Notwithstanding anything to the contrary in this Agreement, the Parties agree that the Licensed Products and Deliverables may not be: (i) stored outside the US without the Supplier’s prior written consent, (but for the avoidance of doubt may be accessed by the Customer’s employees located outside the US provided the data at all times resides in the US); (ii) used to identify or contact an individual patient, an individual’s relatives or household members, a pharmacy or hospital provider, or a source of the data; (iii) reengineered, reverse engineered, mashed up, linked to, used or combined with other data that would result in the re-identification of any individual or the identification of the original source of the data or be in violation of applicable law; (iv) published, quoted, made or reproduced for advertising, promotional or public relations purposes; or (v) used or accessed (including derivatives) to provide services to financial services firms.

The Supplier or an affiliate of the Supplier has entered into a license agreement (“Master Data License Agreement”) with a licensor of certain healthcare information (“Data Supplier”), pursuant to which Data Supplier licenses certain de-identified data sets (the “Licensor Data Products”) to the Supplier.  The Supplier, in turn, includes certain elements of the Licensor Data Products in the Customer’s Licensed Products and Deliverables licensed by the Supplier to the Customer.  As between the Customer and the Data Supplier the Customer agrees as follows (these “Flow Down Terms”):

1. Data Supplier (and its licensors, providers and suppliers, where applicable) owns and shall retain all intellectual property rights in and to the Licensor Data Products.

2. The Customer shall not sublicense, transfer, redistribute or otherwise make available Licensed Products or Deliverables (and any Licensor Data Products data therein) to a third party except (a) as expressly authorized by the Order Form or the MSA (including these Flow-Down Terms) and (b) pursuant to a written agreement with the third party that includes these required Flow-Down Terms.

3. The Customer shall, and shall ensure that the Customer’s Authorized Users (as defined in Section 11 of these Flow Down Terms), only use Licensor Data Products, Licensed Products and Deliverables data for the Permitted Use(s) authorized by the Order Form or the MSA. Notwithstanding anything to the contrary, the Customer shall not use Licensor Data Products, Licensed Products or Deliverables data to identify and/or select sites, practitioners, patients or other individuals for participation in clinical trials.

4. The Customer hereby grants to the Supplier a royalty-free, worldwide, irrevocable, perpetual, transferable, sublicensable (including through multiple tiers) license to use, reproduce, incorporate, distribute and otherwise fully exploit any suggestions, recommendations, ideas or other feedback relating to the Data Products the Customer provides to the Supplier which may be shared and used by, or assigned to, Data Supplier.

5. The Customer shall comply with the limits, qualifications, conditions, restrictions and other requirements of any certification, opinion or other form of determination (“Certification”) that a Licensor Data Product, Licensed Product or Deliverable is statistically de-identified in accordance with the HIPAA de-identification standards at 45 CFR § 164.514(b), provided that such requirements are provided to the Customer.

6. The Customer shall not, and shall not permit any employee, agent, contractor or third party to: (a) identify, re-identify or attempt to identify or re-identify any individual who is the subject of any Licensor Data Products or Licensed Product or Deliverable data or any relative(s), family or household member(s) of such individual; (b) identify, re-identify or attempt to identify or re-identify any individual who is the subject of any data within any Licensor Data Products or Licensed Product or Deliverable data or any relative(s), family or household member(s) of such individual; (c) link any of the Customer’s or third-party data to any Licensor Data Products or Licensed Product or Deliverable data unless permitted by the applicable Certification and the Order Form or the MSA.

7. The Customer shall: (a) implement, use and enforce reasonable and appropriate technical, physical and administrative safeguards to (i) ensure the confidentiality of the Licensor Data Products, Licensed Product or Deliverable data, (ii) ensure that the Licensor Data Products, Licensed Product or Deliverable is accessed only by Client’s Authorized Users under the Order Form or the MSA (or employees who are authorized users of a permitted third party under Section 2 of these Flow-Down Terms), (iii) ensure that the Licensor Data Products, Licensed Product or Deliverable data remains de-identified in accordance with 45 CFR § 164.514(b), (iv) prevent any access to or use or disclosure of any Licensor Data Products, Licensed Product or Deliverable data except as permitted under the Order Form or the MSA and (v) ensure that the Customer and the Customer’s Authorized Users only process Licensor Data Products data on servers or other hardware located in the United States; (b) maintain an audit log of any individual who or entity which accesses the Licensor Data Products, Licensed Product or Deliverable data; (c) monitor any server storing any Licensor Data Products, Licensed Product or Deliverable data for intrusion, hacking or any other form of access not permitted under the SOW or the Agreement; and (d) appoint and maintain a Privacy Officer and Security Officer responsible for ensuring that the Licensor Data Products, Licensed Product or Deliverable data are maintained, transmitted, used and disclosed in accordance with the Order form, the MSA, HIPAA and other applicable law.

