OPEN HEALTH TOOLS - INTELLECTUAL PROPERTY POLICY
The purpose of this Open Health Tools Intellectual Property Policy (“IP Policy”) is to set forth the general principles under which Open Health Tools, Inc. (“OHT”) will accept, manage and license material that has been contributed by others or is owned by Open Health Tools.
The IP Policy has been designed to support the development of both Charter Projects and Forge Projects. Charter Projects are developed under the terms of a Project Charter that has been approved by the OHT Board of Stewards; they operate under commercial quality IP and business controls, and are actively supported by OHT staff. Forge Projects have aims which are complementary to OHT and are hosted on Open Health Forge; they are instituted and managed by approved contributors, but are not subject to the commercial grade controls of the Charter Projects. The Charter source code repositories are subject to risk mitigation and Contributor vetting processes, and code is restricted to use EPL or compatible licensing. The Open Health Forge is not subject to the same process, and the choice of open source license and other IP issues are the Contributors’ responsibility. The Charter Project Repositories will contain software, documentation, information (including, but not limited to, ideas, concepts, know-how and techniques) and/or other materials (collectively “Content”) that is core to the Vision of Open Health Tools, including the framework, exemplary tools and reference applications and will, where possible, be subject to a more rigorous level of IP vetting. The Vision is set out in the By-Laws of Open Health Tools.
Nothing in this policy changes the fact that the code from the Open Health Tools code bases, whether part of an Open Health Tools Charter Project Repository or Open Health Forge, is provided on an “as is” basis, without warranties or conditions of any kind, either expressed or implied, including, without limitation, any warranties or conditions of title, non-infringement, merchantability or fitness for a particular purpose. The licensee of any code from any of the Open Health Tools’ code bases is solely responsible for determining the appropriateness of the licenses associated with the Open Health Tools code for licensee’s intended purpose. The licensee is also solely responsible for determining the appropriateness of using and distributing the code and assumes all risks associated with its use of the code, including but not limited to the risks and costs of program errors, compliance with applicable laws, damage to or loss of data, programs or equipment, and unavailability or interruption of operations.
shall mean the Open Health Tools Board of Stewards.
shall mean those people granted write access to Charter Project Repositories.
shall mean the Chief Technical Officer of Open Health Tools.
shall mean the Director of Operations of Open Health Tools – an Officer whose duties include the application of the IP Policy.
shall mean the Open Source Initiative.
shall mean those people engaged by Open Health Tools to manage software contributions.
3. Source Code Categories
Open Health Tools source code repositories fall into two categories – each with its own purpose, structure, and IP policy – as detailed below.
Charter Project Repository
A Charter Project Repository contains the artifacts of a Charter Project which has been approved by the Board and includes Content placed in the repository by Committers and developed by the Open Health Tools development staff, subcontractors, Open Health Tools Members or, occasionally, others. All development is hosted at the Open Health Tools website(s). Charter Project Repository Content is licensed under the EPL or other Board-approved licenses (such as BSD, Apache and Mozilla), and is subject to a risk-mitigating verification process.
Open Health Forge
The Open Health Forge is a repository where Forge Contributors (as defined below) may post software that they feel is valuable to the eHealth industry and/or is complementary to software in the existing Open Health Tools code bases. While Open Health Tools will host the repository on which the code is developed and maintained, and will host complementary services such as forums, mailing lists and bug reporting facilities, the responsibility for IP issues belongs entirely with those using, contributing to and updating the projects.
The Open Health Forge code bases have been structured along the lines of open source code repositories, such as SourceForge, where the choice of the license and the responsibility for ensuring that the code does not infringe on the intellectual property of others rests with the person or organization posting the software. Open Health Tools’ purpose in providing Open Health Forge is to foster the development of software that is useful to the eHealth community and complementary to the software maintained in the Charter Project Repositories.
4. Roles and Responsibilities
Primary responsibility for managing the IP Policy rests with the Operations Director. The Operations Director works closely with the Staff, Contributors and Committers, and has the following responsibilities:
- manage the application of the due diligence process (as described below);
- manage the legal agreements with Members, Contributors, Committers, and others;
- manage the exception process for non-EPL contributions for a Charter Project Repository; and
- manage the Open Health Forge process.
The Staff is responsible for carrying out the due diligence process on contributed code.
