Terms of Service

1. ACCEPTANCE OF TERMS

By accessing or using CyberMD AI ("Service"), you ("Healthcare Provider", "Client", or "you") agree to be bound by these Terms of Service ("Terms"). If you are entering into these Terms on behalf of a healthcare organization, you represent and warrant that you have the authority to bind such organization to these Terms.

2. SERVICE DESCRIPTION

CyberMD AI is an artificial intelligence-powered medical transcription and documentation service designed for Canadian healthcare providers. The Service assists in creating clinical documentation from patient encounters while maintaining compliance with applicable privacy and healthcare regulations.

3. PHIPA COMPLIANCE AND DATA PROTECTION

3.1 Compliance Framework

Both parties acknowledge and agree to comply with:

• Personal Health Information Protection Act (PHIPA) of Ontario
• Personal Information Protection and Electronic Documents Act (PIPEDA)
• Freedom of Information and Protection of Privacy Act (FIPPA)
• All applicable provincial and federal privacy legislation

3.2 Information Manager Responsibilities

The Healthcare Provider remains the Health Information Custodian (HIC) under PHIPA and retains all responsibilities for:

• Obtaining patient consent for collection, use, and disclosure of personal health information (PHI)
• Ensuring accuracy and completeness of health records
• Responding to patient access requests and correction requests
• Maintaining appropriate administrative, technical, and physical safeguards

3.3 Service Provider Obligations

CyberMD AI acts as an Electronic Service Provider and agrees to:

• Process PHI only as directed by the Healthcare Provider
• Implement and maintain appropriate security safeguards in accordance with PHIPA regulations
• Notify the Healthcare Provider immediately of any privacy breach or unauthorized access
• Not use or disclose PHI except as permitted under these Terms and applicable law
• Return or securely destroy PHI upon termination of service

4. DATA SECURITY

4.1 Security Measures

CyberMD AI implements industry-standard security measures including:

• End-to-end encryption for data in transit and at rest
• Multi-factor authentication
• Regular security audits and assessments
• Access controls and audit logging
• Secure data centers located in Canada

4.2 Data Residency

All PHI is stored exclusively in Canadian data centers to ensure compliance with Canadian privacy laws.

4.3 Breach Notification

In the event of a privacy breach:

• CyberMD AI will notify the Healthcare Provider within 24 hours of discovery
• Provide full details of the breach including affected records
• Cooperate fully in any investigation or remediation
• Assist with regulatory reporting requirements

5. USE OF SERVICE

5.1 Authorized Use

The Service may only be used for legitimate healthcare purposes in accordance with applicable professional standards and regulations.

5.2 User Responsibilities

Healthcare Providers must:

• Maintain confidentiality of login credentials
• Ensure all users complete appropriate privacy and security training
• Report any suspected security incidents immediately
• Verify accuracy of AI-generated documentation before finalizing
• Maintain appropriate professional liability insurance

5.3 Prohibited Uses

You may not:

• Use the Service for any unlawful purpose
• Share access credentials with unauthorized individuals
• Attempt to reverse engineer or compromise the Service
• Use the Service to process information of patients who have not consented
• Export PHI to non-compliant systems or jurisdictions

6. CLINICAL DISCLAIMER

6.1 Not Medical Advice

CyberMD AI is a documentation assistance tool only. All clinical decisions remain the sole responsibility of the Healthcare Provider.

6.2 Verification Required

Healthcare Providers must review and verify all AI-generated documentation for accuracy and completeness before incorporating into patient records.

6.3 No Warranty of Accuracy

While CyberMD AI strives for accuracy, we do not guarantee that transcriptions or documentation will be error-free. Healthcare Providers assume full responsibility for the content of finalized documentation.

7. AUDIT AND COMPLIANCE

7.1 Audit Rights

Healthcare Providers may, with reasonable notice, audit CyberMD AI's compliance with these Terms and applicable privacy legislation.

7.2 Regulatory Inspections

CyberMD AI will cooperate with any regulatory inspections or investigations related to the handling of PHI.

7.3 Record Keeping

CyberMD AI maintains comprehensive audit logs of all access to and processing of PHI in accordance with PHIPA requirements.

8. FEES AND PAYMENT

8.1 Subscription Fees

Fees are as set forth in the applicable subscription plan selected by the Healthcare Provider.

8.2 Payment Terms

All fees are due in advance on a monthly or annual basis as selected. Payments are non-refundable except as required by law.

8.3 Fee Changes

CyberMD AI may adjust fees with 30 days' notice. Continued use of the Service constitutes acceptance of new fees.

9. INTELLECTUAL PROPERTY

9.1 Service Ownership

CyberMD AI retains all rights to the Service, including proprietary algorithms, software, and documentation.

