OkRx USER Agreement
OkRx Terms of Service / Privacy Notice
Last Modified: May 1, 2021
Your use of OkRx.ca (this “Website”), and the services described herein, including any related and ancillary services provided by OkRx, and any updates, new features and enhancements to these services (collectively, “Services”), is governed by the terms and conditions below, including any addenda (“Terms of Service”). These Terms of Service constitute a legally binding agreement between you and OkRx’s parent company Leven Systems Inc. (“OkRx”, “we” or “us”).
In order to use the Services, you must be a
- Canadian licensed health care provider with the intent to prescribe or dispense a prescription, an employee of such a licensed health care provider, or
- Canadian patient support program employee, or agent provided with access to the Services by OkRx. If you are an employee of an organization, you represent that you are authorized to agree to these Terms of Service on behalf of the organization.
- An employee of a Canadian insurer
No other person or entity, including any consulting company, other reimbursement support service provider, or pharmaceutical company, is permitted to agree to these Terms of Service or to access the Services through these Terms of Service.
Notwithstanding the foregoing, pharmaceutical sales representatives may create a user account solely for Demonstration Purposes (as defined below), provided that such representatives identify themselves accordingly during account set up. For the purposes of these Terms of Service, “Demonstration Purpose” means use for the purpose of educating the individual sales representative with respect to the functionality of the OkRx Services. Any user in violation of this provision is subject to immediate account termination as set forth in the Website Administration section below.
By clicking the “SIGN UP” or similar button on the Create Your Account screen, you agree that you have read, understand, and agree to be bound by these Terms of Service. If you do not agree with any of these Terms of Service, do not use the Services.
OkRx, is an operating name used by Leven Systems Inc. (“Leven”). Leven, located at 2360 Bristol Circle, Oakville, Ontario L6H 6M5, is a limited liability company organized under the laws of the Province of Ontario. Reference to OkRx herein includes any subsidiaries of Leven involved with providing the Services offered by Leven. The servers that host this Website are located in Canada, and any Protected Health Information, provided to us will be processed in Canada.WHAT ARE THE SERVICES?
OkRx offers various Services, including, but not limited to, the patient journey, prior authorizations, program enrolment, financial assistance and connections to services providers, including follow up communications, benefit verification and investigation, patient financial assistance, prescription management and follow up communications to patients regarding patient enrollments, and hub services.
OkRx may establish business relationships with certain economic sponsors, such as pharmaceutical manufacturers and payors, to facilitate the Services and may share protected health information pursuant to a valid consent that complies with relevant federal and provincial privacy laws to support certain program drugs prescribed to the patient.WHAT ARE THE PRIVACY OBLIGATIONS OF OKRX?
OkRx generally provides its Services to health care providers who in-turn offer services to patients. Therefore, to use the OkRx Services pursuant to these Terms of Service, health care providers, including employees agreeing to these Terms of Service on behalf of an employer that is a health care provider, must read and agree to the Personal Information Protection Agreement, which is part of these Terms of Service. The Personal Information Protection Agreement requires OkRx to protect your PHI and specifies the purposes for which it may be lawfully used and disclosed by OkRx. Use of the Services constitutes acceptance of the terms of the Personal Information Protection Agreement. OkRx may use subcontractors to assist in performing some of its Services. When these subcontractors have access to PHI, they will enter into Personal Information Protection Agreements with OkRx to the extent required by applicable law. The Services are provided to you at no cost, dependent upon OkRx’s ability to share data created or obtained by OkRx in the course of providing its Services as specified in the Terms of Service and as permitted by law.
To provide the service at no cost to health care providers, OkRx may share de-identified data with third parties including, but not limited to, pharmaceutical manufacturers for various purposes such as, but not limited to, billing and validation of certain transactions, evaluating the effectiveness of the Services, and providing data analytics and market insights, including prescribing practices. Additionally, data is used for continuous improvement of current services, such as to improve the end user experience, and streamline the prior authorization process, as well as the development of future products, and services. You acknowledge and agree that OkRx, or its subcontractors, or both, are hereby authorized to de-identify PHI in accordance with federal and provincial privacy laws, and subsequently use and disclose such de-identified data as permitted by applicable law, including, without limitation, for OkRx’s internal business use and third party reporting.
You authorize OkRx to use and disclose your information provided in connection with the Services, including without limitation, your college identification number (“College number”), unless prohibited by applicable law.
You acknowledge and authorize that OkRx may perform data analytics in connection with your website use practices, outcomes of PAs submitted, and use and disclose such analytics for OkRx’s internal business use and third-party reporting.
