Patient Privacy Policy

Last modified January 28, 2015

Please review the following information carefully. This Privacy Policy describes the treatment of information provided or collected on the website and applications made available through NexGenic, including but not limited to our Services. We take your privacy very seriously and encourage you to bring forward any questions about our Privacy Policy. 


The following terms shall have the respective meanings set forth below: 

“Health Insurance Portability and Accountability Act of 1996 (HIPAA)” means the administrative regulations promulgated under the provisions of this act, including the Privacy Rule and the Security rule.

“ImageInbox®” means a computer network service where Registered Users can send and receive medical imaging data and related reports to other networked accounts.

“Medical Records” means your documented health information, including medical images.

“NexGenic®” means NexGenic, LLC., a California-based limited liability company whose principal place of business is at 31225 La Baya Dr., Suite 200, Westlake Village, CA 91362 (“We/Us/Our”). The company facilitates health information communication in compliance with governing laws and regulations, including without limitation those protecting the privacy and security of health information.

“Providers” mean healthcare providers such as hospitals, imaging centers and clinics as well as individual physicians who offer healthcare and medical services. NexGenic is not affiliated with any Provider.

“Registered Users” means an individual who is authorized to use the Services (e.g. has elected to supply their name, email, address, user-ID, password, address and payment information (as applicable)).

“Service” or “Services” means, collectively, NexGenic products, software, and services.

“Supported Platform(s)” means the storage providers currently supported by the Services, such as Google Drive, as described via the Site.

“You” or “Your” means you as an individual or other legal entity (e.g. guardian, caretaker, etc.) for which you are accepting this Agreement.

“Your Data” means all electronic data, medical images, or information transferred by you through the use of the Services.

“Non-Personal Information” is information collected when you visit our NexGenic website, applications and use our Services. This includes performance, location and device information  (e.g. device type, browser type, domains, page views) collected through log files, transaction files, cookies, flash cookies and web technology.

“Personal Information” is information that can be used to identify you, either alone or in combination with other information. NexGenic collects and stores the following types of Personal Information:

  • “Registration Information” is information you provide about yourself when registering for an account to use our Services (e.g. name, email, address, user ID, password and payment information).
  • “Exam Information” is information collected about the origin and type of a medical record, e.g. image study, being sent or received between you and your Provider.


NexGenic, LLC, is a California limited liability company that facilitates health information communication in compliance with governing laws and regulations, including without limitation those protecting the privacy and security of health information (also referred to herein as “NexGenic”, “we”, “us”, and “our”), as described on (the “Site”).

NexGenic has developed this Privacy Policy to inform you about what information we collect, how it’s used, and your options with regards to such information. 

To summarize our Privacy Policy regarding NexGenic Services, all user communication is 100% private and solely between you and the Registered User you have selected to communicate with. For example, the transfer of medical images and diagnostic reports with ImageInbox occurs just between you and your doctor without any intermediary. NexGenic uses multiple layers of encryption to ensure your data is protected both in transit and at rest once received.

All access and use of the Site, Content or Services is subject to the NexGenic Terms of Service (the “Agreement”) and this Privacy Policy is incorporated by reference into the Agreement. In the event of any conflict between this Privacy Policy and the NexGenic Terms of Service, the terms in the Agreement shall control.


NexGenic takes seriously the trust you place in us. We actively protect any information a user provides. NexGenic has implemented and maintains physical, administrative and electronic security measures for the Site and Services. We limit NexGenic employee access and ability to enter or view information based upon their role in the Services we provide. Secure Sockets Layer (SSL), firewalls, passwords, encryption, and audit trails are further used to safeguard your information.


When registering to use the Services, the following fields are required to guarantee the network is a useful directory for its members: Patient information including name, email, user-ID, password, and payment information (if applicable). We also give you the option to provide some optional information such as your current address and other information as stated on the website.  

You agree that the Registration Information you provide to us is always true, accurate, current, and complete. Wrongful information may lead to delays in service operation and will require Registered Users to correct the information in order to successfully use our Services with Providers. You agree that the Registration Information you provide to us is always true, accurate, current, and complete. If you provide any Registration Information that is untrue, inaccurate, not current, or incomplete, or if NexGenic has a reasonable ground to suspect that such information is untrue, inaccurate, not current, or incomplete, NexGenic has the right to suspend or terminate your account and refuse any and all current or future use of the Service (or any portion thereof).  

