Third Party Product Requirements and Authorized User Pass Thru Terms (Electronic Networks)

Vivlio may make Third Party Products available to Client as part of the Services (as defined in the Master Services Agreement). Such Third Party Products are subject to their own terms and conditions, including applicable flow-through provisions. Client agrees that Client and Client’s Authorized Users will abide by the applicable terms for any such Third Party Products, including but not limited to the following Pass Thru Terms (“Terms”). These Terms govern the rights of Authorized Users to connect to the APIs and other services, which allow requesting, retrieving, and contributing patient information from health data sharing networks and other third-parties (the “Network”). All Authorized Users are required to agree to the terms of this Exhibit C. Capitalized terms not otherwise defined herein shall have the meanings ascribed to such terms in the Agreement. By Client’s connection to the Network or allowing Client’s Authorized Users to connect to the Network, Client agrees as follows.

Use for Authorized Purposes Only

Client agrees all data gathered via queries from the Network by Authorized Users is for Treatment purposes only. “Treatment” and related terms have the meaning given to them by the Health Insurance Portability and Accountability Act of 1996 and its associated regulations (collectively “HIPAA”), including the provision, coordination, or management of health care and related services by one or more health care providers, including the coordination or management of health care by a health care provider with a third party; consultation between health care providers relating to a patient; or the referral of a patient for health care from one health care provider to another.

Rights Granted

a. Client is granted a non-exclusive, non-transferable, non-sublicensable, limited right to use and make queries to the Network. Client agrees Vivlio may limit and make modifications to or deprecate features of the Network, at any time for any reason, with or without notice so long as such modifications do not materially and adversely affect performance of the Network then currently licensed by Client.

b. To use the Network, Client and Authorized User data will be made available to process queries submitted to the Network by end users. Subject to the Agreement and BAA, Vivlio and/or Third Party Product providers may retain the right to use metadata for lawful internal purposes, and to provide externally to data sources or their legal representatives for audit purposes, during the term of the Agreement. Metadata will not be used in a way that allows derivation or reconstruction of the content of Authorized User data that the Metadata was generated from.

c. Service Bi-Directionality. Client understands that as a condition of use of the Network, Client and its Authorized Users agree, subject to applicable regulations including the “minimum necessary” requirements of HIPAA and the Business Associate Addendum, to provide clinically Relevant Data, as defined below, used in the normal course of communicating outcomes to referring healthcare providers, in order to provide such Relevant Data to patients queried by such End User to enable patient matching across the Network. The parties agree to work in good faith to support searchability or otherwise make available new and clinically relevant data for treatment purposes and outcomes (“Relevant Data”) in a way that enables Relevant Data to be shared, as a condition of use of the Network, as required by the Carequality Connection Terms, Commonwell End User License Agreement or the EHealth Exchange DURSA.

Client agrees that Vivlio or its Third Party Product provider may de-identify any and all data (“De-Identified Data”) that is received or created through the Network from Client, which may be used and disclosed by Vivlio or Third Party Product provider, provided that such de-identification is performed in accordance with the de-identification requirements of, and subject to, applicable law. Such De-Identified Data may be used for all lawful purposes, including preparing reports, analyses, new products or services, improvements to existing products or services, and other derivative materials based on De-Identified Data (“Derivative Works”). Derivative Works may be commercialized so long as no Individual records, or the identity of the original source of the De-Identified Data are disclosed in such materials.

Client Responsibilities 

a. Client’s use of the Service and Network does not in any way inherit individual consent, government approval, IRB approval, or regulatory clearance of any kind, solely by receiving data from the Network. Client and Client’s Authorized Users will not submit any query about an Individual to the Network unless Client or its Authorized User have the requisite authority and consent from such Individual to obtain the requested data and the query complies with these Pass-Thru Terms. Client agrees Client and its Authorized Users will not submit any query to the Network that is false, misleading, or if the purpose of the query is to interfere with or gain unauthorized access to data, the Network, or third-party systems or networks or that does not comply with these Pass-Thru Terms. Client is solely responsible for ensuring Client’s and its Authorized Users’ use of personal data complies with all applicable laws.  Client agrees that Client and its Authorized Users will comply with policies, acceptable use requirements, and other restrictions implemented from time to time regarding use of the Network.

b. Client agrees, and Client’s Authorized Users must agree to, the terms governing access to services, including the Network, established by third-parties that make their data available through the Network including, but not limited to the Carequality and Commonwell health, and EHealth Exchange information exchange networks (available here: Carequality Connection Terms, Commonwell Authorized User License Agreement, and EHealth Exchange), as such terms may be modified by such entities from time to time. Client also agrees that from time to time the Network may connect with additional third-parties who wish to allow individuals and/or organizations to request data in their possession. Client agrees that such third-parties may require requesters to agree to certain terms and conditions, and that Vivlio reserves the right to deny access to any third-party data source until Client and/or Client’s Authorized Users have agreed to abide by such terms and conditions. Client understand that as a condition of use of the Network, Client and its Authorized Users are required to, subject to applicable regulations including the “minimum necessary” requirements of HIPAA and the business Associate Addendum, provide to the Network clinically relevant data of patients queried by for treatment outcomes (“Relevant Data”) in a way that enables Relevant Data to be shared and to enable patient matching across the Network, as a condition of use of the Network, as required by the Carequality Connection Terms and/or Commonwell End User License Agreement , and EHealth Exchange DURSA. c. Client agrees it and its Authorized Users shall not share with any third-party and will securely store, any credentials Vivlio provides for access to and use of the Network. Vivlio and its Third Party Product provider are not responsible for the accuracy, completeness, quality, integrity, legality, reliability, and appropriateness of data obtained via the Network, or the security and integrity of data processed.

