Information Manager Agreement
Schedule “A”
to
INFORMATION MANAGER AGREEMENT
WHEREAS THE SUBSCRIBER (THE “CUSTODIAN”) IS A CUSTODIAN, AS DEFINED IN THE HEALTH INFORMATION ACT (ALBERTA), RSA 2000. C. H-5 (THE “ACT”); AND WHEREAS SERYPH SOLUTIONS INC. (THE “INFORMATION MANAGER”) IS AN INFORMATION MANAGER AS DEFINED IN THE ACT; AND WHEREAS THE CUSTODIAN IS REQUIRED PURSUANT TO THE ACT AND THE REGULATIONS AND AMENDMENTS THERETO TO ENTER INTO AN INFORMATION MANAGER AGREEMENT AS DEFINED IN THE ACT; THEREFORE, THE PARTIES AGREE TO ENTER INTO THIS AGREEMENT IN CONSIDERATION OF THE TERMS, CONDITIONS, AND OBLIGATIONS AS SET OUT HEREIN FOR THE PURPOSES REQUIRED BY THE ACT:
-
The objective of this agreement is to articulate clearly the privacy and security conditions and requirements under which the Information Manager handles the Custodian’s health information in compliance with Health Information Act (Alberta) and any amendments and regulations thereto (the “Act”), with the guiding principles of this Agreement being those found in the Act including the requirement of the Custodian to enter into this Agreement in accordance therewith.
-
The Information Manager and the Custodian agree that the collection, use, disclosure, security, storage and disposal of the Health Information, as defined in the Act, and all other information exchanged between the Custodian and the Information Manager pursuant to this Agreement (collectively defined as the “Health Information”) is subject to privacy legislation and other provincial or federal laws applicable to Custodian. The Custodian agrees that the Custodian is not obligated to provide the Information Manager with any Health Information and shall have the right to cease providing Health Information to the Information Manager at any time and for any reason.
-
The Custodian acknowledges and agrees that all Health Information made available to the Information Manager is the property and under the control of Custodian, and shall remain the sole property of the Custodian.
-
The Custodian consents and agrees that the Information Manager shall be permitted to use Health Information for all such purposes as are reasonably necessary to provide those Services, as defined in the Toothe Terms of Service, as amended from time to time, including without limiting the generality of the foregoing, disclosure of the Health Information on reasonable terms and conditions and the creation of a database of Health Information which database may contain reports, extracts, notes, memoranda or other records in respect thereof that contain personally identifiable health information, and hereby grants the Information Manager a perpetual and irrevocable license for such uses. The Custodian expressly consents and agrees that upon termination of this Agreement that the Information Manager is not required to delete or destroy the health information provided by the Custodian during the term of this Agreement.
-
The Custodian agrees that the Information Manager shall be permitted to collect Health Information, and any other information the Information Manager determines, in its sole discretion, is necessary to be collected from other custodians, as defined in the Act, for the purpose of providing the Services to other custodians.
-
The Custodian agrees that the Information Manager shall not be required to respond to, or process, any requests for access to, or amendment or correction of, Health Information or an expressed wish. The Information Manager shall process or refer back to the Custodian all requests for access or correction or Health Information or an expressed wish related to an individual’s Health Information, under the Health Information Act (Alberta) by way of communication sent in accordance with the notice provisions of this Agreement.
-
The Custodian acknowledges that is has reviewed the Information Manager’s Privacy and Security Policy and the Toothe Terms of Service and agrees that the Information Manager’s Privacy and Security Policy and Toothe Terms of Service meets those standards and requirements as the Custodian is required to uphold in the Custodian’s own Privacy and Security Policies and management of the Health Information. The Custodian hereby agrees that the Information Manager is not obligated to comply with any of the Custodian’s Privacy and Security Policies provided always that the Information Manager complies with the Information Manager’s privacy and security policies and the Toothe Terms of Service.
-
The Information Manager shall use its commercially reasonable efforts to implement all such necessary security measures as are required to ensure the protection and security of the Health Information, including without limiting the generality of the foregoing, conducting ongoing reviews, inspections and audits related to the security of its information technology, servers, facilities, and equipment affecting the Health Information to ensure appropriate technical, administrative, and physical security measures are being taken to protect the Health Information as required by this Agreement and by law. The Information Manager shall notify the Custodian immediately of any breach of the Information Manager’s security and the confidentiality of the Health Information, including without limiting the generality of the foregoing, unauthorized disclosure, use, destruction, loss, removal, modification, or interruption in the availability of the Health Information, whether accidental or as a deliberate act. Further, the Information Manager shall report to all authorities as required by law including the Office of the Information and Privacy Commissioner. In the event that the Custodian believes, acting reasonably, that the Information Manager security measures are deficient and represent an undue risk to the security and confidentiality of the Health Information, the Custodian may, at its sole discretion, make written notice that the Information Manager shall, within 10 days of the written notice, review the Information Manager’s security measures and provide the findings of the review, along with a schedule to correct any deficiencies representing an undue risk to the security and confidentiality of the Health Information (the “Correction Schedule”). In the event that Custodian is not satisfied with the Correction Schedule the only remedy available to the Custodian shall be to terminate this Agreement and its Toothe User Account.
-
The Information Manager may amend this Agreement, from time to time, and in its sole discretion by providing the Custodian with prior notice of any amendment in accordance with the notice provisions of this Agreement.
-
The parties hereto shall have the right to terminate this Agreement upon 30 days prior notice given in accordance with the terms of this Agreement. The termination of this Agreement shall also terminate the Custodian’s Toothe User Account.
-
Any notifications required under this Agreement may be provided by way of email to the email address provided by the Custodian on the Custodian’s Toothe User Account or by way of secure message sent to the Custodian by way of the secure messaging function of the Toothe software. Such notifications shall be received by the Custodian at the moment they have left the Toothe server notwithstanding whether such notification reaches the server of the Custodian. You may provide any notifications required under this Agreement by way of email to admin@toothe.com which notification shall be received when such email is acknowledged by way of a response email.
-
This Agreement shall be governed by and construed in accordance with the laws of the Province of Alberta and the Custodian shall attorn to a Court located in the Province of Alberta.