Think Research Corporation

ONTARIO HEALTH INFORMATION NETWORK PROVIDER AGREEMENT

Click here to download a printed version copy of this agreement.

THIS AGREEMENT is made between THINK RESEARCH CORPORATION (the “Service Provider”) and ALL OTHER ORGANIZATIONS THAT HAVE SIGNED A CORRESPONDING PARTICIPANT AGREEMENT (individually an “Organization” and collectively the “Organizations”).

 

BACKGROUND:

  1. The Service Provider provides technology solutions, services and deliverables related to electronic referrals between health care providers (the “eReferrals Solution”), which will improve and streamline access to different types of health care services and other related services within various Organizations.
  2. The Organizations provide and deliver health care and other related services to Clients and are either Health Information Custodians (HIC) or Non-Health Information Custodians (Non-HIC) as self-identified in the Order Form and subsequently have agreed to the a corresponding Form of Participation set out in Schedule A or Schedule B to this Agreement (either a “ Form of Participation”).
  3. Upon signing the Order Form and agreeing to the terms of the associated Master License Agreement and Form of Participation and delivering a copy of the signed Order Form to the Service Provider, the Organization will be considered as an original party to this Agreement.
  4. All Organizations who have signed the Order Form and associated Master License Agreement and Form of Participation, together with the Service Provider itself, will be collectively known as the “Participants” for the purpose of this Agreement.
  5. The Service Provider acts as a Health Information Network Provider (“HINP”) and as an Agent, as those terms are defined under the Personal Health Information Protection Act, 2004 (Ontario) (“PHIPA”), to provide the Services (defined herein) to enable the Participants to use electronic means to disclose Client Data to one another.
  6. The Participants appoint the Service Provider as the HINP to provide electronic services to the Participants to enable the sharing of Client Data electronically with each other and as an Agent to collect, use and disclose Client Data on behalf of the Participants.
  7. FOR VALUE RECEIVED, the parties agree as follows:

ARTICLE 1 - INTERPRETATION

1.1 Definitions

1.1.1 The terms “collect”, “disclose”, “use”, “health care”, “individual”, “information practices” and “record” shall have the respective meanings ascribed thereto by PHIPA.

1.1.2 “Access Protocol” is defined in section 7.1.1.

1.1.3 “Agent” has the same meaning set out in PHIPA.

1.1.4 “Agreement” means this Agreement, and includes any amendments, supplements, schedules, exhibits or appendices attached hereto, and any duly authorized amendments hereto.

1.1.5 “Applicable Laws” means any and all applicable federal, provincial, or municipal laws, bylaws, regulations or statutes as are in existence as of the Effective Date or come into existence during the currency of this Agreement, as the same may be amended, re-enacted, consolidated and/or replaced, from time to time, and any successor to any of the foregoing.

1.1.6 “Authorized User” means any staff or personnel of a Participant who is authorized to access the eReferrals Solution.

1.1.7 “Authorized User Terms and Conditions” is defined in section 7.1.1.5.

1.1.8 “Business Day” means Monday to Friday from 9:00 a.m. to 5:00 p.m. exclusive of statutory holidays in Ontario.

1.1.9 “Client” means, in respect of any PHI, the individual to whom the information relates.

1.1.10 “Client Data” means the PHI of the Clients who are treated or serviced by the Participants.

1.1.11 “Confidential Information” means any oral, written or electronic data, including business information, personal information or personal health information that a Participant or the Service Provider in its capacity as a HINP or Agent, deliberately or inadvertently provides to another Participant which is treated as confidential by the disclosing Participant or the Service Provider or would reasonably be treated as confidential by the disclosing Participant or the Service Provider;

1.1.12 “Contingency Plan” is defined in section 12.1.6.

3.2 HINP

Each Participant acknowledges and agrees that:

3.2.1 the Service Provider, when providing the Services to enable the Participants that are HICs to use electronic means to disclose Client Data to one another, is a HINP and shall comply with the requirements with respect to HINP in accordance with PHIPA and this Agreement;

3.2.2 the Service Provider, when providing the Services to enable the parties that are Non-HICs to use electronic means to disclose Client Data to one another, is not acting as a HINP or an Agent;

3.2.3 the Participants that are Non-HICS will not be subject to the rights or protections of PHIPA. Notwithstanding the foregoing, the Service Provider will comply with the requirements of HINP and Agent in accordance with this Agreement;

3.2.4 the Service Provider’s making Client Data available in its capacity as a HINP through the eReferrals Solution does not constitute a disclosure by a Participant to the Service Provider and does not constitute a collection by the Service Provider;

3.2.5 the Service Provider must enter into an Order Form and associated Master License Agreement and the Form of Participation set out in Schedule A with each HIC with respect to the Services to be provided to the HIC and the Participant Agreement; and

3.2.6 the Service Provider must enter into an Order Form and associated Master License Agreement and the Form of Participation as set out in Schedule B with each Non-HIC with respect to the Services.

3.3 Agent

3.3.1 The Service Provider is an Agent on behalf of the Participants to collect, use and disclose Client Data on behalf of the Participants to carry out the Services.

ARTICLE 4 - REPRESENTATIONS AND WARRANTIES

4.1 Participant Representation and Warranties

Each Participant represents and warrants that:

4.1.1 it has developed and implemented the required policies and procedures relating to the confidentiality, security and privacy of Client Data required under Applicable Laws, including but not limited to those dealing with obtaining consent, requests for access to and correction of Client Data, complaints, Client Data retention, destruction and Privacy Breaches;

4.1.2 it is duly authorized to enter into this Agreement;

4.1.3 neither the execution and delivery of this Agreement by the Participant, nor the performance of the Participant’s obligations hereunder, will conflict with, or result in a breach of, or constitute a default under, any provision of its incorporating documents or by-laws, any Applicable Laws, any decree of any court, arbitrator or governmental agency, or any contract, agreement or instrument to which it is a party or subject to, or by which its property is bound or affected;

4.1.4 there is no proceeding in progress or pending or threatened against, related to or affecting the Participant which might be expected to have a materially adverse effect on the Participant’s ability to meet its obligations under this Agreement;

4.1.5 no authorization, approval or consent of any person is required in connection with the Participant’s execution and delivery of this Agreement and performance of its obligations hereunder; and

4.1.6 the individuals executing this Agreement on its behalf are authorized to sign on its behalf and to bind it to the terms and conditions of this Agreement.

