top of page

Organization Terms of Use

Effective Date: 10/29/2025

Last Updated Date: 10/29/2025

Version: 1.0

These Terms of Use (“Terms”) govern access to and use of the HEAL Access platform (“Platform”) by healthcare organizations, clinics, and their authorized staff (“Organization” or “You”).

By creating an account or using the Platform, you acknowledge that you have read and agree to these Terms and provide your Organization’s consent to the processing of patient and organizational data as described in the Organization Consent Form.

These Terms work together with the Master Services Agreement (MSA), Data Processing Agreement (DPA), Business Associate Agreement (BAA), Service Level Agreement (SLA), and Privacy Notice (collectively, the “Agreements”).

Definitions For the purposes of these Terms:

  • “Platform” means the HEAL Access software, services, and tools made available to Organizations and their staff.

  • “Organization” / “You” means the healthcare provider, clinic, or healthcare organization entering into this agreement, including its authorized staff.

  • “Patient Data” means Protected Health Information (PHI), Personally Identifiable Information (PII), and other identifiable health related information processed through the Platform.

  • “AI Features” means software functions powered by machine learning or large language models that generate summaries, insights, or recommendations.

  • “Subprocessor” means a third-party vendor authorized by HEAL Access to process Patient Data on its behalf, as described in the DPA.

  • “Agreements” means these Terms together with the MSA, DPA, BAA, SLA, and Privacy Policy.

1. About the Platform

  • The Platform provides digital tools including patient case management, care coordination workflows, and AI-powered insights.

  • HEAL Access does not provide healthcare or medical services. Organizations remain solely responsible for patient care, diagnoses, and treatment.

  • AI features are advisory only and must be validated by licensed providers.

  • The Platform is not designed for emergency care coordination.

2. Account Registration & Access

  • Only authorized staff may access the Platform. Accounts are non-transferable and require Multifactor Authentication.

  • Organizations are responsible for ensuring users maintain valid credentials and professional licensing.

  • Unauthorized use or sharing of accounts is prohibited.

  • All activity is logged and attributable to specific users.

3. Data Processing & Privacy

  • Organizations act as data controller/custodian; HEAL Access acts as processor/information manager, processing data only under your instructions and applicable Agreements.

  • By default, patient data will be hosted in the AWS region corresponding to the organization’s country or region of operation, unless the organization has specifically requested another supported AWS region.

  • Cross-border support access (if any) requires safeguards (encryption, least-privilege, audit logging). No unencrypted PHI/PII will be permanently stored outside Canada.

  • The Platform supports compliance with applicable federal and provincial privacy laws (e.g., HIPAA, GDPR, PIPEDA, PHIPA, HIA, FIPPA, Law 25).

4. AI Features and Consent

  • Some features use AI to generate summaries, insights, or recommendations.

  • Patient consent is required before AI processing their data. Organizations are responsible for obtaining and recording valid consent.

  • Patient consent for AI processing is managed by their healthcare provider (Organization). HEAL Access acts only according to the Organization’s documented instructions.

  • If the organization notifies HEAL Access of a patient’s consent withdrawal, we will use reasonable efforts to ensure the patient’s identifiable information is not used in AI processing.

  • Because AI is a core part of the Platform’s functionality, SLA commitments related to AI performance or availability will no longer apply for that patient once consent has been withdrawn.

  • AI outputs are advisory only and must be reviewed by licensed providers.

  • Patient data will not be used to train AI models without express written authorization.

5. Subprocessors & Third-Party Services

  • HEAL Access may engage vetted subprocessors (e.g., cloud, identity, analytics, and AI infrastructure providers) to deliver the Platform.

  • Subprocessors are contractually required to implement privacy and security protections no less protective than those of HEAL Access.

  • HEAL Access will maintain a current list of subprocessors and provide advance notice and an opportunity to object as set out in the DPA. HEAL Access remains responsible for subprocessor acts and omissions.

6. Organization Responsibilities

  • Maintain professional oversight of all Platform use and AI outputs.

  • Ensure compliance with healthcare and professional regulations.

  • Obtain and record valid patient consents; respect patient rights requests (access, correction, deletion, portability) through your processes.

  • Implement appropriate device and access security controls.

  • Use the Platform only for lawful, healthcare-related purposes.

  • Report any suspected security incident or unauthorized access immediately.

7. Acceptable Use

  • You may use the Platform for:

    • Patient care coordination and communication

    • Clinical support and care planning

    • Healthcare operations and administration

  • You may not:

    • Use the Platform unlawfully or outside your professional obligations

    • Share access credentials or allow unauthorized use

    • Attempt to bypass security controls or access others’ data

    • Rely on AI outputs without appropriate clinical oversight

    • Upload malicious code or misuse patient data.

8. Age Limitation

  • The Platform is not intended for individuals under 18 years of age. By using the Platform, you confirm all users are 18+.

9. Intellectual Property

  • The Platform, software, content, and AI models are the property of HEAL Access and its licensors.

  • You are granted a limited, non-exclusive license to use the Platform for your healthcare operations during your subscription term.

  • Patient data and organizational content you upload remain your property.

10. Termination & Data Handling

  • Termination rights follow the MSA.

  • Upon termination, patient data will be returned or securely deleted in line with the DPA and applicable law.

  • De-identified analytics may be retained for compliance and audit purposes.

11. Liability & Disclaimers

  • The Platform is provided “as is,” subject to SLA commitments.

  • HEAL Access is not liable for medical decisions, outcomes, or reliance on AI outputs.

  • Our liability is limited to direct damages capped at fees paid in the preceding 12 months, except in cases of gross negligence or willful misconduct.

12. Modifications

  • HEAL Access may update these Terms with notice. Continued use after notice constitutes acceptance.

13. Governing Law

  • These Terms are governed by the laws of United States, Canada and Europe, subject to applicable healthcare and privacy laws.

14. Contact Information

By using the Platform, you confirm you have read, understood, and agree to these Terms and the referenced Agreements.

bottom of page