Acceptable Use Policy
This policy establishes the acceptable use requirements for eHealth Ontario products and services, as well as the technology infrastructure used by eHealth Ontario to provide such products and services. eHealth Ontario may revise this policy from time-to-time in its sole discretion, and any revisions will be posted at www.ehealthontario.on.ca. Notice of any revision will be given to you in accordance with the agreement pursuant to which eHealth Ontario provides products or services to you.
2. Scope and Application
This policy applies to all users. Any person who accesses or uses the technology infrastructure or uses a product or service provided by eHealth Ontario is a “user”. A “person” includes any individual, person, estate, trust, firm, partnership or corporation, government or any agency or ministry of any government, and includes any successor to any of the foregoing.
Each client organization is responsible:
a) for any access or use of eHealth Ontario’s products, services or technology infrastructure made by any user who is an individual and who obtained his or her passwords, secure tokens, digital certificates and any other identifiers (“credentials”) to access the technology infrastructure and any product or service provided by eHealth Ontario from that client organization or at the direction of that client organization;
b) for reviewing all active accounts and enrollments with access to eHealth Ontario’s products, services or technology infrastructure, at least annually; and
c) for maintaining (update/suspend/revoke/reinstate) users’ access in alignment with current circumstances, e.g. revoking access when it is no longer required or authorized.
4. Acceptable Use
Users are permitted to use eHealth Ontario’s products, services and technology infrastructure solely for health carerelated business activities.
5. Inappropriate and Unacceptable Uses
Users must not use eHealth Ontario’s products, services or technology infrastructure in any manner that constitutes an inappropriate or unacceptable use, which include, but is not limited to:
a) the creation, collection, transmission, storage or exchange of any material in violation of applicable laws;
b) Defaming other persons (e.g., spreading false allegations or rumours about others);
c) Accessing, using, collecting, destroying, encrypting, altering or disposing of information in violation of any applicable laws;
d) Making, possessing or distributing computer programs that are designed to assist in obtaining access to computer systems in violation of applicable laws; Acceptable Use Policy / Version 4 2
e) Promoting hatred against any identifiable group or individual by communicating such statements in violation of applicable laws;
f) Harassing other persons electronically (e.g., making threats to a person’s safety or property);
g) Possessing, viewing, downloading, transmitting, or storing any pornography or any involvement whatsoever with the traffic of such material;
h) Using another user’s password, secure token, digital certificates, or any other identifier to engage in any activity in violation of applicable laws;
i) Breaching copyright, trade secret, or other intellectual property rights (e.g., breaching software licences, pirating recorded music or movies or stealing trade secrets);
j) Wilfully bypassing or subverting eHealth Ontario’s physical, logical or procedural safeguards such as firewalls, web-filtering software or other access controls;
k) Vandalism, which is defined as any malicious attempt to harm or destroy the information of another user, the Internet or other networks;
l) Harassment, including but not limited to persistent non-work related contact with another user when such contact is unwelcome or creating a poisoned work environment by accessing, displaying, storing, downloading or transmitting any content which is offensive;
m) The sending of unwanted email or unsolicited commercial or advertising material to any other person;
n) Deliberate unauthorised access to information, facilities or services accessible through the eHealth Ontario infrastructure;
o) Unauthorised use, collection, disposal, destruction, encryption, alteration or disclosure of any personal information, business trade secrets, or sensitive information provided by or obtained from eHealth Ontario;
p) Sending anonymous messages or impersonating any other person;
q) Selling, sharing or otherwise redistributing eHealth Ontario products or services without written authorization from eHealth Ontario;
r) Electronic gambling over the Internet; and
s) Any other activity that may expose eHealth Ontario to civil liability. Acceptable Use Policy / Version 4 3
6.1 Users must ensure that any credentials used by the user to directly or indirectly gain access to the products, services or technology infrastructure are safeguarded.
6.2 Users must immediately notify their client organisation help desk or system administrator if they suspect or know that any credentials have been or may be breached or compromised.
6.3 Client organisations that suspect or know any credentials have been or may be breached or compromised must notify eHealth Ontario.
7. Breaches of This Policy
7.1 Users and client organisations must report all breaches of this policy of which they are aware to eHealth Ontario. Users must do so through the help desk from which they receive technical support, and client organisations must contact eHealth Ontario directly.
7.2 eHealth Ontario reserves the right to investigate suspected breaches of this policy, and users and client organisations will cooperate when asked to assist in any such investigation.
7.3 eHealth Ontario may, in its sole discretion, suspend or revoke a user’s access to eHealth Ontario’s products, services, or technology infrastructure should such user breach this policy.
7.4 Client organisations will cooperate with eHealth Ontario on the management of breaches of this policy. This responsibility includes, but is not limited to, assisting with the development and distribution of communications regarding breaches or incidents.
7.5 Breaches of this policy may result in criminal prosecution or civil liability.
7.6 Although eHealth Ontario is not obligated to monitor content and assumes no responsibility for any information or material that is transmitted by users of the products, services, technology infrastructure or Internet, eHealth Ontario reserves the right, subject to all applicable laws relating to the protection of personal information, to investigate content posted to or transmitted over eHealth Ontario’s technology infrastructure and may block access to, refuse to post, or remove any information or material that it deems to be in breach of this policy.
7.7 eHealth Ontario may report breaches of this policy committed by a user to the client organisation responsible for that user’s actions.
7.8 eHealth Ontario assumes no liability for enforcing or not enforcing this policy, and any failure by eHealth Ontario to enforce any part of this policy shall not constitute waiver by eHealth Ontario of any right to do so at any time.
7.9 If any provision of this policy is found to be invalid or unenforceable, then that provision will be enforced to the extent permissible, and all other provisions will remain in full force and effect.