4.2 Participant Covenants

The Participant covenants to the Service Provider as follows, such covenants to remain in effect throughout the term of this Agreement:

4.2.1 the Participant shall not, in the performance of this Agreement, infringe or violate any patent, copyright, trade secret, trade mark, industrial design, or any other intellectual property right of any person or entity;

4.2.2 the Participant shall comply with all Applicable Laws in fulfilling its obligations under this Agreement;

4.2.3 the Participant has designated its Privacy Officer in accordance with Section 1.1.32 of this Agreement;

4.2.4 the Participant shall comply with the Participant obligations set out in this Agreement and in the applicable Form of Participation set out in Schedule A or B; and

4.2.5 the Participant shall perform its roles and responsibilities in connection with any new HIC or Non-HIC that becomes a Participant by signing the Order Form and self-identifying as HIC or Non-Hic, effective the date of such signed Order Form and associated Master License Agreement and the Form of Participation, as if such Participant had been an original signatory to this Agreement.

ARTICLE 5 - LICENSE

5.1 Fees

5.1.1 Any user of the Service Provider’s eReferrals Solution and associated technology, including all Participants under this Agreement, shall be granted a license to use said technology when they submit their agreement to the terms and conditions of the Services Provider’s License Agreement.

ARTICLE 6 - OBLIGATIONS AND RIGHTS OF THE PARTICIPANTS

6.1 Consent Management

Each Participant will:

6.1.1 obtain the either implied or express consent of its Clients, as the case may be; and

6.1.2 upon obtaining the consent from its Clients, transmit and make Client Data accessible to other Participants electronically via the eReferrals Solution.

6.2 Accuracy and Completeness of Client Data

6.2.1 Subject to section 9.5, each Participant will use reasonable efforts to ensure that the Client Data is accurate, complete and up-to-date or set out any limitations on the accuracy, completeness and currency of the Client Data.

6.3 Access Protocol

6.3.1 Each Participant will develop an Access Protocol as set out in section 7.1 and ensure all Authorized Users comply with the Access Protocol.

6.4 Authorized Users – Designated Individuals

6.4.1 Each Participant will designate one or more individuals who will be responsible for the following activities with respect to the access of its Authorized Users to the eReferrals Solution:

6.4.1.1 registration through the provision of a unique user account;

6.4.1.2 authentication of the user accounts and management of the user accounts on an ongoing basis; and

6.4.1.3 monitor use in accordance with the requirements of PHIPA and this Agreement.

6.4.2 Each Participant will provide support for use of the eReferrals Solution, including but not limited to, the provision of training and user support to Authorized Users.

6.4.3 Each Participant will terminate the use by its Authorized Users if the authorization for the Authorized User has been terminated or if its Order Form and associated Master License Agreement and the Form of Participation is terminated.

6.5 Audit

6.5.1 Each Participant shall have the right at any time and from time to time, as its own expense, to audit and verify, both physically and electronically, compliance with this Agreement by any of the other Participants. If there are multiple Participants who wish to audit other Participants together, the costs of the audits will be shared between the Participants. Any Participant wishing to exercise its rights under this section shall do so only upon the provision of at least ten (10) Business Days prior notice of its requirement for such audit to the Participant that is to be the subject of the audit and verification, and agreement with that Participant as to the manner in which the audit and verification is to be performed. An audit as described in this section can only be undertaken once every twelve month period during the Initial Term or a Renewal Term by the Participant(s) and shall not materially interfere or disrupt a Participant’s operation of business. The Participants shall reasonably cooperate with requests by the other Participants for audit and verification.

6.6 Participant Privacy Officer, HINP Privacy Officer and Protection of Client Data

6.6.1 Each Participant has designated a primary person responsible for privacy matters in accordance with Section 1.1.32 of this Agreement. In addition, the Service Provider, in its role as the HINP, has designated a primary person responsible for the protection of Client Data in the eReferrals Solution (the “HINP Privacy Officer”). Any Participant Privacy Officer and the HINP Privacy Officer may delegate their responsibilities and authority under this Agreement to another individual within their respective organization (“Designate”) on notice to the other Participants.

6.7 Confidentiality and Security

6.7.1 Each Participant shall keep the Client Data from another Participant confidential and secure and shall use the same degree of care to protect that Client Data as it would to protect its own Client Data, but in any event shall not use a standard of care that is less than a reasonable standard of care.

6.7.2 Each Participant will hold the Service Provider’s Confidential Information in strictest confident, and in any case with no less protection and security than each Participant protects its own Confidential Information.

6.7.3 In the event that a Participant receives a court order or other lawful requirement of a court or government agency of competent jurisdiction requiring the disclosure of some or all of a Participant’s or the Service Provider’s Confidential Information, the Participant shall (if reasonably practicable) first advise the impacted Participant or the Service Provider about the receipt of such court order so that the Participant or the Service Provider may be given an opportunity to intervene, and to seek a protective order against such disclosure. This obligation survives the termination or expiration of this Agreement.

ARTICLE 7 - AUTHORIZED USERS

7.1 Access Protocol

7.1.1 In accordance with a Participant’s internal protocol for access to the eReferrals Solution (the "Access Protocol"), only Authorized Users will be granted access to the eReferrals Solution. The Participants agree that the Access Protocol will, among other items, require that each Authorized User has:

7.1.1.1 access to Client Data in the eReferrals Solution only for the purposes of performing his or her role;

7.1.1.2 entered into a written confidentiality agreement with respect to Client Data accessed through the eReferrals Solution;

7.1.1.3 undergone the requisite training to use the eReferrals Solution;

7.1.1.4 undergone privacy and security training; and

7.1.1.5 agreed to comply with the terms and conditions set out by the Service Provider prior to being granted access to the eReferrals Solution (the “License Agreement”).

7.1.2 No Participant shall grant access to the eReferrals Solution to an Authorized User unless such person has met all the requirements set out in its Access Protocol.

7.1.3 Each Participant agrees that making available Client Data to the eReferrals Solution in accordance with the provisions of this Agreement shall entitle the Authorized Users to access such Client Data and that, if a Client withdraws their consent, the Client Data shall no longer be available to the Authorized Users but may continue to be accessed by the Service Provider, in its capacity as a HINP and Agent, solely for the purposes of providing the Services.

7.1.4 The Authorized User Terms and Conditions may be modified as may be appropriate or necessary in light of new developments and changes, which include but is not limited to legislative or regulatory changes. A copy of such revised Authorized User Terms and Conditions will be provided to each Participant and will be modified on the log on page of the eReferrals Solution. The Participants must ensure that Authorized Users agree to Licence Agreement, as presented on the eReferrals Solution, before they can access the eReferrals Solution.

7.1.5 If a Participant revokes or suspends an Authorized User's right of access to Client Data, such Participant shall at the same time revoke or suspend, as the case may be, such Authorized User's access to the eReferrals Solution.

7.1.6 If such suspension or revocation as described in section 7.1.5 is the result of an actual or alleged Privacy Breach by such Authorized User, the Participant must follow the Privacy and Security Incident Management Process.

7.1.7 If a Participant is of the view that an Authorized User of another Participant has failed to comply with the responsibilities and obligations as set out in this Agreement, and under Applicable Laws, the Participant shall give notice to the Service Provider, copying other Participant outlining its concerns and request that the Authorized User's access to the eReferrals Solution be suspended immediately. The other Participant shall terminate such Authorized User's access to the eReferrals Solution unless it is satisfied, after having investigated the facts alleged in the notice that the Authorized User is in compliance with this Agreement.

7.1.8 Each Participant is responsible for the actions of its Authorized Users in connection with Client Data.

7.1.9 Each Participant has a current and accurate record of its Authorized Users and will provide to the Service Provider upon request.

7.1.10 Authorized Users may access the eReferrals Solution at his or her place of work at the business location of the Participant or remotely with the appropriate authorization by the Participant. The Participant must ensure that Authorized Users who have remote access to the eReferrals Solution have implemented and will continue to maintain privacy, security and technical safeguards to prevent the unauthorized collection, use and disclosure of Client Data.

ARTICLE 8 - SAFEGUARDS

8.1 Data Protection

Each Participant agrees to continue to meet or exceed the level of data protection afforded to Client Data pursuant to the Applicable Laws.

8.2 Physical, Technical and Administrative

Security Safeguards

Each Participant agrees to maintain appropriate physical, technical and administrative security safeguards that are consistent with this Agreement and that are reasonably necessary to prevent unauthorized persons from accessing, collecting, using, disclosing, modifying, disposing, copying, stealing or otherwise committing any other act that could breach or compromise the privacy, availability, accessibility, integrity, structure, format or content of Client Data.

8.3 Authorized Users

Each Participant agrees on its own behalf and on behalf of its Authorized Users:

8.3.1 that Client Data will not be:

8.3.1.1 used, collected, and disclosed except in accordance with this Agreement, PHIPA and any other Applicable laws;

8.3.1.2 downloaded to and/or stored on any mobile computing device unless such device is enabled with encryption technology that automatically encrypts such data upon downloading to the device;

8.3.1.3 communicated to another Participant through any other electronic means except for the eReferrals Solution; and

8.3.1.4 retained longer than necessary; and

8.3.2 to maintain the confidentiality of any user names, computer passwords or access codes for the eReferrals Solution

ARTICLE 9 - CLIENT DATA

9.1 Access, Correction, Custody and Control

9.1.1 Client Data of a Participant shall remain in the custody and under the control of such Participant for the purposes of PHIPA.

9.1.2 If and to the extent that a Participant collects Client Data through the eReferrals Solution, such Participant shall be deemed to have custody of the Client Data for purposes of PHIPA, and shall, subject to section 9.1.3, be subject to all of the duties and obligations of a HIC in respect of such Client Data and to the Client to whom it relates.

9.1.3 No Participant shall have authority to provide access to or make any correction to any Client Data related to a Client that was created by another Participant and shall so advise any Client (or substitute decision-maker of a Client) who requests any such access or correction. Any such request for access or correction shall be directed back to the Participant who is responsible for creating the Client Data within three (3) Business Days of the receipt of such request.

9.1.4 If a Participant becomes aware of an error in its Client Data in the eReferrals Solution, it shall, as soon as is reasonably practicable and in any event no later than three (3) Business Days after it becomes aware of such error, rectify the error. When a Participant corrects its Client Data pursuant to the provisions of section 9.1.3 or this section, it shall ensure that both the original and corrected Client Data are available in the eReferrals Solution, with the corrected Client Data so noted.

9.2 Privacy Breach

9.2.1 If a Participant Privacy Officer becomes aware of an actual, suspected or potential Privacy Breach involving its own Client Data or Client Data related to a Client of another Participant, the Participant Privacy Officer shall, within three (3) Business Days, notify the HINP Privacy Officer.

9.2.2 If any Participant becomes aware that any Client Data in the eReferrals Solution has been subject to a Privacy Breach that has resulted from a failure of or problem in the eReferrals Solution, it shall immediately notify the HINP Privacy Officer and provide reasonable particulars of such occurrence. The HINP Privacy Officer shall immediately implement the Integrated Privacy and Security Incident and Breach Management Policy.

9.3 Complaint Process

9.3.1 If any Participant receives a complaint from a Client, another Participant or the Office of the Information and Privacy Commissioner for the jurisdiction about the processing of Client Data, such Participant shall no later than three (3) Business Days after its receipt:

9.3.1.1 forward the complaint to the applicable Participants to respond in accordance with the provisions of PHIPA if the complaint relates to the collection, use or disclosure of the Client Data by the Originating Participant; or

9.3.1.2 if the Participant receiving the complaint holds the opinion that the complaint relates to the management of the Client Data within the eReferrals Solution forward the complaint to HINP Privacy Officer provided that any notification required of the Client shall be done by the Originating Participant and the HINP Privacy Officer shall provide the particulars to the Originating Participant so that it may notify the Client.

9.4 Consent

9.4.1 If a Participant does not have the consent of the Client to disclose all of the Client Data to other parties, or a Client subsequently withdraws his/her consent to the provision of all of the required Client Data to the eReferrals Solution, then the Participant shall provide only that Client Data for which it has such consent, or for which such consent has not been withdrawn. The Participant shall notify the other Participants, in accordance with PHIPA, that the Participant is not disclosing all of the Client Data that it considers reasonably necessary for the purpose of providing health care or other related service or assisting in providing health care or other related services to the Client.

9.5 Accuracy and Completeness of Data

9.5.1 No Participant:

9.5.1.1 warrants or represents to any other Participant the accuracy, currency, or completeness (excluding the obligations in section 9.4.1 above) of any Client Data collected by a Participant through the eReferrals Solution; and

9.5.1.2 shall be held liable or responsible in any way for clinical uses of, or decision-making processes relating to the use of, any such Client Data by a Participant.

9.5.2 Each Participant acknowledges that any access to the Client Data of another Participant is at its own discretion and risk.

9.5.3 The Participants agree and acknowledge that the Service Provider:

9.5.3.1 does not warrant or represent to any Participant the accuracy, currency, or completeness of any Client Data collected by the Service Provider in its capacity as a HINP and as an Agent through the eReferrals Solution; and

9.5.3.2 shall not be held liable or responsible in any way for clinical uses of, or decision-making processes relating to the use of, any such Client Data by a Participant.

9.6 Reporting

9.6.1 The parties acknowledge and agree that the eReferrals Solution contains Client Data that could be used by Participants for health care and reporting and quality improvement strategies in accordance with PHIPA (“Reporting”) as further described in Schedule B. Pursuant to PHIPA, the Service Provider will act as an Agent on behalf of the Participants in the collection, use and disclosure of Client Data. All Client Data saved in the eReferrals Solution is encrypted or de-identified. The Participant shall only share Client Data obtained through the eReferrals Solution for the Purpose in accordance with PHIPA.

9.7 Use of Client Data and Professional Judgment

9.7.1 Each Participant acknowledges that its access, including access by its Authorized Users to the Client Data in eReferrals Solution, is at that Participant’s own discretion and risk. The Participant must ensure its staff and agents exercise professional judgment in the use of any Client Data from any Originating Participant.

ARTICLE 10 - SYSTEMS AND ADMINISTRATION

10.1 Participant’s Responsibilities for its Infrastructure, Hardware and Software Systems

10.1.1 Each Participant shall be responsible for ensuring the integrity and good working order of its own infrastructure, hardware and software systems so as not to compromise the eReferrals Solution functionality or availability for any other Participant.

10.2 Participant Privacy Officer

10.2.1 Each Participant shall designate its Participant Privacy Officer, or other officer acting in a similar capacity, to act as a single point of contact for such Participant in connection with all matters concerning the performance by it of its respective obligations under this Agreement.

10.2.2 The Participant will ensure that the Participant Agreement as set out in Schedule A or B as applicable will list the name, address, telephone number, and e-mail address of each Participant Privacy Officer. Any Participant may at any time change its designated Participant Privacy Officer upon written notice to the HINP Privacy Officer in accordance with the terms of this Agreement.

10.2.3 The Participant Privacy Officer shall be responsible for co-ordinating and overseeing the timely performance of the obligations of such Participant under this Agreement.

ARTICLE 11 - STATUS AND RIGHTS AND OBLIGATIONS OF THE SERVICE PROVIDER AS A HINP AND AGENT

11.1 HINP and Agent Status

11.1.1 The Service Provider, shall be the HINP for the eReferrals Solution and shall comply with all of the obligations of a HINP under PHIPA.

11.1.2 The Service Provider acknowledges and agrees that it is also an Agent of the Participants when acting as HINP and shall comply with Applicable Laws.

11.1.3 Subject to the terms and conditions of this Agreement, the Service Provider agrees to provide the Services to the parties as described in Schedule B.

11.1.4 The parties may agree to the provision of additional services by the Service Provider by amendment to Schedule B in accordance with the terms of this Agreement.

ARTICLE 12 - PROTECTION OF CLIENT DATA BY THE SERVICE PROVIDER AS A HINP

12.1 Privacy and Security Safeguards

12.1.1 The Service Provider represents and warrants that it has the administrative, technical and physical safeguards necessary to fulfil its obligations as a HINP. Upon request, the Service Provider will provide any Participant with a copy of its policies and procedures for the security and protection of Client Data managed by it and/or a copy of the policies and procedures for the security and protection of Client Data managed by its subcontractors, as applicable.

12.1.2 The Service Provider shall designate an individual as the HINP Privacy Officer to oversee privacy and security safeguards.

12.1.3 The Service Provider shall not implement any change to its security systems, standards or policies and procedures that may, in the reasonable opinion of the other parties, have an adverse effect on the provision of Services or on the security of any Client Data that it manages of any Client of the other parties without the express agreement of the other parties. No Participant shall implement any change to its security systems, standards or policies and procedures that may, in the reasonable opinion of the Service Provider, have an adverse effect on the provision of Services or on the security of any Client Data that the Service Provider processes without the express agreement of the Service Provider.

The Service Provider shall refer all requests by third parties (other than Authorized Users) for access to any Client Data in its possession or control to the Participant from whom such Client Data originated. The Service Provider shall not disclose any Client Data to third parties, except with the prior written consent of the applicable Participant or parties or as may be required by Applicable Laws. Such prior written consent may be subject to conditions or limitations reasonably imposed by the applicable Participant or parties. In each circumstance in which the Service Provider is authorized pursuant to this Agreement to disclose Client Data, it shall disclose only such Client Data as strictly is necessary in connection with such authorized disclosure.

12.1.4 Both during the term of this Agreement and after any termination or expiry thereof, the Service Provider shall retain all Client Data governed by this Agreement for such period of time as is necessary to satisfy the requirements of the retention policies of the parties which shall comply with all Applicable Laws and applicable professional practice rules. The Service Provider shall ensure that retention and destruction of Client Data is logged and documented, and upon request, a written or electronic copy of the log is provided to the Participants. Notifications will be sent by the Service Provider, as applicable, to the Participant’s as required to warn of pending destruction of such Participant Client Data. Subject to the preceding sentence, the Service Provider shall destroy all records of such Client Data in a secure manner. For greater certainty, the provisions of this Section shall survive any termination or expiry of this Agreement.

12.1.5 The Service Provider may subcontract its Services to an Electronic Service Provider or to any other third party to provide the Services. The Electronic Service Provider or any other third party may subcontract the Services only with prior approval from the Service Provider. The Service Provider shall ensure that any third party it retains to assist in providing Services to the parties in connection with this Agreement shall be required to comply with the restrictions, conditions and security safeguards applicable to the processing of Client Data.

12.1.6 The Service Provider shall implement and maintain during the term of this Agreement, such contingency measures as may be reasonably necessary including, without limitation, a comprehensive business resumption and contingency plan (the “Contingency Plan”) to ensure that a disruption or deterioration in the performance of its obligations under this Agreement is reasonably unlikely under various scenarios including, without limitation, computer system breakdowns, fire and natural disasters.

12.1.7 Without restricting the foregoing provisions of this Article, in the course of providing Services, the Service Provider shall comply with all Applicable Laws relating to the protection of the Client Data, including without limitation, the provisions of PHIPA and its regulations.

ARTICLE 13 - TERM AND TERMINATION

13.1 Term

13.1.1 Subject to this Article 13, the term of this Agreement shall be in effect as of the Effective Date and shall continue in effect until terminated as contemplated in this Agreement

13.2 Withdrawal of a Participant

13.2.1 A Participant (“Withdrawing Participant”) shall have the right to withdraw for any reason from and terminate its rights and obligations under this Agreement upon providing not less than ninety (90) days’ written notice to the Service Provider. The Service Provider may waive such notice in its discretion, acting reasonably.

13.3 Termination of Defaulting Participant

13.3.1 If a Participant (the "Defaulting Participant"):

13.3.1.1 is in default of its obligations hereunder;

13.3.1.2 ceases to carry on business in the normal course;

13.3.1.3 becomes or is declared insolvent or bankrupt; or

13.3.1.4 is subject to any proceeding relating to its liquidation, insolvency or for the appointment of a receiver or similar officer for it, makes a general assignment for the benefit of all or substantially all of its creditors, or enters into an agreement for the composition, extension or readjustment of all or substantially all of its obligations,

the other parties or the Service Provider, as applicable, may give notice of default to the Defaulting Participant, specifying the nature of the default, and if the Defaulting Participant has not, within two weeks after receipt of such notice, cured such default (or, if such default if not reasonably capable of being cured within such period, begun and continued diligently to cure it to the satisfaction of the parties), the notifying parties or the Service Provider may, by further notice to the Defaulting Participant, terminate this Agreement with respect to the Defaulting Participant.

13.4 Termination of Agreement

This Agreement will terminate in the following circumstances:

13.4.1 should the withdrawal or termination of Participants under this Agreement leave only one Participant remaining; or

13.4.2 upon the agreement of all Parties to terminate this Agreement.

13.5 Termination for Convenience

13.5.1 With the exception of the Service Provider in its capacity as a HINP, which must provide six (6) months’ prior written notification to the other parties, any Participant may terminate its participation in the Agreement for convenience in accordance with Section 13.2.1, upon ninety (90) days’ prior written notice to the other parties. The Service Provider may waive such notice in its discretion, acting reasonably.

13.6 Consequences of Termination

13.6.1 For greater certainty, any Client Data uploaded to the eReferrals Solution by the Receiving Participant, Withdrawing Participant or Defaulting Participant remains in the eReferrals Solution. The Receiving Participant, Withdrawing Participant or the Defaulting Participant will immediately take all necessary action to suspend access by its Authorized Users to the eReferrals Solution and cease uploading Client Data to the eReferrals Solution upon termination from this Agreement. Upon the date of termination, the Service Provider as the HINP shall ensure that the Participant’s access, including access by all of its Authorized Users, is terminated. Any Client Data uploaded to the eReferrals Solution by the Defaulting Participant will no longer be updated.

13.6.2 Upon termination of this Agreement, all parties will immediately take all necessary action to suspend access by its Authorized Users to the eReferrals Solution and the Service Provider, in its role as HINP, shall ensure that the access by the parties shall be terminated within one (1) Business Day after having received notification of such termination.

13.6.3 Notwithstanding that if a Participant's access to the eReferrals Solution has been terminated, the Client Data disclosed to such Participant and forms part of individual records of Client Data shall remain with the Participant, which shall remain subject to all of its duties and obligations in respect thereof under Applicable Laws.

ARTICLE 14 - AMENDING PROCEDURE

14.1 Amending Procedure

14.1.1 Subject to section 14.1.2 below, the parties hereby agree that a supplement, modification or amendment to this Agreement shall be binding on all parties to the Agreement if (and only if) said supplement, modification or amendment is: (i) executed in writing by the Service Provider and at least sixty percent (60%) of the Organizations that are party to the Agreement as of the effective date of the supplement, modification or amendment; and (ii) subsequently delivered to each party to the Agreement who has not so executed.

14.1.2 No such supplement, modification or amendment may: (i) impose a positive financial obligation on any party without the written consent of such party; or (ii) treat a party or parties in a manner that is adverse to or inconsistent with the treatment of other parties under the Agreement, except with the written consent of such party or parties.

14.1.3 Without limiting the generality of subsection 14.1.1, at any time and from time to time during the Term of this Agreement, any of the parties may request an amendment to the Schedule A or Schedule B (a “Schedule Amendment”). The Participant submitting the request shall specify the nature of the proposed Schedule Amendment to the Service Provider and the reasons for such a request.

14.1.4 The Schedule Amendment shall be reviewed by the affected parties and, if deemed appropriate, shall be executed by the affected parties and deemed incorporated into the Agreement only for the affected parties.

ARTICLE 15 - LIABILITY AND INDEMNIFICATION

15.1 Participant Indemnity

15.1.1 Each Participant (an “Indemnitor”) shall indemnify, defend and hold harmless each other Participant and its agents, officers, and directors, (collectively, “Indemnitees”), from and against all loss, cost and expense, including all legal expense on a full recovery basis, incurred by the Indemnitees or any of them as a result of or arising from any:

15.1.1.1 inaccuracy, breach or alleged breach by the Indemnitor of any of its representations, warranties, covenants, or other obligations in this Agreement;

15.1.1.2 default by the Indemnitor in the performance of any of its duties or obligations hereunder;

15.1.1.3 breach of privacy or confidentiality by the Indemnitor;

15.1.1.4 negligent act or omission of the Indemnitor; or

15.1.1.5 statutory offences committed by the Indemnitor relating to the purpose of this Agreement.

15.2 Service Provider Indemnity 

15.2.1 Each Participant shall indemnify, defend and hold harmless the Service Provider and its agents, officers, directors, employees, successors and permitted assigns from and against all loss, cost and expense, including all legal expense on a full recovery basis, arising from or in connection with (i) Participant’s negligence or wilful misconduct (ii) Participant’s breach of Applicable Law or this Agreement. This indemnification shall not apply to the extent such Claims or Losses arise as a result of the negligence or wilful misconduct of Service Provider, arising from of its obligations as a HINP and Agent as set out in this Agreement.

15.2.2 With the exception of its own Client Data, the Service Provider has no responsibility for the accuracy, completeness and currency of any Client Data provided to it by any of the other parties.

15.2.3 In the event of a third-party claim, the indemnified party shall promptly notify the indemnifying party of such claim and shall provide such information and assistance, at the indemnifying party’s expense, as the indemnifying party reasonably requests in connection with the defence and/or settlement of such third-party claim. The indemnifying party shall have sole control over all litigation and shall be responsible for the attorneys’ fees, expenses and costs arising from such litigation, provided that (a) the indemnifying party notifies the indemnified party in writing that it intends to defend against such claim and diligently undertakes such defense; and (b) the indemnifying party keeps the indemnified party reasonably informed of the status of such claim. The indemnified party will provide reasonable co-operation to the indemnifying party in connection with the defence or settlement of such claim, and any reasonable costs associated therewith will be paid by the indemnifying party. The indemnifying party may not settle such claim without the written consent of the indemnified party if such settlement would impose an admission of liability or a payment obligation on the indemnified party

15.3 Limitation of Liability

15.3.1 Notwithstanding any other term of this Agreement, no party shall be liable for any indirect, special, or consequential damages, or for punitive or exemplary damages, even if that party has been advised of the possibility of such loss or damage in advance. The foregoing disclaimer of liability shall apply regardless of whether such liability is based on breach of contract, tort (including without limitation negligence), strict liability, breach of a fundamental term, fundamental breach, or otherwise.

ARTICLE 16 - INSURANCE

16.1 General Commercial Liability Insurance

16.1.1 Subject to the Service Provider maintaining a minimum of $5,000,000 for any one occurrence, each Participant shall, so long as it is a Participant to this Agreement, obtain and maintain in full force and effect general liability insurance for a minimum of $2,000,000 for any one occurrence. Such insurance shall include, without limitation, bodily injury and property damage including loss of use; personal injury including death; products and completed operations; contractual liability; premises; and cross liability. Coverage is to be written on a per occurrence basis. Upon request, a certificate of insurance issued by the issuer shall be acceptable to the Service Provider as proof of coverage. The foregoing insurance provisions shall not limit the amount or type of insurance otherwise required by law. It shall be the sole responsibility of the Participant to determine that nature and extent of additional insurance coverage, if any, is necessary and advisable for its own protection or to fulfill its obligations under this Agreement. Each Participant shall give the Service Provider at least thirty (30) days' prior written notice of material change to, cancellation, or non-renewal of the policy, and shall provide to the Service Provider evidence of insurance upon request.

ARTICLE 17 - DISPUTE RESOLUTION

17.1 Dispute Resolution Process

If a dispute arises between any of the parties to this Agreement, reasonable commercial efforts will be made to resolve the dispute as effectively and quickly as possible. Disputes will be resolved as follows:

17.1.1 All disputes which may arise with respect to any matter governed by this Agreement shall first attempt to be mutually resolved by the individual representatives designated by the Participants.

17.1.2 Any party may send a notice (which shall detail the nature of the dispute and any section of this Agreement that is alleged to be in default) to the individual representatives involved requiring that such individuals meet within thirty (30) days to attempt to resolve the dispute.

17.1.3 If the primary contacts are unable to resolve any dispute referred to them within thirty (30) days of such referral, the matter shall be referred by a notice sent to the CEO of each party, requiring the CEOs to meet over the next thirty (30) days to attempt to resolve the dispute.

17.1.4 Where a resolution to the dispute cannot be resolved within thirty (30) days after the meeting between the CEO of each party, the parties may refer the matter to arbitration by an arbitrator selected by the parties, with said arbitration to be governed by the Ontario Arbitration Act, 1991, S.O. 1991, c. 17.

