The following terms used in this Agreement shall have the same meaning as those terms in the HIPAA Rules: Covered Entity, Breach, Data Aggregation, Designated Record Set, Disclosure, Health Care Operations, Individual, Minimum Necessary, Notice of Privacy Practices, Protected Health Information, Required By Law, Secretary, Security Incident, Subcontractor, Unsecured Protected Health Information, and Use.
(a) Business Associate. “Business Associate” shall generally have the same meaning as the term “business associate” at 45 CFR 160.103, and in reference to the party to this agreement, shall mean TORTUS AI Ltd (UK Ltd).
(b) HIPAA Rules. “HIPAA Rules” shall mean the Privacy, Security, Breach Notification, and Enforcement Rules at 45 CFR Part 160 and Part 164.
(a) Not use or disclose protected health information other than as permitted or required by the Agreement or as required by law;
(b) Use appropriate safeguards, and comply with Subpart C of 45 CFR Part 164 with respect to electronic protected health information, to prevent use or disclosure of protected health information other than as provided for by the Agreement;
(c) Report to covered entity any use or disclosure of protected health information not provided for by the Agreement of which it becomes aware, including breaches of unsecured protected health information as required at 45 CFR 164.410, and any security incident of which it becomes aware, within 30 days of any such breach
(d) In accordance with 45 CFR 164.502(e)(1)(ii) and 164.308(b)(2), if applicable, ensure that any subcontractors that create, receive, maintain, or transmit protected health information on behalf of the business associate agree to the same restrictions, conditions, and requirements that apply to the business associate with respect to such information;
(e) Make available protected health information in a designated record set to the “covered entity” as necessary to satisfy covered entity’s obligations under 45 CFR 164.524. The business associate will respond to a request for access that the business associate receives directly from the individual by forwarding the individual’s request to the covered entity to fulfill, within 30 days;
(f) Make any amendment(s) to protected health information in a designated record set as directed or agreed to by the covered entity pursuant to 45 CFR 164.526, or take other measures as necessary to satisfy covered entity’s obligations under 45 CFR 164.526;
(g) Maintain and make available the information required to provide an accounting of disclosures to the “covered entity” as necessary to satisfy covered entity’s obligations under 45 CFR 164.528;
(h) To the extent the business associate is to carry out one or more of covered entity's obligation(s) under Subpart E of 45 CFR Part 164, comply with the requirements of Subpart E that apply to the covered entity in the performance of such obligation(s); and
(i) Make its internal practices, books, and records available to the Secretary for purposes of determining compliance with the HIPAA Rules.
(a) Business associate may only use or disclose protected health information as necessary to perform the services set forth in Service Agreement.
(b) Business associate may use or disclose protected health information as required by law.
(c) Business associate agrees to make uses and disclosures and requests for protected health information consistent with covered entity’s minimum necessary policies and procedures.
(d) Business associate may not use or disclose protected health information in a manner that would violate Subpart E of 45 CFR Part 164 if done by covered entity.
(a) Covered entity shall notify business associate of any limitation(s) in the notice of privacy practices of covered entity under 45 CFR 164.520, to the extent that such limitation may affect business associate’s use or disclosure of protected health information.
(b) Covered entity shall notify business associate of any changes in, or revocation of, the permission by an individual to use or disclose his or her protected health information, to the extent that such changes may affect business associate’s use or disclosure of protected health information.
(c) Covered entity shall notify business associate of any restriction on the use or disclosure of protected health information that covered entity has agreed to or is required to abide by under 45 CFR 164.522, to the extent that such restriction may affect business associate’s use or disclosure of protected health information.
Covered entity shall not request business associate to use or disclose protected health information in any manner that would not be permissible under Subpart E of 45 CFR Part 164 if done by covered entity.
(a) Term. The Term of this Agreement shall be effective as of the date of execution, and shall terminate on the termination of the monthly or annual subscription time or on the date covered entity terminates for cause as authorized in paragraph (b) of this Section, whichever is sooner.
(b) Termination for Cause. Business associate authorizes termination of this Agreement by covered entity, if covered entity determines business associate has violated a material term of the Agreement and business associate has not cured the breach or ended the violation within 60 days.
(c) Obligations of Business Associate Upon Termination.Upon termination of this Agreement for any reason, business associate shall return to covered entity all protected health information received from covered entity, or created, maintained, or received by business associate on behalf of covered entity, that the business associate still maintains in any form. Business associate shall retain no copies of the protected health information.
(d) Survival. The obligations of business associate under this Section shall survive the termination of this Agreement.
(a) Regulatory References. A reference in this Agreement to a section in the HIPAA Rules means the section as in effect or as amended.