8. The Customer shall report to the Supplier any unauthorized actual or attempted access, re-identification or re-identification attempt of any Licensor Data Products, Licensed Product or Deliverable data discovered by the Customer within three (3) business days of the Customer’s discovery.

9. The Customer shall remedy (in accordance with the Supplier’s reasonable direction) any unauthorized access, re-identification or re-identification attempt of any Licensor Data Products, Licensed Product or Deliverable data.

10. Neither Data Supplier nor its licensors and providers make any representations or warranties directly to the Customer with regard to the Licensed Products, Deliverables and Licensor Data Products data. Any warranties regarding the Licensor Data Products, Licensed Products and Deliverables and the data therein are made by Data Supplier to the Supplier (or a Supplier affiliate). Accordingly, the Customer agrees that Data Supplier shall have no liability to the Customer in connection with the Licensor Data Products, Licensed Products or Deliverables, any data therein or the Order Form or MSA. Without limiting the foregoing, Data Supplier shall not be responsible to the Customer for personal injury or death that may occur as a result of the Customer’s use of the Licensor Data Products, Licensed Products or Deliverable data.

11. The Customer may permit the Customer’s employees and agents with a need for access to Licensed Products, Deliverables and Licensor Data Products data for the Customer’s internal business purposes as authorized by the Order Form or the MSA (“Authorized Users”) to access such data, provided that this is permitted in the Order Form or the MSA and that any agent enters into a written confidentiality agreement in accordance with Section 2 of these Flow-Down Terms. The Customer is responsible for compliance with the terms of the Order Form or the MSA, including these Flow-Down Terms, by the Customer’s Authorized Users. The Customer shall be liable for breach of the Order Form or the MSA, including, without limitation, these Flow-Down Terms, by any Authorized User or any other person or entity which obtains access to any Licensor Data Product, Licensed Product or Deliverable through the Customer, to the same extent as if such breach were committed by the Customer.

12. The Customer acknowledges and agrees that certain Licensor Data Products were derived from data that may have previously been Protected Health Information (“PHI“) (as defined by the Administrative Simplification Section of the Health Insurance Portability and Accountability Act of 1996, HITECH and their implementing regulations, as amended from time to time). If the Customer has a reasonable belief that the Customer received PHI from the Supplier, the Customer will notify the Supplier, such notice to include information relating to the basis for such belief, within 24 hours of the start of the Customer’s investigation. If the Supplier or Data Supplier notifies the Customer that the Supplier has provided PHI, or if the Customer confirms that the Customer has received any PHI from the Supplier, the Customer will destroy such PHI and certify, via a certificate of destruction provided to the Customer by the Supplier or Data Supplier, within 24 hours, that such PHI has been destroyed.

13. Data Supplier is a third-party beneficiary of these Flow-Down Terms and may enforce its rights hereunder against the Customer.

14. To the extent of any conflict between these Flow-Down Terms and any other part of the SOW or the Agreement, these Flow-Down Terms shall control.

1. Definitions

“Claim” shall mean a transaction or other record and the data elements contained therein submitted by a Healthcare Provider to a Payer for reimbursement or reporting of services or products (e.g., labs, procedures, diagnosis) rendered by a Healthcare Provider to a patient during an Encounter, including data elements from such Encounter, and other data elements added by a Payer as part of the adjudication process. A Claim includes the following: (a) ASC X12 | Transaction Set: 837 (institutional or professional) claim Transactions or similar format; (b) ASC X12 | Transaction Set: 835 electronic remittance advice Transactions or similar format; (c) CMS-1450, UB-04 or similar format; (d) CMS-1500 or similar format; (e) prescription drug claim transactions and durable medical equipment claims transactions (including the NCPDP universal claim form) or similar format; (f) Encounter Data; (g) CMS Risk Adjustment Processing System (RAPS) data transactions or similar format; (h) demographic and health insurance coverage and eligibility information for patients and information about the Healthcare Provider; and (i) records from Payers prior to or following adjudication that contain one or more data elements from (a) through (i) above.

