HIRC_Logo-mark---blue Diagonal background separation icon-grid list-ul-regular Engaged Badge icon-plus-blue icon-plus-minus circle-question-regular

Data Sharing Policy

Last Updated and Effective: August 28, 2025

This Data Sharing Policy applies to all users of the information exchange located at https://hirc.link/vault/ (“HIRC Vault”). This Data Sharing Policy is an integral part of our Terms of Use (available at https://hircstrong.com/terms-of-use/) for our Service. Any capitalized terms used but not defined herein shall have the definitions set forth in the Terms of Use. By using the HIRC Vault, You agree to abide by this policy as well as the Confidentiality Policy referenced below. If You use the HIRC Vault on behalf of Your employer and have the authority to contractually bind Your employer, You agree that your employer will also abide by, and ensure that its employees and other agents abide by, this Data Sharing Policy as well as the Confidentiality Policy referenced below.

Each person who uses the HIRC Vault (each, a “User”) shall be responsible for all data or other information they share on the HIRC Vault. Users must treat all content on HIRC Vault as confidential and subject to the requirements set forth in HIRC’s Confidentiality Policy set forth at https://hircstrong.com/confidentiality-policy/.   

Access to the HIRC Vault shall be restricted to HIRC members (“Members”) only. For Members who are healthcare providers (“Providers”), access to the HIRC Vault is permitted for up to two contacts per healthcare provider organization using their work email address. For Members who are suppliers (“Suppliers”), access is permitted for one designee using a [email protected] account. Guest access is limited to provider member domains (e.g. @provider.org). As such, settings prevent Users from sharing content with suppliers.

Suppliers may opt-in to sharing the documents in their folders. HIRC will set up each a folder for each Supplier. Once setup, HIRC eliminates its own access to the folder so that HIRC can neither view nor modify the folder or its content. As such, the only Users with access to a Supplier’s folder, are those that the Supplier authorizes. Suppliers are encouraged to authorize sharing with the group entitled “All HIRC Provider Members.” This group is managed by HIRC and includes all active Providers.

Each Member shall be responsible for any content they elect to share using the HIRC Vault. All content uploaded to the HIRC Vault shall be considered a User Submission as set forth in the Terms of Use. By loading and sharing content, Members warrant they are duly authorized to share such content with all other Members that they allow to access such content. Members may not share content beyond the permitted scope. At this time, the permitted scope is limited to the following: content related to HIRC standards.

Members are responsible for their use of content from the HIRC Vault. Members may not download or store content from HIRC Vault into other systems, except to the extent that Members’ ordinary use of the HIRC Vault creates temporary or transient copies of such content in the course of such ordinary use. Members may not create derivative works based on other Members’ content in the HIRC Vault. Members also may not conduct any processing or analysis of the content in the HRC Vault using AI tools.

In no event shall any User of the HIRC Vault obtain any ownership of any intellectual property in the HIRC Vault by virtue of such User’s use, except as set forth in the Terms of Use.

By using the HIRC Vault, each User agrees to HIRC’s Terms of Use.

Member is responsible for ensuring that its activities as a Member, including the sharing of Data, complies with all applicable laws, rules, regulations, and guidance, including without limitation, the HIPAA privacy and security rules, the California Consumer Privacy Act, and any other foreign, federal or state law addressing the privacy or security of Personal Data (collectively “Data Privacy and Security Laws”).

No Member shall disclose Personal Data to HIRC or other Members in connection with HIRC activities, unless such disclosure is permitted under applicable Data Privacy and Security Laws (e.g., pursuant to a Business Associate Agreement entered into among the relevant parties in compliance with the HIPAA privacy rules). If Member inadvertently discloses Personal Data, then the Member is solely responsible for any such disclosure. If Member discloses de-identified Personal Data to HIRC or other Members for purposes of conducting HIRC activities, then the Member is solely responsible for ensuring that the de-identification methodology complies with all applicable Data Privacy and Security Laws.