This Document Is the Schedule for ONE ID Direct Service Pursuant to the SSHA Services Agreement

This Document Is the Schedule for ONE ID Direct Service Pursuant to the SSHA Services Agreement

Thisdocument (this “Schedule”) istheSchedule forPKIServicepursuanttotheeHealthOntarioServices Agreement(the“Agreement”) betweeneHealthOntarioandClient(“Client”)andismade effectiveasof <Insert effective date>(the“EffectiveDate”).

FullLegalNameof Vendor

ABELMed Inc.

  1. Definitions

Unless otherwise specified in this Schedule, capitalized terms in this Schedule have the same meanings as those assigned to them in the Agreement:

“Certificate” means a credential thatisissuedtoa Registrant or a Computer Application toallowthe authenticationof theRegistrant’sidentitytoasystemorapplication

“CA” means eHealth Ontario’s Certificate Authority, which is theindividualorgroup ofindividualsdesignatedby eHealth Ontariowhoareresponsiblefortheregistration,serviceenrolment, andauthentication servicesprovidedbyeHealthOntariotoclients.

Certification Policy Manual” means the document published by eHealth Ontario and designatedaseHealthOntario’sCertificationPolicyManualasamendedfromtimetotime. A copyoftheCertificationPolicyManualisavailableat from eHealthOntario.

“CRL”meansthe Certificate Revocation List, which is thelistofrevokedCertificatesthatiscreated,time stampedandsignedbythe sameCertificateAuthoritythat issuedtheCertificates.A Certificateis addedtothelistifitisrevokedandthenremoved fromthelistwhenitreachestheendofthe Certificate’svalidityperiod.

ComputerApplication” meansanidentifiable computersoftwareprocessthatgeneratesor receivescommunications ortransactionsonbehalfofanindividualororganizationwhichit represents. The software program which is (i) licensed or owned by Client and (ii) operated by Client to further any of its legitimate business interests related to the provision of healthcare services.

“Developer”meansanythirdpartywhoisprovidingservicestoClientthatinvolvetestingthe interoperability betweenanapplicationorsystembeingdevelopedbyorforClientandeHealth Ontario’sPKIInfrastructure.

eHealthOntario’sPKIInfrastructure”means,asthecontextdictates, either orboth theportion of eHealth Ontario’s technology infrastructure dedicated to managing Certificates and the policies, proceduresandcontrolsusedbyeHealthOntariofortheadministrationandoperationof that infrastructure.

“LRA” means an individual that has been delegated responsibility by a Sponsorship Organization or the CA as the local registration authority for the performance of tasks associated with validating the identity, registering, enrolling, and managing Registrants which are within the scope of his or her authority as delegated by a Sponsorship Organization or the CA and LRAs means more than one LRA

“ONE ID”is eHealth Ontario’s identity and access management service that enables Registrants (End Users and Computer Applications) to access ehealth services.

“PKIService”meanstheservicesdescribedinsections2 and4, below.

“PrivateKey”meansthesecret(private)keythatcorrespondstothepublickeyinaCertificate.

“Registrant”means anindividual,or ComputerApplicationassociatedwith Client, whoorwhichhasorrequiresaccesstothe PKI Service.

Sponsorship Organization” means any client of eHealth Ontario who has been given the authority to sponsor its Representatives or Computer Applications for enrolment in one or more Sponsored Services.

2.ProvisionofPKI Service and Plain Language Description

2.1Whenrequesting thePKIService,Clientshouldcomplete,signandsubmitthisSchedule. The provisionofPKIServicetoClientissubjecttothetermsandconditionsoftheAgreement includingthis Schedule.

2.2eHealthOntariomayinitssolediscretionmodifyorupgradetheinfrastructurethateHealthOntariousesto providethe PKIService,from timetotime.

2.3Clientherebyacknowledgesobtainingfrom eHealthOntariotheplainlanguagedescriptionsof the PKIServiceandthesafeguards implementedbyeHealthOntario toprotectagainstunauthorized use and disclosure of and to protect the integrity of personal health information. Thecurrentcopyofthe plain language descriptionisavailableattheeHealthOntariowebsite eHealth Ontario may amend the plain language description from time-to-time by posting a notice on the eHealth Ontario website at and Client is responsible for reviewing and retaining a copy of any amended plain language description. The Client’s continued use of the Services constitutes acceptance of any amended plain language description. For a period of 10 business days following any date on which eHealth Ontario issues a notice of any amendment, if that amendment is unacceptable to Client, Client may terminate this Schedule upon 30 days written notice to eHealth Ontario.