“Claims Data” shall mean any data pertaining to, within, or resulting from a Claim, regardless, for the sake of clarity, of the form (e.g., written, digital, structured, or unstructured), completeness (e.g., partial elements of an otherwise complete Claim is still Claim Data), or degree of contribution (e.g., a data entry containing any part of any Claim altered or augmented in any way by any additional data, adjustment, translation, or otherwise is still Claim Data).

“Covered Life” shall mean an individual person covered under a Payer’s health benefits plan, a Payer’s administrative services contract on behalf of an employer, union or government healthcare programs (e.g., Medicare, Medicare Advantage, Medicaid, managed Medicaid, SNP, D-SNP), or other group purchasing such health benefits or administrative services from a Payer.

“Data Algorithm” shall mean any algorithm, formula, model, method, procedure, function, or transform, whether undertaken in digital manner (e.g., via computerized processes) or otherwise, which has been constituted, informed, empowered, derived, or trained, by Licensed Data, directly or indirectly, in whole or in part.

“Data Provider” shall mean a licensor of certain healthcare information which licenses certain de-identified data sets (the “Licensed Data”) to the Supplier.

“Encounter” shall mean an interaction between a patient and a Healthcare Provider for the purpose of providing healthcare services or assessing the health status of a patient and results in the creation of one or more Claims record.

“Encounter Data” shall mean any data pertaining to, within, or resulting from an Encounter, including, for the sake of clarity, any clinical documentation, paper or electronic health record data, or other such documents or records, whether in structured or unstructured formats, objectively or subjectively conveyed, regardless of form (e.g., written, digital, structured, or unstructured), completeness (e.g., partial elements of an otherwise complete Encounter is still Encounter Data), or degree of contribution (e.g., a data entry containing any part of any Encounter altered or augmented in any way by any additional data, adjustment, translation, or otherwise is still Encounter Data).

“Healthcare Provider” shall mean a hospital, skilled nursing facility, ambulatory surgery center, urgent care center, home health agency, hospice agency, clinic, healthcare professionals (e.g., physician, nurse practitioner, pharmacist or dentist), treatment center, physician and other professional practice entity, pharmacy, healthcare network and other individuals and entity which or who provides medical treatment and other healthcare items and services directly to patients.

“Licensed Data” shall mean Data Provider’s de-identified data licensed hereunder. Licensed Data consists of Claims Data and Encounter Data, in whole or in part. Any transformation, adaptation, abstraction, conversion, migration, aggregation, combination, overlap, linking, re-formatting, enhancement, or modification in any way of the Licensed Data, in whole or in part, by Customer and the resulting data from the aforementioned activity in any way is still considered Licensed Data (except that, for clarity, any Customer Data within the resulting data will not be considered Licensed Data). For purposes of illustration, if Customer normalizes or cleanses the Licensed Data (e.g., de-duplicating data entries, standardizes or rounds values), augments the Licensed Data (e.g., adds laboratory values, demographic data, or any other data), or removes data from the Licensed Data (e.g., removes diagnoses data or removes data information), in part or in whole, the dataset following such activity in any way is still Licensed Data.

“Payer” shall mean a health plan, payer, plan or program that provides healthcare benefits or finances or reimburses the cost of healthcare services and/or a provider of administrative services to adjudicate Claims from Healthcare Providers. Payers include commercial health plans, health plan sponsors (employers or unions), managed Medicaid, Medicare plans (including commercial health plans providing Medicare Advantage benefits to beneficiaries) and government healthcare programs. For the sake of clarity, any Payer which conducts business other than that described as being a Payer herein (e.g., the Payer is an employer of non-Payer operations or the Payer owns business that conduct business other than serving as a Payer), then Payer does not include such non-Payer businesses.

“Statistician” shall mean a person with appropriate knowledge of and experience with generally accepted statistical and scientific principles and methods for rendering information not individually identifiable under HIPAA.

