| 1. |
Scope and purpose |
| 1.1 |
These terms and conditions of use regulate the use of the Medical Share platform (“platform”) from Swisscom Health AG, based at Alte Tiefenaustrasse 6, 3048 Worblaufen (“we” or “Swisscom Health”). |
| 1.2 |
Medical Share is a web-based platform that enables hospitals and institutions (“Medical Connector customers”) and other commercial medical service providers (“users”) to make confidential medical images and documents available |
| 1.3 |
These terms and conditions of use apply only to users of the platform. Separate contractual terms apply for Medical Connector customers. |
| 2. |
Conditions of access and use |
| 2.1 |
When using the platform, the user declares that they agree to the terms and conditions of use on behalf of themselves or the organisation they represent. |
| 2.2 |
The platform is open to users based in Switzerland or the Principality of Liechtenstein. |
| 2.3 |
Technical prerequisites include an up-to-date web browser (Mozilla Firefox, Google Chrome, Safari, MS Edge, etc.), internet access and a mobile phone or HIN client for the two-factor authentication process. |
| 2.4 |
The platform is intended exclusively for the exchange of patient-related medical information and documents. |
| 3. |
Functions of the platform
|
| 3.1 |
The following functions are available to users:
-
Sending image data with no size limits
-
Exchange of documents between users
-
Issuance of documents to users’ own patients by e-mail (for receipt and viewing within 30 days)
-
Access to support
-
Sending data to Medical Connector customers (subject to restrictions by recipients)
-
Storage of received messages for 90 days
-
Entry in the Medical Share user register
-
Simultaneous opening of multiple radiological studies from different messages in the DICOM viewer
|
| 4. |
Registration and login
|
| 4.1 |
Users can choose between: |
| 4.1.1 |
Registering with the platform via the HIN Access Control Service. If registration is effected via HIN, no further user check is carried out and the platform can be used immediately; or |
| 4.1.2 |
Registering independently with the platform. Swisscom Health checks that the information provided is correct. We may consult the user where necessary. Once the verification has been successful, the platform can be used. |
| 5. |
Charges
|
| 5.1 |
Receiving messages is free of charge for users. |
| 6. |
User due diligence
|
| 6.1 |
Users are obliged to take the necessary security precautions to prevent unauthorised access by third parties and to protect the data against malware. |
| 6.2 |
Users are obliged to check the completeness and accuracy of the data they enter. |
| 7. |
Liability and guarantee
|
| 7.1 |
Any liability claims against Swisscom Health for damage, including consequential damage of a material or intangible nature, arising, for example, from access to or use or non-use of the platform and its information, content and communications, abuse of connection, technical disruption or breach of user due diligence shall be excluded as far as permitted by law. |
| 7.2 |
Swisscom Health AG also excludes liability for auxiliary staff and other third parties who have been consulted, where permitted by law. |
| 7.3 |
Swisscom Health assumes no responsibility and does not provide any guarantee that the functions and use of the platform will be permanently and continuously available, free from errors and disturbances, or that errors will be corrected or that the servers are free from viruses or other harmful elements. |
| 7.4 |
In particular, it is not possible to ensure the correct and complete transmission of image data in DICOM format. |
| 7.5 |
The user shall indemnify Swisscom Health against any claims made against it by third parties in connection with the processing of personal data in accordance with the contract. |
| 7.6 |
The user shall ensure that images and communications made available on the platform do not violate third parties’ intellectual property rights and shall indemnify Swisscom Health against third-party claims. |
| 8. |
Data protection
|
| 8.1 |
With regard to employees and other auxiliaries of the user and the user as a data subject |
| 8.1.1 |
Swisscom Health and the user (“the parties”) shall process personal data relating to employees and other auxiliaries of the other party within the framework of the contractual relationship. This includes e.g. name, postal/e-mail address/IP address, telephone number, job/function, means of identification, etc. For the purposes of processing the contract and maintaining the contractual relationship (e.g. communication, error messages, etc.), the parties shall process this personal data jointly on their own systems and using appropriate technical and organisational measures to protect the data. |
| 8.1.2 |
Each party shall comply with the Swiss Data Protection Act when processing the personal data of employees and auxiliaries of the other party (in particular when involving contracted data processors and transferring data abroad). Each party shall inform its employees and other auxiliaries of the processing by the other party, be the first point of contact for their rights as data subjects and fulfil their reporting and notification obligations vis-à-vis the supervisory authority and persons affected by any violations. The parties shall keep each other informed in this regard and shall coordinate their actions together. Internally, the parties shall be liable only for damage caused by their own actions or omissions. |
| 8.2 |
The user is obliged to comply with the requirements of the applicable data protection law. They must ensure that they are entitled to commission and transmit personal data in this context to Swisscom Health or other recipients they have designated. In particular, they are obliged to obtain any necessary consent and to comply with all information obligations and data subject rights vis-à-vis the data subject. |