You acknowledge and agree that OkRx or its affiliate may also engage directly with patients, and OkRx or its affiliate may use and disclose PHI pursuant to an authorization that complies with federal and provincial law. Additionally, you acknowledge that patients may provide information to OkRx or its affiliate, not as part of the Services, that is the same or substantially similar to information obtained by OkRx in the course of performing its Services, and that OkRx’s or affiliate’s use and disclosure of such information is subject exclusively to the agreement or agreements between the patient and OkRx or its affiliate.WHAT ARE YOUR OBLIGATIONS WHEN USING OKRX?
Use of the Services constitutes a representation and warranty that all consents and authorizations required to provide PHI, including genetic information such as genetic test results, to OkRx, and for OkRx to use and disclose the PHI, including genetic information such as genetic test results, to provide its Services and as otherwise provided herein or in the Personal Information Protection Agreement, have been obtained. In addition, you represent and warrant that you have provided all notices necessary to comply with applicable federal and state laws and regulations relating in any way to medical privacy, or health privacy, or both including, but not limited to a notice of privacy practices.
You must provide current, complete, and accurate information when you create an account to use our Services. You understand that we may collect information such as your name, physical address, email, telephone number, fax number, organization name, job title, and College number when you sign up as a user. Although OkRx disclaims any legal duty to verify the accuracy of any data that you provide to us when creating an account, if OkRx believes that any information you provide is not current, complete, and accurate, we have the right to refuse access to the Website or any of our Services, and to terminate or suspend your account. You are entirely responsible for maintaining the confidentiality of your password and account as well as for any and all activities that occur by use of your account. You agree to immediately notify OkRx of any unauthorized use of your account or any other breach of security related to your account. OkRx will not be liable for any loss that you may incur as a result of someone else using your password or account with or without your knowledge. However, you could be held liable for losses incurred by OkRx or another party as a result of someone else using your account or password. You may not use anyone else’s account or allow anyone else to use your account at any time.
If you are creating an account as an employee of a health care provider, you understand and agree that your account is specific to that health care provider and therefore, if your employment with that health care provider ends or is terminated for any reason, you are no longer permitted to access our Services through that account, and must immediately notify OkRx at [email protected] so we may disable that account. You may update your user profile information or disable your user account at any time by visiting the “Settings” tab after login in, or by sending a request via email to [email protected] with the words “UPDATE MY INFORMATION” in the subject line. If you withdraw consent, or disable your account, the business relationship created when you registered and agreed to the Terms of Service is terminated.
Any user can disable his or her user account at any time. Disabling your user account will render your account inaccessible; however, our system is required to maintain a record of user accounts and the contents of each for audit purposes, and we may maintain backup copies of all information for legal and compliance purposes. Other healthcare providers may rely on Protected Health Information previously submitted while you were an active user after you disable your account.
PA forms, other forms, and services made available to users are configured to collect only the minimum necessary amount of information that the payer organization, regulatory entity or other type of organization which created the form requested. A user must submit PHI in order to utilize the Services available on this website. Other healthcare providers will receive and use PHI a user submits in order to facilitate the provision of Services to the user.DOES OKRX OFFER MEDICAL ADVICE?
OkRx does not offer medical advice, does not determine medical necessity, insurance coverage or copays and does not otherwise engage in the practice of medicine. The content accessed through the Website is for informational purposes only, and is not intended to address every possible use, direction, precaution, drug interaction, or adverse effect. OkRx is not a substitute for a health care providers’ professional medical judgment, or for individual patient assessments and examinations. The content of this Website should not be used during a medical emergency or for the diagnosis or treatment of any medical condition. Reliance on any of the information provided by OkRx or provided on or by the Website is solely at the user’s and the health care provider’s own risk. OkRx does not recommend or endorse any specific products, services, physicians, tests, procedures, opinions, or other information that may be available on this Website.
While we attempt to ensure that the information available through our Website is as complete and accurate as possible, we make no warranties that it is correct, complete, or current. Further, some information available through the Website is entered by other health care providers or their staff. OkRx does not review this content for completeness or accuracy or screen it in any way. You acknowledge and agree that OkRx is not responsible for the content of any materials or information posted to or otherwise available on the Website, whether provided by OkRx, you, or another user. Any reliance on such materials is at your own riskHOW MAY WE CONTACT YOU, YOUR PATIENTS OR OTHERS ON YOUR BEHALF?
YOUR INFORMATION AND UPDATES
It is your obligation to provide and maintain current, complete and accurate information on your OkRx account in order to use the Services (see “What are Your Obligations when Using OkRx?” above). You agree to indemnify us, as described in “What About Indemnification” below, for any third-party claims arising from our reliance on such information and your failure to provide and maintain current, complete and accurate information on your OkRx account.FAX SUBSTITUTION AND CONSENT TO CONTACT ON YOUR BEHALF
You agree we may substitute a fax number provided by you and submitted with a PA request for submission by us to health plans, PBMs or other payors on your behalf with a OkRx fax number so that the PA determination will be faxed to us and delivered as part of the Services. This substitution helps OkRx enhance the Services provided to you, your patient and other authorized providers.
OkRx may accept other communications that are unrelated to the PAs that you have submitted using the Services via the substituted OkRx fax number that a health plan, PBM or other payor may send to you. OkRx will make commercially reasonable efforts to forward such unrelated communications to you if we are able to determine, with reasonable certainty, that they are intended for you. However, OkRx disclaims any responsibility for failure to deliver to you any communications which a insurer or other payor transmits to us that are unrelated to the PA requests you submit while using the Services and which OkRx has delivered on your behalf.
You agree that we may contact
- health care providers,
- health plans, PBMs and other payors,
- patient support programs, and
- pharmacies on your behalf in connection with PA requests, or other Services, or both.
We may also contact your patients in order to perform our Services pursuant to an authorization from such patients. You agree that, for this purpose, we may use the contact information for your patients that you have provided to us.HOW TO OPT OUT OF CERTAIN COMMUNICATIONS
45 You can contact us at our toll-free number 1-888-679-9990, or send a toll-free fax to 1-888-610-1307, at any time if you wish to disable OkRx’s substitution of its fax number for yours on PA requests that you create for submission to a health plan, PBM or other payor. You must identify to us the fax number for which you are revoking consent.WITH WHOM IS MY INFORMATION AND MY PATIENTS’ INFORMATION SHARED?
Patient information you provide to us through our portal services is used and disclosed as necessary to provide our Services and as otherwise permitted by these Terms of Service, including the Personal Information Protection Agreement attached to and incorporated in these Terms of Service.WHO OWNS THE WEBSITE AND ITS USER CONTENT, AND ARE THERE LIMITS OF USE?
OkRx uses certain documents from other companies, including but not limited to forms provided by insurers, other payors, Patient Support Program, pharmacies or their business partners. Copyright of these documents is retained by their respective owners, and OkRx claims no ownership of such material. OkRx uses such material under fair-use provisions of copyright law or by written consent of the owner.
Provided you are not in default of any of your obligations hereunder, OkRx gives you a limited, revocable, non-assignable, and non-exclusive license to use the Website and the Services within Canada in accordance with these Terms of Service. You agree not to infringe upon any intellectual property rights or remove or modify related proprietary notices contained in this Website.USER CONTENT
When you create, transmit, or display information while using the Website, you may only provide information that you own or have the right and legal authority to use and disclose. Except for PHI, which is governed by the Personal Information Protection Agreement, any content or information that you submit to this Website or to OkRx (“User Content”), such as sample forms not otherwise available on the Website, user tips and tricks, or requests for new features, will be deemed to be non-confidential and may be disclosed through this Website for browsing, downloading, printing, and other uses by other persons or entities, such as your browser licensor or internet service provider. You agree not to submit User Content to this Website or OkRx that you do not have full authority to submit, and to only submit User Content that does not infringe upon any third party’s intellectual property rights in connection with such submission. It is your obligation to determine the extent to which User Content you submit is protected by applicable intellectual property laws. You agree that OkRx will have, and hereby grant to OkRx, a worldwide, royalty-free, perpetual, irrevocable, sub-licensable, non-exclusive right and license to use, translate, reproduce, sell, publish, distribute, modify, adapt, display, perform, promote, and link to, in any form or media, any User Content. OkRx does not endorse any User Content that may appear on this Website. Nothing in these Terms of Service will obligate OkRx to use any User Content or permit the posting of such User Content on this Website.USE OF YOUR NAME AND MARKS
You grant to OkRx a limited, royalty free, non-sublicensable, non-transferable, nonexclusive license to use your name and the name, trademarks (registered and unregistered), and logos of your company, practice, or organization for OkRx’s business use, including, without limitation, the right to use your name and the name, trademarks (registered and unregistered), and logos of your company, practice, or organization on OkRx’s website, and on OkRx’s customer lists.COMPLIANCE COPYRIGHT ACTS
OkRx respects the rights of all copyright holders and in this regard, we have adopted and implemented a policy that provides for the termination, in appropriate circumstances, of access to this Website by users who infringe upon the rights of copyright holders. If you believe that your work has been copied in a way that constitutes copyright infringement, please provide our Copyright Agent with the following information:
a) A physical or electronic signature of a person authorized to act on behalf of the owner of an exclusive right that is allegedly infringed;
b) Identification of the copyrighted work claimed to have been infringed, or, if multiple copyrighted works are covered by a single notification, a representative list of such works;
c) Identification of the copyrighted content that is claimed to be infringing or to be the subject of infringing activity and that is to be removed or access to which is to be disabled, and the information reasonably sufficient to permit OkRx to locate the copyrighted content;
d) Information reasonably sufficient to permit OkRx to contact the complaining party;
e) A statement that the complaining party has a good faith belief that the use of the copyrighted content in the manner complained of is not authorized by the copyright owner, its agent, or the law;
f) A statement that the information in the notification is accurate, and under penalty of perjury, that the complaining party is authorized to act on behalf of the owner of an exclusive right that is allegedly infringed.
For copyright inquires, please contact OkRx at:
Email: [email protected]
OkRx 2360 Bristol Circle, Oakville, Ontario L6H 6M5
Your use of the OkRx Services will comply with all applicable laws, regulations and ordinances, including, but not limited to, those pertaining to privacy, intellectual property, the export of data or software, coding, billing, payment, and any signature requirements for submitting forms.
You may not access the OkRx Services outside of the interfaces we provide, nor may you interfere with or disrupt the proper operation of our Services. You will only submit User Content and material that is functionally and technically compatible with this Website. You will not engage in any conduct or submit to this Website any content or other material that is illegal, inaccurate, misleading, misappropriated, dilutive, defamatory, obscene, offensive, or otherwise objectionable, or submit any promotional (for advertising or marketing purposes) content or material (collectively “Wrongful Use”). You will not attempt to and will not damage, corrupt, tamper with or infect this Website or any information or telecommunication system of OkRx with a virus or other malicious computer program. You expressly agree that you will not reverse engineer, disassemble, or decompile any software code or proprietary elements of the Website or OkRx’s Services.
Use of this Website is provided for the permitted purposes stated in these Terms of Service, and Wrongful Use is precluded with respect to this Website. Without limiting the generality of the foregoing, you agree that you will not undertake any activity which may adversely affect the use of this Website by any person. You are prohibited from using any of our Services to compromise security or tamper with system resources, or accounts, or both. The use or distribution of tools designed for compromising security (e.g., password guessing programs, cracking tools, or network probing tools) is strictly prohibited. Integrating with, automating, “spidering,” or “scraping” are all prohibited, in violation of OkRx’s Terms of Service, and may be illegal. Only human users using the Website manually are permitted. If you become involved in any violation of system security, OkRx reserves the right to release your details to system administrators at other sites and law enforcement authorities in order to assist them in resolving security incidents.
Referencing the OkRx.ca Website in an “iframe” or otherwise making it appear that the Website is part of a third-party site is prohibited. We do, however, encourage linking to the Website. All such links must be direct links to the top page of the Website (OkRx.ca) without framing. If OkRx detects, and determines at its sole discretion, inappropriate linking practices, we may require removal or modification of the link, as well as compliance with any and all requirements of OkRx relating thereto.
Third parties that provide financial support to OkRx programs may be permitted to use and access certain aspects of our Services. This includes health care provider information contained in the Website, for performance evaluation of our programs and the third party’s business impact, provided that such use of the Services is consistent with these Terms of Service and all applicable laws and regulations. For more information, please contact [email protected].
You represent and warrant that you will not distribute or resell any OkRx Services.GOOD SAMARITAN POLICY
It is our policy not to tolerate any acts of intellectual property infringement or violations of federal or provincial law. If we become aware of any Wrongful Use, we will, in good faith, use our reasonable efforts to remove, disable, or restrict access to the availability of User Content on the Website that, in our sole discretion, constitutes Wrongful Use, whether or not such material is constitutionally protected. This provision does not impose upon OkRx any contractual obligation to undertake, or refrain from undertaking, any particular course of conduct, or to monitor the Website.
If you believe that someone has violated this policy, we ask you to promptly notify us by email at [email protected] and provide as detailed a description of the alleged violation as possible. Use of this email address will ensure that the complaint is received by the appropriate party who is responsible for investigating alleged violations of this policy.WEBSITE ADMINISTRATION
We reserve the right to deny access to any user at any time for any reason. OkRx may limit, modify, suspend, or terminate your use of this Website at any time without liability or prior notice, and may suspend or terminate your use of our Services if you fail to comply with these Terms of Service. THIS SUSPENSION OR TERMINATION MAY DELETE YOUR ACCOUNT, INFORMATION, FILES, AND OTHER PREVIOUSLY AVAILABLE CONTENT, AND OKRX SHALL HAVE NO RESPONSIBILITY TO BACKUP OR PRESERVE ANY SUCH MATERIALS OR DATA.MODIFICATIONS TO THE TERMS OF SERVICE
These Terms of Service are subject to change from time to time and will be effective upon posting. Notices of updates or changes may be provided to you through your use of this Website and the Services. The most current Terms of Service will always be available at www.OkRx.ca. If you do not agree to the modified Terms of Service, you should delete your account with us. For information on how to do so, contact us at [email protected].WHAT ABOUT INDEMNIFICATION?
You agree to indemnify, defend, and hold harmless OkRx and its affiliates, officers, directors, employees, contractors, and licensors from any demands, claims, damages, liabilities, expenses, or harms (including attorneys’ fees) arising out of or related to your use of our Services or breach of these Terms of Service. You will not settle any indemnified claim without our written consent.DOES OKRX WARRANT ITS SERVICE?
YOU UNDERSTAND AND AGREE THAT OUR SERVICE IS AVAILABLE SOLELY ON AN “AS IS” AND “AS AVAILABLE” BASIS. NEITHER OKRX NOR ANY OF OKRX’S LICENSORS MAKE ANY EXPRESS WARRANTIES, AND EACH OF THEM DISCLAIMS ALL IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, IMPLIED WARRANTIES OF ACCURACY, MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, NON-INFRINGEMENT, RESULTS, COMPLETENESS, ACCESSIBILITY, COMPATIBILITY, SECURITY, AND FREEDOM FROM COMPUTER VIRUS. WITHOUT LIMITING THE GENERALITY OF THE FOREGOING, NEITHER OKRX NOR ANY OF OKRX’S LICENSORS MAKE ANY WARRANTY THAT THE CONTENT OF THE WEBSITE SATISFIES GOVERNMENT REGULATIONS REQUIRING DISCLOSURE OF INFORMATION ON PRESCRIPTION DRUG PRODUCTS. IN NO EVENT SHALL OKRX BE LIABLE FOR ANY LOSS OR DAMAGE, DELAY IN PERFORMANCE, OR NONPERFORMANCE CAUSED BY EQUIPMENT MALFUNCTION OR BREAKDOWN, NETWORK OR PIPELINE DISRUPTION, SEVERE WEATHER CONDITIONS, INFORMATION UNAVAILABILITY, STRIKES OR OTHER LABOR DISPUTES, RIOTS, FIRE, INSURRECTION, WAR, FAILURE OF CARRIERS, ACCIDENTS, ACTS OF GOD, OR ANY OTHER CAUSES BEYOND OKRX’S REASONABLE CONTROL. IF ANY APPLICABLE LAW DOES NOT ALLOW THE EXCLUSION OF SOME OR ALL OF THE ABOVE IMPLIED WARRANTIES TO APPLY TO YOU, THE ABOVE EXCLUSIONS WILL APPLY TO YOU TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW.
It is intended that only Canadian residents use our Services on a computer located in Canada. Accordingly, any use of our Services by anyone other than Canadian residents, or use of our Services on a computer located outside of Canada, is strictly prohibited and constitutes a breach of the Terms of Service. NEITHER OKRX NOR ANY OF OKRX’S LICENSORS MAKE ANY REPRESENTATION CONCERNING THIS WEBSITE, THE SERVICES, OR ANY CONTENT WHEN USED IN ANY OTHER COUNTRY. No software may be downloaded or otherwise exported into any countries that are subject to Canadian export/import control restrictions or other federal or provincial restrictions.WHAT ARE THE LIMITS ON LIABILITY?
IF YOU ARE DISSATISFIED WITH OUR SERVICES OR ANY OF OKRX’S TERMS, CONDITIONS, RULES, POLICIES, GUIDELINES, OR PRACTICES, OR OTHERWISE HAVE A DISPUTE WITH OKRX, YOUR SOLE AND EXCLUSIVE REMEDY IS TO TERMINATE THIS AGREEMENT AND DISCONTINUE USE OF OUR SERVICES. WITHOUT LIMITING THE GENERALITY OF THE FOREGOING, NEITHER OKRX NOR ANY OF ITS LICENSORS MAY BE HELD LIABLE UNDER THIS AGREEMENT FOR ANY INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, OR EXEMPLARY DAMAGES ARISING FROM YOUR USE OF OUR SERVICES OR THIS WEBSITE, OR FOR ANY OTHER CLAIM RELATED IN ANY WAY TO YOUR USE OF OUR SERVICES OR REGISTRATION ON OUR WEBSITE, EVEN IF WE KNOW OR SHOULD KNOW THAT OTHER DAMAGES ARE POSSIBLE OR THAT DIRECT DAMAGES ARE NOT A SATISFACTORY REMEDY. THE LIMITATIONS IN THIS SECTION APPLY ONLY TO THE EXTENT THEY ARE LAWFUL IN YOUR JURISDICTION. NEITHER YOU NOR OKRX OR ANY OF ITS LICENSORS MAY BE HELD LIABLE UNDER THIS AGREEMENT FOR MORE THAN $1,000; PROVIDED, HOWEVER, THAT THE LIMITATIONS OF LIABILITY DESCRIBED ABOVE DO NOT APPLY TO BREACHES OF INTELLECTUAL PROPERTY PROVISIONS OR INDEMNIFICATION OBLIGATIONS DESCRIBED IN THESE TERMS OF SERVICE.WHAT ARE THE GENERAL LEGAL TERMS?
These Terms of Service, including the Personal Information Protection Agreement, constitute the entire agreement between you and OkRx relating to the Website and OkRx’s Services. If there is any conflict between these Terms of Service and a signed written agreement between your company, practice, or organization and OkRx, the signed written agreement will control. Failure to enforce any provision will not constitute a waiver of that provision. If any provision is found unenforceable, it and any related provisions will be interpreted to best accomplish the unenforceable provision’s essential purpose. The headings contained in these Terms of Service are for convenience of reference only and will not affect or alter the meaning or effect of any provision hereof.
OkRx has no obligation to become involved in any dispute between a user of our Services and any other person. Our Services and these Terms of Service will be governed by and construed in accordance with the laws of the Province of Ontario. The exclusive venue for any dispute arising under or relating to this Agreement or our Services is Toronto, Ontario, and the Parties consent to the exclusive personal jurisdiction of provincial and federal courts located in Toronto. Nothing in these Terms of Service limits either party’s ability to seek equitable relief.HOW CAN I ASK QUESTIONS OR CONTACT OKRX?
We are happy to address questions about our Terms of Service or this Website. Please send your questions to [email protected]. Alternatively, you may write to us at:
Privacy Matters OkRx 2360 Bristol Circle, Oakville, Ontario L6H6M5
OkRx Personal Information Protection Agreement
Last Modified: December 1st, 2019.
THIS PERSONAL INFORMATION PROTECTION AGREEMENT (the “Agreement”) is entered into between you (“Covered Entity”) and Leven Systems Inc o/a OkRx, an Ontario Corporation (“Business Associate”) , and is effective as of the date that you create an OkRx user account (the “Effective Date” ).
WHEREAS, for the purpose of this agreement,
“Privacy Standards” shall mean (i) the federal Personal Information Protection and Electronic Documents Act (PIPEDA), the provincial Personal Information Protection Acts in place in Alberta and British Columbia as well as An Act respecting the protection of personal information in the private sector (Québec), (ii) the E-Health (Personal Health Information Access and Protection of Privacy)Act in British Columbia, the Health Information Act in Alberta, the Personal Health Information Act in Manitoba, the Personal Health Information Protection Act, 2004 in Ontario, the Personal Health Information Privacy and Access Act in New Brunswick, the Personal Health Information Act in Newfoundland and Labrador, and the Personal Health Information Act in Nova Scotia (iii) the Canada Anti-Spam Act Legislation (CASL).
“Security Standards” shall mean “Breach of Security Safeguards Regulations” SOR/2019-64 Personal Information Protection and Electronic Documents Act
“Breach Notification Standards” , shall mean “Breaches of Security Safeguards “ Section 10.1 of the Personal Information Protection and Electronic Documents Act and any relevant section from other laws/regulations of the relevant “Privacy Standards”
WHEREAS , in conformity with the Privacy Standards, Business Associate has and/or will have access to, create and/or receive certain Protected Health Information (“PHI”) to perform its Services as provided under the Terms of Service entered into by and between Covered Entity and Business Associate (the “Terms of Service” ).
WHEREAS , Covered Entity is required by the Privacy Standards to obtain satisfactory assurances that Business Associate will appropriately safeguard all PHI disclosed by or created or received by Business Associate on behalf of Covered Entity.
WHEREAS , the parties hereto desire to enter into this Agreement to memorialize their obligations with respect to PHI pursuant to the requirements of the Privacy Standards.
NOW, THEREFORE , Covered Entity and Business Associate agree as follows:
Section 1. Definitions. Except as otherwise specified herein, capitalized terms used but not defined in this Agreement shall have the same meaning as those terms as defined in the Terms of Service or the relevant “Privacy Standards”
(a) Personal Health Information (“PHI”) means identifying information about an individual, whether living or deceased, and in both recorded and unrecorded forms, and including information that (a) relates to the physical or mental health of an individual, including information that consists of the health history of the individual’s family; (b) concerns any health service provided to the individual; (c) concerns the donation by the individual of any body part or any bodily substance of the individual or information derived from the testing or examination of a body part or bodily substance of the individual; (d) is collected in the course of providing health services to the individual; or (e) is collected incidentally to the provision of health services to the individual.
(b) Privacy Commissioner means the Privacy Commissioner of the appropriate jurisdiction.
Section 2. Obligations and Activities of Business Associate.
(a) Business Associate agrees to not use or further disclose PHI other than as permitted or required by this Agreement, the Terms of Service, or as permitted or Required by Law.
(b) Business Associate agrees to use appropriate safeguards to prevent use or disclosure of the PHI other than as provided for by this Agreement.