17.1.5 Nothing in this Agreement shall interfere with a party’s ability to avail themselves of injunctive or other relief.

17.1.6 Nothing in this Agreement shall be construed to interfere with a party’s ability to consult with either its legal counsel or representatives of any professional organization that regulates or accredits health care organizations or health care practitioners.

ARTICLE 18 - NOTICE

18.1 Form of Notice & Contact

18.1.1 Any demand, notice, direction or other communication (“Communication”) required or permitted to be given for the purposes of this Agreement to a Participant shall be in writing and shall be sufficiently made or given if delivered personally or by courier, or if sent by first class prepaid registered mail or if transmitted by facsimile, be addressed to the primary contact of the respective parties for notice in the Participant Agreements or if the Service Provider, to the following contact:

Service Provider:

Think Research Corporation

351 King Street East, #500

Toronto, ON, M5A 0L6

Attention: Vice President, Legal and General Counsel

Email: legal@thinkresearch.com

HINP Privacy Officer:

Think Research Corporation

351 King Street East, #500

Toronto, ON, M5A 0L6

Attention: Privacy Officer

Email: privacy@thinkresearch.com

18.1.2 Any Communication, if delivered personally or by courier, shall be conclusively deemed to have been given and received on the date on which it was delivered at such address, provided that if such day is not a Business Day, or such delivery was not made within normal business hours, then the communication shall be conclusively deemed to have been given and received on the Business Day next following such day.

18.1.3 Any Communication mailed as aforesaid shall be conclusively deemed to have been given and received on the fourth Business Day following the date of its mailing in Canada, provided that if at the time of mailing or within four (4) Business Days thereafter, there occurs a labour dispute or other event that might reasonably be expected to disrupt delivery of documents by mail, any communication shall be delivered or transmitted by other means provided for in this section.

ARTICLE 19 - GENERAL

19.1 Severability

Should any provision of this Agreement be found to be invalid by a court of competent jurisdiction that provision shall be deemed severed and the remainder of this Agreement shall remain in full force and effect.

19.2 Further Assurances 

Each of the parties hereto shall at its own expense and upon the request of another Participant hereto at any time and from time to time, promptly execute and deliver, or cause to be executed and delivered, all such further acknowledgements, consents, assurances and other documents, and promptly do, or cause to be done, all such further acts and things as that other Participant may reasonably request in order to fully effect the purposes of this Agreement.

19.3 Force Majeure 

No Participant shall be liable for any delay or failure in the performance of this Agreement if caused by an act of God or any factor beyond the reasonable control and not reasonably foreseeable by such Participant, or as the result of the failure of a third party to comply with its obligations and responsibilities to provide materials or information as specified within this Agreement. In such event, the affected Participant shall notify each other Participant as soon as possible of such force majeure condition and the estimated duration of such condition.

19.4 Consent to Breach Not Waiver 

No provision of this Agreement shall be deemed to be waived and no breach shall be deemed to be excused unless such waiver or consent is in writing and signed by the Participant said to have waived or consented. No consent by a Participant to, or waiver of, a breach of any provision by another Participant shall constitute consent to, or waiver of, any different or subsequent breach.

19.5 Changes that Affect the Agreement

The parties undertake to give one another written notice of any changes in legislation, regulations or policies respecting those parties and programs that are likely to affect this Agreement.

19.6 Survival

The provisions of this Agreement which by their own terms take effect on termination of this Agreement or by their nature survive termination, shall continue in full force and effect and survive termination, notwithstanding any termination hereof.

19.7 Counterparts

This Agreement may be executed and brought into effect by a Participant using any technical means to submit its agreement and may also be executed in several counterparts, each of which shall be deemed to be an original and such counterparts together shall constitute one and the same Agreement and notwithstanding their date of execution shall be deemed to be executed on the date first written above. The delivery of an executed counterpart copy of this Agreement by facsimile or by electronic transmission in portable document format (PDF) shall be deemed to be the equivalent of the delivery of an original executed copy thereof.

19.8 Assignment 

This Agreement is binding upon the parties their successors and permitted assigns. Notwithstanding anything else in this Agreement, the Service Provider shall have the right to assign this Agreement on written notice. The Participants shall not have the right to assign this Agreement without the written consent of the Service Provider, which shall not be unreasonably withheld.

Schedule A
FORM OF PARTICIPATION - HIC

the Participant to the Health Information Network Provider Agreement (the “Agreement”) among Think Research Corporation (the “Service Provider”) and other Participants that have entered into an agreement.

NOW THEREFORE in consideration of being accepted as a Participant to the Agreement to participate in the eReferrals Solution, the Participant agrees as follows:

  1. The Participant represents and warrants that it is a health information custodian for purposes of the Personal Health Information Protection Act, 2004.
  2. The Participant hereby agrees to comply with and be bound by all of the terms and conditions of the Agreement, as from the Effective Date, as if the Participant were an original Participant to the Agreement and will have all the rights and obligations of a Participant in the Agreement.
  3. All capitalized terms used but not defined herein have the meaning set out in the Agreement.
  4. This Form of Participation is effective on the date written on the Order Form and continues in effect until the Agreement terminates or expires.
  5. The Participant may not assign their rights under the Order Form, and associated Master License Agreement and this Form of Participation without the prior written consent of the Service Provider.
  6. This Participant Agreement is governed by and interpreted in accordance with the laws of the Province of Ontario.
  7. The Participant agrees to provide the contact information for their Primary Contact Person and Privacy Contact Person Information within the Order Form.

Schedule B
FORM OF PARTICIPATION – NON-HIC

The Participant to the Health Information Network Provider Agreement (the “Agreement”) among Think Research Corporation (the “Service Provider”) and other Participants that have entered into an agreement.

