Effective Date: March 30, 2017
While .health is open to the general public (other than eligibility requirements for Sunrise and Industry Access phases), this Registration Policy sets forth certain terms, conditions, requirements, processes and procedures that govern the registration and use of .health domain names. This policy is effective as of the Effective Date above.
Definitions. The following terms have the meanings ascribed to them for purposes of this Registration Policy:
Applicable Laws means all international, national, state and local laws, rules, regulations, ordinances and decrees (of any jurisdiction) applicable to (i) a Registrant’s registration or use of a Domain Name, (ii) the Handling of any information or other content on or accessible through any Website, and/or (iii) any other activities conducted on or through, promoted on, and/or facilitated by any Website.
Domain Name means a domain name in the TLD.
Handle (and derivations of such term) means to collect, process, store, display, distribute, publish, transmit, or disseminate.
ICANN means the Internet Corporation for Assigned Names and Numbers.
Online Pharmacy means a website through which a visitor may obtain any medication or that otherwise provides, sells or facilitates the provision, dispensing or sale of any medication (including by routing ordering information to another website). Such term does not include purely informational websites (even if operated by or on behalf of a pharmacy) that do not include an interactive feature designed to facilitate the provision, dispensing or sale of medication.
Privacy Service means a registration service that lists alternative, reliable contact information, like an address or phone number, in the WHOIS database while keeping a Domain Name registered to its beneficial user as the named Registrant.
Personal Health Information means any information, including genetic information, whether oral or recorded in any form or medium, that (i) Is created or received by a health care provider, health plan, public health authority, employer, life insurer, school or university, or health care clearinghouse, (ii) relates to the past, present, or future physical or mental health or condition of an individual, the provision of health care to an individual, or the past, present, or future payment for the provision of health care to an individual, and (iii) can be linked to or otherwise used to identify a specific individual.
Proxy Service means a service whereby the service provider registers a Domain Name, names itself as the Registrant, includes its own contact information in the WHOIS database, retains all rights and assumes all responsibility for registration and use of the Domain Name, and then licenses use of the Domain Name to its customer whose contact information is not displayed in the WHOIS database.
Registrant means the person or entity in whose name a Domain Name is registered.
Registrar means an entity that has been authorized by Registry Operator to provide registration services for domain names in the TLD, including, in cases where Registry Operator is acting as the registrar (e.g. for restricted Domain Names), Registry Operator itself.
Registry Agreement means the Registry Agreement entered into between Registry Operator and ICANN dated February 11, 2015 pursuant to which ICANN appointed Registry Operator as the exclusive registry operator for the TLD (as the same may be modified, supplemented, amended and/or replaced from time to time).
Registry Operator means DotHealth, LLC, the registry operator for the TLD.
Registry Operator Policies means the operational standards, policies, procedures, and practices for the TLD as set forth in the Registry Agreement and as may be established by Registry Operator (and modified, supplemented, amended and/or replaced) from time to time, including this Registration Policy.
TLD means the .health Top Level Domain.
TLD Abuse Monitor means a third party service provider retained by Registry Operator to monitor the TLD for violations of this and/or any other Registry Operator Policy.
Website means any website located on a Domain Name.
Privacy and Proxy Registration Services. Privacy Services and Proxy Services are permitted services for use with Domain Names except for Domain Names used to conduct or facilitate the conduct of any commercial transaction for healthcare-related products or services involving pharmaceuticals, supplements, and/or telemedicine (collectively, “Health Transactions”). This restriction includes use of a Domain Name to market or promote Health Transactions or the availability of Health Transactions that are conducted on a website located on a different domain name.
Compliance With Applicable Laws. All Registrants must comply with all Applicable Laws at all times, including by ensuring that prospective customers located in a jurisdiction that prohibits the marketing or provision of a particular product or service to persons or entities located therein are not able to obtain such product or service from or through Registrant’s Website. In addition, with respect to any Website that facilitates the practice of medicine, the conduct or promotion of Health Transactions, and/or any other regulated health care activity, all medical, pharmaceutical and/or other health care providers or practitioners participating in such activities must be licensed and in good standing under and otherwise compliant with all Applicable Laws, including, without limitation, those of any jurisdiction where any patient or other user or consumer of such activities may be located.
