Effective as of May 25, 2018 Revision 6.0
STATEMENT OF PRIVACY
Protecting the information you share with us is our highest priority. This Statement of Privacy ensures you know who we, Life Image Inc. (“lifeIMAGE”) are, and how we collect and treat your information, including:
- What information we have, why we have it, and how long we will keep it
- How we use your information and why it’s okay for us to use it
- Who we are able to share your information with
- Your rights, including how you can ask us to stop using your information
By using lifeIMAGE (such as registering with our service or visiting our website), you accept the terms and conditions of this Statement of Privacy, so we ask that you read all of the terms.
Depending on how you use lifeIMAGE, parts of this Statement of Privacy may or may not apply to you. This Statement of Privacy is crucial to our commitment to provide a secure, confidential network connecting other healthcare networks, providers, and patients.
As a part of our commitment to making it easy for you to understand how we use your data, we have used language we think is clear and simple, but if you have any questions at all, please contact lifeIMAGE’s Privacy Official by email at firstname.lastname@example.org or call 617-244-8411 x350.
- General Definitions.
- Protected Health Information Is Confidential
- Information That We Collect
- Who Can Access My Protected Health Information.
- The Limited Uses of Your Personal Information.
- Security Protections For Your Personal Information.
- Disclosures of Personal Information Required by Law.
- No Disclosure to Linked Websites.
- Possible Use of Aggregated De-Identified Data.
- Individual Request for Voluntary Disclosure of Personal Information.
- How You Can Help Protect Your Personal Information.
- Your Rights, Including Accessing, Updating, Requesting Corrections and Deleting Your Information/Account
- Use of Our Services.
- Changes to this Privacy Statement
- Website Monitoring.
- Communications From Us.
- Contacting Us.
Certain terms you see capitalized in this Statement of Privacy (and on the lifeIMAGE website) have definitions we want to make sure you’re aware of from the beginning:
Authenticated Authorization –means providing authorization for the use (such as transmitting, processing, or releasing) of Information through a process that confirms your (or another relevant person’s) identity at the time of the authorization. This identification may be accomplished by written signature, passwords, challenge questions, tokens, biometrics or a combination thereof.
Express Consent – is the prior, knowing, voluntary Authenticated Authorization that you make for the release and disclosure of Information, including any Protected Health Information, for a specific purpose and to a specific entity or individual. The specific information to be released is explicitly identified as part of this process. You provide Express Consent when you use our website to share, transfer, or publish exams with other parties.
Information – means any combination of Medical Information, Non-Personal Information, Personal Information, and Protected Health Information, as applicable.
Medical Information – means any information including age, weight, height, gender, ethnicity, personal medical history, personal social history, medical images, and other personal health information which pertains to the health status of anyone, including health information collected in the course of providing medical or health care services to that person.
Non-Personal Information – Non-Personal Information includes any information that we gather as you navigate our website, such as your browser type, pages viewed, and the time spent on the web site.
Personal Information – is any information that uniquely identifies you or that you might consider highly confidential or sensitive and includes both Personal Account Information and all Protected Health Information concerning you and your family or your patient, including information such as your name, date of birth, and home address.
Protected Health Information – is any of your personally identifiable health information that is traceable to you or your family or your patient.
We consider all Protected Health Information, whether it was provided to lifeIMAGE by you or anyone else, to be Protected Health Information under the law. This information is your property, and you have the right to control who is authorized to access it.
We will not disclose or release any Protected Health Information to anyone, even members of your own family, without your Express Consent except as expressly set forth in this policy or as required by law.
Whenever we are required by law to release any of your Personal Information, we will only release the minimum necessary information required to accomplish the business use for which the permitted release is allowed.
lifeIMAGE collects Information about you both directly from you and through service providers and partners that use our website or our services. You are not allowed to enter any data into our system that you know is inaccurate, incomplete, or irrelevant (and we require our service providers and partners not to either).