“Summarized Data” shall mean a computed, determined, or analyzed result derived from the utilization of the Licensed Data which (a) does not contain (i) any Licensed Data, in whole or in part, including any patient- or individual-level data derived from the Licensed Data, nor (ii) any Data Algorithm, and (b) presents results of Customer’s manipulation and/or analysis of the Licensed Data in a format that includes graphical, tabular or written form such as a map, pie chart, summary table, statistical analysis, grid, abstract, executive summary, glossary or other descriptive format. For purposes of illustration, a report or analysis that illustrates the incidence of certain diseases in a population (e.g., the percentage of individuals with pancreatic cancer in a certain state or during a certain time period) or of procedures or medications used to treat a certain condition (e.g., the number of biopsies performed during colonoscopies over a period of time or the incidence of a certain drug to treat rheumatoid arthritis) are examples of Summarized Data. Summarized Data may not include Licensed Data, or any part thereof (including any patient- or individual-level data derived in whole or in part from the Licensed Data), alone or in a product or service. For further purposes of illustration, any report, analysis, display, graph, table, grid, abstract, or any other material that contains one or more diagnosis, laboratory values, cost elements, or anything specific to an individual contained within the Licensed Data is not Summarized Data. Customer is prohibited from including within any Summarized Data the Licensed Data itself, or any part thereof, that represents all or any part of an Encounter (including a Claim) between a patient and a Healthcare Provider. Summarized Data may not provide or display Claims Data or Encounter Data.

“Token” shall mean an encrypted de-identified patient identifier which can be used to join de-identified datasets containing de-identified patient or other individual information.

2. License and Conditions of Use.

a. License and Use. Subject to payment of all Fees and compliance with the terms and conditions of the Agreement (including these Flow Down Terms), Data Provider hereby grants to Customer a limited, revocable, non-exclusive, non-transferable, non-assignable and non-sublicensable right to use the Licensed Data in a de-identified format for the following purpose:

i. Analytics Use. Customer is permitted to use the Licensed Data to create Summarized Data (“Analytics Use”) for the internal business purpose(s) set out in Customer’s Order Form.

b. Prohibited Uses.

i. Customer is prohibited from using actual financial fields (e.g., actual paid amount, actual allowed amount and actual copay amount, hereafter “Actual Financial Fields”) or rollups of Actual Financial Fields in combination with provider-identifying fields (e.g., NPI, provider name, provider address, hereafter “Provider-Identifying Fields”) to determine the financial relationship (e.g., payment rate, reimbursement rate, allowed amount, paid amount, or contracted rate) between a Payer and a Healthcare Provider. For example, a report by NPI or named provider of actual allowed amounts by Payer for specific procedures or diagnosis codes is not permitted. Customer is, however, permitted to use proxy financial fields (e.g., proxy allowed amounts) in combination with Provider-Identifying Fields.

ii. Customer is prohibited from relicensing, sublicensing, distributing, making available by any means or medium, including, but not limited to through a cloud-based or server-based product or service, selling or reselling (together or individually, “Reselling” or “Resell”) the Licensed Data, Claims Data, Encounter Data, or any part thereof, or transformed version thereof, whether constituted from any of the Licensed Data or through combination with any other data, or in a product or service that could be reasonably construed to be a license of the Licensed Data or any part thereof. For purposes of illustration and not limitation, if Customer provides a third-party with access to Licensed Data through a platform where the third-party uses an analytical tool to run queries on the Licensed Data that returns Summarized Data to the third-party, then such use by Customer constitutes Reselling the Licensed Data. For purposes of further illustration, if Customer transforms, adapts, abstracts, enhances, coverts, migrates, aggregates, combines, overlaps, links, re-formats, or modifies in any way the Licensed Data or any data elements of the Licensed Data to create a dataset (the “Hypothetical Dataset”), then adds data not contained within the Licensed Data to the Hypothetical Dataset, then transforms the Hypothetical Dataset to (for example, amongst other potential transformation changes) normalize or standardize values within the Hypothetical Dataset, and then provides a third-party with access to the Hypothetical Dataset through a platform where the third party uses an analytical tool to run queries on the Hypothetical Dataset that returns Summarized Data to the third-party, then such use by Customer constitutes Reselling the Licensed Data. Customer is prohibited from allowing third parties to Resell the Licensed Data, provided that this prohibition does not prevent Customer from: (a) providing access to third-party contractors or other third parties with a third-party use agreement to use the Licensed Data solely on a Customer ’s behalf and return or destroy the Licensed Data after it is no longer needed to provide services to Customer; (b) develop and publish papers, posters, manuscripts or other documentation arising from analyses of the Licensed Data; or (c) provide submissions to the government or for other regulatory purposes. Customer is prohibited from incorporating the Licensed Data itself or any part thereof directly into Customer ’s products or services. Customer is prohibited from using Licensed Data to build, create, maintain, tune, train, inform or feed predictive, artificially intelligent (AI), machine learning (ML), or deep learning (DL) models for any purpose. Any use of the Licensed Data for any purpose other than as permitted under this Section shall be a material breach of these Third Party Terms.