9.2 Healthcare Data

Healthcare Providers retain all rights to their patient data and clinical documentation.

9.3 Feedback

Any feedback or suggestions provided may be used by CyberMD AI to improve the Service without compensation.

10. INDEMNIFICATION

10.1 Healthcare Provider Indemnification

Healthcare Providers agree to indemnify and hold harmless CyberMD AI from any claims arising from:

• Breach of these Terms
• Violation of applicable laws or regulations
• Negligent or wrongful acts in connection with use of the Service
• Inaccurate or incomplete patient consent

10.2 CyberMD AI Indemnification

CyberMD AI will indemnify Healthcare Providers for claims arising directly from:

• Breach of PHIPA compliance obligations under these Terms
• Gross negligence or willful misconduct by CyberMD AI
• Breach of security resulting from CyberMD AI's failure to maintain appropriate safeguards

11. LIMITATION OF LIABILITY

11.1 Disclaimer of Warranties

THE SERVICE IS PROVIDED "AS IS" WITHOUT WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED.

11.2 Limitation of Damages

EXCEPT FOR BREACHES OF PRIVACY OBLIGATIONS, NEITHER PARTY SHALL BE LIABLE FOR INDIRECT, INCIDENTAL, SPECIAL, OR CONSEQUENTIAL DAMAGES.

11.3 Cap on Liability

Except for privacy breaches, indemnification obligations, or gross negligence, each party's total liability shall not exceed the fees paid in the twelve months preceding the claim.

12. TERM AND TERMINATION

12.1 Term

These Terms commence upon first use of the Service and continue until terminated.

12.2 Termination for Convenience

Either party may terminate with 30 days' written notice.

12.3 Termination for Cause

Either party may terminate immediately for material breach that remains uncured after 10 days' notice.

12.4 Effect of Termination

Upon termination:

• Access to the Service will be discontinued
• Healthcare Provider may export their data within 30 days
• All PHI will be returned or securely destroyed as directed
• Obligations regarding confidentiality and PHI protection survive termination

13. DATA RETENTION AND DELETION

13.1 Retention Period

PHI is retained only for as long as necessary to provide the Service and comply with legal obligations.

13.2 Deletion Requests

Healthcare Providers may request deletion of specific PHI at any time, subject to legal retention requirements.

13.3 Post-Termination

Following termination, all PHI will be permanently deleted after the 30-day export period unless otherwise required by law.

14. DISPUTE RESOLUTION

14.1 Governing Law

These Terms are governed by the laws of Ontario, Canada.

14.2 Arbitration

Disputes shall be resolved through binding arbitration in Ontario under the Arbitration Act, 1991.

14.3 Injunctive Relief

Either party may seek injunctive relief for breaches of confidentiality or privacy obligations.

15. GENERAL PROVISIONS

15.1 Entire Agreement

These Terms constitute the entire agreement between the parties regarding the Service.

15.2 Amendments

CyberMD AI may modify these Terms with 30 days' notice. Continued use constitutes acceptance.

15.3 Severability

If any provision is found invalid, the remaining provisions continue in effect.

15.4 Assignment

Healthcare Providers may not assign these Terms without written consent.

15.5 Force Majeure

Neither party is liable for delays due to circumstances beyond reasonable control.

15.6 Notices

All notices must be in writing to the addresses provided during registration.

16. PRIVACY AND CONSENT

16.1 Privacy Policy

Use of the Service is also governed by our Privacy Policy, which details how we collect, use, and protect information.

16.2 Patient Consent

Healthcare Providers warrant that they have obtained all necessary patient consents for the use of CyberMD AI in documenting patient encounters.

16.3 Consent Management

Healthcare Providers are responsible for:

• Maintaining records of patient consent
• Honoring patient withdrawal of consent
• Ensuring consent covers AI-assisted documentation

17. TRAINING AND SUPPORT

17.1 Training

CyberMD AI provides initial training on Service use and PHIPA compliance features.

17.2 Support

Technical support is available during business hours (9 AM - 5 PM EST, Monday-Friday).

17.3 Updates

Service updates and maintenance will be communicated with reasonable advance notice.

18. COMPLIANCE CERTIFICATIONS

CyberMD AI maintains compliance with:

• SOC 2 Type II certification
• ISO 27001 information security standards
• Canadian Centre for Cyber Security guidelines

19. CONTACT INFORMATION

For questions about these Terms or the Service:

CyberMD Inc.

Email: legal@cybermd.ca

Website: www.cybermd.ca

20. ACKNOWLEDGMENT

By using CyberMD AI, you acknowledge that you have read, understood, and agree to be bound by these Terms of Service and all applicable policies and guidelines.