Charter Contributors and Forge Contributors are those who contribute IP to a specific Charter Project Repository or to the Open Health Forge code base, respectively. Charter Contributors may contribute to more than one Charter Project. Both Forge Contributors and Charter Contributors must complete an Individual Contributor Questionnaire, and Charter Contributors must, if employed, have their employers execute Contributor Employer Consent Forms. The Staff must verify the Contributor’s name and coordinates. While any Participant (a registered user of the Open Health Tools website) may submit minor bug fixes and newsgroup submissions, anyone wishing to submit code (over and above a trivial code segment of 10 lines or more), or initiate an Open Health Forge project, must become a Charter and/or Forge Contributor. The Individual Contributor Questionnaire shall obligate the Contributor to comply with this IP Policy, and in particular provide information required for the due diligence process described in Sections 9 and 10 below.
Committers are those people who have the right to commit code to specific Charter Project Repositories. Each Committer must execute an Individual Committer Agreement (where the Committer’s employer is not a Member) or have his/her employer execute a Member Committer Agreement on the Committer’s behalf. This agreement shall obligate the Committer to comply with this IP Policy and other policies of Open Health Tools in effect from time to time. Where the Committer is employed by an organization that is not a Member, the Committer’s employer must execute a Committer Employer Consent Form. For the purposes of this IP policy, Committers also have all the rights and responsibilities of Charter Contributors.
The Chief Technical Officer will work closely with the Operations Director and the Committers, and will:
- recommend the appointment of people to the Committer role to the Board, or for election by the existing Committers;
- approve major contributions and all non-EPL contributions to a Charter Project Repository.
5. Accepting Contributions – Charter Project Repository
The EPL shall serve as the primary license under which Open Health Tools shall develop internally, have developed under contract, or accept contributions of Content from Charter Contributors including, but not limited to, Members and Committers.
Open Health Tools will only accept Content for a Charter Project Repository under terms and conditions other than the EPL when the potential Contributor of such Content does not have the right to, or is unwilling to, license the Content under the terms of the EPL and the following conditions have been satisfied: (1) a determination has in fact been made by the Staff and/or Committer that the potential Contributor will not license the Content under the terms of the EPL, (2) when the potential Contributor is not the copyright holder of the Content, a determination has in fact been made by the Staff and/or the Committer that the owner of the copyright of the potential Contribution (as that term is defined in the EPL) will not license the Content under the terms of the EPL; (3) the CTO, the Project Lead and the Committer have determined that the Content is important to achieving the Project Plan and Vision; and (4) the Board, Operations Director, CTO and the applicable Project Management Committee have reviewed and approved the use of the proposed alternative terms and conditions. This policy should be read to discourage, but not prohibit, the licensing of any Content under terms and conditions that would require the object code, source code and derivative works of any Content to be distributed in a Charter Project Repository under terms and conditions other than the EPL.
All Charter Project source code shall be subject to the due diligence process, as described in Section 8 below.
The above policy for accepting contributions applies to all Content contributed to a Charter Project Repository. It shall be the overall responsibility of the Staff to ensure that all Content contributed to a Charter Project Repository complies with this policy. It shall also be the responsibility of the applicable Committer(s) to ensure that all Content that the individual Committer uploads to a Charter Project Repository complies with this policy.
6. Accepting Contributions – Open Health Forge
Open Health Forge has been created to foster collaboration and sharing in the development of interoperable software and other content that contributes to the Vision. Software contributions need not be directly associated with any specific Charter Project, may be made by any Forge Contributor, and may be made under any OSI approved license.
The CTO, a Project Lead or a Committer can request that an Open Health Forge Contribution be considered for posting to a Charter Project Repository, in which case the regular Charter Project Repository due diligence process would be applied. In the mean time, however, the Contribution would continue to be accessible from Open Health Forge.
7. Licensing Contributions (Out-bound Licensing)
The EPL shall serve as the primary license under which Content developed by or for Open Health Tools shall be distributed. Contributions to Open Health Tools, with the possible exception of contributions to Open Health Forge, will be made available under the EPL where such Content was licensed to Open Health Tools under terms which permit the use of EPL.
Content shall be distributed by Open Health Tools under terms and conditions other than the EPL only in the following circumstances:
- Charter Project Repository – only where, in the reasonable judgment of Open Health Tools, the terms and conditions of the license under which the Content was contributed requires such alternative licensing terms and conditions.
- Open Health Forge – the Content shall be distributed under an OSI License selected by the Forge Contributor.
It shall be the overall responsibility of the Staff to ensure that all Content licensed to subsequent users complies with the provisions of this Section. Before any Content is uploaded to a Charter Project Repository and made available for download or other method of distribution to potential users, the applicable Committer(s) must ensure that the terms and conditions governing the subsequent use of the Content are clearly communicated to potential recipients of the Content. This includes ensuring that the appropriate licensing information has been placed at the locations in the Repository as specified in the Open Health Tools Software User Agreement.
