Provider Privacy Policy
Last modified January 28, 2015
Please review the following information carefully. This Provider Privacy Policy (Privacy Policy) describes the treatment of information provided or collected on the NexGenic.com website and applications made available through NexGenic, including but not limited to our Services. We take your privacy very seriously and encourage you to bring forward any questions about our Privacy Policy.
1. DEFINITIONS
The following terms shall have the respective meanings set forth below:
“Annex Server” means a physical or virtual computer server that has the capability to store encrypted medical record packages and can be hosted on a local network or on the Internet. It is controlled and maintained by the Provider or by a designated service vendor.
“Electronic Protected Health Information (ePHI)” means any protected health information that is covered under Health Insurance Portability and Accountability Act of 1996 (HIPAA) security regulations and is produced, saved, transferred or received in an electronic form.
“Health Insurance Portability and Accountability Act of 1996 (HIPAA)” means the administrative regulations promulgated under the provisions of this act, including the Privacy Rule and the Security rule.
“ImageInbox®” means a computer network service where Registered Users can send and receive medical imaging data and related reports to other networked accounts.
“Medical Records” means your documented health information, including medical images.
“NexGenic®” means NexGenic, LLC., a California-based limited liability company whose principal place of business is at 31225 La Baya Dr., Suite 200, Westlake Village, CA 91362 (“We/Us/Our”). The company facilitates health information communication in compliance with governing laws and regulations, including without limitation those protecting the privacy and security of health information.
“Personal Identifiable Information (PII)” is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context.
“Providers” mean healthcare providers such as hospitals, imaging centers and clinics as well as individual physicians who offer healthcare and medical services. NexGenic is not affiliated with any Provider.
“Registered Users” means an individual or Provider organization that is authorized to use the Services (e.g. has elected to supply their name, email, address, user-ID, password, address and payment information (as applicable)).
“Registered User Agreement” means a legally binding Agreement between NexGenic and Registered Users of our Services.
“Service” or “Services” means, collectively, NexGenic products, software, and services.
“Supported Platform(s)” means the storage providers currently supported by the Services, such as Google Drive, as described via the Site.
“You” or “Your” means the individual, company or other legal entity for which you are accepting this Agreement, and Affiliates of that company or entity.
“Your Data” means all electronic data, medical images, or information transferred by you through the use of the Services.
“Non-Personal Information” is information excluding ePHI collected when you visit our NexGenic website, applications and use our Services. This includes performance, location and device information (e.g. device type, browser type, domains, page views) collected through log files, transaction files, cookies, flash cookies and web technology.
“Personal Information” is information that can be used to identify you as an administrator or Provider, either alone or in combination with other information. NexGenic collects and stores the following types of Personal Information:
- “Registration Information” is information you provide about the Administrator and Provider when registering for an account to use our Services (e.g. name, email, address, user ID, password and payment information).
- “Exam Information” is information collected about the origin and type of medical record, e.g. an image study being sent or received between you as a Provider and another Registered User, whether Provider or Patient.
2. INTRODUCTION
NexGenic, LLC, is a California limited liability company that facilitates health information communication in compliance with governing laws and regulations, including without limitation those protecting the privacy and security of health information (also referred to herein as “NexGenic”, “we”, “us”, and “our”), as described on NexGenic.com (the “Site”).
NexGenic has developed this Privacy Policy to inform you about what information we collect, how it’s used, and your options with regards to such information.
To summarize our Privacy Policy regarding NexGenic Services, all user communication is 100% private and directly between you (Provider) and a Registered User (Patient or Outside Provider) you have selected to communicate with. For example, the transfer of medical images and diagnostic reports with ImageInbox occurs just between you and your recipient without any third-party intermediary storage, including NexGenic. The Service uses multiple layers of encryption to ensure your data is protected both in transit and at rest once received.
All access and use of the Site, Content or Services is subject to the NexGenic Terms of Service (the “Agreement”) and this Privacy Policy is incorporated by reference into the Agreement. In the event of any conflict between this Privacy Policy and the NexGenic Terms of Service, the terms in the Agreement shall control.
3. PROTECTING USER INFORMATION
NexGenic takes seriously the trust you place in us. We actively protect any information a user provides. NexGenic has implemented and maintains physical, administrative and electronic security measures for the Site and Services. We limit NexGenic employee access and ability to enter or view information based upon their role in the Services we provide. Secure Sockets Layer (SSL), firewalls, passwords, encryption, and audit trails are further used to safeguard your information.
