Information solely for to provide the Services, and to carry out our legal responsibilities, which may include us disclosing such information to one of our business associates that has entered into a Business Associate Agreement (BAA) as provided herein. We may also disclose Your Information for such purposes if the disclosure is required by law, or we obtain reasonable assurances from the recipient that it will be held confidentially and used or further disclosed only (i) as required by law (as such term is defined in US FDA 45 CFR §164.103), or (ii) for the purpose for which it was disclosed to the recipient, and the recipient notifies us of any instances of which it is aware in which the confidentiality of the information has been breached. Without limiting the foregoing, we may permit access to the system by our contracted system developers under appropriate confidentiality agreements.
1.5. Notwithstanding anything herein to the contrary, and unless as otherwise agreed, we may anonymize and aggregate clinical trial Operational Data (as defined below), with the express exclusion of PHI and third-party proprietary information or data, for our business purposes. “Operational Data” includes key performance indicators such as study start-up timelines, signature timelines, time until enrollment of first study patient, and other similar operational information.
Section 5 Data Use Rights
Section 6 Individuals’ Rights
You are solely responsible for affording individuals their rights with respect to relevant portions of Your Health Information or Your Personal Information, such as the rights of access and amendment. You will not undertake to afford an individual any rights with respect to any information in the Services other than Your Health Information or Your Personal Information.
Section 7 Computer Systems
You will acquire, install, configure and maintain all hardware, software and communications systems necessary to access the Services (your “Implementation”). Your Implementation will comply with the specifications from time to time established by us. You will ensure that your Implementation is compatible with the Services. If we notify you that your Implementation is incompatible with the Services, you will eliminate the incompatibility, and we may suspend Services to you until you do so.
Section 8 Confidential Information
2. The Parties agree that it may suffer irreparable harm if the receiving Party fails to comply with its obligations set forth in Section 8.1, and each further agrees that monetary damages will be inadequate to compensate for any such breach. Accordingly, each Party agrees that it will, in addition to any other remedies available at law or in equity, the Parties will be entitled to seek the issuance of injunctive relief to enforce the provisions hereof, immediately and without the necessity of posting a bond.
Section 9 Disclaimer, Exclusion of Warranties, and Limitation of Liability.
1. Carrier Lines. YOU ACKNOWLEDGE THAT ACCESS TO THE SERVICES WILL BE PROVIDED OVER VARIOUS FACILITIES AND COMMUNICATIONS LINES, AND INFORMATION WILL BE TRANSMITTED OVER LOCAL EXCHANGE AND INTERNET BACKBONE CARRIER LINES AND THROUGH ROUTERS, SWITCHES, AND OTHER DEVICES (COLLECTIVELY, “CARRIER LINES”) OWNED, MAINTAINED, AND SERVICED BY THIRD-PARTY CARRIERS, UTILITIES, AND INTERNET SERVICE PROVIDERS, ALL OF WHICH ARE BEYOND OUR CONTROL. WE ASSUME NO LIABILITY FOR, OR RELATING TO, THE INTEGRITY, PRIVACY, SECURITY, CONFIDENTIALITY, OR USE OF ANY INFORMATION WHILE IT IS TRANSMITTED ON THE CARRIER LINES, OR ANY DELAY, FAILURE, INTERRUPTION, INTERCEPTION, LOSS, TRANSMISSION, OR CORRUPTION OF ANY DATA OR OTHER INFORMATION ATTRIBUTABLE TO TRANSMISSION ON THE CARRIER LINES. USE OF THE CARRIER LINES IS SOLELY AT YOUR RISK AND IS SUBJECT TO ALL APPLICABLE LOCAL, STATE, NATIONAL, AND INTERNATIONAL LAWS.
