Effective December 31, 2017 Revision 5.0
STATEMENT OF PRIVACY
– – –
The Privacy of your Personal Information and of your patients’ Personal Information is our highest priority. This document describes the Security Practices and Privacy Policies we, Life Image Inc. (“lifeIMAGE”), follow to ensure the confidentiality of your Personal Information including all Protected Health Information concerning you and your patients. Our Statement of Privacy explains how we provide a secure, confidential environment for you to store and share medical imaging exams with health care providers.
By registering with our service, you accept the Terms and Conditions of this Statement of Privacy. Your Personal Information will not be released or disclosed by lifeIMAGE without your knowing and voluntary consent, except as specifically set forth in this Statement of Privacy or as required by law.
lifeIMAGE requests that you read this Statement of Privacy in its entirety. If you have any questions, please contact lifeIMAGE’s Privacy Official by email at email@example.com or call 617-244-8411 x350.
– – –
- General Definitions
- Protected Health Information Is Confidential
- Information That We Collect
– Personal Information
• Personal Account Information
• Protected Health Information
· Medical Information
– Non-Personal Information
- Who Can Access My Protected Health Information
– Third Party
– Law Enforcement /Public Agency Official
- The Limited Uses of Your Personal Information
- Security Protections for Your Personal Information
- Disclosures of Personal Information Required by Law
- No Disclosure to Linked Websites
- Possible Use of Aggregated De-Identified Data
- Individual Request for Voluntary Disclosure of Personal Information
- How You Can Help Protect Your Personal Information
- Accessing, Updating, Requesting Corrections and Deleting Your Account
- Use of Our Services
- Changes to this Privacy Statement
- Website Monitoring
- Communications From Us
- Contacting Us
– – –
Certain terms used throughout this Statement of Privacy and the lifeIMAGE website have specific meanings and definitions with which you should be familiar:
Personal Information – is any information that uniquely identifies you or that you might consider highly confidential or sensitive and includes both Personal Account Information and all Protected Health Information concerning you and your family or your patient, including information such as your name, date of birth, and home address.
Non-Personal Information – Non-Personal Information includes any information that we gather as you navigate our website, such as your browser type, pages viewed, and the time spent on the web site.
Protected Health Information – is any of your personally identifiable health information that is traceable to you or your family or your patient.
Medical Information – means any Protected Health Information, including age, weight, height, gender, ethnicity, personal medical history, personal social history, medical images, and other personal health information.
Authenticated Authorization –means providing authorization for the release of your or your patients’ Personal Information or for another action to be taken on your behalf through a process that confirms your or your patients’ identity at the time you provide the authorization. This identification may be accomplished by written signature, passwords, challenge questions, tokens, biometrics or a combination thereof.
Express Consent – is the prior, knowing, voluntary Authenticated Authorization that you make for the release and disclosure of your or your patients’ Personal Information, including any Protected Health Information, for a specific purpose and to a specific entity or individual. The specific information to be released is explicitly identified as part of this process. You provide Express Consent when you use our website to share, transfer, or publish exams with other parties.
– – –
All Protected Health Information provided to lifeIMAGE by you, or any healthcare provider is considered to be Protected Health Information under the law. This information is your property, and you have the right to control who is authorized to access it. We will not disclose or release any of your or your patients’ Protected Health Information to anyone, even members of your own family, without your Express Consent except as expressly set forth in this policy or as required by law. Whenever we are required by law to release any of your Personal Information, we will only release the Minimum Necessary Information required to accomplish the business use for which the permitted release is allowed.
– – –
lifeIMAGE collects Personal Information and Non-Personal Information both directly from you and through service providers and partners that use our website. You are responsible for the accuracy, completeness, and relevance of any data that you provide to our system.
Personal Information is any information that uniquely identifies you or your patient or that you might consider highly confidential or sensitive and includes your Personal Account Information and Protected Health Information. lifeIMAGE treats all Personal Information as Private and Confidential. We collect two types of Personal Information:
Personal Account Information: We use Personal Information, such as your name, address, telephone number, email address, organization affiliation, address, user name and password, to uniquely identify you and your use of the website. We then require you to create a password to control access to restricted portions of our website.
Protected Health Information: Protected Health Information that we collect includes:
Medical Information: Medical Information includes any personal health information, including age, weight, height, gender, ethnicity, medical history, family history, social history, medical images and reports, and other personal health information
Non-Personal Information includes any information that we gather as you navigate our website, such as your browser type, pages viewed, and the time spent on the web site. In some cases, this information is collected automatically through cookies and stored in our log files. Although it is non-personal, this information is associated with your Personal Account Information when you have logged onto our web site. We use this information to monitor aggregate usage of our website and for internal analysis, quality control, and service improvement purposes.