Personal Health Information. In addition to all Applicable Laws relating to information that may fit within the definition of Personal Health Information set forth above, all Websites that Handle Personal Health Information must adhere to the following minimum standards:
All such Personal Health Information must be encrypted while being handled.
All stored Personal Health Information must be backed up on a regular basis.
Access to all Personal Health Information must be limited to authorized personnel.
Personal Health Information may not be altered or tampered with.
Personal Health Information that is no longer needed must be disposed of permanently.
Communication Security. All Websites with active content (whether or not facilitating a commercial transaction) must employ either Secure Sockets Layer or Transport Layer Security technology. Websites that are limited to “under construction”, “coming soon”, or other static landing or “parked” pages are exempt from this requirement.
Transparency and Prohibited Practices. One of Registry Operator’s primary goals in operating the TLD is to create a safe, informative, innovative, and credible online ecosystem for health and healthcare-related information, products and services. In furtherance of that goal:
The data provided in the Domain Name registration must be true, correct, current and complete.
Neither the registration nor the use of the requested Domain Name may interfere with or infringe upon the lawful rights of any person or entity.
The Domain Name may not be registered for and may not be used for any purpose that is fraudulent, illegitimate or otherwise in conflict with any applicable Law, including, without limitation for the submission of unsolicited bulk e-mail, phishing, pharming use of botnets or malware, infringement of the legitimate trademark rights of others, or any other abusive practices.
The following must be published clearly and accurately on the Website in an area visible to all visitors: the owner of such Website and either an email address, telephone number or postal address for contacting the owner.
No Website may display, distribute, publish, transmit, or disseminate any false or misleading information or otherwise misrepresent visitors thereof regarding any medical, pharmacy, or other health related licensure, certification or other credentials (governmental or otherwise).
No Website may display, distribute, publish, transmit, or disseminate any health-related information that any beneficial owner or operator thereof knows or has reason to believe is false or misleading.
If any Website displays paid advertisements or other paid content, such Website must clearly distinguish such paid advertising or content from editorial content.
All Websites displaying, distributing, publishing, transmitting or otherwise disseminating clinical data must cite the source and date thereof in a manner that affords the readers or other consumers of such information a reasonable opportunity to identify the same when reading or otherwise consuming such information.
No Domain Name may be used (directly or indirectly) to promote, condone, facilitate or otherwise provide a medium for cyber-bullying, harassment, defamation, or any other similar activity designed to inflict harm of any kind.
Requirements Relating to Specific Healthcare Activity Types.
(a) Supplements. Subject to compliance with Applicable Laws and the other provisions of this Registration Policy, Domain Names may be used for the promotion, marketing, sale and/or other provision of dietary supplements, provided, however, that use of any Domain Name for the promotion, marketing, sale and/or other provision of any supplement or other product containing illegal pharmaceuticals, toxins, controlled substances, or other problematic ingredients as determined by the TLD Abuse Monitor in its reasonable discretion (collectively, “Prohibited Supplements”) is strictly prohibited.
(b) Miracle Cures and Misleading Claims. The promotion, marketing, sale and/or other provision of any substance in a manner that in the reasonable discretion of the TLD Abuse Monitor is misleading or includes disease claims or unsubstantiated structure/function claims as defined by Applicable Law (e.g. regulations promulgated by the United States Food and Drug Administration) is strictly prohibited.
(c) Designer Drugs and Psychoactive Products. No Domain Name may be used to promote, market, sell and/or otherwise provide any “designer” drug or other psychoactive product, including, without limitation, controlled substances under Applicable Law and products marketed or commonly used for the purpose of causing the user to experience a psychoactive effect, in all cases as determined by TLD Abuse Monitor in its reasonable discretion.
(d) Telemedicine. Subject to compliance with Applicable Laws and the other provisions of this Registration Policy, Domain Names may be used for the marketing, promotion, sale and/or other provision of telemedicine or telehealth services, provided that all persons providing such services on or through any Website are properly licensed in each jurisdiction from which they may provide such services and each jurisdiction in which any patient or other person using or receiving such services is located.