(c) In accordance with the Privacy Standards, Business Associate shall implement Administrative, Physical and Technical Safeguards that reasonably and appropriately protect the confidentiality, integrity and availability of ePHI that it creates, receives, maintains or transmits on behalf of the Covered Entity. Specifically, Business Associate shall comply with the Security Standards.
(d) Business Associate agrees to report to Covered Entity any use or disclosure of PHI not provided for by this Agreement of which Business Associate becomes aware. Additionally, Business Associate shall report to Covered Entity any Security Incident resulting in an unauthorized use or disclosure of ePHI of which Business Associate becomes aware within twenty (20) business days. The parties acknowledge and agree that this Section 2(d) constitutes notice by Business Associate to Covered Entity of the ongoing existence and occurrence or attempts of Unsuccessful Security Incidents for which no additional notice to Covered Entity shall be required. “Unsuccessful Security
Incidents” means, without limitation, pings and other broadcast attacks on Business Associate’s firewall, port scans, unsuccessful log-on attempts, denial of service attacks, and any other incident that does not result in unauthorized access, use or disclosure of PHI.
(e) Business Associate agrees to notify Covered Entity of any Breach of Unsecured Protected Health Information without unreasonable delay, but no later than twenty (20) business days after the date Business Associate learns of the Breach. Business Associate shall provide such information to Covered Entity as required by the Privacy Standards.
(f) Business Associate will enter into a written agreement with any agent or Subcontractor that creates, receives, maintains or transmits PHI on behalf of Business Associate for Services provided to Covered Entity, that requires the Subcontractor to agree to restrictions and conditions on the use and disclosure of PHI that are no less restrictive than those that apply through this Agreement to Business Associate with respect to such PHI.
(g) Business Associate will cooperate with Covered Entity’s efforts to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of PHI by Business Associate in violation of the requirements of this Agreement.
(h) To the extent Business Associate maintains any PHI in a Designated Record Set, upon the written request of Covered Entity, within twenty (20) business days, Business Associate agrees to provide Covered Entity with access to PHI in a human readable format. If Business Associate provides copies or summaries of PHI to an Individual it may impose a reasonable, cost-based fee.
(i) Business Associate agrees to make internal practices, books, and records, including policies and procedures and PHI relating to the use and disclosure of PHI created or received by Business Associate on behalf of Covered Entity available, at the request of the Covered Entity, to the Privacy Commissioner, for purposes of determining Covered Entity’s compliance with the Privacy Standards, subject to any applicable privileges.
(j) Business Associate agrees to document those disclosures of PHI, and information related to such disclosures, as required to respond to a request by an Individual for an accounting of disclosures of PHI. Business Associate further agrees to provide Covered Entity such information within twenty (20) business days of its written request to permit Covered Entity to respond to a request by an Individual for an accounting of disclosures of PHI.
(k) Business Associate acknowledges that in using, disclosing and requesting PHI, it shall comply with the minimum necessary requirements of the Privacy Standards.
Section 3. Permitted Uses and Disclosures of PHI by Business Associate.
(a) Business Associate may use or disclose PHI to perform functions, activities, or Services for, or on behalf of, Covered Entity pursuant to the Terms of Service, provided that such use or disclosure does not violate the Privacy Standards.
(b) Business Associate may use PHI for the proper management and administration of Business Associate or to carry out the legal responsibilities of Business Associate. Business Associate may disclose PHI for the proper management and administration of Business Associate or to carry out its legal responsibilities, provided that such disclosures are (i) Required by Law, or (ii) Business Associate obtains reasonable assurances from the person to whom the information is disclosed that it will remain confidential and used or further disclosed only as Required by Law or for the purpose for which it was disclosed to the person, and the person agrees to notify Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached. All disclosures will be made in accordance with Privacy Standards.
(c) Business Associate may use and disclose Protected Health Information to provide Data Aggregation services related to the health care operations of Covered Entity.
(d) Business Associate may use Protected Health Information to de-identify information or create a Limited Data Set in accordance with the Privacy Standards.
(e) Business Associate may use or disclose Protected Health Information in accordance with an authorization that meets the requirements of the Privacy Standards.
(f) Business Associate may use or disclose Protected Health Information to healthcare providers and Covered Entities as permitted by the Privacy Standards.
(g) Business Associate may use or disclose Protected Health Information to report violations of law to appropriate federal and state authorities consistent with the Privacy Standards.
Section 4. Term and Termination.
(a) Term. The provisions of this Agreement shall commence on the Effective Date and shall terminate upon termination of the Services except as provided in Section 4(c).
(b) Termination for Cause. Without limiting the termination rights of the parties pursuant to this Agreement and upon Covered Entity’s knowledge of a material breach of this Agreement by Business Associate, Covered Entity shall provide a reasonable opportunity of not less than thirty (30) business days for Business Associate to cure the breach or end the violation and, if Business Associate does not cure the breach or end the violation within the time specified by Covered Entity, terminate this Agreement.