8. Due Diligence and Record Keeping – Charter Project Repository – Internal and Contracted Development.
The Charter Project software development process, includes three reviews plus an ongoing monitoring process to ensure that IP issues are handled expeditiously when they arise.
Each of the three reviews, (i) Creation Review; (ii) Checkpoint Review; and (iii) Release Review (collectively, the “Reviews”) includes the completion of a questionnaire in which the Contributors provide information on any third party IP which they have used, or plan to use, or had access to, during the development process. The Operations Director, working with the Project Lead, will determine whether the Project Team has acquired the necessary rights to all such additional Content to permit the distribution of such Content under the terms of the EPL.
The ongoing monitoring will consist of the Contributors (whether internal or third party) providing information on any access or planned use of third party material (including Content, use of standards etc.) to the Operations Director.
In the case of the Reviews and during the ongoing monitoring, the Operations Director will determine whether all necessary rights to the third party material have been acquired. If such rights have not been acquired, the Operations Director will attempt to acquire them, or determine that they are inaccessible. The Release Checkpoint is used as a final review to ensure that all necessary rights to the third party material have, in fact, been acquired. If such rights have not been acquired, the Content containing such third party material will not be externally distributed.
The Reviews will also be used to provide each Member with an opportunity, but NOT an obligation, to review the technical plans and related Contributions, if any, for the Project and identify any intellectual property rights including, but not limited to, patent rights, the Member may have that may be infringed/misappropriated by a Contribution if a user of such Contribution does not receive a license from the Member for such intellectual property.
In the event that a Member identifies any such intellectual property rights, the Member shall promptly notify Open Health Tools in writing. Upon receipt of such notice, Open Health Tools shall review the potential infringement/misappropriation to determine if the Member’s claim is valid. If Open Health Tools determines, in its reasonable judgment, that the intellectual property rights of the Member may be infringed or misappropriated, Open Health Tools shall request that the Member license the subject intellectual property on a royalty-free basis for use with Contributions licensed under the EPL. If the Member declines, Open Health Tools will determine if the applicable technology can be removed (or modified so that the technology no longer infringes or misappropriates the Member’s intellectual property), without significant disruption to the Project. If the disruption would be minimal, the applicable technology will be removed or modified. If removal or modification would cause significant disruption, Open Health Tools shall attempt to license the subject intellectual property for use with Contributions licensed under the terms of the EPL for a reasonable one-time charge. If the Member again declines, Open Health Tools will remove or modify the applicable technology within a commercially reasonable period of time. The same process shall apply if the Member identifies the potential infringement/misappropriation after the Check Point Review. Nothing in this IP Policy shall in any way be interpreted to modify or supersede the terms of the EPL in any manner.
This policy shall in no way be interpreted: (1) to require Open Health Tools to agree with a Member that the technology may infringe or misappropriate that Member’s intellectual property; (2) to require Open Health Tools to take the remedial actions identified above, (3) to require any Member to license its intellectual property to Open Health Tools, any Member or any other party, or (4) to prevent a Member from enforcing its intellectual property rights against Open Health Tools, a Member(s), or any other party as a result of the Member not identifying any such potential infringement/misappropriation during these review cycles or at any other time. In addition, any decision made by Open Health Tools under this Section in respect of the intellectual property rights of a Member is a decision for the internal and administrative purposes of Open Health Tools and shall not be considered as determinative in respect of Open Health Tool’s or the Member’s rights for any other purpose or in any other context and cannot be relied on by the Member, Open Health Tools or any third party in any infringement proceedings by or against Open Health Tools or the Member.
9. Due Diligence and Record Keeping – Charter Project Repository - Contributions
The Staff, working with the Committer(s), and under the direction of the Operations Director, shall be responsible for scrutinizing all Content contributed to the Charter Repositories to help ensure that the IP Policy requirements are met. Except as set forth below, the applicable Committer, with the assistance of the Staff, shall conduct the following activities prior to uploading any Content into the repository or otherwise making the Content available for distribution:
- Contact the Contributor of the Content through an appropriate channel of communication and collect/confirm the information provided in the Individual Contributor Questionnaire (if one exists) including the following:
- Contributor’s name, current address, phone number and e-mail address;
- Name and contact information of the contributor’s current employer, if any.
If the Contributor is not self-employed, the Committer or Staff must request and receive a signed Contributor Employer Consent Form from the Contributor’s employer confirming that the employer does not object to the employee contributing the Content.
- Determine if the Content can be contributed under the terms of the EPL or the alternative terms and conditions supplied by the Contributor. This shall be done by having the Contributor fill out a Contribution Questionnaire which will include questions along the following lines:
- Did you develop all of the Content from scratch;
- If not, what materials did you use to develop the Content?
