Terms of Service

Effective Date: December 1, 2024
Last Updated: December 1, 2024

These Terms of Service (“Terms”) govern your use of the MedStory iOS application (“MedStory” or “the App”) operated by Vishwamitra, LLC (“we,” “our,” or “us”). By downloading, installing, or using MedStory, you agree to be bound by these Terms.

1. Acceptance of Terms

By accessing or using MedStory, you acknowledge that you have read, understood, and agree to be bound by these Terms. If you do not agree to these Terms, you must not use the App. These Terms apply to all users of MedStory, including healthcare professionals and their authorized personnel.

2. Description of Service

MedStory is a secure, HIPAA-compliant iOS application that:

• Aggregates medical history from multiple EHR providers (EPIC, Cerner, Allscripts, Athenahealth)
• Provides voice-first interaction for medical data access
• Offers temporary, in-memory data storage with automatic expiration
• Enables healthcare professionals to access comprehensive patient records
• Supports multi-modal authentication (PIN, biometric, phone, voice)
• Provides device-based licensing and access control for healthcare institutions

3. Licensing and Access Control

License Structure

• Institutional License: MedStory is licensed to healthcare institutions, not individual users
• Physician-Based Pricing: Licensing fees are calculated per Specialist Physician
• Device Registration: Each authorized device must be registered with MedStory
• NPI Authentication: Access requires valid National Provider Identifier verification
• Annual Licensing: Licenses are valid for one year from the effective date

Device Management

• Device Identification: Each iOS device is uniquely identified and registered
• Access Control: MedStory regulates access based on device registration and NPI
• Device Limits: Number of devices per physician is specified in the license agreement
• Device Transfers: Device transfers require prior written approval from MedStory
• Lost/Stolen Devices: Must be reported immediately for security deactivation

NPI Authentication

• Provider Verification: All users must have valid, active NPI numbers
• License Validation: NPI must be associated with the licensed healthcare institution
• Access Monitoring: All access is logged with NPI and device identification
• Compliance Requirements: NPI verification ensures compliance with healthcare regulations

4. Licensing Fees and Payment

Fee Structure

• Annual Licensing: All fees are billed annually in advance
• Per-Physician Pricing: Fees are calculated based on the number of Specialist Physicians
• Institutional Discounts: Volume discounts may apply for larger institutions
• Additional Services: Custom integrations and support services are billed separately
• Taxes: All applicable taxes are additional to the stated fees

Payment Terms

• Payment Schedule: Annual fees are due upon license activation
• Late Payments: Late payments may result in service suspension
• Refunds: No refunds for partial periods or unused licenses
• Price Changes: Price changes will be communicated 30 days in advance

License Renewal

• Automatic Renewal: Licenses automatically renew unless cancelled in writing
• Renewal Notice: Renewal notices are sent 60 days before expiration
• Price Adjustments: Renewal prices may be adjusted based on current pricing
• Cancellation: Cancellation requires 30 days written notice

5. User Eligibility

To use MedStory, you must:

• Be employed by or affiliated with a licensed healthcare institution
• Have a valid, active National Provider Identifier (NPI)
• Be authorized by your institution to access MedStory
• Use a registered iOS device (iOS 16.6+)
• Have valid EHR system credentials and authorization
• Be at least 18 years of age
• Have the legal capacity to enter into these Terms
• Comply with all applicable healthcare laws and regulations

We reserve the right to verify your eligibility and may terminate your access if you do not meet these requirements.

6. HIPAA Compliance

MedStory is designed and operated in full compliance with the Health Insurance Portability and Accountability Act (HIPAA) and its implementing regulations. As a Business Associate to healthcare providers, we maintain the highest standards of data protection and privacy.

Your HIPAA Obligations

• Use MedStory only for authorized healthcare purposes
• Maintain the confidentiality of patient information
• Report any suspected security incidents immediately
• Use appropriate authentication and access controls
• Comply with your organization's privacy and security policies

Our HIPAA Commitments

• Implement appropriate administrative, physical, and technical safeguards
• Maintain complete audit logs of all data access
• Provide breach notification as required by HIPAA
• Execute Business Associate Agreements with covered entities
• Ensure no persistent storage of patient data

7. Data Handling and Privacy

Data Processing

• Patient data is retrieved from EHR systems via secure FHIR APIs
• Data is held in encrypted memory only during active sessions
• All data automatically expires within 1-24 hours (configurable)
• No data is stored to persistent storage or cloud services
• Complete audit logs are maintained for compliance purposes

Privacy Protection

• We do not sell, rent, or share patient data with third parties
• We do not use data for analytics, marketing, or research
• We do not create profiles or tracking mechanisms
• We do not exploit data commercially in any way
• We maintain strict access controls and authentication

8. User Responsibilities

As a user of MedStory, you are responsible for:

• Security: Maintaining the security of your device and authentication credentials
• Compliance: Complying with all applicable healthcare laws and regulations
• Authorization: Only accessing patient data for authorized healthcare purposes
• Reporting: Reporting any security incidents or suspected breaches immediately
• Training: Ensuring proper training on MedStory usage and HIPAA compliance
• Updates: Keeping the MedStory app updated to the latest version
• Device Management: Maintaining control of registered devices and reporting lost/stolen devices
• NPI Validation: Ensuring your NPI remains valid and associated with the licensed institution

9. Institutional Responsibilities

As a licensed healthcare institution, you are responsible for:

License Management

• User Authorization: Authorizing only eligible physicians to access MedStory
• Device Registration: Registering all authorized devices with MedStory
• Access Monitoring: Monitoring and auditing user access to MedStory
• License Compliance: Ensuring compliance with license terms and user limits
• Fee Payment: Timely payment of all licensing fees and charges

Security and Compliance

• HIPAA Compliance: Maintaining HIPAA compliance for all MedStory usage
• Security Policies: Implementing appropriate security policies and procedures
• Incident Response: Reporting security incidents within required timeframes
• Audit Cooperation: Cooperating with MedStory security audits and assessments
• Training Requirements: Ensuring all users receive appropriate training

User Management

• User Onboarding: Proper onboarding of new MedStory users
• User Offboarding: Timely deactivation of access for departing users
• Device Management: Managing device registration and deactivation
• Access Reviews: Regular review of user access and permissions

10. License Compliance and Auditing

Compliance Monitoring

• Usage Monitoring: MedStory monitors usage to ensure license compliance
• Device Tracking: All device access is logged and tracked
• NPI Validation: Regular validation of NPI numbers and institutional association
• Access Auditing: Comprehensive audit logs of all system access

Audit Rights

• MedStory Audits: MedStory may conduct audits to verify license compliance
• Institutional Audits: Institutions may request audit reports for compliance purposes
• Regulatory Audits: Cooperation with regulatory audits and investigations
• Documentation: Maintaining appropriate documentation for audit purposes

Compliance Violations

• License Violations: Violations may result in service suspension or termination
• Remediation: Institutions must remediate violations within specified timeframes
• Penalties: Repeated violations may result in additional fees or penalties
• Reporting: Serious violations must be reported to appropriate authorities

11. Intellectual Property

MedStory and all related content, features, and functionality are owned by Vishwamitra, LLC and are protected by copyright, trademark, and other intellectual property laws.

License Grant

Subject to these Terms, we grant you a limited, non-exclusive, non-transferable, revocable license to use MedStory for authorized healthcare purposes only, within the scope of your institutional license.

Restrictions

• You may not copy, modify, or distribute MedStory
• You may not reverse engineer or attempt to extract source code
• You may not use MedStory for commercial exploitation
• You may not remove or alter any proprietary notices
• You may not transfer the license to another institution without written consent
• You may not exceed the licensed number of users or devices

12. Disclaimers

Service Availability

MedStory is provided “as is” and “as available.” We do not guarantee that the service will be uninterrupted, error-free, or secure. Service availability may be affected by factors beyond our control, including EHR system availability and network connectivity.

Data Accuracy

While we strive to ensure accurate data presentation, we do not guarantee the accuracy, completeness, or timeliness of medical data retrieved from EHR systems. Users should verify all information independently.

13. Limitation of Liability

To the maximum extent permitted by law, Vishwamitra, LLC shall not be liable for any indirect, incidental, special, consequential, or punitive damages, including but not limited to:

• Loss of profits, data, or business opportunities
• Medical errors or adverse patient outcomes
• Breach of patient privacy or confidentiality
• Service interruptions or data loss
• Third-party actions or EHR system failures
• License compliance violations or penalties
• Device management issues or security breaches

Our total liability shall not exceed the amount paid by you for MedStory services in the 12 months preceding the claim.

14. Indemnification

You agree to indemnify and hold harmless Vishwamitra, LLC from and against any claims, damages, losses, or expenses arising from:

• Your use of MedStory in violation of these Terms
• Your violation of HIPAA or other healthcare laws
• Your breach of patient privacy or confidentiality
• Your unauthorized access to patient data
• Any third-party claims related to your use of MedStory
• License compliance violations or unauthorized usage
• Device management issues or security incidents

15. Termination and License Expiration

License Expiration

• Annual Expiration: Licenses expire on the anniversary of the effective date
• Automatic Termination: Access automatically terminates upon license expiration
• Data Cleanup: All data is automatically cleared upon license expiration
• Device Deactivation: All registered devices are deactivated upon expiration

Termination by MedStory

• Material Breach: Violation of these Terms or license agreement
• Non-Payment: Failure to pay licensing fees within required timeframes
• Security Violations: Serious security incidents or compliance violations
• Unauthorized Use: Use beyond the scope of the license agreement
• Regulatory Issues: Violations of healthcare regulations or laws

Termination by Institution

• Written Notice: 30 days written notice required for termination
• No Refunds: No refunds for partial periods or unused licenses
• Data Export: Reasonable assistance with data export during transition
• Device Deactivation: All devices must be deactivated upon termination

Post-Termination Obligations

• Data Destruction: All MedStory data must be permanently deleted
• Device Cleanup: MedStory app must be removed from all devices
• Audit Cooperation: Cooperation with final audit and compliance review
• Confidentiality: Continued confidentiality obligations survive termination

16. Governing Law

These Terms shall be governed by and construed in accordance with the laws of the United States and the state where Vishwamitra, LLC is incorporated, without regard to conflict of law principles.

Any disputes arising from these Terms or your use of MedStory shall be resolved through binding arbitration in accordance with the rules of the American Arbitration Association.

17. Changes to Terms

We reserve the right to modify these Terms at any time. We will notify you of any material changes by posting the updated Terms on our website and updating the “Last Updated” date. Your continued use of MedStory after such changes constitutes acceptance of the modified Terms.

18. Contact Information

If you have any questions about these Terms of Service, please contact us: