Terms & Conditions

OkRx USER Agreement

OkRx Terms of Service / Privacy Notice

Last Modified: November 18, 2022.

Your use of OkRx.ca OkRx.ca (this “Website”), and the services described herein, including any related and ancillary services provided by OkRx, and any updates, new features and enhancements to these services (collectively, “Services”), is governed by the terms and conditions below, the OkRx Privacy Policy and the Personal Information Protection Agreement. These three documents constitute a legally binding agreement between you and OkRx’s parent company Leven Systems Inc. (“OkRx”, “we” or “us”).

In order to use the Services, you must be a

Canadian licensed health care provider with the intent to prescribe or dispense a prescription, an employee of such a licensed health care provider, or
Canadian patient support program employee, or agent provided with access to the Services by OkRx. If you are an employee of an organization, you represent that you are authorized to agree to these Terms of Service on behalf of the organization.
An employee of a Canadian insurer

No other person or entity, including any consulting company, other reimbursement support service provider, or pharmaceutical company, is permitted to agree to these Terms of Service or to access the Services through these Terms of Service.

Notwithstanding the foregoing, pharmaceutical sales representatives may create a user account solely for Demonstration Purposes (as defined below), provided that such representatives identify themselves accordingly during account set up. For the purposes of these Terms of Service, “Demonstration Purpose” means use for the purpose of educating the individual sales representative with respect to the functionality of the OkRx Services. Any user in violation of this provision is subject to immediate account termination as set forth in the Website Administration section below.

By clicking the “SIGN UP” or similar button on the Create Your Account screen, you agree that you have read, understand, and agree to be bound by these Terms of Service. If you do not agree with any of these Terms of Service, do not use the Services.

OkRx, is an operating name used by Leven Systems Inc. (“Leven”). Leven, located at 2360 Bristol Circle, Oakville, Ontario L6H 6M5, is a limited liability company organized under the laws of the Province of Ontario. Reference to OkRx herein includes any subsidiaries of Leven involved with providing the Services offered by Leven. The servers that host this Website are located in Canada, and any Protected Health Information, provided to us will be processed in Canada.

WHAT ARE THE SERVICES?

OkRx offers various Services, including, but not limited to, the patient journey, prior authorizations, program enrollment, financial assistance and connections to services providers, including follow up communications, benefit verification and investigation, patient financial assistance, prescription management and follow up communications to patients regarding patient enrollments, and hub services.

OkRx may establish business relationships with certain economic sponsors, such as pharmaceutical manufacturers and payors, to facilitate the Services and may share protected health information pursuant to a valid consent that complies with relevant federal and provincial privacy laws to support certain program drugs prescribed to the patient.

WHAT ARE YOUR OBLIGATIONS WHEN USING OKRX?

Use of the Services constitutes a representation and warranty that all consents and authorizations required to provide PHI, including genetic information such as genetic test results, to OkRx, and for OkRx to use and disclose the PHI, including genetic information such as genetic test results, to provide its Services and as otherwise provided herein or in the Personal Information Protection Agreement, have been obtained. In addition, you represent and warrant that you have provided all notices necessary to comply with applicable federal and state laws and regulations relating in any way to medical privacy, or health privacy, or both including, but not limited to a notice of privacy practices.

You must provide current, complete, and accurate information when you create an account to use our Services. You understand that we may collect information such as your name, physical address, email, telephone number, fax number, organization name, job title, and College number when you sign up as a user. Although OkRx disclaims any legal duty to verify the accuracy of any data that you provide to us when creating an account, if OkRx believes that any information you provide is not current, complete, and accurate, we have the right to refuse access to the Website or any of our Services, and to terminate or suspend your account. You are entirely responsible for maintaining the confidentiality of your password and account as well as for any and all activities that occur by use of your account. You agree to immediately notify OkRx of any unauthorized use of your account or any other breach of security related to your account. OkRx will not be liable for any loss that you may incur as a result of someone else using your password or account with or without your knowledge. However, you could be held liable for losses incurred by OkRx or another party as a result of someone else using your account or password. You may not use anyone else’s account or allow anyone else to use your account at any time.

If you are creating an account as an employee of a health care provider, you understand and agree that your account is specific to that health care provider and therefore, if your employment with that health care provider ends or is terminated for any reason, you are no longer permitted to access our Services through that account, and must immediately notify OkRx at [email protected] so we may disable that account. You may update your user profile information or disable your user account at any time by visiting the “Settings” tab after login in, or by sending a request via email to [email protected] with the words “UPDATE MY INFORMATION” in the subject line. If you withdraw consent, or disable your account, the business relationship created when you registered and agreed to the Terms of Service is terminated.

Any user can disable his or her user account at any time. Disabling your user account will render your account inaccessible; however, our system is required to maintain a record of user accounts and the contents of each for audit purposes, and we may maintain backup copies of all information for legal and compliance purposes. Other healthcare providers may rely on Protected Health Information previously submitted while you were an active user after you disable your account.

PA forms, other forms, and services made available to users are configured to collect only the minimum necessary amount of information that the payer organization, regulatory entity or other type of organization which created the form requested.. Other healthcare providers will receive and use PHI a user submits in order to facilitate the provision of Services to the user.

DOES OKRX OFFER MEDICAL ADVICE?

OkRx does not offer medical advice, does not determine medical necessity, insurance coverage or copays and does not otherwise engage in the practice of medicine. The content accessed through the Website is for informational purposes only, and is not intended to address every possible use, direction, precaution, drug interaction, or adverse effect. OkRx is not a substitute for a health care providers’ professional medical judgment, or for individual patient assessments and examinations. The content of this Website should not be used during a medical emergency or for the diagnosis or treatment of any medical condition. Reliance on any of the information provided by OkRx or provided on or by the Website is solely at the user’s and the health care provider’s own risk. OkRx does not recommend or endorse any specific products, services, physicians, tests, procedures, opinions, or other information that may be available on this Website.

While we attempt to ensure that the information available through our Website is as complete and accurate as possible, we make no warranties that it is correct, complete, or current. Further, some information available through the Website is entered by other health care providers or their staff. OkRx does not review this content for completeness or accuracy or screen it in any way. You acknowledge and agree that OkRx is not responsible for the content of any materials or information posted to or otherwise available on the Website, whether provided by OkRx, you, or another user. Any reliance on such materials is at your own risk

OWNERSHIP

OkRx’s parent company, Leven, and its licensors, if any, own all proprietary rights to the Website and Services, including without limitation all text, images, data, information, and other content (collectively, “OkRx Content”), and all intellectual property rights therein, displayed, available, or appearing on the Website. The software coding and the look and feel of the Service provided by Leven are copyrighted by, and the property of, Leven, and all rights are reserved by Leven. You should assume that everything you see on this Website is copyrighted, unless otherwise noted, and may not be used without permission, except as otherwise provided in these Terms of Service. You may not duplicate, copy, or reuse any portion of the HTML/CSS, JavaScript, visual design elements, or concepts without express written permission from Leven. Any reproduction, redistribution, retransmission, or display of the OkRx Content available on the Website, or any portion of such OkRx Content, not in accordance with these Terms of Service is expressly prohibited.

OkRx uses certain documents from other companies, including but not limited to forms provided by insurers, other payors, Patient Support Program, pharmacies or their business partners. Copyright of these documents is retained by their respective owners, and OkRx claims no ownership of such material. OkRx uses such material under fair-use provisions of copyright law or by written consent of the owner.

Provided you are not in default of any of your obligations hereunder, OkRx gives you a limited, revocable, non-assignable, and non-exclusive license to use the Website and the Services within Canada in accordance with these Terms of Service. You agree not to infringe upon any intellectual property rights or remove or modify related proprietary notices contained in this Website.

USER CONTENT

When you create, transmit, or display information while using the Website, you may only provide information that you own or have the right and legal authority to use and disclose. Except for PHI, which is governed by the Personal Information Protection Agreement, any content or information that you submit to this Website or to OkRx (“User Content”), such as user tips and tricks, or requests for new features, will be deemed to be non-confidential and may be disclosed through this Website f You agree that OkRx will have, and hereby grant to OkRx, a worldwide, royalty-free, perpetual, irrevocable, sub-licensable, non-exclusive right and license to use, translate, reproduce, sell, publish, distribute, modify, adapt, display, perform, promote, and link to,any User Content. OkRx does not endorse any User Content that may appear on this Website. Nothing in these Terms of Service will obligate OkRx to use any User Content or permit the posting of such User Content on this Website.

COMPLIANCE COPYRIGHT ACTS

OkRx respects the rights of all copyright holders and in this regard, we have adopted and implemented a policy that provides for the termination, in appropriate circumstances, of access to this Website by users who infringe upon the rights of copyright holders. If you believe that your work has been copied in a way that constitutes copyright infringement, please provide our Copyright Agent with the following information:

A physical or electronic signature of a person authorized to act on behalf of the owner of an exclusive right that is allegedly infringed;
Identification of the copyrighted work claimed to have been infringed, or, if multiple copyrighted works are covered by a single notification, a representative list of such works;
Identification of the copyrighted content that is claimed to be infringing or to be the subject of infringing activity and that is to be removed or access to which is to be disabled, and the information reasonably sufficient to permit OkRx to locate the copyrighted content;
Information reasonably sufficient to permit OkRx to contact the complaining party;
A statement that the complaining party has a good faith belief that the use of the copyrighted content in the manner complained of is not authorized by the copyright owner, its agent, or the law;
A statement that the information in the notification is accurate, and under penalty of perjury, that the complaining party is authorized to act on behalf of the owner of an exclusive right that is allegedly infringed.

For copyright inquires, please contact OkRx at:

Email: [email protected]
OkRx 2360 Bristol Circle, Oakville, Ontario L6H 6M5

AUTHORIZED AND PROHIBITED USES

Your use of the OkRx Services will comply with all applicable laws, regulations and ordinances, including, but not limited to, those pertaining to privacy, intellectual property, the export of data or software, coding, billing, payment, and any signature requirements for submitting forms.

You may not access the OkRx Services outside of the interfaces we provide, nor may you interfere with or disrupt the proper operation of our Services. You will only submit User Content and material that is functionally and technically compatible with this Website. You will not engage in any conduct or submit to this Website any content or other material that is illegal, inaccurate, misleading, misappropriated, dilutive, defamatory, obscene, offensive, or otherwise objectionable, or submit any promotional (for advertising or marketing purposes) content or material (collectively “Wrongful Use”). You will not attempt to and will not damage, corrupt, tamper with or infect this Website or any information or telecommunication system of OkRx with a virus or other malicious computer program. You expressly agree that you will not reverse engineer, disassemble, or decompile any software code or proprietary elements of the Website or OkRx’s Services.

Use of this Website is provided for the permitted purposes stated in these Terms of Service, and Wrongful Use is precluded with respect to this Website. Without limiting the generality of

the foregoing, you agree that you will not undertake any activity which may adversely affect the use of this Website by any person. You are prohibited from using any of our Services to compromise security or tamper with system resources, or accounts, or both. The use or distribution of tools designed for compromising security (e.g., password guessing programs, cracking tools, or network probing tools) is strictly prohibited. Integrating with, automating, “spidering,” or “scraping” are all prohibited, in violation of OkRx’s Terms of Service, and may be illegal. Only human users using the Website manually are permitted. If you become involved in any violation of system security, OkRx reserves the right to release your details to system administrators at other sites and law enforcement authorities in order to assist them in resolving security incidents.

Referencing the OkRx.ca Website in an “iframe” or otherwise making it appear that the Website is part of a third-party site is prohibited. We do, however, encourage linking to the Website. All such links must be direct links to the top page of the Website (OkRx.ca) without framing. If OkRx detects, and determines at its sole discretion, inappropriate linking practices, we may require removal or modification of the link, as well as compliance with any and all requirements of OkRx relating thereto.

Third parties that provide financial support to OkRx programs may be permitted to use and access certain aspects of our Services. This includes health care provider information contained in the Website, for performance evaluation of our programs and the third party’s business impact, provided that such use of the Services is consistent with these Terms of Service and all applicable laws and regulations. For more information, please contact [email protected].

You represent and warrant that you will not distribute or resell any OkRx Services.

WRONGFUL USE

It is our policy not to tolerate any acts of intellectual property infringement or violations of federal or provincial law. If we become aware of any Wrongful Use, we will, in good faith, use our reasonable efforts to remove, disable, or restrict access to the availability of User Content on the Website that, in our sole discretion, constitutes Wrongful Use, whether or not such material is constitutionally protected. This provision does not impose upon OkRx any contractual obligation to undertake, or refrain from undertaking, any particular course of conduct, or to monitor the Website.

If you believe that someone has violated this policy, we ask you to promptly notify us by email at [email protected] and provide as detailed a description of the alleged violation as possible. Use of this email address will ensure that the complaint is received by the appropriate party who is responsible for investigating alleged violations of this policy.

WEBSITE ADMINISTRATION

We reserve the right to deny access to any user at any time for any reason. OkRx may limit, modify, suspend, or terminate your use of this Website at any time without liability or prior notice, and may suspend or terminate your use of our Services if you fail to comply with these Terms of Service. THIS SUSPENSION OR TERMINATION MAY DELETE YOUR ACCOUNT,

INFORMATION, FILES, AND OTHER PREVIOUSLY AVAILABLE CONTENT, AND OKRX SHALL HAVE NO RESPONSIBILITY TO BACKUP OR PRESERVE ANY SUCH MATERIALS OR DATA.

MODIFICATIONS TO THE TERMS OF SERVICE

These Terms of Service are subject to change from time to time and will be effective upon posting. Notices of updates or changes may be provided to you through your use of this Website and the Services. The most current Terms of Service will always be available at www.OkRx.ca If you do not agree to the modified Terms of Service, you should delete your account with us. For information on how to do so, contact us at [email protected].

WHAT ABOUT INDEMNIFICATION?

You agree to indemnify, defend, and hold harmless OkRx and its affiliates, officers, directors, employees, contractors, and licensors from any demands, claims, damages, liabilities, expenses, or harms (including attorneys’ fees) arising out of or related to your use of our Services or breach of these Terms of Service. You will not settle any indemnified claim without our written consent.

DOES OKRX WARRANT ITS SERVICE?

YOU UNDERSTAND AND AGREE THAT OUR SERVICE IS AVAILABLE SOLELY ON AN “AS IS” AND “AS AVAILABLE” BASIS. NEITHER OKRX NOR ANY OF OKRX’S LICENSORS MAKE ANY EXPRESS WARRANTIES, AND EACH OF THEM DISCLAIMS ALL IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, IMPLIED WARRANTIES OF ACCURACY, MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, NON-INFRINGEMENT, RESULTS, COMPLETENESS, ACCESSIBILITY, COMPATIBILITY, SECURITY, AND FREEDOM FROM COMPUTER VIRUS. WITHOUT LIMITING THE GENERALITY OF THE FOREGOING, NEITHER OKRX NOR ANY OF OKRX’S LICENSORS MAKE ANY WARRANTY THAT THE CONTENT OF THE WEBSITE SATISFIES GOVERNMENT REGULATIONS REQUIRING DISCLOSURE OF INFORMATION ON PRESCRIPTION DRUG PRODUCTS. IN NO EVENT SHALL OKRX BE LIABLE FOR ANY LOSS OR DAMAGE, DELAY IN PERFORMANCE, OR NONPERFORMANCE CAUSED BY EQUIPMENT MALFUNCTION OR BREAKDOWN, NETWORK OR PIPELINE DISRUPTION, SEVERE WEATHER CONDITIONS, INFORMATION UNAVAILABILITY, STRIKES OR OTHER LABOR DISPUTES, RIOTS, FIRE, INSURRECTION, WAR, FAILURE OF CARRIERS, ACCIDENTS, ACTS OF GOD, OR ANY OTHER CAUSES BEYOND OKRX’S REASONABLE CONTROL. IF ANY APPLICABLE LAW DOES NOT ALLOW THE EXCLUSION OF SOME OR ALL OF THE ABOVE IMPLIED WARRANTIES TO APPLY TO YOU, THE ABOVE EXCLUSIONS WILL APPLY TO YOU TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW.

It is intended that only Canadian residents use our Services on a computer located in Canada. Accordingly, any use of our Services by anyone other than Canadian residents, or use of our Services on a computer located outside of Canada, is strictly prohibited and constitutes a breach of the Terms of Service. NEITHER OKRX NOR ANY OF OKRX’S LICENSORS MAKE ANY REPRESENTATION CONCERNING THIS WEBSITE, THE SERVICES, OR ANY CONTENT WHEN USED IN ANY OTHER COUNTRY. No software may be downloaded or otherwise exported into any countries that are subject to Canadian export/import control restrictions or other federal or provincial restrictions.

WHAT ARE THE LIMITS ON LIABILITY?

IF YOU ARE DISSATISFIED WITH OUR SERVICES OR ANY OF OKRX’S TERMS, CONDITIONS, RULES, POLICIES, GUIDELINES, OR PRACTICES, OR OTHERWISE HAVE A DISPUTE WITH OKRX, YOUR SOLE AND EXCLUSIVE REMEDY IS TO TERMINATE THIS AGREEMENT AND DISCONTINUE USE OF OUR SERVICES. WITHOUT LIMITING THE GENERALITY OF THE FOREGOING, NEITHER OKRX NOR ANY OF ITS LICENSORS MAY BE HELD LIABLE UNDER THIS AGREEMENT FOR ANY INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, OR EXEMPLARY DAMAGES ARISING FROM YOUR USE OF OUR SERVICES OR THIS WEBSITE, OR FOR ANY OTHER CLAIM RELATED IN ANY WAY TO YOUR USE OF OUR SERVICES OR REGISTRATION ON OUR WEBSITE, EVEN IF WE KNOW OR SHOULD KNOW THAT OTHER DAMAGES ARE POSSIBLE OR THAT DIRECT DAMAGES ARE NOT A SATISFACTORY REMEDY. THE LIMITATIONS IN THIS SECTION APPLY ONLY TO THE EXTENT THEY ARE LAWFUL IN YOUR JURISDICTION. NEITHER YOU NOR OKRX OR ANY OF ITS LICENSORS MAY BE HELD LIABLE UNDER THIS AGREEMENT FOR MORE THAN $1,000; PROVIDED, HOWEVER, THAT THE LIMITATIONS OF LIABILITY DESCRIBED ABOVE DO NOT APPLY TO BREACHES OF INTELLECTUAL PROPERTY PROVISIONS OR INDEMNIFICATION OBLIGATIONS DESCRIBED IN THESE TERMS OF SERVICE.

WHAT ARE THE GENERAL LEGAL TERMS?

These Terms of Service, including the Personal Information Protection Agreement, constitute the entire agreement between you and OkRx relating to the Website and OkRx’s Services. If there is any conflict between these Terms of Service and a signed written agreement between your company, practice, or organization and OkRx, the signed written agreement will control. Failure to enforce any provision will not constitute a waiver of that provision. If any provision is found unenforceable, it and any related provisions will be interpreted to best accomplish the unenforceable provision’s essential purpose. The headings contained in these Terms of Service are for convenience of reference only and will not affect or alter the meaning or effect of any provision hereof.

OkRx has no obligation to become involved in any dispute between a user of our Services and any other person. Our Services and these Terms of Service will be governed by and construed in accordance with the laws of the Province of Ontario. The exclusive venue for any dispute arising under or relating to this Agreement or our Services is Toronto, Ontario, and the Parties consent to the exclusive personal jurisdiction of provincial and federal courts located in Toronto. Nothing in these Terms of Service limits either party’s ability to seek equitable relief.

HOW CAN I ASK QUESTIONS OR CONTACT OKRX?

We are happy to address questions about our Terms of Service or this Website. Please send your questions to [email protected]. Alternatively, you may write to us at:

Privacy Matters OkRx, 2360 Bristol Circle, Oakville, Ontario L6H6M5

OkRx Personal Information Protection Agreement

Last Modified: November 22, 2022.

THIS PERSONAL INFORMATION PROTECTION AGREEMENT (the “Agreement”) is entered into between you (“User”) and Leven Systems Inc o/a OkRx, an Ontario Corporation (“OkRx”) , and is effective as of the date that you create an OkRx user account (the “Effective Date” ).

WHEREAS, for the purpose of this agreement,

“Privacy Standards” shall mean (i) the federal Personal Information Protection and Electronic Documents Act (PIPEDA), the provincial Personal Information Protection Acts in place in Alberta and British Columbia as well as An Act respecting the protection of personal information in the private sector (Québec), (ii) the E-Health (Personal Health Information Access and Protection of Privacy)Act in British Columbia, the Health Information Act in Alberta, the Personal Health Information Act in Manitoba, the Personal Health Information Protection Act, 2004 in Ontario, the Personal Health Information Privacy and Access Act in New Brunswick, the Personal Health Information Act in Newfoundland and Labrador, and the Personal Health Information Act in Nova Scotia (iii) the Canada Anti-Spam Act Legislation (CASL).

“Security Standards” shall mean “Breach of Security Safeguards Regulations” SOR/2019-64 Personal Information Protection and Electronic Documents Act

“Breach Notification Standards” , shall mean “Breaches of Security Safeguards “ Section 10.1 of the Personal Information Protection and Electronic Documents Act and any relevant section from other laws/regulations of the relevant “Privacy Standards”

WHEREAS , in conformity with the Privacy Standards, OkRx has and/or will have access to, create and/or receive certain Protected Health Information (“PHI”) to perform its Services as provided under the Terms of Service entered into by and between User and OkRx (the “Terms of Service” ).

WHEREAS , User is required by the Privacy Standards to obtain satisfactory assurances that OkRx will appropriately safeguard all PHI disclosed by or created or received by OkRx on behalf of User.

WHEREAS , the parties hereto desire to enter into this Agreement to memorialize their obligations with respect to PHI pursuant to the requirements of the Privacy Standards.

NOW, THEREFORE , User and OkRx agree as follows:

Section 1. Definitions. Except as otherwise specified herein, capitalized terms used but not defined in this Agreement shall have the same meaning as those terms as defined in the Terms of Service or the relevant “Privacy Standards”

(a) Personal Health Information (“PHI”) means identifying information about an individual, whether living or deceased, and in both recorded and unrecorded forms, and including information that (a) relates to the physical or mental health of an individual, including information that consists of the health history of the individual’s family; (b) concerns any health service provided to the individual; (c) concerns the donation by the individual of any body part or any bodily substance of the individual or information derived from the testing or examination of a body part or bodily substance of the individual; (d) is collected in the course of providing health services to the individual; or (e) is collected incidentally to the provision of health services to the individual.

(b) Privacy Commissioner means the Privacy Commissioner of the appropriate jurisdiction.

Section 2. Obligations and Activities of OkRx.

(a) OkRx agrees to not use or further disclose PHI other than as permitted or required by this Agreement, the Terms of Service, or as permitted or Required by Law.

(b) OkRx agrees to use appropriate safeguards to prevent use or disclosure of the PHI other than as provided for by this Agreement.

(c) In accordance with the Privacy Standards, OkRx shall implement Administrative, Physical and Technical Safeguards that reasonably and appropriately protect the confidentiality, integrity and availability of ePHI that it creates, receives, maintains or transmits on behalf of the User. Specifically, OkRx shall comply with the Security Standards.

(d) OkRx agrees to report to User any use or disclosure of PHI not provided for by this Agreement of which OkRx becomes aware. Additionally, OkRx shall report to User any Security Incident resulting in an unauthorized use or disclosure of ePHI of which OkRx becomes aware within twenty (20) business days. The parties acknowledge and agree that this Section 2(d) constitutes notice by OkRx to User of the ongoing existence and occurrence or attempts of Unsuccessful Security Incidents for which no additional notice to User shall be required. “Unsuccessful Security Incidents” means, without limitation, pings and other broadcast attacks on OkRx’s firewall, port scans, unsuccessful log-on attempts, denial of service attacks, and any other incident that does not result in unauthorized access, use or disclosure of PHI.

(e) OkRx agrees to notify User of any Breach of Unsecured Protected Health Information without unreasonable delay, but no later than twenty (20) business days after the date OkRx learns of the Breach. OkRx shall provide such information to User as required by the Privacy Standards.

(f) OkRx will enter into a written agreement with any agent or Subcontractor that creates, receives, maintains or transmits PHI on behalf of OkRx for Services provided to User, that requires the Subcontractor to agree to restrictions and conditions on the use and disclosure of PHI that are no less restrictive than those that apply through this Agreement to OkRx with respect to such PHI.

(g) OkRx will cooperate with User’s efforts to mitigate, to the extent practicable, any harmful effect that is known to OkRx of a use or disclosure of PHI by OkRx in violation of the requirements of this Agreement.

(h) To the extent OkRx maintains any PHI in a Designated Record Set, upon the written request of User, within twenty (20) business days, OkRx agrees to provide User with access to PHI in a human readable format. If OkRx provides copies or summaries of PHI to an Individual it may impose a reasonable, cost-based fee.

(i) OkRx agrees to make internal practices, books, and records, including policies and procedures and PHI relating to the use and disclosure of PHI created or received by OkRx on behalf of User available, at the request of the User, to the Privacy Commissioner, for purposes of determining User’s compliance with the Privacy Standards, subject to any applicable privileges.

(j) OkRx agrees to document those disclosures of PHI, and information related to such disclosures, as required to respond to a request by an Individual for an accounting of disclosures of PHI. OkRx further agrees to provide User such information within twenty (20) business days of its written request to permit User to respond to a request by an Individual for an accounting of disclosures of PHI.

(k) OkRx acknowledges that in using, disclosing and requesting PHI, it shall comply with the minimum necessary requirements of the Privacy Standards.

Section 3. Permitted Uses and Disclosures of PHI by OkRx.

(a) OkRx may use or disclose PHI to perform functions, activities, or Services for, or on behalf of, User pursuant to the Terms of Service, provided that such use or disclosure does not violate the Privacy Standards.

(b) OkRx may use PHI for the proper management and administration of OkRx or to carry out the legal responsibilities of OkRx. OkRx may disclose PHI for the proper management and administration of OkRx or to carry out its legal responsibilities, provided that such disclosures are (i) Required by Law, or (ii) OkRx obtains reasonable assurances from the person to whom the information is disclosed that it will remain confidential and used or further disclosed only as Required by Law or for the purpose for which it was disclosed to the person, and the person agrees to notify OkRx of any instances of which it is aware in which the confidentiality of the information has been breached. All disclosures will be made in accordance with Privacy Standards.

(c) OkRx may use and disclose Protected Health Information to provide Data Aggregation services related to the health care operations of User.

(d) OkRx may use Protected Health Information to de-identify information or create a Limited Data Set in accordance with the Privacy Standards.

(e) OkRx may use or disclose Protected Health Information in accordance with an authorization that meets the requirements of the Privacy Standards.

(f) OkRx may use or disclose Protected Health Information to healthcare providers and Covered Entities as permitted by the Privacy Standards.

(g) OkRx may use or disclose Protected Health Information to report violations of law to appropriate federal and state authorities consistent with the Privacy Standards.

Section 4. Term and Termination.

(a) Term. The provisions of this Agreement shall commence on the Effective Date and shall terminate upon termination of the Services except as provided in Section 4(c).

(b) Termination for Cause. Without limiting the termination rights of the parties pursuant to this Agreement and upon User’s knowledge of a material breach of this Agreement by OkRx, User shall provide a reasonable opportunity of not less than thirty (30) business days for OkRx to cure the breach or end the violation and, if OkRx does not cure the breach or end the violation within the time specified by User, terminate this Agreement.

(1) Except as provided in paragraph (2) of this section, upon termination of the Services for any reason, OkRx shall return or destroy all PHI received or created by OkRx on behalf of User. This provision shall apply to PHI that is in the possession of Subcontractors of OkRx.

(2) If OkRx determines that returning or destroying the PHI is infeasible, OkRx shall extend the protections of this Agreement to such PHI and limit further uses and disclosures of such PHI to

those purposes that make the return or destruction infeasible, for so long as OkRx maintains such PHI.

Section 5. Changes to PHI Authorizations. User will notify OkRx fifteen (15) days, if practicable, prior to the effective date of (1) any limitation(s) in its notice of privacy practices in accordance with the Privacy Standards, (2) any changes in, or revocation of, permission by an Individual to use or disclose PHI, or (3) any restriction to the use or disclosure of PHI that User has agreed to in accordance with the Privacy Standards. User will make such notification to the extent that such limitation, restriction, or change may affect OkRx’s use or disclosure of PHI.

Section 6. Notices. Any notices or communications to be given pursuant to this Agreement shall be made, in the case of User, to the individual noted in User contact appearing in your account set up information and if made to OkRx, to the address given below:

If to OkRx to:

OkRx Privacy Officer, 2360 Bristol Circle, Oakville, Ontario L6H 6M5 Email: [email protected]

Section 7. Miscellaneous

(a) OMITTED

(b) Amendment. This Agreement may be amended from time to time to ensure compliance with the requirements of the Privacy Standards and any other applicable law or regulation.

(c) Waiver; Severability. No failure or delay on the part of either Party in exercising any right under this Agreement will operate as a waiver of, or impair, any such right. No waiver of any such right will have effect unless given in a written document signed by the Party waiving such right. If any part of this Agreement is held to be void or unenforceable, such part will be treated as severable, leaving valid the remainder of this Agreement.

(d) Integration; Interpretation. This Agreement supersedes and replaces any and all previous Personal Information Protection Agreements between the parties. Any ambiguity in this Agreement shall be resolved to permit the parties to comply with the Privacy Standards. In the event of any inconsistency or conflict between this Agreement and the Terms of Service, the terms and conditions of this Agreement shall govern and control.

(e) No Third-Party Beneficiary. Nothing express or implied in this Agreement or in the Terms of Service is intended to confer, nor shall anything herein confer, upon any person other than the parties and the respective successors or assigns of the parties, any rights, remedies, obligations, or liabilities whatsoever.

(f) Survival. The respective rights and obligations of OkRx under Section 4(c) of this Agreement shall survive the termination of this Agreement for so long as OkRx retains any PHI.

(g) Interpretation. Any ambiguity in this Agreement shall be resolved to permit the parties to comply with the Privacy Standards. In the event of any inconsistency or conflict between this Agreement and the Terms of Service, the terms and conditions of this Agreement shall govern and control.

(h) Governing Law. This Agreement shall be governed by and construed in accordance with the same internal laws as that of the Terms of Service.

(i) Modifications. OkRx shall not be bound by any edits or modifications to this Agreement made by User unless OkRx expressly agrees in writing to any such edits or modifications.

How We Communicate With You

Last Modified: 2021 May 01

To help you process prior authorization (PA) requests, we need to send you communication via fax, email, or text messages. We may also send promotional information on features and benefits available to OkRx users.

By clicking the Communication Policy check box, you represent that you are authorized to give this consent on behalf of your company, practice, or organization and that your company, practice, or organization agrees OkRx and its partners may send your company, practice, or organization information via fax regarding PA requests to the fax number(s) and/ or email address(es) you provided when you registered as a OkRx user. You also agree to receive marketing email and faxes and autodialed marketing calls and text messages from or on behalf of OkRx related to promotional information on items that may be of interest to you or your company, practice, or organization at the email address(es), fax numbers(s) and telephone number(s) you provide in connection with the use of the OkRx Services. You acknowledge that consent is not a condition of use of the OkRx services made generally available through OkRx’s website.

You may revoke this consent at any time by placing a call to 1-888-679-9990 or sending a toll-free fax to 1-(888) 610-1307 identifying the number you would like us to remove. Your revocation of consent will only be valid if it contains the telephone number(s) of the facsimile machines you do not want us to send faxes to, you do not subsequent to making the request expressly provide us in writing or otherwise with permission to send you faxes, and you send or make the request to the telephone number or fax number listed above. Our failure to comply with your request within the shortest reasonable time from the date of your request.