ACCEPTABLE USE POLICY
Last revision: November 5, 2015
This Change Healthcare Customer Acceptable Use Policy (this “Policy”) describes prohibited uses of the products and services (the “Services”) of Change Healthcare, Inc. and its affiliates (“Change Healthcare”). This Policy is designed to protect the confidentiality, integrity, and availability of the Services. The examples provided below are illustrative and not intended to be an exhaustive or comprehensive list of all prohibited uses. This Policy applies to (i) all customer companies/organizations/facilities (collectively, “Customer”) under the various Change Healthcare agreements that Customer has entered into, (ii) Customer’s employees, affiliates, agents, consultants, subcontractors, and independent contractors, and (iii) any other person or entity that accesses or uses the Services (individually and collectively “Users”). All Users must comply with this Policy. Change Healthcare may modify this Policy at any time by posting or distributing a revised version. By using the Services, Customer agrees to the latest version of this Policy. Violations of this Policy may result in temporary or permanent termination of Customer’s access to the Services..
Customer agrees that it is solely responsible for any and all violations of this Policy by Customer and by any User that uses or accesses the Services through Customer’s systems or account credentials, whether authorized by Customer or not.
Prohibited activities include, but are not limited to:
- Attempting to access the network, computer or communications system, software application, or network computing device (each, a “System”) or a part of the Services to which the Customer is not authorized
- Attempting to scan, test, probe, or otherwise assess a System without written authorization from the Change Healthcare Chief Information Security Officer (CISO)
- Attempting to breach or bypass any security, authentication, or authorization measures of a System or the Services
- Attempting to access data of other customers on a System
- Attempting to create a denial of service (DoS) to a System (e.g., any activity intended to overwhelm or consume all of the resources of a System)
- Attempting to introduce malicious software (e.g., a virus, worm, or spyware) to a System
- Sharing Customer’s authentication credentials to the Services or a System with any entity outside of the Customer
- Attempting to mount/attach any devices to a System
- Attempting to install software to a System
- Attempting to intercept or monitor network traffic on a System
- Attempting to use the Services for illegal or fraudulent purposes
Enforcement and Monitoring
In order to protect its customers, their data and its computing assets Change Healthcare reserves the right to continuously monitor any and all activity on its IT systems and to take action to investigate, correct or remedy any issue arising from the use of the Services in a manner that is unlawful or otherwise prohibited by this Policy or applicable laws. Depending on the nature of the violation, Change Healthcare reserves the right, in its sole discretion, to disable or remove access to the Services as a result. Additionally, Change Healthcare may report any applicable activity to the appropriate regulatory authorities, law enforcement officials, or other third parties. Such reporting may by necessity include information about the Customer. Change Healthcare may assist appropriate regulatory authorities, law enforcement officials, or other third parties with any investigations and possibly prosecution of illegal activity relating to Customer’s or User’s use of the Services.