AUTHORIZED USER TERMS AND CONDITIONS

The following terms used in this agreement (“Agreement”) are defined as:

Recipient Organization:              The entity requesting access to the Data.

Authorized User: Recipient Organization’s employee requesting access to and use of the Data.

Data: Provider’s human brain Stimulated-Echo magnetic resonance images STE dataset that Authorized User is requesting access to and use of for his/her Research.

Provider: The General Hospital Corporation d/b/a Massachusetts General Hospital located at 55 Fruit St., Boston, MA 02114 USA.

Provider’s Scientist:                  Iman Aganj

Research: The internal, non-commercial research by Authorized User at Recipient Organization

Authorized User and Recipient Organization agree to and accept the following terms and conditions:

1.                  The Data shall be used only by the Authorized User at Recipient Organization and only for the Research. Without limitation, neither Authorized User nor Recipient Organization shall use the Data for the treatment of or diagnostic purposes involving human subjects or for use in clinical trials.  Recipient Organization warrants that only employees of Recipient Organization shall participate in the Research.  Neither Authorized User nor Recipient Organization shall distribute Data to any third party.  Notwithstanding anything herein to the contrary, neither Authorized User nor Recipient Organization shall be permitted to use Data for product development or anything beyond the scope of the Research.

2.          Notwithstanding anything express or implied to the contrary herein, all right, title and interest in and to the Data shall be owned solely by Provider. 

3.          Authorized User and Recipient Organization have received Institutional Review Board or similar approval to access and use the Data for the Research.

4.          In the event Recipient Organization through its Authorized User desires to publish its results the source of the Data shall be acknowledged in accordance with scientific custom in all published or oral communications concerning the Research using the Data. 

5.          Recipient Organization has appropriate administrative, technical, and physical safeguards to prevent unauthorized use of or access to the Data.

6.          Recipient Organization shall inform Provider of any unauthorized disclosure of Data immediately upon discovery of such disclosure.

7.          Recipient Organization and Authorized User shall use the Data in compliance with all applicable laws, rules, and regulations, as well as all professional standards applicable to such public health efforts and/or research.

8.          Neither Recipient Organization nor Authorized User shall make any effort to identify or contact individuals who are or may be the sources of the Data.

9.          The Data provided under this Agreement constitute de-identified data within the meaning of the privacy regulations promulgated under the Health Insurance Portability and Accountability Act of 1996.  Should Authorized User and/or Recipient Organization gain information that could be used to identify an individual who is or may be a source of the Data, Authorized User and Recipient Organization shall immediately notify Provider. Recipient Organization and Authorized User shall cooperate with Provider in taking such steps as are deemed appropriate by Provider to enjoin the misuse, regain possession of such patient identifying information, and otherwise protect Provider’s rights and patients’ privacy.

10.        Authorized User agrees and accepts the Data is provided as-is with no warranty and accepts all liability for its use and any damages incurred.

11.        Authorized User and Organization agree to and accept the following:

U.S. Department of Justice Bulk Transfer Rule

Onward Transfer Restriction.  Organization agrees that it shall not engage in any transaction or series of transactions over any twelve (12) month period involving the sale, provision of access to, or similar commercial transaction involving any Data that includes the covered personal identifiers of more than 100,000 U.S. individuals, the personal health data or personal financial data of more than 10,000 U.S. individuals, the biometric identifiers or human ‘omic data of more than 1,000 U.S. individuals, the precise geolocation data of more than 1,000 U.S. devices, the human genomic data of more than 100 U.S. individuals, any “government-related data” (as defined in 28 CFR Part 202) or any combination of the foregoing, regardless of whether such data are anonymized, pseudonymized, de-identified or encrypted, with any Country or Concern or with: (i) a foreign entity that is 50% or more owned, directly or indirectly, individually or in the aggregate, by one or more Countries of Concern or persons described in subsection (ii) hereof, or that is organized or chartered under the laws of, or has its principal place of business in, a Country of Concern; (ii) a foreign entity that is 50% or more owned, directly or indirectly, individually or in the aggregate, by one or more persons described in subsections (i), (iii), (iv) or (v) hereof; (iii) a foreign individual who is an employee or contractor of a Country of Concern or of an entity described in subsections (i), (ii) or (v) hereof; (iv) a foreign individual who is primarily a resident in the territorial jurisdiction of a Country of Concern; or (v) any person, wherever located, determined by the U.S. Attorney General to be a Covered Person (each, (i)-(v), a “Covered Person,” as that term is used in 28 CFR Part 202).  Organization acknowledges and agrees that it shall be required to certify in writing to Provider its compliance with this Appendix on at least an annual basis, or more frequently if required by Provider in its sole discretion, and that Organization shall promptly notify Provider if Organization knows or suspects that a “Country of Concern” or “Covered Person” has gained access to any Data provided hereunder.  Provider agrees not to evade or avoid, cause a violation of, or attempt to violate any of the prohibitions set forth in Executive Order 14117 or 28 CFR Part 202.

Notification of Covered Person Status.   Organization represents and warrants that it is not a Covered Person (as that term is used in 28 CFR Part 202).  Organization shall immediately notify Provider if it or any of its employees, agents, or other parties who receive access to the Data hereunder (i) is located in, organized or chartered under the laws of, has its principal place of business in, is primarily a resident in the territorial jurisdiction of a “Country of Concern,” as such term is defined below, or is 50% or more owned or controlled, directly or indirectly, by entities or persons located in, organized or chartered under the laws of, or having their principal place of business in, a Country of Concern, or (ii) is or otherwise becomes a Covered Person, including without limitation through designation as such by the U.S. Attorney General pursuant to the process set forth in 28 CFR Part 202.  Upon receipt of such notification, Provider may immediately terminate this Agreement if Provider determines, in its sole discretion, that continuing performance of this Agreement would violate applicable law, including without limitation the U.S. Department of Justice Final Rule entitled “Preventing Access to U.S. Sensitive Personal Data and Government- Related Data by Countries of Concern or Covered Persons,” as codified at 28 CFR Part 202, and any sub-regulatory guidance issued thereunder (the “DOJ Final Rule”). Provider shall further have the right to modify the volume of Data transmitted hereunder if Provider determines, in its sole discretion, that provision of the Data will violate the DOJ Final Rule or other applicable law.

For purposes of this Agreement, the terms “Country of Concern” or “Countries of Concern” shall mean the People’s Republic of China (including Hong Kong and Macau), Cuba, Iran, North Korea, Russia, and Venezuela, including in each case any political subdivision, agency, or instrumentality thereof, and any other country designated as a “Country of Concern” pursuant to the process set forth in 28 CFR Part 202.

12.        By clicking 'Agree,' you represent and warrant that you are an authorized representative of Recipient Organization and have the full power and authority to enter into this Agreement on its behalf.