Effective as of January 01, 2021 Revision 10.0
STATEMENT OF PRIVACY
Protecting the information you share with us is our highest priority. This Statement of Privacy ensures you know who we, Life Image Inc. (“Life Image”) are, and how we collect and treat your information, including:
- What information we have, why we have it, and how long we will keep it
- How we use your information and why it’s okay for us to use it
- Who we are able to share your information with
- Your rights, including how you can ask us to stop using your information
By using Life Image (such as registering with our service or visiting our website), you accept the terms and conditions of this Statement of Privacy, so we ask that you read all of the terms.
Depending on how you use Life Image, parts of this Statement of Privacy may or may not apply to you. This Statement of Privacy is crucial to our commitment to provide a secure, confidential network connecting other healthcare networks, providers, and patients.
As a part of our commitment to making it easy for you to understand how we use your data, we have used language we think is clear and simple, but if you have any questions at all, please contact Life Image’s Privacy Official by email at firstname.lastname@example.org or call 617- 244-8411 x350.
STATEMENT OF PRIVACY
- Protected Health Information Is Confidential
- Information That We Collect
- Who Can Access My Protected Health Information
- The Limited Uses of Your Personal Information
- Security Protections for Your Personal Information
- Disclosures of Personal Information Required by Law
- No Disclosure to Linked Websites
- Possible Use of Aggregated De-Identified Data
- Individual Request for Voluntary Disclosure of Personal Information
- How You Can Help Protect Your Personal Information
- Your Rights, Including Accessing, Updating, Requesting Corrections and Deleting Your Information/Account
- Use of Our Services
- Changes to this Privacy Statement
- Website Monitoring
- Communications from Us
- Contacting Us
Certain terms you see capitalized in this Statement of Privacy (and on the Life Image website) have definitions we want to make sure you’re aware of from the beginning:
Authenticated Authorization –means providing authorization for the use (such as transmitting, processing, or releasing) of Information through a process that confirms your (or another relevant person’s) identity at the time of the authorization. This identification may be accomplished by written signature, passwords, challenge questions, tokens, biometrics or a combination thereof.
Express Consent – is the prior, knowing, voluntary Authenticated Authorization that you make for the release and disclosure of Information, including any Protected Health Information, for a specific purpose and to a specific entity or individual. The specific information to be released is explicitly identified as part of this process. You provide Express Consent when you use our website to share, transfer, or publish exams with other parties.
Information – means any combination of Medical Information, Non-Personal Information, Personal Information, and Protected Health Information, as applicable.
Medical Information – means any information including age, weight, height, gender, ethnicity, personal medical history, personal social history, medical images, and other personal health information which pertains to the health status of anyone, including health information collected in the course of providing medical or health care services to that person.
Non-Personal Information – includes any information that we gather as you navigate our website, such as your browser type, pages viewed, and the time spent on the web site.
Personal Information – means any information that uniquely identifies you or that you might consider highly confidential or sensitive and includes both Personal Account Information and all Protected Health Information concerning you and your family or your patient, including information such as your name, date of birth, and home address.
Protected Health Information – means any of your personally identifiable health information that is traceable to you or your family.
2. Protected Health Information Is Confidential
We consider all Protected Health Information, whether it was provided to Life Image by you or anyone else, to be Protected Health Information under the law. This information is your property, and you have the right to control who is authorized to access it.
We will not disclose or release any Protected Health Information to anyone, even members of your own family, without your Express Consent except as expressly set forth in this policy or as required by law.
Whenever we are required by law to release any of your Personal Information, we will only release the minimum necessary information required to fulfill the legal request or otherwise comply with applicable law.
3. Information That We Collect
Life Image collects Information about you both directly from you and through service providers and partners that use our website or our services. You are not allowed to enter any data into our system that you know is inaccurate, incomplete, or irrelevant (and we require our service providers and partners not to either).
Personal Information: Life Image treats all Personal Information as private and confidential. We collect two types of Personal Information:
Personal Account Information: We use Personal Information, such as your name, address, telephone number, email address, organization affiliation, address, user name and password, to uniquely identify you and your use of the website. We then require you to create a password to control access to restricted portions of our website.