3.1 Personally Identifiable Information and Protected Health Information
NEXGENIC DOES NOT HAVE ACCESS NOR DOES NEXGENIC STORE ANY PERSONALLY IDENTIFIABLE INFORMATION (PII) OR PROTECTED HEALTH INFORMATION (PHI) THROUGH THE USE OF THE SERVICES.
4. COLLECTING PERSONAL INFORMATION
NexGenic collects non-medical identifying information about the Provider required for registration of the Service. This is not considered by NexGenic to be PII or PHI.
Registering to use the Services requires the following fields to be completed: (i) Administrator information including name, email, user-ID, and password, (ii) Provider information additionally includes descriptive information including address location, internet domain name, service/specialty information, and payment information (if applicable). We also give you the option to provide additional information as stated on the website.
You agree that the Registration Information you provide to us is always true, accurate, current, and complete. Wrongful information may lead to delays in service operation and will require Registered Users to correct the information in order to successfully use our Services. You agree that the Registration Information you provide to us is always true, accurate, current, and complete. If you provide any Registration Information that is untrue, inaccurate, not current, or incomplete, or if NexGenic has a reasonable ground to suspect that such information is untrue, inaccurate, not current, or incomplete, NexGenic has the right to suspend or terminate your account and refuse any and all current or future use of the Service (or any portion thereof).
4.1 Exam Information
When using the Services, NexGenic collects Exam Information including where the Medical Record data was originated, for example ‘University Hospital’, the type of Medical Record exchanged, for example ‘CT scan’, and the number of images exchanged. This information is not defined as PHI under HIPAA because the relationship to the individual patient is unknown to NexGenic.
5. USING PERSONAL INFORMATION
All Personal Information collected by NexGenic is necessary to ensure regular operation of your account and/or availability of the Services. When you use our Services, you authorize us to retrieve and import information from another Registered User on your behalf. These include, among other things, providing you with the Services you request; customer support; safeguarding and protecting our Services; authenticating your website visits and usage; communicating with you about information, services, transactions, products and promotions; and performing quality control activities.
WE DO NOT DISCLOSE YOUR PERSONAL INFORMATION TO ANY THIRD-PARTY WITHOUT YOUR EXPLICIT CONSENT.
Further, you acknowledge and agree that NexGenic may disclose Registration Information to comply with legal requirements, including without limitation, governmental orders, court orders, or legal process served on NexGenic. NexGenic may also disclose Registration Information as necessary to protect its legal rights or as necessary to comply with the law or the credit card processor rules or to maintain PCI compliance.
NexGenic reserves the right to disclose Registration Information as necessary for fraud and credit risk purposes. In such event we will notify you electronically through the contact information you have provided to us in advance, unless doing so would violate the law or a court order.
5.1 Service Referral To New User
If you use the NexGenic Site or Services referral feature to inform your contacts about our Services, we will use the referral information you provide for the sole purpose of informing the provided contact about the NexGenic Services. If as part of the invitation you provide us with a contacts name, email address, or phone number, you confirm that your contact has provided you with his or her consent to be sent the referral. We will inform your contact that you asked us to contact them. Additionally, we may collect information from you and your contacts through the use of cookies and other technology, so we can monitor the success and keep track of contacts you refer who may sign up for our Services.
6. COLLECTING NON-PERSONAL INFORMATION
Like most websites and applications, our Services gather information whenever you visit, log in or otherwise interact with them. As with other websites and interactive services, whenever you interact with our Services your computer or mobile device software transmits non-personal information. This information is used to improve our Services and the overall user experience and we may disclose non-personally identifiable information to third-parties. Most browsers are initially set up to accept cookies, but you can reset your browser to refuse all cookies or to indicate when a cookie is being sent.
Therefore, even if you do not register with us or submit any Personal Information on our Services, we are automatically receiving information about your hardware device and the software running on it. This information includes the type and version of operating system running (e.g., iOS, Android, Mac OS or Microsoft Windows), the browser making the request (e.g., Internet Explorer, Chrome, Safari or Firefox), routing information, IP address, and geographic location. This information is not considered by NexGenic to be personal information.
7. USING NON-PERSONAL INFORMATION
We use Non-Personal Information for auditing, research, measurement and analysis in order to maintain, administer, enhance, and protect our Services or create new Services, including analyzing usage trends and patterns and improving the effectiveness of content, advertising, features and services.
7.1 Your Contacts
NexGenic Services may contain a contact address book. This address book is stored and maintained on NexGenic information systems.
