Welcome to OutSmart!
Notice to Patients
Please take a moment to read these Terms carefully before subscribing to or using any of the Services. These Terms are a legal contract between SmartND Inc. (“OutSmart”, or “We”) and each person who uses the Services and are accepted by subscribing to our practice management and charting platform or by otherwise using our websites and resources. These Terms may be updated or amended from time to time.
In these Terms, we use the word “Subscriber” to refer to anyone (for example, a health clinic or health practitioner) who subscribes to and pays for our practice management and charting platform. We use the word “you” to refer to any individual user of our Services, such as a practitioner or staff member at a Subscriber’s clinic, or an individual browsing or using our websites and resources.
Ownership of the Services.
OutSmart owns, or has obtained the rights to use, all intellectual property rights in the Services. This includes the underlying software and technology that operates the Services; all materials and content posted or made available on our website or through the Services, such as our Guide, videos, photos, illustrative graphics, text, research and blog postings; and the trademark, OutSmart (TM).
License to You
OutSmart grants each Subscriber, and each individual using the Services, a limited license to access and use (i.e., display, print, download) the materials and content within the Services solely on a personal computer or device for the Subscriber’s internal business purposes and for your own personal, non-commercial use, provided that:
- You retain and keep intact all copyright, trademark or other proprietary notices;
- You do not disseminate or distribute our materials or content publicly;
- You do not sell or otherwise commercialize our materials or content for your own gain or for the gain of any other person; and
- You abide by our Acceptable Use Policy below.
Your Feedback and Contributions
We love to receive your feedback about our Services and to include your contributions in our resources where possible. To ensure we have the proper rights to do this, you grant OutSmart a non-exclusive, royalty-free, worldwide, perpetual and irrevocable right and license to use your feedback and contributions, including incorporating them into the Services and sharing them with other users. Please note that providing feedback or contributions does not make you an author, inventor or contributor of the Services and does not entitle you to any compensation or to any ownership rights in the Services.
Acceptable Use Policy
Users of our Services are expected to behave responsibly and to show respect for our people, our intellectual property and the law. You agree to communicate with the Outsmart team members in a mutually respectful manner at all times.
In addition, you must not:
- “frame” or “mirror” any content from our Services on any other website or server;
- post or transmit any material that is unlawful, harmful, defamatory, obscene, profane, discriminating, harassing, threatening, infringing of intellectual property, invasive of privacy rights, or otherwise objectionable;
- harvest, scrape or otherwise collect information about others from our Services, including names and email addresses;
- probe, scan or test the vulnerability of the Services or any web site, or breach the security or authentication measures of the Services;
- forge headers or otherwise manipulate identifiers in order to disguise the origin of any message or transmittal you send on or through the Services; or
- pretend that you are, or that you represent, someone else, or impersonate any other individual or entity.
OutSmart reserves the right to suspend or terminate your use of any or all of the Services, or take other appropriate remedial action, to address any inappropriate conduct or any violation or suspected violation of our Acceptable Use Policy or these Terms.
Virtual assistants are freelancers or businesses that provide virtual reception and administration services to practitioners. Practitioners with a paid subscription to OutSmart are permitted to invite virtual assistants to their OutSmart offices, and to allow these individuals or businesses to manage their patients and data in OutSmart. However, the following mandatory requirements must be met prior to inviting a virtual assistant to an OutSmart office:
- The OutSmart support team must be notified by the practitioner or clinic of the intent to invite a virtual assistant to join an office.
- The virtual assistant must schedule a 60 minute patient privacy training session with OutSmart support.
- The virtual assistant must register as an OutSmart Trained virtual assistant, and must provide OutSmart all relevant business information including:
- Registered business name (or own name if a freelancer)
- Registered business address
- Address from which services are being rendered
- Contact information including phone and email
- Proof of sufficient liability insurance covering medical data handling, where OutSmart EMR may need to be named as an additional insured.
Note that we do not allow the use of our system by virtual assisstants who have not registered with us, or attended the training session. We absolutely do not allow uninsured virtual assistants to use our system, nor do we allow unregistered virtual assistants to use our system.
You can subscribe to our practice management and charting platform by signing up for one of our subscription plans and paying the applicable fees. Subscriptions run on a monthly or yearly basis. Fees are charged monthly or yearly in advance in accordance with the billing information provided by you at the time of subscription. Subscribers may update their billing information or cancel their subscription at any time through their account settings or by contacting us. Except as set forth below under Termination, all fees are non-refundable. Subscriptions and fees may be increased to match increases in your platform usage over time.