| 8.3 |
Where Swisscom Health processes personal data as a contracted data processor for users, the following applies: |
| 8.3.1 |
Swisscom Health processes the personal data exclusively in order to provide the service described here. The user’s instructions are derived from the way in which the user uses the platform. |
| 8.3.2 |
The user is responsible for the lawfulness of data processing as such, including the admissibility of contracted/sub-contracted processing. |
| 8.3.3 |
Relevant personal data includes, in particular, personal and/or professional contact and organisational data such as the surname, first name, gender and e-mail address of patients and/or employees, as well as particularly sensitive data such as patients’ health data. |
| 8.3.4 |
The personal data provided by the user shall be used for the provision of services within the platform during the period of use. Swisscom Health will ensure that all persons authorised to process personal data undertake to maintain confidentiality, where they are not otherwise subject to an adequate statutory or contractual confidentiality obligation. |
| 8.3.5 |
Technical and organisational measures shall be implemented to protect personal data that meet the requirements of the Swiss Data Protection Act and Article 32 of the EU General Data Protection Regulation (GDPR). |
| 8.3.6 |
Swisscom Health will, where reasonably possible, assist the user in fulfilling the information obligation towards the data subject through appropriate technical and organisational measures in accordance with the applicable data protection law, and respond to enquiries from the user regarding the rights of the data subject. |
| 8.3.7 |
We shall inform the user without delay if we consider that an instruction from the user regarding the processing of personal data could violate applicable data protection law. |
| 8.3.8 |
Swisscom Health will support users with respect to their obligations under applicable data protection law, such as Articles 32 to 36 of the GDPR and corresponding provisions of the Swiss Data Protection Act. Swisscom Health will inform the user without delay of any data protection breaches within its area of responsibility. |
| 8.3.9 |
Swisscom Health undertakes to keep a record of processing activities with respect to the relevant data in accordance with Article 30(2) of the EU GDPR. Swisscom Health shall at any time and upon request give the user access to the parts of this directory related to the services they receive from Swisscom Health. |
| 8.3.10 |
Swisscom Health shall provide the user with any information reasonably needed to enable the user to adequately document Swisscom Health’s compliance with the provisions of paragraph 8.3 above. Where this is absolutely necessary under applicable data protection law and where the information provided by Swisscom Health alone is not sufficient, Swisscom Health will allow the user, to the extent legally necessary, to carry out an inspection at the user’s expense, which we accept and which is commissioned by the user and carried out by an auditor subject to strict confidentiality. Such inspections must not impede the proper functioning of Swisscom Health and the subcontractors concerned. They must be carried out with prior agreement during normal operating hours and shall not compromise the protection of secrets and personal data belonging to other users. |
| 8.3.11 |
Swisscom Health is entitled to engage “sub-contractors”, in particular for the purpose of operating, developing and maintaining the IT infrastructure used to provide services. Swisscom Health will reach the necessary agreements with its sub-contractors to ensure that the legal obligations are met. The user will be informed about any sub-contracted processing. |
| 8.3.12 |
Swisscom Health shall be entitled to charge the user for costs and expenses incurred as a result of the provision of services pursuant to paragraphs 8.3.6, 8.3.8 and 8.3.10, provided that Swisscom Health has previously notified the user thereof. |
| 8.3.13 |
At the user’s request, but no later than the end of the contract, Swisscom Health will delete the personal data unless Swisscom Health is obliged by law to store it. Where deletion is not possible without disproportionate effort (e.g. in backups), Swisscom Health can instead block access to the personal data. Where Swisscom Health keeps personal data beyond the end of the contract, it shall continue to keep this confidential in accordance with the provisions of section 8 above. |
| 9. |
Data security
|
| 9.1 |
Swisscom Health points out that communication by e-mail is not safe or confidential. |
| 9.2 |
The transfer of files from Medical Connector to the Medical Share image archive is encrypted. The data is stored in a secure data centre. |
| 9.3 |
When using the DICOM viewer, the pure image data is presented in unencrypted form. |
| 10. |
End of use
|
| 10.1 |
Users may request the deletion of their data at any time by notifying Swisscom Health. The documents received will be deleted after 90 days at the latest. |
| 10.2 |
If the platform is used in a manner that does not correspond to the intended purpose described above, Swisscom Health reserves the right to block the relevant user account or to exclude the user from using the platform. |
| 1.3 |
Swisscom Health may terminate the contract at any time with 30 days’ notice. |
| 11. |
Final provisions
|
| 11.1 |
Swisscom Health may modify these terms and conditions of use at any time without prior notice. The latest version published on the platform’s website shall apply. Users will be informed of any changes via the platform. |
Swiss law applies exclusively to all disputes. Berne is the exclusive place of jurisdiction. |
|