(b) Amendment. The Parties agree to take such action as is necessary to amend this Agreement from time to time as is necessary for compliance with the requirements of the HIPAA Rules and any other applicable law.
(c) Interpretation. Any ambiguity in this Agreement shall be interpreted to permit compliance with the HIPAA Rules.
Last updated: April 10, 2023
Please read these Terms and Conditions ("Terms", "Terms and Conditions") carefully before using the OSLER software (the "Product") provided by TORTUS AI ("us", "we", or "our").
In these Terms and Conditions, the following terms shall have the meanings set out below:
"Product" refers to the OSLER software provided by TORTUS AI
"User" or "Users" refers to any individual or entity using the Product
"User-Generated Content" refers to any content created, uploaded, or otherwise submitted by Users when using the Product.
Your access to and use of the Product is conditioned on your acceptance of and compliance with these Terms. These Terms apply to all users, including physicians, who access or use the Product. By accessing or using the Product, you agree to be bound by these Terms. If you disagree with any part of the terms, then you may not access the Product.
Subject to your compliance with these Terms, TORTUS AI grants you a limited, non-exclusive, non-transferable, non-sublicensable license to access and use the Product.
As a user of the Product, you represent and warrant that: a. You are a licensed physician or other healthcare professional authorized to use the Product; b. You will only use the Product for its intended purposes, in accordance with applicable laws and regulations, including the Health Insurance Portability and Accountability Act (HIPAA); c. You will keep your account information secure and confidential, and promptly notify us of any unauthorized use of your account or any other breach of security; d. You will not attempt to gain unauthorized access to the Product or engage in any activity that disrupts, diminishes the quality of, or interferes with the performance of the Product.
The Product is hosted on MedStack servers in North America and is designed to be HIPAA compliant and cybersecure. While we strive to maintain the highest level of data security, we cannot guarantee the absolute security of your information. By using the Product, you acknowledge that you understand and accept the risks associated with transmitting information over the internet.
You are solely responsible for the accuracy, quality, integrity, and legality of any data, information, or content you input, store, or transmit through the Product. You agree to use reasonable efforts to ensure the accuracy of all information you input or store in the Product and to promptly correct any errors or inaccuracies you discover.
You acknowledge and agree that TORTUS AI is not responsible for any decisions made, actions taken, or harm resulting from your use of the Product. You agree to indemnify, defend, and hold harmless TORTUS AI, its affiliates, officers, directors, employees, and agents from and against any and all claims, liabilities, damages, losses, or expenses, including reasonable attorneys' fees and costs, arising out of or in any way connected with your use of or reliance on the Product.
The Product is provided "as is" and "as available" without any warranty of any kind, express or implied, including, but not limited to, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement. TORTUS AI does not warrant that the Product will meet your requirements or that its operation will be uninterrupted, error-free, or completely secure.
We reserve the right, at our sole discretion, to modify or replace these Terms at any time. If a revision is material, we will provide at least 30 days' notice prior to any new terms taking effect. What constitutes a material change will be determined at our sole discretion. By continuing to access or use our Product after any revisions become effective, you agree to be bound by the revised terms. If you do not agree to the new terms, you are no longer authorized to use the Product. Our failure to enforce any right or provision of these Terms will not be considered a waiver of those rights. If any provision of these Terms is held to be invalid or unenforceable by a court, the remaining provisions of these Terms will remain in effect. These Terms constitute the entire agreement between us regarding our Product and supersede and replace any prior agreements we might have had between us regarding the Product.
We may terminate or suspend your access to the Product immediately, without prior notice or liability, for any reason whatsoever, including, without limitation, if you breach these Terms. Upon termination, your right to use the Product will immediately cease. If you wish to terminate your account, you may simply discontinue using the Product.
The Product and its original content, features, and functionality are and will remain the exclusive property of TORTUS AI and its licensors. The Product is protected by copyright, trademark, and other laws of both the country in which TORTUS AI is incorporated and foreign countries. Our trademarks and trade dress may not be used in connection with any product or service without the prior written consent of TORTUS AI The use of the Product in no way confers on the User a right of ownership over the Product, its features, or its content.
You agree to indemnify, defend, and hold harmless TORTUS AI, its officers, directors, employees, agents, and licensors from and against any and all claims, liabilities, damages, judgments, awards, losses, costs, expenses, or fees (including reasonable attorneys' fees) arising out of or relating to your violation of these Terms or your use of the Product, including, but not limited to, any User-Generated Content or any third-party rights.
Any cause of action or claim you may have arising out of or relating to these Terms or the Product must be commenced within one (1) year after the cause of action accrues, otherwise, such cause of action or claim is permanently barred.
