Acceptable Use Policy
1. Summary
This Acceptable Use Policy (this “policy”) establishes the acceptable use requirements for Ontario Health information technology products and services made available by its Digital Services business unit, primarily the technology infrastructure used to provide such products and services. Ontario Health may revise this policy from time-to-time in its sole discretion, and any revisions will be posted at www.ehealthontario.on.ca. Notice of any revision will made in accordance with the agreement under which Ontario Health provides you with such products or services.
2. Scope and Application
This policy applies to all users. Any person who accesses or uses the technology infrastructure made available by the Digital Services business unit of Ontario Health, including any product or service, is a “user”. A “person” includes any individual, person, estate, trust, firm, partnership or corporation, government or any agency or ministry of any government, and includes any successor to any of the foregoing. Where the word “including” or “includes” are used it means including but not limited to or including without limitation.
3. Accountability
Each organization that has entered into an agreement with Ontario Health to access and use the products, services or technology infrastructure made available is a “client” and is responsible for:
-
Any access or use of such products, services or technology infrastructure made by any user that has obtained passwords, secure tokens, digital certificates and any other identifiers (“credentials”) to access or use such products, services or technology infrastructure from or through that client or at the direction of that client;
-
Reviewing all active accounts and enrollments of its users with access to the products, services or technology infrastructure at least annually; and
-
Maintaining (update/suspend/revoke/reinstate) its users’ access to the products, services or technology infrastructure in alignment with current circumstances, e.g. revoking access when it is no longer required or authorized for a user.
4. Acceptable Use
Users are permitted to use the products, services and technology infrastructure of Ontario Health solely for the purposes authorized in the applicable agreement under which Ontario Health provides the client with such products, services and technology infrastructure.
5. Inappropriate and Unacceptable Uses
Users must not use the products, services or technology infrastructure made available by Ontario Health in any manner that constitutes an inappropriate or unacceptable use, including:
-
The creation, collection, transmission, storage or exchange of any material in violation of applicable laws;
-
Defaming other persons (e.g. spreading false allegations or rumours about others);
-
Accessing, using, collecting, destroying, encrypting, altering or disposing of information in violation of any applicable laws;
-
Making, possessing or distributing computer programs that are designed to assist in obtaining access to computer systems in violation of applicable laws;
-
Promoting hatred against any identifiable group or individual by communicating such statements in violation of applicable laws;
-
Harassing other persons electronically (e.g. making threats to a person’s safety or property);
-
Possessing, viewing, downloading, transmitting or storing any pornography, or any involvement whatsoever with the traffic of such material;
-
Using another user’s credentials to engage in any activity in violation of applicable laws;
-
Breaching copyright, trade secret, or other intellectual property rights (e.g. breaching software licences, pirating recorded music or movies or stealing trade secrets);
-
Wilfully bypassing or subverting any physical, logical or procedural safeguards used by Ontario Health or any other person, such as firewalls, web-filtering software or other access controls;
-
Vandalism, which is defined as any malicious attempt to harm or destroy the information of another user, the Internet or other networks;
-
Harassment, including persistent non-work related contact with another person when such contact is unwelcome or may be deemed to create a poisoned work environment by accessing, displaying, storing, downloading or transmitting any content which is offensive;
-
The sending of unwanted email or unsolicited commercial or advertising material to any other person;
-
Deliberate unauthorised access to information, facilities or services accessible through the Ontario Health infrastructure;
-
Unauthorised use, collection, disposal, destruction, encryption, alteration or disclosure of any personal information, personal health information, business trade secrets, or sensitive information;
-
Sending anonymous messages or impersonating any other person;
-
Selling, sharing or otherwise redistributing Ontario Health products or services without written authorization from Ontario Health;
-
Electronic gambling over the Internet; and
-
Any other activity that may expose Ontario Health to civil liability..
6. Security
6.1 Each user must ensure that any credentials issued to that user are kept confidential and protected from unauthorized use or disclosure.
6.2 Each user that has obtained credentials from or through a client must immediately notify that client’s help desk or system administrator if they suspect or know that any credentials have been, or may be, breached or compromised.
6.3 Clients that suspect or know that any credentials have been or may be breached or compromised must immediately notify Ontario Health.
7. Violations of this Policy
7.1 Users and clients must report all breaches of this policy of which they are aware to Ontario Health. Each user must do so through the help desk from which they receive technical support, and clients must contact Ontario Health directly.
7.2 Ontario Health reserves the right to investigate suspected breaches of this policy, and all users and clients will cooperate when asked to assist in any such investigation.
7.3 Ontario Health may, in its sole discretion, suspend or revoke a user’s access to the products, services, or technology infrastructure of Ontario Health should such user breach this policy.
7.4 Clients will cooperate with Ontario Health in the management of breaches of this policy. This responsibility includes assisting with the development and distribution of communications regarding breaches or incidents.
7.5 Breaches of this policy may result in criminal prosecution or civil liability.
7.6 Although Ontario Health is not obligated to monitor content, and assumes no responsibility for any information or material that is transmitted by users of the products, services or technology infrastructure made available by Ontario Health, or the Internet, Ontario Health reserves the right, subject to all applicable laws relating to the protection of personal information and personal health information, to investigate content posted to or transmitted over its technology infrastructure, and may block access to, refuse to post, or remove any information or material that it deems to be in breach of this policy.
7.7 Ontario Health may report breaches of this policy committed by any user to the client responsible for that user’s actions.
7.8 Ontario Health assumes no liability for enforcing or not enforcing this policy, and any failure by Ontario Health to enforce any part of this policy will not constitute a waiver by Ontario Health to enforce any right or obligation in this policy at any time.
7.9 If any provision of this policy is found to be invalid or unenforceable, then that provision will be enforced to the extent permissible, and all other provisions will remain in full force and effect.