- Did you reference any confidential information of any third party?
- If you referenced or used third party materials, under what terms did you receive such materials?
- Does the material contain cryptographic capability?
If it is determined by the Committer that the Content is not fully the original work of the Contributor, collect the contact information of the copyright holder of the original or underlying work. The copyright holder of the Content or the underlying work may then need to be contacted to collect additional information.
- The Committer(s) shall document all information gathered pursuant to (1) above in a form to be provided by Open Health Tools and provide such completed form to the Staff.
- The Committer or the Staff shall also be responsible for running a scan tool provided by Open Health Tools, using parameters provided by Open Health Tools, to help ensure that the Content does not include any code not identified by the Contributor.
- Based on the information collected, the Committer, in consultation with the CTO and Operations Director, shall use his/her reasonable judgment to determine if the Content can be contributed under terms and conditions that are consistent with the licensing requirements of this IP Policy.
If the Staff or the applicable Committer has any doubts about the ability to distribute the Content under terms and conditions that are consistent with the EPL or the proposed alternative terms and conditions, the Committer may not upload the code to the repository or otherwise distribute the Content and should contact the Operations Director for assistance. The Staff shall be responsible for filing/maintaining the information collected by the Committer(s) for future reference as needed.
The above record keeping requirements shall not apply to:
- Minor modifications to Content previously contributed to and accepted by Open Health Tools.
- Articles and White Papers
- Information or minor Content modifications provided through bug reports, mailing lists and news groups
While the record keeping requirements do not apply to the items listed above, Committers must conduct reasonable due diligence to satisfy themselves that proposed Contributions can be licensed under the terms of the EPL.
This due diligence process is also described, as it applies to Committers, in the Due Diligence Procedures for Committers document.
10 Due Diligence and Record Keeping – Open Health Forge
The Staff will not be responsible for scrutinizing Contributions made to Open Health Forge. However, before any Open Health Forge project is established, the Staff shall ensure that the Forge Contributor proposing the project has completed an Individual Contributor Questionnaire. The staff shall contact the Forge Contributor through an appropriate channel of communication and collect/confirm the information provided in the Contributor Agreement including the following:
- Contributor’s name, current address, phone number and e-mail address;
- Name and contact information of the contributor’s current employer, if any.
The Staff may terminate or suspend the registration of any Forge Contributor if the Staff suspects that the registration information provided is incomplete, untrue, or inaccurate, or if the License used for the contribution is not OSI approved.
The Staff will be responsible for removing Forge Contributions that are unrelated to the Vision. Such removal will be done in consultation with the CTO. Forge Contributors who continue to make such unrelated contributions, after warning from the Staff, will have their status as a Forge Contributor terminated. The Staff will also be responsible for managing the Open Health Tools Copyright Notification Procedure.
Open Health Tools, Member(s), Committer(s) and other parties may exchange information as a result of their participation in Open Health Tools and/or generally in the furtherance of the Vision. All such information shall be considered non-confidential and provided under terms consistent with this IP Policy. In the event confidential information needs to be shared, such confidential information shall be disclosed pursuant to a confidentiality agreement entered into by the participants in such disclosure.
Open Health Tools will apply for an Export Commodity Control Number (ECCN) from the U.S. Government Department of Commerce, Bureau of Export Administration, to ensure that the code is deemed eligible for export. However, the classification that Open Health Tools seeks will not permit cryptanalytic functionality, such as a cryptographic codebreaker. Any modifications, additions or removal of cryptographic code, should be brought to the Operations Director’s attention.
Any Contributions containing Cryptography should have information regarding the Cryptography documented in the “About” file for the plug-in that will contain the Contribution.
13 Trademarks and Logos
The use of trademarks and logos associated with Open Health Tools shall be used in accordance with the then current Open Health Tools Trademark Usage Guidelines. Any Member’s trade marks or logos appearing on the Open Health Tools’ website or in any documentation and materials provided by Open Health Tools shall not be used by any other Member, Contributor or third party without obtaining the express written consent of the Member owning such trade mark and/or logo.
14 Allegations of Infringement of Copyright
If a third party believes that any Content contained on or accessible through the Open Health Tools Website infringes its copyright, such third party should notify the Operations Director of Open Health Tools and provide the Operations Director with the information specified in the Open Health Tools Copyright Notification Procedure in accordance with the procedure also specified at Notification Procedure. The form of notice specified and the procedures is consistent with the form suggested by the United States Digital Millennium Copyright Act, which can be found at http://www.copyright.gov/legislation/dmca.pdf. Any third party who makes a material misrepresentation when making a claim of copyright infringement or filing a counter notification will be liable for damages (including costs and legal fees)