4.1 Exam Information

When using the Services, NexGenic as part of your Personal Information collects Exam Information. This information includes where the Medical Record data was originated, for example ‘University Hospital’, the type of Medical Record exchanged, for example ‘CT scan’, the number of images exchanged, and the description of the exam performed, for example ‘CT scan with contrast’.


All Personal Information collected by NexGenic is necessary to ensure regular operation of your account and/or availability of the Services. When you use our Services, you authorize us to retrieve and import information from another Registered User on your behalf.  These include, among other things, providing you with the Services you request; customer support; safeguarding and protecting our Services; authenticating your website visits and usage; communicating with you about information, services, transactions, products and promotions; and performing quality control activities.


Further, you acknowledge and agree that NexGenic may disclose Registration Information to comply with legal requirements, including without limitation, governmental orders, court orders, or legal process served on NexGenic. NexGenic may also disclose Registration Information as necessary to protect its legal rights or as necessary to comply with the law or the credit card processor rules or to maintain PCI compliance.

NexGenic reserves the right to disclose Registration Information as necessary for fraud and credit risk purposes.  In such event we will notify you electronically through the contact information you have provided to us in advance, unless doing so would violate the law or a court order.

5.1 E-mail

As a user of our Services you should be aware that there are many circumstances where NexGenic will need to communicate with you via the e-mail address you provided in your Registration Information. For example, you will be notified via e-mail when there is a new medical image awaiting receipt on ImageInbox. This means that any person with access to your e-mail will be able to see this notification. This could include your family members, employer or anyone else who can access your e-mail account. Although no health information will be sent in the e-mail notification, the notification that new health information is available by accessing ImageInbox may be information that you would not want others to know about. Thus, you should take this into account when providing an e-mail address when using the Services. If you send us an e-mail communication, it may be shared with staff that assist users in providing services related to your inquiry.

5.2 Unique User ID

In order to use our Services you will create a unique identification (ID) code and password to be used to access and authenticate your account and authorize a Registered User to send/receive Medical Records. The ID and password are unique codes that identify you in the computer system. Inquiries and data transfers through our Services done will be logged with your user-ID.

It is extremely important that you keep the authentication password that you use to access the Services confidential. If at any time you feel that the confidentiality of your account has been compromised, you are responsible for changing your password within the Services.

NexGenic takes no responsibility for, and disclaims all liability or consequential damages arising from, a breach of confidentiality resulting from you showing, sharing, or losing your password. We ask you to be responsible for safeguarding your password, secret questions and answers, and other authentication information you use to access our Services. If NexGenic discovers that you have inappropriately shared your password with another person, or, that you have misused or abused the Services in any way, your account may be discontinued by NexGenic without prior notice.

5.3 Phone Number

Confirmation of successful Services completion imaging can be confirmed through phone notifications to the phone number you provided at registration. This means that any person with access to your telephone may be able to see this notification. This could include your family members, employer or anyone else who can access your telephone. Although no protected health information will be sent, the notification that new health information is available by accessing ImageInbox may be information that you would not want others to know. Thus, you should take this into account when providing contact telephone numbers when using ImageInbox.

5.4 Exam Information

We use Exam Information for auditing, research, measurement and analysis in order to maintain, administer, enhance, and protect our Services or create new Services, including analyzing usage trends and patterns and improving the effectiveness of content, advertising, features and services.

5.5 Service Referral To New User

If you use the NexGenic Site or Services referral feature to inform your contacts and friends about our Services, we will use the referral information you provide for the sole purpose of informing the provided contact about the NexGenic Services. If as part of the invitation you provide us with a contacts name, email address, or phone number, you confirm that your contact has provided you with his or her consent to be sent the referral. We will inform your contact that you asked us to contact them. Additionally, we may collect information from you and your referred contact through the use of cookies and other technology, so we can monitor the success and keep track of contacts you refer who may sign up for our Services.


Like most websites and applications, our Services gather information whenever you visit, log in or otherwise interact with them. As with other websites and interactive services, whenever you interact with our Services your computer or mobile device software transmits non-personal information. This information is used to improve our Services and the overall user experience and we may disclose non-personally identifiable information to third-parties. Most browsers are initially set up to accept cookies, but you can reset your browser to refuse all cookies or to indicate when a cookie is being sent.

Therefore, even if you do not register with us or submit any Personal Information on our Services, we are automatically receiving information about your hardware device and the software running on it. This information includes the type and version of operating system running (e.g., iOS, Android, Mac OS or Microsoft Windows), the browser making the request (e.g., Internet Explorer, Chrome, Safari or Firefox), routing information, IP address, and geographic location. This information is not considered by NexGenic to be personal information. 