Availability of the Services
Once a Subscriber has subscribed and paid, OutSmart will make the Services available to the Subscriber and their clinic members and patients for the subscription plan purchased. OutSmart will make the Services available in accordance with our Service Level Agreement, however, please note that OutSmart cannot be responsible for any unavailability of the Services caused by circumstances beyond our reasonable control, such as internet outages or issues with your computer systems or devices.
Our websites and resources are provided for general information about OutSmart products and services. They may not always be accurate or complete and are not intended to provide legal advice. We recommend that Subscribers obtain their own guidance and advice with respect to regulatory and legal compliance. Content and resources on our websites may be varied or discontinued from time to time.
The person signing up for a subscription is the “Account Owner” and will be authorized to administer the account. This includes authorizing additional user accounts for practitioners and staff, and granting and revoking user access rights and permissions. Each Clinic will have only 1 Account Owner. All questions about a Clinic’s subscription and its user account(s) should be directed to the Account Owner.
Subscribers and their users must provide accurate, current and complete information when creating their user accounts. Subscribers are responsible for all activities that occur under their user accounts and for any issues, claims or disputes arising out of the conduct of their users. Subscribers must take appropriate steps to protect their user accounts, including:
- Requiring users to set strong passwords
- Keeping user ID’s and passwords confidential
- Not providing any false identity information to access the Services
OutSmart will not be liable for any losses or damages caused by a Subscriber’s failure to maintain the confidentiality of its user accounts and its account credentials. If you discover or suspect any unauthorized access to or use of your Subscriber or user account, please reset your password immediately and notify us at firstname.lastname@example.org.
Ownership and Control
Each Subscriber retains ownership and control of its patient data and all information collected, entered, created or otherwise provided by the Subscriber and its users in the course of using the Services (“Subscriber Data”). Subscribers may be referred to as a “health information custodian”, a “covered entity” or a “controller” depending on their location and the privacy laws applicable to them. Subscribers are responsible for ensuring that their collection and use of Subscriber Data complies with applicable laws and regulatory requirements.
Each Subscriber determines:
- What Subscriber Data to collect;
- How the Subscriber will use the Subscriber Data;
- Which practitioners and staff have access to Subscriber Data;
- How long the Subscriber will store Subscriber Data; and
- On what basis the Subscriber will delete Subscriber Data.
Storage and Access
OutSmart is a service provider to Subscribers and may be referred to as an “agent”, “business associate” or “processor” of the Subscriber. Outsmart will keep Subscriber Data stored securely as described below under Security. Outsmart will only access Subscriber Data at the request of a Subscriber or its users, or where needed in order to prevent or address technical problems affecting the Services or if required by law, regulation or court order. As we otherwise have no control over Subscriber Data, we are not responsible for incorrect, incomplete, lost or damaged Subscriber Data, except to the extent it is caused by our failure to meet our obligations under these Terms.
HIPAA / GDPR Compliance
If a Subscriber is subject to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), we will, upon request, enter into our Business Associate Agreement (“BAA”) with the Subscriber. Please contact us to request a copy of our BAA. If a Subscriber is subject to the General Data Protection Regulation (“GDPR”), the terms of our Data Processing Addendum will apply and are incorporated into these Terms.
Questions About Subscriber Data
If you have any questions about your Subscriber Data, please contact your Account Owner. If an Account Owner has any questions about the management of Subscriber Data in the Services, the Account Owner may contact us at email@example.com
Outsmart may use computer-generated algorithms to gather anonymous and aggregated information from Subscriber Data in order to assist in our continued development and improvement of the Services, and for research, data analysis, benchmarking, statistics or trend analysis. We will ensure that none of the information we gather identifies, or could be used to identify, any user or patient. Outsmart may share such anonymized information with Subscribers and others, for example, by providing insights into most common conditions, most popular treatments or benchmarking fees against industry or regional norms.
OutSmart will maintain industry-standard administrative, physical and technical safeguards to prevent the unauthorized access, use or disclosure of Subscriber Data processed through or stored in the Services. These safeguards include, but are not limited to, security policies and training for our personnel, access controls, minimum security certifications and practices for our data centers, PCI-compliant payment processors and encryption.
The Services also contain features which allow you to further enhance the security of your Subscriber Data. For example, by establishing account access controls for each user or the ability to sign and lock charts to prevent charts from being accidentally overwritten. See our online Knowledgebase for further details or contact us for assistance.
OutSmart will notify affected Subscribers if OutSmart determines that the security of the Services has been breached and this results in Subscriber Data being accessed by or disclosed to an individual or entity who is not authorized to access or receive such information. OutSmart will report to the affected Subscriber(s) on the corrective action being taken in response to such security breach and will reasonably cooperate with such Subscriber(s) in mitigating the effects of any lost or compromised Subscriber Data.