Protected Health Information: Protected Health Information that we collect includes:
Protected Health Information also includes Medical Information.
In some cases, Non-Personal Information is collected automatically through cookies and stored in our log files. If you are logged in to a Life Image service on our website, this Non-Personal Information may be associated with your Personal Account Information, in
which case we will treat it as Personal Account Information. We use this information to monitor aggregate usage of our website and for internal analysis, quality control, and service improvement purposes. We explain more about how we gather that information in the section below that we call “Website Monitoring.”
4. Who Can Access My Protected Health Information
As a user of Life Image services, you may access all Personal Information available to your account, including, but not limited to, your Protected Health Information. Other than you, the only people who may access some parts of your Protected Health Information are:
Third Party – If you have an individual Personal Account, Life Image will not release or disclose your Protected Health Information to any Third Party without your Express Consent that identifies the specific information to be released and to whom it is to be released. If you are a healthcare provider and have a user account, Life Image will only release or disclose Personal Information of a patient to any Third Party with an appropriate patient Express Consent that contemplates further release by Life Image. Life Image assumes no responsibility or liability for the consequences of any such release on instructions and Express Consent.
Law Enforcement / Public Agency Official – Under certain limited circumstances, Life Image may be compelled to disclose Personal Information to satisfy a Court order, a duly executed and validly issued subpoena,, or a government request by an agency with competent jurisdiction as part of a regulatory compliance review, in which case we will use reasonable and lawful efforts to limit the scope of any legally required disclosure. Life Image will also make
reasonable efforts to notify you in advance of that disclosure, unless doing so would violate the law or the court order.
5. The Limited Uses of Your Personal Information
Life Image may use your Personal Information, and Protected Health Information only as we are specifically allowed to, such as:
- Authenticate your use of our website and services
- Provide requested services and process your transactions
- Provide communications to you
- Analyze de-identified data in aggregate
Depending on the situation, Life Image may process your Personal Information for a number of lawful reasons, including if the you have explicitly consented to the processing (whether to Life Image or a third party), to comply with applicable law, to protect your vital interests, or occasionally in our legitimate business purpose interest. If we process your Personal Information for our legitimate interest, we will always ensure that the processing does not seriously impact the rights or freedoms of the data subject.
As we mentioned, we may process Personal Information related to your health in order to assist in providing health care services to you by a healthcare provider or other designated third party. Life Image will only do that if we have all necessary agreements in place with the healthcare provider or other designated third party providing the Personal Information to Life Image for processing ensure that your rights are protected.
When we receive Personal Information from someone other than you, we will only process your Personal Information as we are instructed to by the party who gave us that data (or as required by law).
6. Security Protections for Your Personal Information
We take seriously the trust you place in us to protect the privacy of your or your patients’ Personal Information. We have implemented a series of physical, personnel, administrative, access control, system, third party and transmission safeguards to prevent unauthorized access, to maintain data integrity, and to ensure that only authorized persons who need to access your Personal Information can do so. A brief description of some of our security
Physical Security measures include:
- Physical access to servers is restricted to Life Image information technology personnel who have been authorized for server access.
- Disaster recovery plan.
Personnel Security measures include:
- Background and criminal reference checks for employees, and
- Annual HIPAA and general privacy and security training for employees
Administrative Security measures include:
- Sanctions for employee violations of company policies and practices, and
- Documentation of compliance training.
Access Control Security measures include:
- Restricting access to data to approved personnel on need basis only
- Identity Authentication by written signature, passwords, challenge questions, tokens, biometrics or a combination thereof.
System Security measures include:
- Firewall, data protection systems, intrusion detection and monitoring devices to protect our network and databases
- Encryption of Personal Information data in our databases and of medical images on disk. Internal and external system auditing with audit trails that monitor, record and document access to these databases.
Third Party Security measures include:
- Business associate agreements and/or other business agreements with all partners, third parties and vendors with whom we share information that requires them to implement all appropriate security procedures to maintain confidentiality.
- Individual confidentiality agreements with all employees and consultants who are required to come into contact with your Personal Information.
- Data protection agreements, including European Commission-approved Standard Contractual Clauses with business partners where Personal Information is to be processed from the European Economic Area.