c. Conditions of Use. As a condition of using the Licensed Data, Customer shall abide by the following restrictions on and limitations of use of the Licensed Data (collectively the “Conditions of Use”).

i. Customer shall use the Licensed Data solely as permitted under Section a.i of these Third Party Terms and shall not engage in any use of the Licensed Data not expressly permitted in Section a.i of these Third Party Terms.

ii. Customer shall implement and maintain appropriate data security and privacy policies, procedures and associated physical, technical and administrative safeguards as needed to assure that the Licensed Data is: (1) accessed only by personnel authorized under the Agreement or these Third Party Terms, and (2) will remain de-identified in accordance with 45 CFR Part 164.514(b)(1).

iii. Customer shall not (1) re-identify, or attempt to re-identify, any patient(s) member(s) or other individual(s) who are the subject of Protected Health Information (as such term is defined under 45 CFR §160.103) from which the Licensed Data is derived, or (2) re-identify or attempt to re-identify, any relative(s), family or household member(s) of such patient(s) or individual(s); or (3) re-identify or attempt to re-identify any Payers providing services to such patient(s) or individual(s).

iv. Customer shall not attempt to link the Licensed Data to any other Token not provided with the Licensed Data or any other data elements to the Licensed Data without first obtaining Supplier’s written permission, and which shall be further subject to Customer obtaining a Statistician’s certification that the Licensed Data will remain de-identified consistent with all of the conditions imposed by 45 CFR Part 164.514(b)(1). Customer shall provide Supplier with a copy of such Statistician’s certification. Customer shall comply with any requirements imposed by such Statistician’s certification.

v. Customer will not provide Licensed Data to any subcontractor or non-employee agent, unless such subcontractor or non-employee agent has agreed in writing to the Conditions of Use. The access and use of the Licensed Data by the subcontractor or non-employee agent shall be solely for the benefit of Customer and comply with terms and conditions of these Third Party Terms. Customer shall bear responsibility for the actions or inactions of subcontractors or non-employee agents that would, if performed by Customer, constitute a breach under these Third Party Terms.

vi. Customer will immediately report to Supplier any breach or attempted breach of any term of these Third Party Terms by itself, its employees, or any third party; Customer shall promptly, but in no event later than five (5) days after becoming aware of any unauthorized acquisition, access, use or disclosure of Licensed Data by Customer’s employees, agents or contractors or by a third party to which Customer disclosed Licensed Data, and report such unauthorized acquisition, use or disclosure of Licensed Data to Supplier.

vii. If Data Provider, its licensors or affiliates are required by a government authority to account for the use and disclosure of the Licensed Data, Customer will promptly provide information regarding its use and disclosure that is sufficient enough for Data Provider to timely respond to such authority.

viii. Customer shall not attempt to link or link any data elements in the Licensed Data that indicate the period of time a Covered Life is enrolled for medical benefits or prescription drug benefits (“Coverage Period”) or the type of benefit plan(s) in which a Covered Life is enrolled, to Customer ’s healthcare claims data or any third party healthcare claims data (together or separately “Other Data”), for the purpose of determining whether such Other Data contains all or substantially all of the healthcare claims for such Covered Life for the Coverage Period represented in the Licensed Data for such Covered Life.

ix. Customer shall not use the Licensed Data for purposes of obtaining or maintaining Customer ’s Qualified Entity Certification for Medicare Data.

3. Use of Licensed Data following Termination or Expiration of a Subscription License. Upon the expiration of the Term or in the event of termination of the agreement between Data Provider and Supplier for any reason (the effective date of such expiration or termination is the “Termination Date”), Customer ’s right to utilize the Licensed Data shall terminate as of the Termination Date. Within thirty (30) days of the Termination Date, Customer shall destroy all Licensed Data provided prior to such Termination Date and Customer shall provide Supplier with the certification of destruction in the form set out in Section 6 below.