TORTUS AI is committed to protecting the privacy of its Users and their patients. In accordance with applicable data protection laws, TORTUS AI processes personal data provided by Users when using the Product, under BAA. For more information about how TORTUS AI handles personal data, please refer to our Privacy Policy (below). TORTUS does not collect or store patient data at any time, nor use patient data for any other purpose than the explicit use of the product and at any other time than the time of use of the product.
TORTUS AI shall not be liable for any failure or delay in performing its obligations under these Terms and Conditions if such failure or delay is caused by events beyond its control, including but not limited to acts of God, war, terrorism, civil unrest, labor disputes, natural disasters, or any other circumstances which could not have been reasonably foreseen and prevented. In such cases, TORTUS AI's performance of its obligations under these Terms and Conditions shall be suspended for the duration of the force majeure event.
Users may not create a link to the Product without the prior written consent of TORTUS AI Users are solely responsible for any links they create to the Product and for ensuring that such links do not infringe upon the rights of TORTUS AI or any third parties. TORTUS AI reserves the right to revoke any previously granted permission to link to the Product at its sole discretion.
If you have any questions about these Terms, please contact us at dom@tortus.ai By using the Product, you agree to be bound by these Terms and Conditions. If you do not agree to all the terms and conditions, you must not use the Product.
This privacy policy pertains to how your personal User information is processed by TORTUS.
This privacy notice for TORTUS AI("Company," "we," "us," or "our"), explains how and why we might collect, store, use, and/or share your information when you use our services, such as when you:
Visit our website at https://tortus.ai, that links to this privacy notice.
Engage with us in other related ways, including any sales, marketing, or events
Use our services and products
By reading this notice, you can understand your rights and choices about how your information is used. If you do not agree with our practices or policies, you can choose not to use our service or you can also contact us at dom@tortus.ai
When you access, use or browse our Services, we process personal information based on how you interact with TORTUS AI and the services, the choices you make, and the product(s) you use. We may process sensitive personal information when necessary with your consent or as otherwise permitted by applicable law. We do not receive any information from third parties. We process your information for a variety of reasons, such as providing, improving and managing our Services, sending communications to you, security and fraud prevention, and meeting legal requirements. We will always strive to only process your information when we have a valid legal reason to do so and always with your consent. We have taken the necessary steps to protect your personal information, we cannot guarantee its absolute security. In other words, there are low but possible chances that hackers, cybercriminals, or other third parties might still be able to breach our security and illegally collect, access, steal or modify your information. Depending on where you are located geographically, the applicable privacy law may mean you have certain rights regarding your personal information. The easiest way to exercise your rights is by contacting us. We will consider and act upon any request in accordance with applicable data protection laws.
We collect personal information that you provide to us voluntarily when you register for our Services, express interest in gaining information about us or our products and Services, participate in activities on the Services, or contact us. The personal information we collect is based on how you interact with us, the decisions you make, and the services, products and features you use. The personal information we collect may include the following: Names Phone numbers Email addresses Mailing addresses Usernames Passwords Contact preferences Billing addresses Debit/credit card numbers When necessary, with your consent or as otherwise permitted by applicable law, we process the following categories of sensitive information: Health data All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information. In addition to above, when you visit, use or navigate our services or website, we automatically collect certain information about you. This information does not reveal who you are (e.g. your name or contact details), but may include device and usage information such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location and information on how/when you use our Services. This data is mainly needed to keep the security of our services and for our internal analytics and reporting. Apart from this, similar technologies like cookies are used to collect other information such as log and usage data (like service-related diagnostic info automatically collected when you access/use of our Services and recorded in log files which may include IP address, browser type etc.), as well as location data like your device's location (precise or imprecise depending on your settings). You can choose to opt out of allowing us to collect this info either by rejecting access or disabling Location setting on your device - however doing so might affect some aspects of using the Services.
We process your personal information for a variety of reasons, depending on how you interact with our Services, including:
To help create and authenticate user accounts and manage them.
To provide and aid in the provision of services to the user.
To answer user questions and providing support to the users.
To save or protect an individual's vital interest.
If you are located in the EU or UK, this section applies to you. Under the General Data Protection Regulation (GDPR) and UK GDPR, we need to explain to you the legitimate legal bases we use to process your personal information. To do so, we may rely on the following legal bases: Consent If you provide us with your consent to use your personal data for a specific purpose, we may process it. You can always revoke this consent at any time. Performance of a Contract We may process your personal information when we believe it is necessary to fulfill our contractual obligations to you, including providing our Services, or if you request it prior to entering into a contract with us. Legal Obligations We may process your information where it is necessary for us to comply with our legal obligations, such as when cooperating with law enforcement or regulatory agencies, exercising or defending our legal rights, or providing your information as evidence in any litigation we are involved in. Vital Interests We may process your information if we deem it necessary to safeguard your essential interests or the essential interests of a third party, for example in cases where there could be a potential risk to the safety of an individual. If you are located in Canada, this section applies to you. If you have granted us your explicit consent to use your personal information for a certain purpose, or if it can be inferred from the context, we may process your information accordingly. However, you may revoke that consent at any time. On rare occasions, though, we may be lawfully allowed to process your data without your consent based on applicable laws.