3.Services

3.1CertificationPolicy Manual. TheissuanceanduseofCertificatesbythe CAtoClientis governedbytheCertificationPolicyManualandthetermsandconditionsofthisScheduleand theAgreement. IntheeventofaninconsistencybetweenthisScheduleandtheCertification Policy Manual,thetermsoftheCertification PolicyManualshallprevailtotheextentofthe inconsistency.

3.2Request.ClientmaysubmitarequestforaCertificatetotheCAdirectlyorthrougha LocalRegistrationAuthority. TheinformationthattheCArequiresin ordertoevaluatearequest foraCertificate(including aCertificateissued fortesting purposes) is setoutintheCertificationPolicyManual. Clientagreestoincludesuchinformationinany requestforaCertificate. Totheextentthatsuchinformation isconsideredtobePersonal Information,Clientisresponsibleforobtainingthenecessaryconsentstothecollection,useand disclosure ofsuchinformation. ShouldClientbecomeawareofanychangetosuchinformation, ClientwillgivewrittennoticeofthatchangetoeHealthOntariopromptlyand,inany event,within forty-eight(48)hours.

3.3Issuance.TheCAwillevaluateeachrequestforaCertificatereceivedfromClientfor compliance withtheCertification Policy Manual,thisSchedule, andtheAgreement. Ifthe issuanceoftherequestedCertificateisappropriategiventheCertificationPolicyManualandthe termsandconditionsofthisScheduleandtheAgreement,theCAmayissue the Certificate. Issuance of a Certificate is at the sole discretion of the CA and theCAretains therighttorefusetoissueaCertificate toanyapplicant. ShouldtheCArefusetoissuea Certificate toClientforanyreason,theCAwillgiveClientwrittennoticeoftheCA’srefusal, includingnotificationof thereasonforsuchrefusal.

3.4ProtectionofPrivateKeys.ClientagreestokeepallPrivateKeysconfidentialandto takereasonableandsecurestepstopreventanyloss,disclosure,orunauthorized useor compromiseofPrivateKeys. Clientagreestoinstalltechnicalandadministrativecontrolsover theuseofCertificatesandtheirassociatedPrivateKeys. Clientagreestoimmediatelyadvise eHealthOntarioofasuspectedoractualloss,inappropriatedisclosure,orcompromiseofany CertificatesandtheirassociatedPrivateKeys.

3.5ComputerApplication.ForeachCertificateissuedtoaComputer Application,Clientwilldesignateoneindividualwhoisarepresentativeof Clientandwho willactasthecontactforthatCertificate. The Computer Application and the designated representative of Clientmust be registered as a Registrant using the eHealth Ontario ONE ID service.ClientmayreplaceanysuchindividualRegistrant bygivingprompt writtennoticeofthereplacementtoeHealth Ontario whichnoticeincludesthe replacement’scontactinformation. Anysuch replacementmust also beregistered as a Registrant.

3.6CertificateIssuedforTestingPurposes.ClientwillensurethatanyCertificateissued fortestingpurposesshallbeusedbyClientandanyDevelopersolely for: (i)testing interoperability betweenanapplicationorsystembeingdevelopedbyorforClientandeHealth Ontario’sPKIInfrastructure;or(ii)onlyin adevelopmentandtestingenvironment.

3.7Exporting/Copying Certificates.Clientagreesthatanyexportingorcopyingofthe Certificateswill onlybewithinthe infrastructurecontrolledbyClientandonanasneededbasisto meettechnicalrequirementsforanyserviceforwhichtheCertificatewasissued.

3.8Root Certificate. eHealth Ontario may issue Client a copy of the root Certificate containingthepublickey. Clientshallkeep such copyofthe rootCertificateconfidentialandtake reasonable andsecuremeasurestopreventanyloss,disclosure,unauthorized use,or compromiseof suchcopy. Clientshallinstalltechnicalandadministrativecontrolsovertheuseof thecopyoftherootCertificate. Clientagreestoimmediately adviseeHealthOntarioofthe suspectedoractualloss,inappropriatedisclosure,orcompromise ofthecopyoftheroot Certificate.

3.9CertificateRevocationList.Priorto usingaCertificate,ClientshallchecktheCertificate Revocation ListtoverifythataCertificateissued bytheCAtoanyPersonandtheassociated digitalsignaturehasnotbeenrevokedbytheCA.

3.10Revocation.Notwithstanding anythingtothecontraryinthe Agreement, shouldanyofthefollowingeventsoccur,eHealthOntariomay,initssole discretion,actingreasonably,immediately revokeanyCertificateissuedtoClient,withoutprior writtennotice to Client andwithoutanopportunity for Client tocure:

(i)thecompromiseorsuspectedcompromiseof anyCertificate;

(ii)the compromise orsuspected compromise of any Authentication Credential associatedwiththeCertificate;

(iii)the individualwho has been designated by Client as the Registrantfor a Certificate ceasestobeaRegistrantandisnot replacedinaccordance withsection4.5;

(iv)anyviolationof theCertificationPolicyManualbyClient;and

(v)anybreachof this ScheduleortheAgreementbyClient.