NOW THEREFORE in consideration of signing an Order Form and associated Master License Agreement and self-identifying as a Non-HIC for the purposes of this Form of Participation, to participate in the eReferrals Solution the Participant is subject to the terms and conditions of the Agreement, and must further adhere to the following terms:

  1. The Participant represents and warrants that it is not a health information custodian for the purposes of the Personal Health Information Protection Act, 2004(“PHIPA”).
  2. Despite the foregoing, the Participant must adhere to the privacy and security obligations of a HIC as set out in the Agreement and PHIPA in the use, collection, disclosure, retention and destruction of the Client Data for the eReferrals Solution.
  3. The Participant agrees and acknowledges that it will not be subject to the rights or protections of PHIPA.
  4. The Participant acknowledges and agrees that the Service Provider is not a HINP and Agent to the New Participant pursuant to PHIPA.
  5. The Participant hereby agrees to comply with and be bound by all of the terms and conditions of the Agreement, as from the Effective Date, as if the Participant were as an original Participant to the Agreement and will have the rights and obligations of a Participant in the Agreement.
  6. All capitalized terms used but not defined herein have the meaning set out in the Agreement.
  7. This Form of Participation is effective on the date written on the Order Form and continues in effect until the Agreement terminates or expires.
  8. The Participant may not assign their rights under the Order Form, and associated Master License Agreement and this Form of Participation without the prior written consent of the Service Provider.
  9. This Participant Agreement is governed by and interpreted in accordance with the laws of the Province of Ontario.
  10. The Participant agrees to provide the contact information for their Primary Contact Person and Privacy Contact Person Information within the Order Form.

SCHEDULE CSERVICES TO BE PROVIDED BY THE SERVICE PROVIDER AS A HINP AND AGENT

  1. HINP SERVICES

(a) The Service Provider acting as a HINP directly, or through a contracted third party, shall provide the information management, information systems and information technology services for the eReferrals Solution to the other parties.

(b) The Service Provider shall be a HINP and shall comply with all of the obligations of a HINP under PHIPA, subject to the exception that it may collect, use and disclose PHI in the course of providing the other Services contemplated in the Agreement.

(c) The Service Provider shall not use any Client Data to which it has access except as necessary to provide the Services described in this Agreement and shall not disclose any Client Data to which the Service Provider has access in the course of providing the Services except as required for the purpose of providing such Services.

(d) The Service Provider as HINP shall not collect, use or disclose any Client Data to which it has access in the course of providing Services for the parties except as necessary in the course of providing the Services.

(e) The Service Provider as HINP shall not permit its employees or any person acting on its behalf to have access to the eReferrals Solution unless the employee or person acting on its behalf agrees to comply with the restrictions that apply to the Service Provider.

(f) The Service Provider as HINP shall notify affected Participant at the first reasonable opportunity if it has accessed, collected, used, disclosed or disposed of Client Data other than in accordance with this Agreement or Applicable Laws, or if an unauthorized person accessed the Client Data.

(g) The Service Provider as HINP shall provide to each Participant a plain language description of the Services that it provides to the parties, that is appropriate for sharing with the individuals to whom the Client Data relates, including a general description of the safeguards in place to protect against unauthorized use and disclosure, and to protect the integrity of the Client Data. The parties agree that this description may be provided to Clients of any of the parties.

(h) The Service Provider as HINP shall make available to the public:

  1. the plain language description referred to above;
  2. any of its directives, guidelines and policies that apply to the Services that it provides to the Participant to the extent that these do not reveal a trade secret or confidential scientific, technical, commercial or labour relations information; and

III. a general description of the safeguards it has implemented in relation to the security and confidentiality of the information.

 (i) The Service Provider as HINP shall, to the extent reasonably practical, and in a manner that is reasonably practical, keep and make available to each Participant, on the request of such Participant, an electronic record of:

  1. all accesses to all or part of the Client Data associated with the Participant being held in the eReferrals Solution, which record shall identify the person who accessed the information and the date and time of the access; and
  2. all transfers of all or part of the information associated with the Participant in the eReferrals Solution by the Service Provider (whether to third party service providers, or otherwise), which record shall identify the person who transferred the information and the person or address to whom it was sent, and the date and time it was sent.

(j) Prior to the Effective Date, the Service Provider, as HINP has performed, and, upon request, shall provide to each Participant a written summary of the results of:

  1. a threat risk assessment of the threats, vulnerabilities and risks to the security and integrity of the Client Data that it manages in the course of the provision of the Services, and
  2. a privacy impact assessment related to how the provision of Services may affect the privacy of the individuals who are the subject of the information.

(k) The Service Provider as HINP shall update the privacy impact assessments and threat risk assessments, as it deems appropriate to identify continuing or new risks to privacy resulting from the provision of Services and to review the steps taken to address risks to privacy and security identified in the initial assessments and to assess the effectiveness of such steps. The Service Provider shall provide, upon request, the results of any updated threat risk or privacy impact assessments to the Participants.

(l) The Service Provider e will hold the Participant’s Confidential Information in strictest confidence, and in any case with no less protection and security than the Service Provider protects its own Confidential Information.

(m) In the event that the Service Provider receives a court order or other lawful requirement of a court or government agency of competent jurisdiction requiring the disclosure of some or all of a Participant’s Confidential Information, the Service Provider shall (if reasonably practicable) first advise the impacted Participant about the receipt of such court order so that the Participant may be given an opportunity to intervene, e.g., to seek a protective order against such disclosure. This obligation survives the termination or expiration of this Agreement.

  1. AGENT

Subject to Section 9.6 of the Agreement, the Service Provider will provide the following Services as an Agent on behalf of the Participants:

(a) Reports

  1. The Service Provider may collect, use, and disclose referral data (which is a subset of Client Data) to generate reports on behalf of the Participants.
  2. The Service Provider may de-identify a Participant’s Referral Data and use such de-identified Client Data for the purposes of generating reports and analysis, in its capacity as an Agent for the Participants, in accordance with PHIPA.