We may need to provide access to your data to third-party vendors, service providers, contractors, or agents who perform services on our behalf. Additionally, we may disclose personal information in the event of a merger, sale of company assets, financing or acquisition of our business. We will require any affiliates to whom we share your information to honor our Privacy Notice. This includes our parent company and any subsidiaries, joint venture partners or companies that we control or which are under common control with us.
We may need to provide access to your data to third-party vendors, service providers, contractors, or agents who perform services on our behalf. Additionally, we may disclose personal information in the event of a merger, sale of company assets, financing or acquisition of our business. We will require any affiliates to whom we share your information to honor our Privacy Notice. This includes our parent company and any subsidiaries, joint venture partners or companies that we control or which are under common control with us.
We may use cookies, web beacons, and pixels to store your information. For more details on how we use these technologies and how you can decline certain cookies, please refer to our Cookie Notice.
We will store your personal information for as long as necessary for the purposes indicated in this privacy notice, or for as long as you have an account with us. Once we no longer have a legitimate business purpose to process it, we will delete it or anonymize it, or if that is not possible (like if it has been stored in backup archives), then we will securely store it and ensure that no further processing takes place until deletion is feasible.
We have put in place appropriate and reasonable technical and organizational security measures to protect any personal information we process. However, despite these efforts, no electronic transmission over the Internet or data storage technology can be guaranteed to be fully secure, so we cannot promise or guarantee that unauthorized third parties will not be able to access, steal, or modify your information. We will do our best to keep your personal data safe, but it is ultimately up to you to ensure that you are accessing our services in a secure environment.
We do not knowingly collect information from or market to anyone under 18 years old. By using our Services, you are affirming that you are either 18 or the parent/guardian of a minor and consent to their use of our Services. If we find out any personal information from users younger than 18 has been collected, we will deactivate their account and take immediate action to remove it from our records. If you discover any data of minors below 18 that we may have collected, please contact us at dom@tortus.ai
No we do not. We process patient information on your behalf under BAA (see above). We do not collect or store patient information at any time. We only process PHI information under your direction and for only your explicit purposes. We take additional precautions to remove any PHI data from the processing where it is not explicitly required for the task itself. No third party keeps, retains, or trains any patient information into their databases or models at any time.
In regions like the EEA, UK, and Canada, there are certain protections in place. You can request access and get a copy of your personal information; ask for corrections or erasure; limit how your information is used; and, when it applies, gain data portability. Additionally, in some cases, you can object to processing your information. To do so, just contact us using the details we provide below. If you live in the EEA/UK and think we are misusing your personal information, you also have the right to lodge a complaint with your local data protection authority or UK regulator. If in Switzerland, contact their Federal Data Protection and Information Commissioner. Withdrawing your Consent: If we are using your consent to process your information (either directly expressed or implied), it is possible to withdraw this at any time by getting in touch with us using the details given below. Note that this does not affect processing done before withdrawal nor does it affect other legal processes related to your info - if applicable according to law. If you would like to discontinue receiving our promotional and marketing communications, you can do so at any time by clicking on the unsubscribe link included in the emails we send. Alternatively, you can contact us using the details provided in the "How Can You Contact Us About This Policy" section. Once you do that, you will be removed from our marketing list. However, we may still need to get in touch with you for non-marketing purposes, such as to provide service-related messages or respond to service requests relating to your account. Account Information Upon your request to delete the account, we will deactivate and/or remove it from our active databases. However, some information may remain in our files in order to avoid fraud, solve technical issues, or abide by applicable laws. Further on that note, most web browsers will accept cookies as default. If you do not prefer this option though, you can always choose to disable them or decline them. Bear in mind that if you do either of these actions, it may interfere with some of the services or features of our Services. Should you wish to reject interest-based ads by advertisers on our services then that is also an option for you.
We may revise this privacy notice periodically, with an updated "Revised" date in the document. If there are significant changes, we'll make sure to let you know either by a prominent notice or by sending you a notification. To stay informed of how we protect your data, please review this privacy notice regularly.
If you have questions or comments about this notice, you may contact our Data Protection Officer (DPO)/Privacy Officer by email a dom@tortus.ai or by post to: TORTUS AI 5 Brayford Square, London E1 0SG
Depending on the laws of your country, you might be entitled to request access to the personal information we are holding about you, edit that data, or even delete it. To request to review, modify, or delete your personal information, go to: dom@tortus.ai