– – –
As a lifeIMAGE Member, you may access all Personal Information available to your account, including, but not limited to, your or your patients’ Protected Health Information. Other than you, the only people who may access some parts of your Protected Health Information are:
Third Party – lifeIMAGE will not release or disclose your or your patients’ Personal Information to any Third Party without your Express Consent that identifies the specific information to be released and to whom it is to be released. lifeIMAGE assumes no responsibility or liability for the consequences of any such release.
Law Enforcement / Public Agency Official – Under certain circumstances, lifeIMAGE may be compelled to disclose Personal Information to satisfy a Court order, a duly executed subpoena, a government request, a law enforcement investigation, or a regulatory compliance review, in which case we will use reasonable and lawful efforts to limit the scope of any legally required disclosure. lifeIMAGE will also make reasonable efforts to notify you in advance of that disclosure, unless doing so would violate the law or the court order.
– – –
lifeIMAGE may use your Personal Information, and your or your patients’ Protected Health Information to:
- Authenticate your use of our website and services
- Provide requested services and process your transactions
- Provide communications to you
- Analyze de-identified data in aggregate
– – –
We take seriously the trust you place in us to protect the privacy of your or your patients’ Personal Information. We have implemented a series of physical, personnel, administrative, access control, system, third party and transmission safeguards to prevent unauthorized access, to maintain data integrity, and to ensure that only authorized persons who need to access your Personal Information can do so.
Physical Security measures include:
- Physical access to servers is restricted to lifeIMAGE Information Technology personnel who have been authorized for server access
- Disaster recovery plan.
Personnel Security measures include:
- Background and criminal reference checks for employees
- Annual HIPAA Privacy and Security Training for Employees
Administrative Security measures include:
- Sanctions for Employee violations of company policies and practices
- Documentation of Compliance Training
Access Control Security measures include:
- Restricting access to data to approved personnel on need basis only
- Identity Authentication by written signature, passwords, challenge questions, tokens, biometrics or a combination thereof.
System Security measures include:
- Firewall, Data Protections Systems, Intrusion Detection and Monitoring Devices to protect our network and databases
- Encryption of Personal Information data in our databases and of medical images on disk
- Internal and External System Auditing with Audit Trails that monitor, record and document access to these databases
Third Party Security measures include:
- Business Associate Agreements and/or other business agreements with all partners, third parties and vendors with whom we share information that requires them to implement all appropriate security procedures to maintain confidentiality
- Individual Confidentiality Agreements with all employees and consultants who are required to come into contact with your Personal Information
Transmission Security measures include:
- Encryption of all data transmitted to and from our website
While we cannot guarantee that loss, misuse or alteration of data will not occur, we are committed to using proven safeguards and security audit procedures designed to prevent any loss, misuse or alteration of data. You will be promptly notified of any security breach which may have allowed disclosure or compromised the security and privacy of any of your Protected Health Information.
– – –
Under certain circumstances, we may be compelled to disclose your Personal Information to satisfy a Court order, duly executed subpoena, government request, law enforcement investigation, or regulatory compliance review. We will use reasonable and lawful efforts to limit the scope of any legally required disclosure. Under the law, required disclosures include:
- When a law or duly executed Court Order requires disclosure of your Personal Information, in which case only the information expressly ordered to be disclosed shall be released with notice to you of both the Order and the information disclosed. We will make reasonable efforts to notify you in advance of that disclosure, unless doing so would violate the law or the court order.
- When government officials investigating compliance with various Security and Privacy laws and regulations require disclosure of information relevant to their investigation.
– – –
lifeIMAGE provides certain links to third-party websites operated by organizations not affiliated with our service. These links may be found within our content or placed beside the names and logos of these persons. We do not release any of your Personal Information to organizations operating these third-party web sites. We do not review or endorse the privacy policies of these third-party sites, and assume no responsibility for them. We encourage you to read the privacy policies and statements of each and every site before providing any Personal Information.
– – –
lifeIMAGE may combine and aggregate health information from a sufficiently large group of individuals in a non-individually identifiable format to create “Aggregated De-Identified Data”. Aggregated De-Identified Data does not contain any information that could be used to contact or identify you and is not personally identifiable to you. Aggregated De-Identified Data may be prepared for an analysis of health trends by lifeIMAGE.