(e) Online Pharmacies. No Domain Name may be used for an Online Pharmacy unless the applicable Registrant obtains and maintains an Internet Pharmacy Certification from LegitScript LLC, an Oregon limited liability company (“LegitScript”) for such Online Pharmacy (each, a “Certified Online Pharmacy”). In addition to such certification, the following terms apply:
(i) Licensure, Registration and Good Standing. Domain Names may be used for Certified Online Pharmacies only to the extent they are licensed, registered, and in good standing to operate a pharmacy, or otherwise engage in the practice of pharmacy, in all jurisdictions where such licensure, registration and good standing status is required by Applicable Law, including, without limitation, all jurisdictions from which any medication is distributed or dispensed and all jurisdictions to which any medication is offered to be delivered.
(ii) Prescription Requirements. Domain Names may not be used to facilitate the distribution, dispensing, sale or other provision of (A) medications for which a prescription issued based on a prior in-person examination is required by Applicable Law, or (B) drugs that have not been approved for medical use or sale to the general public pursuant to Applicable Law, including, without limitation, falsified medications and counterfeit drugs.
(iii) Registrant Responsibility. Each Registrant is solely responsible for discovering, reviewing, understanding and complying with all Applicable Laws, including, without limitation, those relating to licensure, drug safety, and supply-chains. Some potentially relevant United States laws include the Federal Food, Drug, and Cosmetic Act and the Federal Controlled Substances Act.
Monitoring. By registering a Domain Name, each Registrant authorizes Registry Operator, the applicable Registrar and each TLD Abuse Monitor to monitor the registration and use of such Domain Name and any Website located thereon for compliance with this Registration Policy (and all other Registry Operator Policies) and authorizes Registry Operator and the applicable Registrar to disclose to each TLD Abuse Monitor all contact and other information provided by or on behalf of Registrant in connection with the registration of such Domain Name.
Suspension. Registry Operator and/or any Registrar may suspend and temporarily or permanently lock any Domain Name used in a manner that violates this Registration Policy without notice to the Registrant of such Domain Name. Any Domain Name that is suspended and locked pursuant to the preceding sentence will remain locked unless and until Registry Operator or the applicable Registrar (as applicable) determines in its sole discretion that the applicable Registrant and Domain Name are in full compliance with this Registration Policy, provided that if Registry Operator was involved in any way with a suspension or lock imposed by a Registrar (including if such suspension arose out of information provided by Registry Operator or any request, warning or other involvement from Registry Operator), then Registrar may not remove such suspension or lock without Registry Operator’s prior written approval.
Reservation of Rights. Notwithstanding anything herein to the contrary, Registry Operator reserves the right to deny, cancel, place on registry-lock or hold, transfer or take ownership of (temporarily or permanently) any Domain Name that it deems necessary, in its discretion: (a) to protect the security, integrity or stability of the TLD, the registry system, the registry database, and/or the Internet; (b) to comply with any Applicable Law or any requirements and/or requests of law enforcement authorities, in compliance with any dispute resolution process or otherwise; (c) to avoid, eliminate, mitigate or reduce any loss, damage, liability, or expense (civil or criminal), of Registry Operator, its affiliates, and/or their respective owners, officers, directors, managers, employees, agents, contractors, service providers, suppliers and representatives; (d) to protect the safety and security of any Registrant or user; (e) to correct mistakes made by Registry Operator, any Registrar, or any other registrar in connection with a domain name registration; and/or (f) to ensure compliance with all applicable policies, rules, regulations, terms, conditions, and procedures adopted or imposed by ICANN (including pursuant to the Registry Agreement) and/or all Registry Operator Policies. Registry Operator also reserves the right to lock or place on hold a Domain Name during resolution of any dispute between third parties and take immediate action to remove orphan glue records (as defined at http://www.icann.org/en/committees/security/sac048.pdf) when provided with evidence in written form that such records are present in connection with malicious conduct.