DATA PROVIDER AGREEMENT
Version:
05-Jun-2023
This Data Provider Agreement (“DPA”)
is effective after developing a Researcher account (the “Effective Date”)
by and between Geno.Me Incorporated (“Geno.Me”) and Geno.Me users (“Customer”)
pursuant to the Health Insurance Portability and Accountability Act (“HIPAA”),
as amended, and related privacy, security, breach notification, and enforcement
regulations defined at 45 C.F.R. Parts 160 and 164 (“HIPAA Rules”).
RECITALS
A. The parties intend
for this DPA to:
i. support Geno.Me in
disclosing the patient clinical summary Limited Data Set as defined under the
HIPAA Rules (the “Disclosed Limited Data Set”) to Data Recipient solely
for the purposes of research the “Specified Data Recipient Program”);
and
ii. ensure that Customer
implements and maintains appropriate safeguards and uses the Disclosed Limited
Data Set only for permitted purposes, pursuant to this DPA and the HIPAA Rules.
B. Capitalized terms
used and not otherwise defined in this DPA shall have the meanings set forth in
the HIPAA Rules.
NOW, THEREFORE, in consideration
of the premises and the mutual promises and covenants contained herein, the
parties agree as follows:
1.
Data
Disclosure and Use.
1.1
Permitted
Data Use. Customer must only receive or use the Disclosed Limited Data Set for
purposes of the Specified Data Recipient Program as set forth in the preamble
and cannot otherwise use or disclose the Disclosed Limited Data Set unless
required by law or authorized by Geno.Me in writing.
1.2
Safeguards.
Customer must use appropriate safeguards as defined under the HIPAA Rules and
related Department of Health and Human Services guidance to prevent any use or
disclosure of the Disclosed Limited Data Set other than as provided for by this
DPA.
1.3
Reporting
Unauthorized Use or Disclosure. Customer must immediately report to Geno.Me any
use or disclosure of the Disclosed Limited Data Set not provided for by this DPA
of which it becomes aware. Customer must report any unauthorized use or
disclosure of the Disclosed Limited Data Set by written notice to Geno.Me at support@yourgeno.me.
1.4
Customer
Agents. Customer must not disclose the Disclosed Limited Data Set to any third
party, including any agent or contractor, without Geno.Me's prior written
consent. Customer must ensure that any agents or other third parties to whom it
discloses the Disclosed Limited Data Set each agree to the same restrictions
and conditions that apply to Customer regarding the Disclosed Limited Data Set.
1.5
No
Identification of Individuals. Customer must not attempt to identify or contact
any specific individual whose information appears in the Disclosed Limited Data
Set.
1.6
Retention
and Destruction. Customer must retain the Disclosed Limited Data Set only for
the reasonable duration of the Specified Data Recipient Program, unless
otherwise authorized by Geno.Me in writing. Customer will promptly and securely
destroy the Disclosed Limited Data Set, using industry-accepted methods, on
termination of this DPA or completion of the Specified Data Recipient Program,
whichever occurs first, and promptly provide Geno.Me with a written
certification of such destruction.
1.7
Audits.
Customer will allow Geno.Me to verify compliance with the terms of this DPA.
1.8
Derived
Works and Publication. Customer must provide Geno.Me with a copy of any
results, reports, or other outputs derived from the Disclosed Limited Data Set.
Customer must provide Geno.Me with a reasonable opportunity to approve any
reports or other publications derived from the Disclosed Limited Data Set prior
to distributing such materials outside Customer, including for purposes of, but
not limited to, any peer review, submission to any federal or state agency,
demonstration, presentation of findings, synopsis of research, or publication.
The retention and destruction requirements in Section 1.6 (Retention and
Destruction) apply to any Disclosed Limited Data Set data contained in derived
works.
2.
Term
and Termination.
This DPA and Customer's authorization to use or retain Disclosed Limited Data
Set will remain in effect from the Effective Date until terminated. Either
party may terminate this DPA at any time, with or without cause, by providing
thirty (30) days written notice to the other party. The terms of this DPA shall
remain effective in their entirety until Geno.Me receives the certificate of
data destruction as set forth in Section 1.6 (Retention and Destruction).
Section 5 (Indemnification) shall survive the termination of this DPA.
3.
Compensation. Customer shall
pay Geno.Me a fee for the Disclosed Limited Data Set (“Fee”). The Fee shall
be payable upon purchase of the dataset.
4.