4. Recordkeeping, Audits and Inspections.

a. Customer shall maintain books, records and other documentation of its access, use and disclosure of Licensed Data licensed under the Agreement or Order Form. Without limiting the generality of the foregoing, such documentation shall reasonably document that Customer is accessing, using and disclosing such Licensed Data in accordance with license restrictions and other terms and conditions of these Third Party Terms.

b. For the purpose of verifying compliance with these Third Party Terms, Supplier and Data Provider (their authorized representatives) shall have the right during the term of the applicable Order Form and for up to one (1) year after the termination of the Order Form, during normal business hours upon reasonable advance notice and without material disruption to Customer’s business, to audit and inspect Customer’s documentation related to its access, use and disclosure of Licensed Data to determine compliance with license restrictions, payment obligations and other terms and conditions of these Third Party Terms. Supplier and Data Provider may be assisted in any audit by representatives of its selected law and/or auditing firms.

c. Data Provider and Supplier shall conduct any such audits and inspections at its sole expense except that if either reasonably determines that Customer has underpaid a payment obligation by more than five percent (5%) or has violated any of the Conditions of Use of these Third Party Terms, Customer shall reimburse Data Provider and Supplier for any out-of-pocket expenses, including any fees or expenses paid to a third-party law and/or auditing firm.

5. Intellectual Property Rights and Ownership. The copyright, trade secret or other intellectual property rights of Data Provider and its licensors and providers are not transferred, assigned or affected in any way as a result of any contract or license agreement or other contract between Supplier and Customer.

6. Certificate of Destruction

The Customer hereby makes this Certificate to the Supplier pursuant to the Agreement between Customer and Supplier dated [######] (the “Agreement”). Capitalized terms used in this Certificate without definition shall have the meanings given to them in the Agreement.

Customer certifies the following:

1. Customer has exercised reasonable diligence to identify all (a) custodians of Licensed Data, including employees, agents or contractors of Customer or other third parties which received access to Licensed Data, directly or indirectly, from Customer (collectively, “Custodians”) and (b) electronic, paper or other locations storing or otherwise processing Licensed Data.

2. Customer has destroyed all Licensed Data in the possession of Customer and any Custodians, including, without limitation, any Licensed Data included (whether or not such inclusion was permitted) in Customer’s products, services or other offerings or in any publications, documents, reports, analyses or other materials developed or otherwise created by Customer or any third party that received any Licensed Data. Customer is permitted to retain one copy of the Licensed Data in accordance with the terms of the Agreement.

3. Without limiting the generality of the foregoing, Customer has required all Customer Clients with access to Licensed Data (whether or not permitted) to certify or otherwise confirm that they have destroyed all Licensed Data in their possession.

4. The individual who signed this Certificate is authorized to make this certification on behalf of Customer.

By: _________________________________

Name: _______________________________

Title: ________________________________

1. Data License, Usage Restrictions

a. Grant of License to Data. Subject to Customer’s compliance with the terms and conditions of the Agreement and these Third Party Terms, including the timely payment of all fees, Supplier hereby grants to Customer and (if specified on an Order Form) Customer’s affiliates a non-exclusive, non-transferrable, non-sublicensable, limited license to use certain de-identified data sets (the “Licensed Data”) solely for internal research and business operations as specified on the applicable Order Form, without sharing such Licensed Data (in whole or in part) with any third party (the “License”). Customer is authorized to make a reasonable number of copies of the Licensed Data solely as necessary for Customer to use the Licensed Data pursuant to the terms of this Agreement. Customer shall include on all copies or partial copies of the Licensed Data all copyright, trademark and other proprietary notices and license terms where and as found in the Licensed Data delivered to Customer.

b. Usage Restrictions. Except for the limited License grant in Section 1.a there are no licenses or other rights, express or implied, granted to Customer under the Agreement or Order Form or otherwise in or to the Licensed Data. Customer shall not disclose or allow the Licensed Data or any portion thereof to be accessed, viewed or used by any third party. Customer may not, and may not offer to, sell, export, distribute, commercialize, or transfer, directly or indirectly, the Licensed Data. Customer shall at all times comply with all applicable laws, rules and regulations with respect to using the Licensed Data, including without limitation HIPAA or any other privacy or security rules or regulations. Customer will not re-identify or attempt through any means or manner to re-identify any Licensed Data, or correlate any Licensed Data to a person or entity, and/or determine or attempt to determine the identity of any person from any Licensed Data. In the event Customer receives individually identifiable data, Customer will promptly notify Supplier and destroy such individually identifiable data.