We use Non-Personal Information for auditing, research, measurement and analysis in order to maintain, administer, enhance, and protect our Services or create new Services, including analyzing usage trends and patterns and improving the effectiveness of content, advertising, features and services.

7.1 Your Contacts

NexGenic Services may contain a contact address book. This address book is stored and maintained on NexGenic information systems.


Our Services are designed to facilitate one-on-one communications between users so any communication where users are sending or receiving information enables their counterpart user to see contact information, including user-id, in order to authenticate the transmission and initiate the Medical Record exchange.


Because our Services enable users to share information you share with them, you should take care in selecting with whom you share your information. Although our Services process such transmission, we cannot take responsibility for the actions of other users or persons with whom you share your information. 


The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was enacted to protect electronic data pertaining to patient identification and health, and standardize the process of data interchange. Under these regulations, any Covered Entity that maintains electronic protected health information (ePHI) must conform to technical safeguards, including technology, policy and procedures for use, that protect ePHI and control access to it. 

Under the definitions of the HIPAA Rules set forth in 45 CFR 160.103, NexGenic is not part of a HIPAA-defined Covered Entity, nor is it a clearinghouse for a Covered Entity.  

NexGenic is a health information organization (HIO), acting on behalf of the patient to provide Services that enable a user (patient) to electronically receive, send, and securely store their Medical Record copy.

When we transmit a medical record copy on behalf of a user (patient) who has entered an agreement with Us through our Terms of Service Agreement, the medical record copy is only stored on the user-provided personal storage (for example personal cloud storage such as Google Drive) in encrypted format only accessible by the Registered User. 

DISCLAIMER: HIPAA compliance of activities between Registered Users utilizing the Services are the sole responsibility of the Registered Users engaging in these activities.


Our Services are not intended for or designed to attract children under the age of 13, and we do not knowingly collect personal information from such children. If we learn that we have inadvertently obtained personal information from a child under the age of 13, we will delete that information. If you become aware that your child has provided us with personal information without your consent, please contact us immediately at the contact information below or found on our website ( Our Services do allow users above the age of 18 years old – such as healthcare providers, parents and guardians – to manage and transfer Medical Records about others, including minors. Such users assume full responsibility over their submission, use and transmission of such information.


Areas of the NexGenic website and Services may contain links to third-party web sites and Supported Platforms. For example patients using the ImageInbox mobile application must configure a personal cloud account, such as Google Drive, in order for the data exchange services to work. All medical record copies transferred by ImageInbox to personal cloud storage is done so using Advanced Encryption Standard (AES) 128-bit or higher algorithms in order to prevent data breaches and ensure the confidentiality of the Registered User’s data within their selected storage environment.

Please note that when you use the NexGenic website and Services to access any third-party links or Supported Platforms (such as Google drive), you are entering another website or service for which we have no responsibility or control. The inclusion of third-party links and Supported Platforms does not imply affiliation, endorsement or adoption by us of the third-party links or any medical or other information contained therein. We encourage you to read the terms and conditions, data-gathering practices and privacy policies of all third-party’s and Supported Platforms as they may materially differ from ours. You agree that we shall not be responsible for any loss or damage of any sort incurred as a result of any such links or as the result of the presence of such links on this site. It is up to you to take precautions to ensure that whatever linked material you select is free of items such as viruses, worms, Trojan horses and other destructive items.


NexGenic operates globally and may transfer your Personal Information around the world for the purposes described in the Terms of Service and this Privacy Policy. Wherever your personal information is transferred or processed by us, we will take reasonable steps to safeguard the privacy of your personal information. Additionally, when using or disclosing personal information transferred from the European Union, we abide by the Safe Harbor Principles as set forth by the U.S. department of Commerce, use standard contract clauses approved by the European Commission, adopt other means under European Union law for ensuring adequate safeguards, and obtain your consent. We also apply the substantive requirements of the Safe Harbor Principles when transferring personal information from Australia.


From time to time, we may change this privacy policy to accommodate new technologies, industry practices, regulatory requirements or for other purposes. We will provide notice to you if these changes are material and, where required by applicable law, we will obtain your consent.


If you have any comments or questions about this Privacy Policy, please mail NexGenic at:

Legal Counsel


3435 East Thousand Oaks Blvd., #7541

Thousand Oaks, CA 91362