Ownership. Geno.Me grants
to Customer a non-exclusive license for use of the Disclosed Limited Data Set
during the term of this Agreement. Customer acknowledges that the right to use
the Disclosed Limited Data Set is conditioned upon payment of all fees due and
return of this signed agreement to Geno.Me. Customer agrees to comply with
applicable HIPAA provisions and regulations and to also use its best efforts,
consistent with the practices and procedures Customer takes to protect its own
most valuable proprietary information and materials and will take all
reasonable steps to protect the Disclosed Limited Data Set and any pertinent
documentation and associated trade secrets against any unauthorized use,
reproduction, disclosure, or distribution.
5.
Indemnification. Customer shall
indemnify, defend, and hold harmless Geno.Me, Geno.Me's subsidiaries or
affiliates, and their respective trustees, directors, officers, grantors,
employees, agents, and contractors from any claims, losses, damages, expenses,
civil monetary penalties, and costs (including attorneys' and court fees and expenses)
arising out of or related to (a) any breach of this DPA by Customer or its
agents or contractors, including any Breach or alleged Breach of Unsecured
Protected Health Information, or (b) any negligence or wrongful acts or
omissions by Customer or its agents or contractors, including without
limitation, failure to perform Customer's obligations under this DPA, the HIPAA
Rules, or other applicable federal, state, or local laws.
6.
Amendment. The parties will
cooperate to amend this DPA as necessary from time to time to reflect changes
in circumstances or applicable law, including HIPAA and the HIPAA Rules. All
amendments to this DPA must be in writing and signed by both parties.
7.
Other
Provisions.
7.1
Assignment.
This DPA shall be binding on the successors and assigns of Geno.Me and Customer.
However, Customer may not assign this DPA, in whole or in part, without Geno.Me's
written consent. Any attempted assignment in violation of this provision shall
be null and void.
7.2
Counterparts.
The parties may execute this DPA in counterparts, all of which together shall
constitute one agreement.
7.3
Entire
Agreement and Severability. This DPA is the complete agreement between the
parties and supersedes all previous agreements or representations, written or
oral, regarding the Disclosed Limited Data Set and any related matters as
addressed in this DPA. If any part of this DPA is held to be unenforceable, the
remainder shall continue in effect.
7.4
Independent
Contractors. The relationship between the parties is that of independent
contractors. This DPA does not create any agency, joint venture, or partnership
relationship between the parties.
7.5
Interpretation.
Any ambiguity in this DPA shall be resolved in favor of a meaning that permits
the parties to comply with applicable law, including HIPAA and the HIPAA Rules.
7.6
No
Third-Party Beneficiaries. Nothing express or implied in this DPA is intended
to or shall confer any rights, remedies, obligations, or liabilities on any
person other than the parties and their respective successors or assigns.
7.7
Notices.
Any notices required or permitted under this DPA must be in writing and sent by
United States mail, electronic mail with written acknowledgement of receipt,
overnight delivery service, or facsimile transmission to the addresses for each
party provided below or such different addresses as a party may later designate
in writing. Notices regarding the unauthorized use or disclosure of the
Disclosed Limited Data Set must follow the specific requirements listed in
Section 1.3 (Reporting Unauthorized Use or Disclosure).
7.8
Regulatory
References and Compliance with Laws. A reference in this DPA to the HIPAA Rules
or any other applicable law means the section as in effect or as amended, and
with which Geno.Me, or Customer must comply. Each party represents and warrants
that it shall comply with applicable law, including HIPAA and the HIPAA Rules,
in the performance of this DPA.
7.9
Use
of Name and Trademarks. Customer shall not use the name(s) or trademark(s) of Geno.Me
in any advertising, publicity, endorsement, promotion, or other publicly
available document without Geno.Me's prior written consent.
7.10
Waiver.
Neither party's delay or omission in exercising any right or remedy under this DPA
will constitute waiver or prevent the applicable party's ability to exercise
any right or remedy in the future.
7.11
Governing
Law. This Agreement shall be governed by the laws of the State of Wisconsin. Venue
for any claim, action, or suit, whether state of federal, between Geno.Me and
Data Provider shall be Dane County, Wisconsin.
By acknowledging this Agreement, the
Customer provides assurance that its relevant institutional policies and applicable
federal, state, or local laws and regulations (if any) have been followed,
including the completion of any IRB review or approval that may be required
prior to the Customer’s provision of the Data. Upon the Provider’s written
request to the Customer’s Contact for Formal Notices identified in the
signature block of this Agreement, the Customer will provide documentation of
its IRB approved Protocol.