Subscribers and their users will notify OutSmart immediately if they become aware of any unauthorized use of their account(s), of any user ID and password, or any other known or suspected breach of security.
Data Retention Policy
During Your Subscription Term
Our practice management and charting platform is designed to retain, protect and preserve the integrity of Subscriber Data in order to assist our Subscribers with their regulatory and compliance obligations around patient records. As a result, we will not delete Subscriber Data during your subscription term, unless there is a regulatory or legal requirement to do so. If you have such a requirement, please have your Account Owner contact us.
Subscribers may export their Subscriber Data at any time and should do so prior to ceasing or terminating their use of our practice management and charting platform. Practitioners who change practices may also arrange with their Account Owner for export of their patient data.
When a subscription expires or is terminated, the account is deactivated. This means the account and any Subscriber Data associated with the account is no longer available for use and cannot be accessed through the internet. The account and its Subscriber Data will be retained in the event the Subscriber wishes to re-activate the account. We will store Subscriber Data securely and isolate it from any further processing while it is deactivated.
Account Owners may contact us with questions about their Subscriber Data. Please note that, in order to maintain strict security of Subscriber Data, we cannot take instructions from anyone other than the Account Owner.
If any fees are more than 30 days overdue, we may, without limiting our other rights and remedies, suspend or terminate access to the Services until the overdue amounts are paid in full. We will provide prior notice that fees are overdue before we do this, and we will not exercise this right if the Subscriber is disputing the applicable fees reasonably and in good faith and is cooperating diligently to resolve the dispute.
Termination by Us
OutSmart may terminate or suspend access to the Services, or suspend or deactivate a Subscriber’s or a user’s account, if the Subscriber or user breaches any obligations under these Terms. OutSmart may also terminate a Subscriber’s subscription if OutSmart discontinues the Services. We will use our best efforts to notify you in advance of any suspension or termination and help Subscriber’s retrieve their Subscriber Data; however, there may be some cases where we need to suspend access immediately in order to prevent harm to others.
If a Subscriber terminates its subscription due to a breach by OutSmart or OutSmart discontinues the Services, we will refund any fees you had pre-paid for the remaining unused portion of your subscription term. If OutSmart terminates a Subscriber’s subscription due to a breach by the Subscriber, the Subscriber will not be entitled to any refund and must pay any unpaid fees for the remaining unused portion of the subscription term.
Termination does not relieve a Subscriber of its obligation to pay fees for any period prior to the effective date of termination.
We want to provide great Services; however, there are certain things about the Services that we cannot promise. For example, OutSmart cannot promise, and does not represent or warrant that:
- The Services will meet your specific needs or requirements;
- The Services will be uninterrupted, timely, 100% secure or free from errors, viruses or other defects; or
- Information provided through the Services will be accurate, timely, complete or reliable.
YOU UNDERSTAND AND AGREE THAT: (A) EXCEPT AS SPECIFICALLY PROVIDED IN THESE TERMS, THE SERVICES ARE PROVIDED “AS IS” WITHOUT WARRANTY AND THAT USE OF THE SERVICES IS AT YOUR SOLE RISK; AND (B) OUTSMART MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, QUALITY OR NON-INFRINGEMENT.
Limitation of Liability
THE TOTAL LIABILITY OF EITHER OF US under these terms WILL BE LIMITED TO THE AMOUNT YOU PAID TO OUTSMART FOR USE OF THE SERVICES IN THE three (3) MONTH PERIOD PRECEDING THE DATE OF THE CLAIM, OR ONE HUNDRED DOLLARS ($100) IF YOU HAVE NOT HAD ANY PAYMENT OBLIGATION TO OUTSMART.
No Indirect or Consequential Damages
Regardless of the above, neither of us will be liable, UNDER ANY CIRCUMSTANCES, for any indirect, SPECIAL or consequential damages arising out of or in connection with the services, SUCH AS LOST REVENUE or BUSINESS INTERRUPTION. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES, SO THIS LIMITATION MAY NOT APPLY DEPENDING ON WHERE YOU LIVE.
Notices, Governing Law and Disputes
OutSmart will provide Subscribers with notices, alerts and communications regarding the Services and these Terms electronically to the email address on file for your Account Owner. Account Owners may update their account information at any time by using their account settings. Any notice you are required or wish to provide to OutSmart may be provided to the contacts shown below under Contact Us.
The Services are provided by OutSmart from its offices in Ottawa, Canada. All matters relating to access to and use of the Services will be governed by the laws of the Province of Ottawa, ON, Canada.
