Menu
This Information Manager Agreement (“IM Agreement”) is made on the date indicated on the signed Rare Disease Dashboard Order Form, between you, the health care practitioner (“you” and “your”), and Khure Health Inc. (“Khure”, “we”, “us” or “our”). By signing the Rare Disease Dashboard Order Form Agreement, you acknowledge having read and understood this IM Agreement and agree to its terms.
Khure provides a clinical intelligence platform that makes it easier for physicians to identify and optimize the care of patients that may be at risk of rare and specialty conditions. You are engaging Khure to apply its platform on your patient population to scan for patients that may be at risk of a rare or specialty condition (“Khure Platform”). To support the use of the Khure Platform, Khure provides you with access to its technology platform and related information technology, information management and administrative and clinical support services including any associated technological updates, maintenance, quality control and support (collectively, the “Khure Services” or “Services”). Khure also hires clinical expertise and administrative support staff to assist in the provision of Services.
In respect of health information that you collect, use and disclose in connection with your provision of clinical services (“Health Information”), you and we acknowledge and agree that you are the Custodian within the meaning of the Alberta Health Information Act (“HIA”). When we process Health Information in connection with providing our Services to you, you and we agree that we are an Information Manager for you as that term is defined by the HIA.
You acknowledge and agree that Khure provides products, services and features to you through the Khure Services, including screening for patients who may be at risk of rare and specialty conditions and guidance about the care pathway for those patients. You acknowledge and agree that Khure controls and is accountable for personal information collected in the course of providing the Services.
The purpose of this IM Agreement is to ensure that the processing of Health Information in connection with the Services complies with the requirements of the HIA. The interpretation and performance of this IM Agreement shall be guided by these objectives.
(a) Except as otherwise defined herein, capitalized words and phrases in this IM Agreement have the meaning given to them in section 1 of the HIA.
(b) In this IM Agreement:
(i) “Third Parties” means other custodians and health care providers to whom Health Information may be shared, or from whom Health Information may be collected, in connection with the clinical services, including but not limited to laboratories, health care providers, and Alberta Health Services.
(ii) “Health Information Act” or “HIA” means the Health Information Act, R.S.A. 2000, c. H5, as amended from time to time, and the regulations thereunder.
(iii) “Information Management Policies” means Khure’s policies and procedures relating to privacy, security and information management, as updated from time to time.
(iv) “Privacy Policy” means the privacy policy for the Service accessible at https://ca/privacy/.
(a) We will comply with the HIA and any other applicable privacy legislation in respect of our provision of Services to you.
(b) We will comply with your privacy policies and procedures, and this IM Agreement in respect of our provision of Services to you.
(a) We may collect Health Information from you to provide the Services and facilitate your provision of clinical services to your patients, and otherwise in accordance with the Privacy Policy and any consents given by your patients.
(b) We may use Health Information to provide the Services, and otherwise in accordance with the Privacy Policy and any consents given by your patients.
(c) We may collect, use or disclose Health Information from your patients only in accordance with our duties to you, as described in this IM Agreement.
(d) We may transfer Health Information to our cloud provider or associated technical service providers, or provide them with access to Health Information, to the extent necessary to assist us with the provision of Services, as long as such providers are bound by obligations of confidentiality and information security in respect of the Health Information that are at least as restrictive as those imposed on us under this IM Agreement.
(e) We may collect, use or disclose Health Information other than as described in sections 3(a) to (d) above where required by law. If we are compelled to disclose Health Information by a Canadian court or other competent Canadian authority, we shall notify you as soon as feasible so you may seek appropriate remedy. If you do not obtain appropriate remedy, we shall: a) furnish only that portion of the Health Information which is legally required, b) exercise best efforts to obtain reliable assurance that the Health Information will be accorded confidential treatment, and c) promptly, upon your written request, provide to you, copies of the Health Information that was disclosed, as well as the request made for the Health Information.
(f) We shall not disclose Health Information under any non-Canadian law, rule order, or document and shall immediately notify you if we receive any subpoena, warrant, order, demand or request issued by a non-Canadian court or other foreign authority for the disclosure of Health Information. Notwithstanding the foregoing, if any non-Canadian law or other authority prohibits us from notifying you of such order, we shall take the following actions:
(g) We will limit our collection, use and disclosure of Health Information to the minimum extent necessary to carry out the purposes identified in section 3 (a) through (d).
(h) We will provide the Services with reasonable care, skill and diligence to a professional standard and maintain a high degree of data accuracy when collecting, using and disclosing Health Information.
(i) We will not send, transmit or store any Health Information outside of Canada. Health Information will be stored on servers physically located in Canada (but may be temporarily viewed, accessed, used or transferred outside of Canada as necessary for installing, implementing, maintaining, repairing, trouble shooting or upgrading the Khure Platform).
(j) We may use or disclose data in a non-identified or aggregate basis, as permitted by applicable law.