(c) Effect of Termination.
(1) Except as provided in paragraph (2) of this section, upon termination of the Services for any reason, Business Associate shall return or destroy all PHI received or created by Business Associate on behalf of Covered Entity. This provision shall apply to PHI that is in the possession of Subcontractors of Business Associate.
(2) If Business Associate determines that returning or destroying the PHI is infeasible, Business Associate shall extend the protections of this Agreement to such PHI and limit further uses and disclosures of such PHI to those purposes that make the return or destruction infeasible, for so long as Business Associate maintains such PHI.
Section 5. Changes to PHI Authorizations. Covered Entity will notify Business Associate fifteen (15) days, if practicable, prior to the effective date of (1) any limitation(s) in its notice of privacy practices in accordance with the Privacy Standards, (2) any changes in, or revocation of, permission by an Individual to use or disclose PHI, or (3) any restriction to the use or disclosure of PHI that Covered Entity has agreed to in accordance with the Privacy Standards. Covered Entity will make such notification to the extent that such limitation, restriction, or change may affect Business Associate’s use or disclosure of PHI.
Section 6. Notices. Any notices or communications to be given pursuant to this Agreement shall be made, in the case of Covered Entity, to the individual noted in Covered Entity contact appearing in your account set up information and if made to Business Associate, to the address given below:
If to business associate to:
OkRx Privacy Officer, 2360 Bristol Circle, Oakville, Ontario L6H 6M5 Email: [email protected]
Section 7. Miscellaneous
(b) Amendment. This Agreement may be amended from time to time to ensure compliance with the requirements of the Privacy Standards and any other applicable law or regulation.
(c) Waiver; Severability. No failure or delay on the part of either Party in exercising any right under this Agreement will operate as a waiver of, or impair, any such right. No waiver of any such right will have effect unless given in a written document signed by the Party waiving such right. If any part of this Agreement is held to be void or unenforceable, such part will be treated as severable, leaving valid the remainder of this Agreement.
(d) Integration; Interpretation. This Agreement supersedes and replaces any and all previous Personal Information Protection Agreements between the parties. Any ambiguity in this Agreement shall be resolved to permit the parties to comply with the Privacy Standards. In the event of any inconsistency or conflict between this Agreement and the Terms of Service, the terms and conditions of this Agreement shall govern and control.
(e) No Third-Party Beneficiary. Nothing express or implied in this Agreement or in the Terms of Service is intended to confer, nor shall anything herein confer, upon any person other than the parties and the respective successors or assigns of the parties, any rights, remedies, obligations, or liabilities whatsoever.
(f) Survival. The respective rights and obligations of Business Associate under Section 4(c) of this Agreement shall survive the termination of this Agreement for so long as Business Associate retains any PHI.
(g) Interpretation. Any ambiguity in this Agreement shall be resolved to permit the parties to comply with the Privacy Standards. In the event of any inconsistency or conflict between this Agreement and the Terms of Service, the terms and conditions of this Agreement shall govern and control.
(h) Governing Law. This Agreement shall be governed by and construed in accordance with the same internal laws as that of the Terms of Service.
(i) Modifications. Business Associate shall not be bound by any edits or modifications to this Agreement made by Covered Entity unless Business Associate expressly agrees in writing to any such edits or modifications.
How We Communicate With You
Last Modified: 2021 May 01
To help you process prior authorization (PA) requests, we need to send you communication via fax, or email, or both. We may also send promotional information on features and benefits available to OkRx users.
By clicking the Communication Policy check box, you represent that you are authorized to give this consent on behalf of your company, practice, or organization and that your company, practice, or organization agrees OkRx and its partners may send your company, practice, or organization information via fax regarding PA requests to the fax number(s) and/ or email address(es) you provided when you registered as a OkRx user. You also agree to receive marketing email and faxes and autodialed marketing calls and text messages from or on behalf of OkRx related to promotional information on items that may be of interest to you or your company, practice, or organization at the email address(es), fax numbers(s) and telephone number(s) you provide in connection with the use of the OkRx Services. You acknowledge that consent is not a condition of use of the OkRx services made generally available through OkRx’s website.
You may revoke this consent at any time by placing a call to 1-888-679-9990 or sending a toll-free fax to 1-(888) 610-1307 identifying the number you would like us to remove. Your revocation of consent will only be valid if it contains the telephone number(s) of the facsimile machines you do not want us to send faxes to, you do not subsequent to making the request expressly provide us in writing or otherwise with permission to send you faxes, and you send or make the request to the telephone number or fax number listed above. Our failure to comply with your request within the shortest reasonable time from the date of your request.