In the event of a dispute, we both agree to try settle the dispute through consultation and negotiation in good faith and a spirit of mutual cooperation. We may also agree to use some form of non-binding alternative dispute resolution, such as mediation. If we are unable to resolve the dispute within 60 days after it first arose, we will resolve the dispute by binding arbitration before a single arbitrator with relevant experience. The arbitration will be held in Ottawa, ON. and will be administered by ICDR Canada ( www.icdr.org/icdrcanada ) in accordance with its Canadian Expedited Procedures.
If you have any questions regarding the Services or these Terms, please contact us at: firstname.lastname@example.org or at the contact information shown below. We will make every effort to answer your questions.
1309 Carling Ave
K1Z 7L3 Canada
Updated: September 18, 2020
Data Processing Addendum
This Data Processing Addendum (“DPA”) applies when SmartND Inc. (“OutSmart”) processes personal data that is subject to the General Data Protection Regulation (GDPR) on behalf of an organization or person (“Subscriber”) who has subscribed to OutSmart’s practice management and charting platform (the “Services”).
- “GDPR”means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
- “Personal Data” means any information relating to an identified natural person or which can be used (directly or indirectly) to identify a natural person, such as name, address, email address, username, credit card, billing information, health information or other like information.
- “Process” or “Processing” means the collection, use, storage, disclosure, erasure or destruction of Personal Data, or any other operation or set of operations performed on Personal Data, whether or not by automated means.
- Roles. The Subscriber will act as the “Controller”, being the party who determines the purposes and means of the Processing of Personal Data. OutSmart will act as the “Processor” being the service provider who Processes Personal Data on behalf of the Subscriber. Each party will comply with the provisions of the GDPR that apply to its role as Controller or Processor, respectively.
- Purpose and Duration of Processing. Each party will Process Personal Data only as necessary for the provision and use of the Services, and for as long as the Subscriber has a valid paid subscription to the Services.
- Categories of Personal Data. The categories of Personal Data to be Processed will be determined by the Subscriber, but may include: name, address, email address, telephone number, health insurance information, billing information and data concerning health. The categories of individuals whose Personal Data may be processed are: employees, contractors and patients of the Subscriber.
- Obligations. OutSmart will:
- not transfer Personal Data to a country outside the European Union, the EEA or the United Kingdom, except where such third country provides appropriate safeguards by way of an adequacy decision (such as Canada) or where the recipient of the Personal Data provides appropriate safeguards through adherence to an approved certification framework (such as the EU-US Privacy Shield), Standard Contractual Clauses or binding corporate rules, or other legal mechanisms are in place to safeguard the Personal Data being transferred;
- ensure that persons authorized to Process the Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;
- implement and maintain appropriate technical and organizational measures to protect the security, confidentiality and integrity of the Personal Data (including as appropriate, pseudonymization, encryption, incident management, restoration and access controls), and will regularly monitor compliance with these measures;
- use only sub-processors who maintain at least the same level of security measures and adequate safeguards as required under this Addendum and who have entered a written agreement (which may be electronic) with OutSmart requiring such measures and safeguards. OutSmart will inform the Subscriber of any intended changes to its sub-processors. If a sub-processor fails to fulfill its data protection obligations, OutSmart will be liable for the performance of such obligations;
- notify the Subscriber, without undue delay, after becoming aware of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data processed by OutSmart, and take all steps reasonably within OutSmart’s control to mitigate and remediate the breach;
- meet its obligations under the GDPR to assist the Subscriber, insofar as this is possible and at the expense of the Subscriber, to:
- respond to individuals’ requests to exercise their rights with respect to their Personal Data being Processed by OutSmart; provided however, that OutSmart will not respond directly to any individual; and
- meet the Subscriber’s legal obligations with respect to breach notification, data protection impact assessments, or the cooperation or prior consultation with a supervisory authority with respect to Personal Data Processed by OutSmart;
- upon request of the Subscriber, either delete or return Personal Data after completion of Services relating to the Processing, subject to any legal or regulatory obligations to maintain or store the Personal Data; and
- provide the Subscriber with all information necessary to demonstrate OutSmart’s compliance with the GDPR, and contribute to audits or inspections to be conducted by or on behalf of the Subscriber no more than once in any calendar year, unless an additional audit is required by the GDPR or regulatory authority, or is reasonably necessary due to genuine concerns regarding OutSmart’s compliance with this DPA. The Subscriber will provide reasonable advance notice of any audit and will abide by OutSmart’s reasonable security requirements. OutSmart may charge for any time expended for such audit or inspection at OutSmart’s then-current hourly rates.