Transmission Security measures include:
- Encryption of all Medical Information and Protected Health Information transmitted to and from our website and stored in our systems.
- While we cannot guarantee that loss, misuse or alteration of data will not occur, we are committed to using proven safeguards and security audit procedures designed to prevent any loss, misuse or alteration of data.
7. Disclosures of Personal Information Required by Law
Under certain circumstances, we may be compelled to disclose your Personal Information to satisfy a valid court order or subpoena, government request, law enforcement investigation, or regulatory compliance review. We will use reasonable and lawful efforts to limit the scope of any legally required disclosure. Under the law, required disclosures include:
- When a law requires disclosure of your Personal Information, in which case only the information expressly ordered to be disclosed will be released.
- When government officials investigating compliance with various Security and Privacy laws and regulations require disclosure of information relevant to their investigation.
8. No Disclosure to Linked Websites
On our website, Life Image provides certain links to third-party websites operated by organizations not affiliated with our service. These links may be found within our content or placed beside the names and logos of these persons.
We do not release any of your Personal Information to organizations operating these third-party web sites. We do not review or endorse the privacy policies of these third-party sites, and assume no responsibility for them. We encourage you to read the privacy policies and statements of each and every site before providing any Personal Information.
9. Possible Use of Aggregated De-Identified Data
When we have the right to do so, Life Image may combine and aggregate Information from a sufficiently large group of individuals in a non-individually identifiable format to create “Aggregated De-Identified Data”. Aggregated De-Identified Data does not contain any information that could be used to contact or identify you and is not personally identifiable to you and is not created from Personal Information that we are not permitted to use (for
example because you have not given us your consent or Express Consent (where applicable) to do so). Aggregated De-Identified Data may be used by Life Image for our legitimate business purposes, such as an analysis of health trends by Life Image as permitted by law.
10. Individual Request for Voluntary Disclosure of Personal Information
You may choose to voluntarily disclose your Personal Information, including Protected Health Information, to third-party service providers, doctors or other health professionals, attorneys, and/or other individuals. We urge you to make such disclosure choices carefully. If you choose to use your Personal Account to voluntarily disclose your Personal Information to any individual or entity other than you or your healthcare professional, you must provide Express Consent that identifies the specific information to be released and to whom it is to be released. Except as otherwise permitted herein, Life Image will not release or disclose any portion of your Personal Information without your Express Consent and assumes no responsibility or liability for any such release as directed by your Express Consent. We encourage you to read the privacy policies and statements of any third-party service providers, or other entities, with whom you direct us to disclose your Personal Information.
11. How You Can Help Protect Your Personal Information
Protecting your Information also requires your compliance with certain basic security practices. We cannot secure any Personal Information that you release on your own, that you request us to release or that is released through another third party to whom you give account access.
You must safeguard your user name, password and other authentication information that you use to access our services. Do not disclose this information to any individual, third party or entity. Please immediately notify Life Image if you think there has been any unauthorized use of your user name, password or other authentication information.
12. Your Rights, Including Accessing, Updating, Requesting Corrections and Deleting Your Information/Account
Where applicable under local law, you may have the following rights regarding your personal information: the right to access personal information we hold, and in some situations, the right to have that personal information corrected or updated, erased, restricted, or delivered to you or a third party in a usable electronic format (the right to data portability). Where applicable, you may also object to how we use your personal information if the legal basis for processing that information is our legitimate interest. Where we are using your personal information on the basis of your consent, and where applicable under local law, you have the right to withdraw that consent at any time. Where you have granted consent to receive direct marketing communications from us, and where applicable under local law, you may withdraw that consent at any time. If applicable, you may also have the right to register a complaint to your local data protection authority. For residents of the EU and UK, contact information for the EU data protection authorities can be found at http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm. For residents of Australia, if you are not satisfied with the outcome of your complaint after first contacting us, you may wish to contact the Office of the Australian Information Commissioner; for more information, please refer to http://www.oaic.gov.au.