8. HOW OUR SERVICES ALLOW USERS TO SHARE INFORMATION
If you are a Provider who has entered into an Agreement with us, including a Registered User Agreement, your contact and directory information may be listed in one or more of our public and professional directories. These directories include profile information (e.g., contact, address and other information as specified on our website), that allow users to locate and communicate with you. Our Services are designed to facilitate one-on-one communications between users so any communication where users are sending or receiving information enables their counterpart user to see contact information, including user-id, in order to authenticate the transmission and initiate the Medical Record exchange.
9. WHAT OTHER USERS DO WITH INFORMATION YOU SHARE WITH THEM
Because our Services enable users to share information you share with them, you should take care in selecting with whom you share your information. Although our Services process such transmission, we cannot take responsibility for the actions of other users or persons with whom you share your information.
10. COMPLIANCE WITH HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was enacted to protect electronic data pertaining to patient identification and health, and standardize the process of data interchange. Under these regulations, any Covered Entity that maintains electronic protected health information (ePHI) must conform to technical safeguards, including technology, policy and procedures for use, that protect ePHI and control access to it.
NexGenic does not access or maintain Medical Records containing ePHI or PII from Providers. Furthermore, no ePHI or PII is used in operational functions of the Services, such as log files, access authentication or audit trails at NexGenic.
Utilizing the Services may involve access and storage of encrypted Medical Record (ePHI) copies, on the Provider’s Annex Server or other Provider’s computer equipment where the Services are being executed. At no time does NexGenic have access to these Medical Record copies.
When we transmit “individually identifiable health information” (as such term is defined by HIPAA) on behalf of a health care provider who has entered an agreement with Us through our Terms of Service Agreement and our Registered User Agreement, we do not store or have access to any individually identifiable health information but rather serve as a secure conduit for health information exchange.
Therefore, under the definitions of the HIPAA Rules set forth in 45 CFR 160.103, NexGenic is not part of a HIPAA-defined Covered Entity, nor is it a clearinghouse for a Covered Entity. As such, NexGenic does not require establishing a Business Associate Agreement with a Covered Entity.
DISCLAIMER: HIPAA compliance of activities between Registered Users utilizing the Services are the sole responsibility of the Registered Users engaging in these activities.
11. CHILDREN UNDER 13
Our Services are not intended for or designed to attract children under the age of 13, and we do not knowingly collect personal information from such children. If we learn that we have inadvertently obtained personal information from a child under the age of 13, we will delete that information. If you become aware that your child has provided us with personal information without your consent, please contact us immediately at the contact information below. Our Services do allow users above the age of 18 years old – such as healthcare providers, parents and guardians – to manage and transfer Medical Records about others, including minors. Such users assume full responsibility over their submission, use and transmission of such information.
12. THIRD-PARTY LINKS AND SUPPORTED PLATFORMS
Areas of the NexGenic website and Services may contain links to third-party web sites and Supported Platforms.
Please note that when you use the NexGenic website and Services to access any third-party links or Supported Platforms you are entering another website or service for which we have no responsibility or control. The inclusion of third-party links and Supported Platforms does not imply affiliation, endorsement or adoption by us of the third-party links or any medical or other information contained therein. We encourage you to read the terms and conditions, data-gathering practices and privacy policies of all third-party’s and Supported Platforms as they may materially differ from ours. You agree that we shall not be responsible for any loss or damage of any sort incurred as a result of any such links or as the result of the presence of such links on this site. It is up to you to take precautions to ensure that whatever linked material you select is free of items such as viruses, worms, Trojan horses and other destructive items.
13. DATA TRANSFERS, STORAGE, AND PROCESSING GLOBALLY
NexGenic operates globally and may transfer your Personal Information around the world for the purposes described in the Terms of Service and this Privacy Policy. Wherever your personal information is transferred or processed by us, we will take reasonable steps to safeguard the privacy of your personal information. Additionally, when using or disclosing personal information transferred from the European Union, we abide by the Safe Harbor Principles as set forth by the U.S. department of Commerce, use standard contract clauses approved by the European Commission, adopt other means under European Union law for ensuring adequate safeguards, and obtain your consent. We also apply the substantive requirements of the Safe Harbor Principles when transferring personal information from Australia.
14. CHANGES TO THE PRIVACY POLICY
From time to time, we may change this privacy policy to accommodate new technologies, industry practices, regulatory requirements or for other purposes. We will provide notice to you if these changes are material and, where required by applicable law, we will obtain your consent.
15. COMMENTS AND QUESTIONS
If you have any comments or questions about this Privacy Policy, please mail NexGenic at:
Legal Counsel
NexGenic
3435 East Thousand Oaks Blvd., #7541
Thousand Oaks, CA 91362