2. Proprietary Rights

Customer acknowledges that Supplier’s licensor ( the “Data Provider”) owns all right, title and interest in the Licensed Data, which is Confidential Information hereunder, and Customer receives no other license rights except as expressly provided hereunder. No identifying marks, copyright or proprietary right notices may be deleted from any Licensed Product or Deliverable provided hereunder. Nothing contained herein shall be construed to limit the rights of Data Provider or Supplier from performing similar services for third parties using the Licensed Data or other Licensed Products or Deliverables, as applicable. Customer shall honor any request by Supplier to have Data Provider’s name be associated with the Licensed Data and the parties shall mutually agree as to the specifics of such attribution. Notwithstanding the foregoing, Customer may not, without obtaining prior written consent from Supplier, disclose to any third party that Data Provider is a source of the Licensed Data.

3. Survival

Upon termination of the license of the Licensed Data, all provisions of this Agreement and Order Form relating to proprietary rights, usage restrictions, audit rights, confidentiality and non-disclosure shall survive the expiration or termination of the license.

1. For the purposes of this section, “Data Provider” shall mean a licensor of certain healthcare information which licenses certain de-identified data sets (the “Licensed Data”) to the Supplier.

2. The Customer agrees to reproduce, and to not remove or obscure, any applicable intellectual property rights notices, disclaimers, or other legal notices included in the Licensed Data.

3. Except as expressly authorized in the Agreement or an Order Form, the Customer shall not and shall not permit or grant rights to any third party, including without limitation, the Customer’s third party consultants, to: (i) attempt through any means or manner to re-identify any individual that is the subject of the Licensed Data; (ii) correlate or link any Licensed Data to any person in violation of any applicable law, rule or regulation including without limitation HIPAA; (iii) use or permit access to the Licensed Data or the data obtained from the Licensed Data other than in its de-identified (in accordance with HIPAA requirements) form; (iv) attempt through any means or manner to contact, market, educate or otherwise reach out to any hospital, health system, healthcare facility, physician or provider identified or otherwise included in the Licensed Data by referring to the Licensed Data explicitly or the underlying sources from the Licensed Solution or the data obtained from the Licensed Data to initiate or cause the contact; or (v) attempt through any means or manner to use or utilize the Licensed Data to publicly benchmark or compare any hospital, health system, healthcare facility, physician or provider identified or otherwise included in the Licensed Data by utilizing, referring to or otherwise using the Licensed Data to initiate or cause such benchmarking or comparison.

4. Customer hereby agrees to: (1) maintain appropriate physical, technical and administrative safeguards as needed to assure that the Licensed Data is accessed only by authorized personnel, and that the Licensed Data will remain de-identified in accordance with 45 CFR Part 164.514(b); (2) not make any attempt, nor permit any other person or entity to identify, or re-identify, or attempt to identify, or re-identify, any patient or, unless otherwise agreed upon in a Order Form, any specific hospital, health system, healthcare facility, provider, physician or other individual, and (3) agree that it will not link any other data elements to the Licensed Data sets without obtaining a qualified expert determination that the data sets, which have been statistically de-identified pursuant to a qualified expert determination, will remain de-identified consistent with all of the conditions imposed by 45 CFR Part 164.514(b).

“Data Provider” shall mean a licensor of certain healthcare information which licenses certain de-identified data sets (the “Licensed Data”) to the Supplier.

The Customer will not (unless expressly permitted under an Agreement or an Order Form), at any time, directly or indirectly, (i) copy, modify, or create derivative works of the Licensed Data, Licensed Products or Deliverables, as applicable, in whole or in part; (ii) rent, lease, lend, sell, sublicense, assign, distribute, publish, transfer, or otherwise make available the Licensed Data, Licensed Products or Deliverables to third parties, as applicable; (iii) use the Licensed Data, Licensed Products or Deliverables, as applicable, in any manner or for any purpose that violates any applicable law; or (iv) use the Licensed Data, Licensed Products or Deliverables, as applicable, to test algorithms or internal developmental support. Customer must promptly destroy all copies of the Licensed Data, Licensed Products or Deliverables in its possession in accordance with the applicable Order Form and provide a signed letter certifying such destruction to Supplier, and Supplier shall provide a copy of the letters of destruction to Data Provider. Customer will not, and will not attempt to, reverse engineer, combine or compile the Licensed Data, Licensed Products or Deliverables in such a way as to determine the identity of any person. Customer shall comply at all times with HIPAA and any other applicable rules and regulations.