2. No Warranties. EXCEPT FOR ANY WARRANTIES WHICH ARE EXPRESSLY PROVIDED IN A WRITTEN AGREEMENT COVERING THE SERVICES, ACCESS TO THE SERVICES AND THE INFORMATION CONTAINED ON THE SERVICES IS PROVIDED “AS IS” AND “AS AVAILABLE” WITHOUT ANY WARRANTY OF ANY KIND, AND WE DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, STATUTORY OR OTHERWISE, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NONINFRINGEMENT AND TITLE. YOU ARE SOLELY RESPONSIBLE FOR ANY AND ALL ACTS OR OMISSIONS TAKEN OR MADE IN RELIANCE ON THE SERVICES OR THE INFORMATION IN THE SERVICES, INCLUDING INACCURATE OR INCOMPLETE INFORMATION. IT IS EXPRESSLY AGREED THAT IN NO EVENT SHALL WE BE LIABLE FOR ANY SPECIAL, INDIRECT, CONSEQUENTIAL, OR EXEMPLARY DAMAGES, INCLUDING BUT NOT LIMITED TO, LOSS OF PROFITS OR REVENUES, LOSS OF USE, LOSS OF GOODWILL, OR LOSS OF INFORMATION OR DATA, WHETHER A CLAIM FOR ANY SUCH LIABILITY OR DAMAGES IS PREMISED UPON BREACH OF CONTRACT, BREACH OF WARRANTY, NEGLIGENCE, STRICT LIABILITY, OR ANY OTHER THEORY OF LIABILITY, EVEN IF WE HAVE BEEN APPRISED OF THE POSSIBILITY OR LIKELIHOOD OF SUCH DAMAGES. WE DISCLAIM ANY AND ALL LIABILITY FOR ERRONEOUS TRANSMISSIONS AND LOSS OF SERVICE RESULTING FROM COMMUNICATION FAILURES BY TELECOMMUNICATION SERVICE PROVIDERS OR THE SERVICES.
4. Unauthorized Access; Lost or Corrupt Data. WE WILL USE INDUSTRY-STANDARD, COMMERCIALLY REASONABLE EFFORTS TO PROTECT YOUR DATA, BUT WE ARE NOT RESPONSIBLE FOR UNAUTHORIZED ACCESS TO YOUR DATA, FACILITIES OR EQUIPMENT BY PERSONS USING THE SERVICES OR FOR UNAUTHORIZED ACCESS TO, ALTERATION, THEFT, CORRUPTION, LOSS OR DESTRUCTION OF YOUR DATA FILES, PROGRAMS, PROCEDURES, OR INFORMATION THROUGH THE SERVICES, WHETHER BY ACCIDENT, FRAUDULENT MEANS OR DEVICES, OR ANY OTHER MEANS. YOU ARE SOLELY RESPONSIBLE FOR VALIDATING THE ACCURACY OF ALL OUTPUT AND REPORTS, AND FOR PROTECTING YOUR DATA AND PROGRAMS FROM LOSS BY IMPLEMENTING APPROPRIATE SECURITY MEASURES. YOU HEREBY WAIVE ANY DAMAGES OCCASIONED BY LOST OR CORRUPT DATA, INCORRECT REPORTS, OR INCORRECT DATA FILES RESULTING FROM PROGRAMMING ERROR, OPERATOR ERROR, EQUIPMENT OR SOFTWARE MALFUNCTION, SECURITY VIOLATIONS, OR THE USE OF THIRD-PARTY SOFTWARE. WE ARE NOT RESPONSIBLE FOR THE ACCURACY OR COMPLETENESS OF CONTENT OF ANY INFORMATION TRANSMITTED OR RECEIVED THROUGH OUR PROVISION OF THE SERVICES.
Section 10 Term; Modification; Suspension; Termination
Section 11 Supervening Circumstances
a. severe weather and storms;
b. earthquakes or other natural occurrences;
c. strikes or other labor unrest;
d. power failures;
e. nuclear or other civil or military emergencies;
f. acts of legislative, judicial, executive, or administrative authorities;
g. pandemics or other broad-scale health safety emergencies; or
h. any other circumstances that are not within its reasonable control.
Section 12 Severability
Section 13 Notices
Florence Healthcare, Inc.
660 Peachtree St. NE Suite 920
Atlanta, GA 30308
To you, at the current contact information on file with us at the time notice is given.
Florence Healthcare, Inc.
600 Peachtree St NE, Suite 920
Atlanta, GA 30308
To gain access to the Florence Compliance Team’s self-audit portal, contact your Account Manager.