Personal Information: Personal Information is any information that uniquely identifies you or your patient or that you might consider highly confidential or sensitive and includes your Personal Account Information and Protected Health Information. lifeIMAGE treats all Personal Information as private and confidential. We collect two types of Personal Information:
Personal Account Information: We use Personal Information, such as your name, address, telephone number, email address, organization affiliation, address, user name and password, to uniquely identify you and your use of the website. We then require you to create a password to control access to restricted portions of our website.
Protected Health Information: Protected Health Information that we collect includes:
Medical Information: Medical Information includes any personal health information, including age, weight, height, gender, ethnicity, medical history, family history, social history, medical images and reports, and other personal health information
Non-Personal Information includes any information that we gather as you navigate our website that could not identify you, such as your browser type, pages viewed, and the time spent on the web site. In some cases, this information is collected automatically through cookies and stored in our log files. If you are logged in to a lifeIMAGE service on our website, this information may be associated with your Personal Account Information, in which case we will treat it as Personal Account Information. We use this information to monitor aggregate usage of our website and for internal analysis, quality control, and service improvement purposes. We explain more about how we gather that information in the section below that we call “Website Monitoring.”
As a lifeIMAGE Member, you may access all Personal Information available to your account, including, but not limited to, your or your patients’ Protected Health Information. Other than you, the only people who may access some parts of your Protected Health Information are:
Third Party – If you have an individual Personal Account, lifeIMAGE will not release or disclose your Personal Information to any Third Party without your Express Consent that identifies the specific information to be released and to whom it is to be released. If you are a healthcare provider and have a user account, lifeIMAGE will only release or disclose Personal Information of a patient to any Third Party with an appropriate patient Express Consent that contemplates further release by lifeIMAGE. lifeIMAGE assumes no responsibility or liability for the consequences of any such release on instructions and Express Consent.
Law Enforcement / Public Agency Official – Under certain circumstances, lifeIMAGE may be compelled to disclose Personal Information to satisfy a Court order, a duly executed and validly issued subpoena,, or a government request by an agency with competent jurisdiction as part of a regulatory compliance review, in which case we will use reasonable and lawful efforts to limit the scope of any legally required disclosure. lifeIMAGE will also make reasonable efforts to notify you in advance of that disclosure, unless doing so would violate the law or the court order.
lifeIMAGE may use your Personal Information, and Protected Health Information only as we are specifically allowed to, such as:
- Authenticate your use of our website and services
- Provide requested services and process your transactions
- Provide communications to you
- Analyze de-identified data in aggregate
Depending on the situation, lifeIMAGE may process your Personal Information for a number of lawful reasons, including if the you have explicitly consented to the processing (whether to lifeIMAGE or a third party), to comply with applicable law, to protect your vital interests, or occasionally in our legitimate interest. If we process your Personal Information for our legitimate interest, we will always ensure that the processing does not seriously impact the rights or freedoms of the data subject.
As we mentioned, we may process Personal Information related to your health in order to assist in providing health care services to you by a third party. lifeIMAGE will only do that if we have all necessary agreements in place with the third party providing the Personal Information to ensure that your rights are protected.
When we receive Personal Information from someone other than you, we will only process your Personal Information as we are instructed to by who gave us that data (or as required by law).
We take seriously the trust you place in us to protect the privacy of your or your patients’ Personal Information. We have implemented a series of physical, personnel, administrative, access control, system, third party and transmission safeguards to prevent unauthorized access, to maintain data integrity, and to ensure that only authorized persons who need to access your Personal Information can do so. A brief description of some of our security measures follows.
Physical Security measures include:
- Physical access to servers is restricted to lifeIMAGE information technology personnel who have been authorized for server access.
- Disaster recovery plan.
Personnel Security measures include:
- Background and criminal reference checks for employees, and
- Annual HIPAA and general privacy and security training for employees
Administrative Security measures include:
- Sanctions for employee violations of company policies and practices, and
- Documentation of compliance training.
Access Control Security measures include:
- Restricting access to data to approved personnel on need basis only
- Identity Authentication by written signature, passwords, challenge questions, tokens, biometrics or a combination thereof.