(a) On your behalf, we will receive and respond to any and all requests for access to, or amendment or correction of, a patient’s Health Information made by the patient or their legal representative, in accordance with the HIA or other applicable privacy laws.
(b) On your behalf, we will receive and respond to any and all requests (including any expressed wishes) relating to the disclosure of a patient’s Health Information made by the patient or their legal representative, in accordance with the HIA or other applicable privacy laws.
(a) We will treat all Health Information as confidential and will limit access to the Health Information to our employees, contractors or any third parties we engage who require access in order to provide the Services and who are bound by obligations of confidentiality and information security in respect of the Health Information that are at least as restrictive as those imposed on us under this IM Agreement.
(b) We implement appropriate physical, organizational and technological security measures, to protect the Health Information against such risks as unauthorized access, use, disclosure, destruction, loss, theft or alteration.
(c) Without limiting section 5(b), we will comply with, and will ensure that the Services are provided in compliance with, the Information Management Policies and the HIA (including, without limitation, section 60 of the HIA).
(d) We will notify you in writing as soon as practicable of any loss or theft of, or unauthorized access to, or use or disclosure of, Health Information, shall take all reasonable and necessary steps to contain and remediate any such incident, and shall provide all reasonable assistance and information to you so that you may comply with any reporting or record keeping obligations under the Health Information Act. Our notification to you shall include the following: (i) a description of the circumstances of the loss or unauthorized access or disclosure; (ii) the date on which or period of time within which the loss or unauthorized access or disclosure occurred; (iii) the date on which the loss or unauthorized access or disclosure was discovered, and (iv) a description of the information that was lost or that was the subject of the unauthorized access or disclosure.
We will retain the Health Information in compliance with the HIA, other applicable privacy laws, and professional guidelines/standards of practice.
(a) At your reasonable request and expense, we will allow you to audit (or request us to conduct an audit by means of our internal audit program) our performance of this IM Agreement. You may request such an audit once per calendar year unless you have reasonable grounds to believe that we are not acting in compliance with the terms of this IM Agreement.
(b) Nothing in this IM Agreement shall be interpreted to limit the right of the Auditor General of Alberta or the Office of the Information and Privacy Commissioner of Alberta to conduct an audit or investigation.
(a) The term of this IM Agreement shall commence on the date this IM Agreement is signed by both Parties and shall continue until we no longer provide any Services, hold Health Information or have access to Health Information. The Parties may terminate this IM Agreement upon mutual agreement in writing. Either Party may terminate this IM Agreement upon ninety (90) days written notice to the other Party at its normal place of business by registered mail.
(b) Upon termination of this IM Agreement, we shall dispose of all Health Information and terminate access to the Khure Platform within ninety (90) days of termination notice.
(a) We agree to indemnify you and hold you harmless from any claims, damages, losses or expenses (including legal fees) that you suffer as a result of our breach of this IM Agreement, or the unauthorized collection, use, sharing, disclosure or alteration of Health Information by us or our employees, agents, or subcontractors, except to the extent that such breach was caused or contributed to by you.
(b) You agree to notify us of any such claim without undue delay. We will have control over the defense, final award or settlement of such claim, but we will not compromise or settle a claim in your name without your prior consent. You agree to cooperate with us in such defense and settlement.
(a) The provisions of this IM Agreement are binding upon the Parties with respect to its subject matter and may only be modified or amended by the Parties by mutual agreement in writing.
(b) This IM Agreement is made under and shall be interpreted in accordance with the laws of the province of Alberta and the federal laws of Canada applicable therein.
(c) Each provision of this IM Agreement shall be severable from every other provision of this IM Agreement for the purpose of determining the legal enforceability of any specific provision unless to do so affects the entire intent and purpose of this IM Agreement.
(d) This Agreement sets forth the complete understanding of the Parties with respect to this subject matter and supersedes all other all prior and contemporaneous agreements, written or oral, between them concerning such subject matter with the exception of the Rare Disease Dashboard Services Agreement Terms and Conditions.
(e) No consent or waiver, express or implied by any Party of any breach or default by the other Party in the performance of any obligations hereunder shall be deemed or construed to be a consent or wavier to any other breach or default in the performance by such other Party of the same or any other obligation of such Party hereunder. Failure on the part of any Party to complain of any act or failure to act of any other Party or to declare any Party to be in breach or default, irrespective of how long such failure continues, shall not constitute a waiver by such party of its rights hereunder. No failure or delay by a Party in exercising any of its rights or pursuing any remedies available to it hereunder or at law or in equity shall in any way constitute a waiver or prohibition of such rights and remedies in the event of a breach of this IM Agreement.
(f) This IM Agreement may be executed in one or more counterparts, each of which shall be considered an original, and all of which together shall constitute one and the same IM Agreement. The delivery of this IM Agreement may be made by facsimile or other electronic means, and facsimile and electronic signatures shall be treated as original signatures for all applicable purposes.