VisualDRG – SaaS usage Terms and Conditions, user’s rights by GDPR and data security
Revision: 4
- Updated May 9th 2022
- Note that this English version of Terms and Conditions applies only to Estonian, Icelandic and Georgian users. Finnish users must accept the Terms and Conditions in Finnish and Swedish users in Swedish, because there are minor differences because of national regulation.
Contents
By accepting this agreement you acknowledge that you are notified about Your GDPR based rights and accept the other terms and conditions for using VisualDRG Web.
“Logex” means local country organization (Logex Healthcare Analytics AB in Sweden or Logex Oy in Finland)
“VD” means VisualDRG Web application software and SaaS service provided by Logex.
“User” means the end user using VD, i.e You.
“Organization” means the entity that has purchased a SaaS license to use VD for the user working for the Organization, and done agreements on that.
Register description and registered person’s rights based on GDPR
Each user must be registered by her or his email account, that is identifiable personal information. Thus user register of VD is a personnel register regulated by General Data Protection Regulation, GDPR (REGULATION (EU) 1016/679).
The purpose of the processing: Identify VD users and maintain technical settings necessary to run VD software as intended. Logex can also use email addresses for sending information that is relevant for VD, and to keep track of Users registered and user activity, which information may be sent also to users’ Organization for usage tracking on demand.
The categories of individuals: Users of VD.
Personal data processed: User’s e-mail address, user’s organization, technical VD configuration settings of the user, technical logging of user actions.
Recipients of personal data: Maintenance personnel of VD at Logex. Data may be sent also to Users’ Organization for usage tracking on demand. Personal data is not transferred to any other 3rd party.
Data controller: Logex Healthcare Analytics AB, Amir Shafazand (amir.shafazand@logex.com)
VD users have the following rights:
receive all information about what personal information about you has been stored;
correcting your own information;
deletion of your personal data. Deleting your personal information requires first deleting your license and username; or
restricting or objecting to the processing of your own data.
For executing there right send a message to support e-mail.
Personal data is stored as long as user account is valid. After that, information may be stored in backups for technical restore purposes.
Personal information is processed and located on Microsoft (an international organization) Azure in such a way that the cloud service is physically located in the EU/EEA area (third country). The basis for this processing and storage is the provider of the technically selected infrastructure platform and the location of the service.
Personal information is protected against unauthorized use. The data can only be accessed through the maintenance connection that requires strong identification. Access is limited to the personnel of Logex, who both act as data processors. All data processors use personal user account. There are no shared user accounts. All persons are employed by the above-mentioned companies and have a valid non-disclosure agreement (NDA) as well as guidelines on the implementation of data protection issues in the companies.
Logex has appointed a data protection officer who is responsible for the protection of personal data in this service (responsible party). In addition to the other tasks defined in the General Data Protection Regulation, the main tasks of the Data Protection Officer include the development and implementation of certain procedures and the supervision of all procedures related to the service in order for data subjects to exercise their rights.
Data security in VisualDRG – Identifiable patient data use is prohibited
VD is not intended to store or process identifiable patient data. VD is intended to use solely anonymous DRG case data.
User shall not enter, edit or upload to VD any identifiable patient data. For example but not limited to user shall not include any personal IDs or patient-ID in encounter IDs, pseudonymized IDs, comments or any other data fields. Also saved data set names shall not include information that can be used to identify directly or indirectly patients, for example storing the exact date when patient age in days is calculated in import data is prohibited.
Data or functions of VD shall not be used anyhow in patient diagnostics nor treatment.
Thus VD is not any kind of medical device as defined in EU Medical Device Regulation, MDR (REGULATION (EU) 2017/745) and VD is not regulated by any EU or local patient data security laws.
Other end-user terms and conditions
VD shall not be used without a valid license. User’s organization is obliged to get and pay a license to use VD.
User cannot lend even temporarily his or her user id and password to another person. Each user is obliged to create a unique used account by using his or her work e-mail as an identification. This work e-mail must be in the domain that is registered and used by the organization (hospital district, region etc.) that has purchased license to use VisualDRG.
When user resigns from organization that has purchased VD license, user shall not use VD any longer but shall inform Logex directly or via organizations own contact person so that his or her user account can be terminated, and all potentially stored data removed.
VD shall not be used for supporting fake coding (“DRG creeping”) of patient cases so that DRG reimbursement is optimized by giving wrong diagnosis or procedure information.
VD shall not be used for any illegal activities or activities it has not been intended to such as but not limited to delivering malware or advertising software.
VD shall not be used for any revenue generating activities such as trainings or consultancy w/o written permission from Logex.
In addition to these end-user license terms and conditions, user’s organization must obey terms and conditions stated in agreement done between organization and Logex.
User is responsible for any expenses for extra maintenance work or other damage caused by breaking these terms and conditions, including but not limited to paying for extra maintenance work or VD SaaS fees.
User shall inform Logex in case of compromised data security, assumed data breach or any malfunction. Also Logex informs used in case of such events.
VD logs user activity for supporting product development and maintenance.
VisualDRG Support, maintenance and SLA
VisualDRG Support for questions about using VD or reporting errors and problem solving is available depending on your country:
For users in Sweden, in Swedish or English: norddrg-support-se@logex.com
For users in Finland, Estonia, Iceland, Georgia or Latvia, in Finnish or English: norddrg-support-fi@logex.com
Support is generally available on working days during office hours. Most questions and issues can be addressed within 1-3 working days. During July and national holidays response times may be longer.
Response times, support hours, uptime and other SLA terms and conditions may be specified in more detail in the VD SaaS agreement between Logex and your organization, in which case that agreement is primary.
Logex’s VD maintenance installs new selected annual national DRG versions and weight tables when they are certified and become available, without unnecessary delay.
Logex performs reasonable service monitoring and backups so that in most cases user data can be restored in case of service failure. Logex does not guarantee any specific time period for restored history data, but generally about one week old data can be restored.
Logex doesn’t guarantee any specific response times of VD. Logex maintains HW and SW platform for providing good performance taking into account user and data volumes.
Logex is not responsible of any direct or indirect harm or expenses caused by malfunction of VD, including but not limited to service unavailability, erroneous output or loss or corruption of entered or imported data.
There may be service downtime to software, DRG version or platform updates. These are informed well in advance in VisualDRG service information or by other means, when known in advance.