Regardless of which laws apply to you, you may ask us to correct your Personal Information, including Protected Health Information that was provided by you. You may request a copy of information stored in your account, which we will provide to you in a common format, which is easy for you to use. You may also object to how we are using your Information and ask us to stop. As a reminder, we will comply with your request, but if there are other legitimate reasons for us to continue to process or use your Personal Information (and those reasons would not seriously impact your rights or freedoms or are otherwise permitted under applicable law), we may still be able to do so. Any written request for correction or access to Personal Information that is denied will result in an explanation in writing. Even if we deny your request, we will still restrict how we use your data (for example, if you object to how we are using your Personal Information, we will stop using it for that reason until we verify whether we are able to do so).
You may even request that we erase all of your Personal Information (this will inactivate your Life Image account) by emailing Customer Support at email@example.com. We will verify your identity before taking any action. When you request us to inactivate your account and your identity is verified, we will cease to make your Personal Information available to you in our services and will stop processing it, but it may be stored for a period of time. Please be aware that while this information will no longer be accessible to someone using your account over the Internet, it will be retained for the period of time in backup media, but unless we need to retain information to comply with applicable laws, any backup retention is generally no longer than 60 days . If you request deletion of your Personal Information that we are required by applicable law to retain, we will inform you. This information shall be made available pursuant to a duly executed authenticated authorization to release medical records. In some cases, Life Image may be allowed to apply a charge equal to the administrative, copying and communication costs for the retrieval, preparation and transmission of the information requested.
13. Use of Our Services
As we mentioned above, if you do not consent to our privacy practices, you cannot use our service. You may withdraw your consent by inactivating your Life Image account as described in the section entitled “Your Rights, Including Accessing, Updating, Requesting Corrections and Deleting Your Account.”
14. Changes to this Privacy Statement
Life Image may modify this Statement of Privacy at any time. Changes will always be in accordance with the law and will be posted on this website. We will update the effective date at the top of this Statement of Privacy so you can easily see that last time it was changed. We will provide reasonable notice of an upcoming change to our Statement of Privacy by posting on this website. If any change to this Statement of Privacy results in a material change as to how we handle or otherwise manage your Personal Information, we will use reasonable efforts to notify you via email.
15. Website Monitoring
Life Image gathers certain Non-Personal Information about your use of our website through log files and cookies. The techniques we use and their implications for your privacy are described below.
Log Files: When you access our site, our system automatically collects certain information about you for our logs. This data may include your browser type, your computer’s IP address, your Internet Service Provider, operating system, date and time you visited our site, and a list of the pages you visited. We use this information to analyze usage trends, administer the site, and gather demographic information about our members as a whole. It is not designed to identify you personally. However, under certain circumstances we may need to review this information in conjunction with specific Personal Account Information in order to identify and resolve certain issues for our members. If a log file is combined with Personal Account Information, it will be considered and treated as Personal Information.
Cookies: Life Image uses a web technology, referred to as cookies, to make it easier for you to navigate our site, improve the security of your Personal Information, enhance the functionality of some features, and improve performance. These cookies are only applicable within the confines of our site. Life Image uses both session cookies, which expire when you close your browser, and persistent cookies, which remain on your computer. These cookies act as a user identification card for our servers. Cookies are only read by our computers and are unable to execute any code or virus. You can remove persistent cookies by following the directions provided in your Internet browser’s help file. However, if you set your browser security setting to reject all cookies, you may not be able to access certain portions of our web site. When accessing our site using a public computer, we recommend that you delete all persistent cookies according to the directions in your browser’s help file before you close the browser. For more detailed information on how to control cookies you may wish to visit www.allaboutcookies.org.
16. Communications from Us
From time to time, we will contact you to ask about the services you have requested, to inquire about the quality of services you have received and to alert you about service updates.
If you have opted-in to receiving promotional marketing communications, any such communications sent via email will be sent to the address provided in your Personal Account Information and will include a link for opting out of future marketing communications.
17. Contacting Us
If you have any questions or concerns regarding this Privacy Statement, please contact the Life Image Privacy Official at firstname.lastname@example.org or call Monday thru Friday between 8:30 AM and 5:30 PM EST at 617-244-8411 x350, or send mail to:
Life Image Inc.
David Pierce, Privacy Official
One Gateway Center
Newton, MA 02458