– – –
You may choose to voluntarily disclose your Personal Information, including Protected Health Information, to third-party service providers, doctors or other health professionals, attorneys, and/or other individuals. We urge you to make such disclosure choices carefully. Should you choose to have lifeIMAGE disclose any of your Personal Information, through the use of our website, to any individual or entity other than you or your healthcare professional, you must provide Express Consent that identifies the specific information to be released and to whom it is to be released. lifeIMAGE will not release or disclose any portion of your Personal Information without your Express Consent and assumes no responsibility or liability for the consequences of any such release. We encourage you to read the privacy policies and statements of any third-party service providers, or other entities, with whom you direct us to disclose your Personal Information.
– – –
Protecting your Personal Information also relies on your compliance with certain basic security practices. We cannot secure any Personal Information that you release on your own, that you request us to release or that is released through another third party to whom you give account access. You must safeguard your user name, password and other authentication information that you use to access our services. Do not disclose this information to any individual, third party or entity whom you do not trust and who does not have a need to know. You must immediately notify lifeIMAGE of any unauthorized use of your user name, password or other authentication information.
– – –
You may access your Personal Information in your account at any time through the website. You may update your Personal Account Information at any time through the website. You may make a Request for Correction of your Personal Information, including your or your patients’ Protected Health Information that was provided by you. You may request a copy of information stored in your account. Any written request for correction or access to data that is denied will result in an explanation in writing. You may inactivate your lifeIMAGE account by emailing Customer Support at firstname.lastname@example.org. We will verify your identity before taking any action. When you request us to inactivate your account and your identity is verified, we will cease to display your Personal Health Information on our website. Please be aware that while this information will no longer be accessible to someone using your account over the Internet, it will be retained for the period of time required by the law in backup media. This information shall be made available pursuant to a duly executed authenticated authorization to release medical records. lifeIMAGE may apply a charge equal to the administrative, copying and communication costs for the retrieval, preparation and transmission of the information requested. We will not otherwise disclose your Protected Health Information that may be stored on our backup media, except as required by law.
– – –
Use of our services implies consent to our privacy practices as described in this privacy statement. If you do not consent to our privacy practices, you are not authorized to use our service. You may withdraw your consent by inactivating your lifeIMAGE account as described in the section entitled “Accessing, Updating, Requesting Corrections and Deleting Your Account.”
– – –
lifeIMAGE reserves the right to amend or modify this Statement of Privacy at any time. Any material changes will be posted on this website, and organizations who are party to a Business Associate Agreement will also be notified of such changes. Changes will take effect seven (7) days after the changes have been first posted on the website.
– – –
lifeIMAGE gathers certain Non-Personal Information about your use of our website through log files and cookies. The techniques we use and their implications for your privacy are described below.
Log Files: When you access our site, our system automatically collects certain information about you for our logs. This data may include your browser type, your computer’s IP address, your Internet Service Provider, operating system, date and time you visited our site, and a list of the pages you visited. We use this information to analyze usage trends, administer the site, and gather demographic information about our members as a whole. It is not designed to identify you personally. However, under certain circumstances we may need to review this information in conjunction with specific Personal Account Information in order to identify and resolve certain issues for our members.
Cookies: lifeIMAGE uses a web technology, referred to as cookies, to make it easier for you to navigate our site, improve the security of your Personal Information, enhance the functionality of some features, and improve performance. These cookies are only applicable within the confines of our site. lifeIMAGE uses both session cookies, which expire when you close your browser, and persistent cookies, which remain on your computer. These cookies act as a user identification card for our servers. Cookies are only read by our computers and are unable to execute any code or virus. You can remove persistent cookies by following the directions provided in your Internet browser’s help file. However, if you set your browser security setting to reject all cookies, you may not be able to access certain portions of our web site. When accessing our site using a public computer, we recommend that you delete all persistent cookies according to the directions in your browser’s help file before you close the browser.
– – –
From time to time, we will contact you to ask about the services you have requested, to inquire about the quality of services you have received and to alert you about service updates. Promotional marketing communications sent via email will be sent to the address provided in your Personal Account Information and will include a link for opting out of future marketing communications.
– – –
If you have any questions or concerns regarding this Privacy Statement, please contact the lifeIMAGE Privacy Official at email@example.com or call Monday thru Friday between 8:30AM and 5:30PM at 617-244-8411 x350, or send mail to:
Life Image Inc.
Kyle F. Conley, Privacy Official
One Gateway Center Suite 200
Newton, MA 02458