System Security measures include:
- Firewall, data protection systems, intrusion detection and monitoring devices to protect our network and databases
- Encryption of Personal Information data in our databases and of medical images on disk.internal and external system auditing with audit trails that monitor, record and document access to these databases
Third Party Security measures include:
- Business associate agreements and/or other business agreements with all partners, third parties and vendors with whom we share information that requires them to implement all appropriate security procedures to maintain confidentiality.
- Individual confidentiality agreements with all employees and consultants who are required to come into contact with your Personal Information.
- Data protection agreements, including European Commission-approved Standard Contractual Clauses with business partners where Personal Information is to be processed from the European Economic Area.
Transmission Security measures include:
- Encryption of all Medical Information and Protected Health Information transmitted to and from our website and stored in our systems.
While we cannot guarantee that loss, misuse or alteration of data will not occur, we are committed to using proven safeguards and security audit procedures designed to prevent any loss, misuse or alteration of data. You will be promptly notified of any security breach which may have allowed disclosure or compromised the security and privacy of any of your Protected Health Information.
Under certain circumstances, we may be compelled to disclose your Personal Information to satisfy a Court order, duly executed subpoena, government request, law enforcement investigation, or regulatory compliance review. We will use reasonable and lawful efforts to limit the scope of any legally required disclosure. Under the law, required disclosures include:
- When a law or duly executed Court Order requires disclosure of your Personal Information, in which case only the information expressly ordered to be disclosed shall be released with notice to you of both the Order and the information disclosed. We will make reasonable efforts to notify you in advance of that disclosure, unless doing so would violate the law or the court order.
- When government officials investigating compliance with various Security and Privacy laws and regulations require disclosure of information relevant to their investigation.
lifeIMAGE provides certain links to third-party websites operated by organizations not affiliated with our service. These links may be found within our content or placed beside the names and logos of these persons.
We do not release any of your Personal Information to organizations operating these third-party web sites. We do not review or endorse the privacy policies of these third-party sites, and assume no responsibility for them. We encourage you to read the privacy policies and statements of each and every site before providing any Personal Information.
lifeIMAGE may combine and aggregate Personal Information from a sufficiently large group of individuals in a non-individually identifiable format to create “Aggregated De-Identified Data” when we have the right to do so. Aggregated De-Identified Data does not contain any information that could be used to contact or identify you and is not personally identifiable to you and is not created from Personal Information that we are not permitted to use (for example because you have not given us your consent or Express Consent (where applicable) to do so). Aggregated De-Identified Data may be used by lifeIMAGE for our legitimate business purposes, such as an analysis of health trends by lifeIMAGE so long as those purposes wouldn’t negatively impact you in an unfair manner.
You may choose to voluntarily disclose your Personal Information, including Protected Health Information, to third-party service providers, doctors or other health professionals, attorneys, and/or other individuals. We urge you to make such disclosure choices carefully. If you choose to use your Personal Account to voluntarily disclose your Personal Information to any individual or entity other than you or your healthcare professional, you must provide Express Consent that identifies the specific information to be released and to whom it is to be released. lifeIMAGE will not release or disclose any portion of your Personal Information without your Express Consent and assumes no responsibility or liability for any such release as directed by your Express Consent. We encourage you to read the privacy policies and statements of any third-party service providers, or other entities, with whom you direct us to disclose your Personal Information.
Protecting your Information also requires your compliance with certain basic security practices. We cannot secure any Personal Information that you release on your own, that you request us to release or that is released through another third party to whom you give account access.
You must safeguard your user name, password and other authentication information that you use to access our services. Do not disclose this information to any individual, third party or entity. Please immediately notify lifeIMAGE if you think there has been any unauthorized use of your user name, password or other authentication information.
12. Your Rights, Including Accessing, Updating, Requesting Corrections and Deleting Your Information/Account
You may access Information in your account at any time through the website. You may update your Personal Account Information at any time by accessing your Personal Account and making any necessary changes.