c. When performing queries using the Network, Client and its Authorized Users will be given the option to select specific data elements that Client would like to be returned in response to the query. Because only a partial data set may be returned in response to any query, the requested data may be missing key data elements that may be relevant to patient care. Client agrees that Client is solely responsible for the construction of any query (including through the selection of data elements to be queried) and for the responsible use of any data returned by a query. Client agrees that the Network delivers data and information from networks, partners and other third-party data sources that fully determine and control their own response mechanisms and patient matching thresholds, and that there may be variability in the data, information or responses provided in response to any individual query.

d. Client agrees that Client’s access to or use of the Network may be limited, suspended, or revoked to correct or prevent an actual, imminent, or threatened breach of this Section 3. Vivlio may terminate Client’s access to the Network immediately upon written notice if Client fails to promptly remedy a material breach of these Pass -Thru Terms; or if Client ceases actively doing business, begins winding up its business, or bankruptcy or insolvency proceedings are begun by or against you and not promptly dismissed.

e. Client agrees that Client and its Authorized Users will not (a) modify the Network without Vivlio’s specific written permission; (b) in an unauthorized manner, interfere with or disrupt the Network or gain access to any systems or networks that connect to the Network (or attempt to do any of the foregoing); (c) remove or obscure any copyright, trademark, or other proprietary legends found on the Network, or other products or services provided or made available by us; (d) copy, derive specifications from, reverse engineer, reverse compile, disassemble, translate, record, or create derivative works based on the Network; or (e) permit any third-party to do any of the foregoing. If Client learns of any violation of this paragraph, Client will promptly notify Vivlio as soon as commercially possible and take commercially reasonable steps to end the violation. Client agrees Client and its Authorized Users will always keep information related to the Network strictly confidential.

f. Client must at a minimum: (i) comply with all Applicable Law; (ii) reasonably cooperate with Vivlio Health on issues related to this Agreement; (iii) Transact Message Content only for a Permitted Purpose; (iv) use Message Content received from other users of the networks in accordance with the terms and conditions of the respective electronic network agreement (heretofore mentioned); (v) as soon as reasonably practicable after determining that an Adverse Security Event occurred, report such Adverse Security Event to Vivlio Health; and (vi) refrain from disclosing to any other person any passwords or other security measures issued to the Client by Vivlio Health.

Intellectual Property

a. The underlying technology supporting the Network is solely Vivlio’s property or that of our licensors and/or Third Party Product providers. Notwithstanding anything to the contrary, Vivlio and its licensors and Third Party Product providers  (i) retain all right, title and interest, as well as any associated Intellectual Property Rights; (ii) will have the right to use the Network for any purpose; and (iii) do not produce any “works made for hire” as defined in the U.S. Copyright law by creating any works of authorship created in the performance of the Agreement. Other than as expressly provided in this Agreement, no license or right is granted to Client by implication or otherwise with respect to or under any such Intellectual Property Rights.

b. Nothing in this Agreement transfers or assigns to Vivlio any of Client’s Intellectual Property Rights in Client’s trademarks, logos, or other brand insignia. For purposes of the preceding sentences, “Intellectual Property Rights” means patent rights (including, without limitation, patent applications and disclosures), copyrights, trade secrets, moral rights, know-how, and any other intellectual property rights recognized in any country or jurisdiction in the world

HIPAA Compliance

Vivlio and Client agree to comply with the terms of the Exhibit B Business Associate Agreement (“BAA”) incorporated into the Agreement. Client agrees its Authorized Users shall comply with the BAA, and Client is responsible for any breach of the BAA by its Authorized Users.

Disclaimer of Warranties, Limitation of Liability

The network, and all data obtained via the network, are provided on an “as is” and “as available” basis, without any warranties of any kind to the fullest extent permitted by law, and Vivlio, for itself and on behalf of its third party product providers, expressly disclaims any and all warranties, whether express or implied, including, but not limited to, any implied warranties of merchantability, title, fitness for a particular purpose, and non-infringement. Client agrees that Vivlio does not warrant that access to the network will be uninterrupted, timely, secure, error-free or free from viruses or other malicious software, and no information or advice obtained by client from Vivlio will create any warranty not expressly stated in these pass-thru terms. Under no circumstances does Vivlio provide any warranty related to the accuracy, content, or suitability of data obtained through the network for any purpose.


Notwithstanding anything to the contrary in this Agreement, Client understands that Vivlio does not have the ability to affect or alter the quality of the data received from the Network, or correct any specific data quality issues.


Client may not alter or amend these Pass-Thru Terms except as agreed in writing.

Contact Us

For information about how to contact Vivlio, please visit: https://vivliohealth.com/contact-us/.

Last modified: May 1, 2023.

Electronic Network Agreement
Click to Download