IfeHealthOntariodoesnotgiveClientpriorwrittennoticeof anysuchrevocation,eHealthOntario willgiveClientwrittennoticeof therevocationpromptlyafteritoccurs. eHealthOntarioshallalso revokeaCertificateissuedtoClientuponthewrittenrequestof Client.

4.TermandTermination

4.1Term. ThisSchedulewillbeeffective asoftheEffective Dateandwillcontinueunless terminatedinaccordancewithsections5.2 or5.3.

4.2TerminationforConvenience.Eitherpartymayinitssolediscretion,withoutliability, costorpenalty,andwithoutprejudicetoanyotherrightsorremediesunderthisScheduleorat laworinequity,terminate thisScheduleatany timeupongivingatleastninety (90)dayswritten noticetotheotherparty.

4.3TerminationofAgreement.This Scheduleterminatesautomaticallywithoutliability,cost orpenalty,andwithoutprejudice toanyotherrightsorremediesofeHealthOntariounderthis ScheduleortheAgreement oratlaworinequity,shouldtheAgreement expireorbeterminated foranyreasonwhatsoever.

4.4EffectofTermination.ClientacknowledgesthatuponterminationofthisScheduleallCertificateswillberevoked.

4.5Survival.IntheeventofanyexpirationorterminationofthisScheduleforanyreason whatsoever,sections4.4,4.5,5and6willsurvive.

5.Disclaimer

eHealthOntariodisclaims:

(i)anyrepresentations, warranties or conditionswith respect to or arising out of the PKI Service including those relatedtotheaccuracy,authenticity, reliability, completeness, currency,merchantable quality,orfitnessfor a particular purpose oranyinformationcontainedinCertificates orotherwisecompiled,published, ordisseminatedbyoronbehalfoftheeHealth OntarioCA;

(ii)anyrepresentations, warranties or conditionsrelatedtothesecurity providedbyanycryptographic process implementedbytheeHealthOntarioCA;

(iii)liabilityforanyinformationcontainedin aCertificate;

(iv)any representations, warranties or conditionsfornon-repudiationof anymessage;and

(v)liabilityforanysoftwareorapplications.

Further, eHealthOntario assumesnoliability foruseofCertificates issuedbyotherCAs,orfor useof eHealthOntarioCACertificatesoutsideof theeHealthOntarioCAdomain.

6.LimitationsofLiability

Except as otherwise expressly set forth in thisSchedule, in no event will either party be liable for indirect, special, consequential, incidental, punitive or exemplary losses, damage or expenses or for loss of data, lost revenue or lost profit, even if it has been advised of their possible existence, or even if same were reasonably foreseeable. The limit of a party’s liability to the other party concerning performance or nonperformance or in any manner related to this Schedule or the Agreement, for any and all claims shall not in the aggregate exceed the amount setoutinsection2.2.3oftheCertification Policy Manual. This limitation shall apply irrespective of the nature of the cause of action, demand or claim, including breach of contract, negligence, tort or any other legal theory

7.EntireAgreement

WiththeexceptionoftheAgreementandanyotherdocumentattachedthereto (which this Schedule is subject to),thisSchedule constitutestheentireagreementbetweenthepartieswithrespecttothesubjectmatterhereof andsupersedes any prioragreements, understandings,negotiationsanddiscussions,whetheroralorwritten,betweentheparties. Thepartiesacknowledgeandagreethattheexecutionof this Schedule hasnotbeeninducedby,norhave either oftheparties relieduponorregard as material,anyrepresentationsorwritingswhatsoever notincorporatedandmadeapartofthisSchedule.

[Signing page follows]

eHealth Ontario andClientidentified belowhaveenteredintoaneHealthOntarioServices Agreement.Thetermsand conditionswhichapplyto thePKIServiceand relatedservicesare set out inthe AgreementandthisSchedule.

Bysigningbelow,ClientisrequestingthePKIServiceandacknowledgingthateHealth Ontario’s provisionof such servicesand Clients’ useof such services will be in accordancewiththetermsandconditionsoftheAgreement.

FullLegalNameof Vendor

ABELMed Inc.

Signature

PrintedName

Anthony Horvath

Bysigning below, Practice is acknowledging that their EMR vendor is requesting PKI services on their behalf.

FullLegalNameof Practice

<Insert full legal name of practice>

Name

<Insert name of practice lead physician>

Signature

Title

<Insert>

Top View