You may ask us to correct your Personal Information, including Protected Health Information that was provided by you. You may request a copy of information stored in your account, which we will provide to you in a common format, which is easy for you to use. You may also object to how we are using your Information and ask us to stop. As a reminder, we will comply with your request, but if there are other legitimate reasons for us to continue to process or use your Personal Information (and those reasons would not seriously impact your rights or freedoms), we may still be able to do so. Any written request for correction or access to data that is denied will result in an explanation in writing. Even if we deny your request, we will still restrict how we use your data (for example, if you object to how we are using your Personal Information, we will stop using it for that reason until we verify whether we are able to do so).
You may even request that we erase all of your Personal Information (this will inactivate your lifeIMAGE account) by emailing Customer Support at email@example.com. We will verify your identity before taking any action. When you request us to inactivate your account and your identity is verified, we will cease to display your Personal Information on our website and will stop processing it, but it may be stored for a period of time. Please be aware that while this information will no longer be accessible to someone using your account over the Internet, it will be retained for the period of time in backup media, but unless we need to retain information to comply with applicable laws, any backup retention is generally no longer than 60 days . If you request deletion of your Personal Information that we are required by applicable law to retain, we will inform you. This information shall be made available pursuant to a duly executed authenticated authorization to release medical records. In some cases, lifeIMAGE may be allowed to apply a charge equal to the administrative, copying and communication costs for the retrieval, preparation and transmission of the information requested.
13. Use of Our Services
As we mentioned above, if you do not consent to our privacy practices, you cannot use our service. You may withdraw your consent by inactivating your lifeIMAGE account as described in the section entitled “Your Rights, Including Accessing, Updating, Requesting Corrections and Deleting Your Account.”
lifeIMAGE may modify this Statement of Privacy at any time. Changes will always be in accordance with the law and will be posted on this website. We will update the effective date at the top of this Statement of Privacy so you can easily see that last time it was changed.
lifeIMAGE gathers certain Non-Personal Information about your use of our website through log files and cookies. The techniques we use and their implications for your privacy are described below.
Log Files: When you access our site, our system automatically collects certain information about you for our logs. This data may include your browser type, your computer’s IP address, your Internet Service Provider, operating system, date and time you visited our site, and a list of the pages you visited. We use this information to analyze usage trends, administer the site, and gather demographic information about our members as a whole. It is not designed to identify you personally. However, under certain circumstances we may need to review this information in conjunction with specific Personal Account Information in order to identify and resolve certain issues for our members.
Cookies: lifeIMAGE uses a web technology, referred to as cookies, to make it easier for you to navigate our site, improve the security of your Personal Information, enhance the functionality of some features, and improve performance. These cookies are only applicable within the confines of our site. lifeIMAGE uses both session cookies, which expire when you close your browser, and persistent cookies, which remain on your computer. These cookies act as a user identification card for our servers. Cookies are only read by our computers and are unable to execute any code or virus. You can remove persistent cookies by following the directions provided in your Internet browser’s help file. However, if you set your browser security setting to reject all cookies, you may not be able to access certain portions of our web site. When accessing our site using a public computer, we recommend that you delete all persistent cookies according to the directions in your browser’s help file before you close the browser. For more detailed information on how to control cookies you may wish to visit www.allaboutcookies.org.
From time to time, we will contact you to ask about the services you have requested, to inquire about the quality of services you have received and to alert you about service updates.
If you have opted-in to receiving such promotional marketing communications, any such communications sent via email will be sent to the address provided in your Personal Account Information and will include a link for opting out of future marketing communications.
17. Contacting Us
If you have any questions or concerns regarding this Privacy Statement, please contact the lifeIMAGE Privacy Official at firstname.lastname@example.org or call Monday thru Friday between 8:30 AM and 5:30 PM EST at 617-244-8411 x350, or send mail to:
Life Image Inc.
Kyle Conley, Privacy Official
One Gateway Center
Newton, MA 02458