Privacy Policy
Healium Intelliscan ("we," "our," or "us") is committed to protecting the privacy and security of health information. This Privacy Policy outlines our practices concerning the collection, use, disclosure, and safeguarding of information when healthcare providers (e.g., hospitals, clinics, medical professionals) utilize our AI-powered ultrasound technology and related services (collectively, "Services"). We understand the critical importance of protecting Protected Health Information (PHI) and other sensitive data in the healthcare sector.
Our Role and Responsibilities
Healium Intelliscan acts primarily as a Business Associate to covered entities (our healthcare provider clients) under the Health Insurance Portability and Accountability Act (HIPAA) and its implementing regulations. We process health information on behalf of, and at the direction of, our clients. Our obligations are governed by this Privacy Policy, our Terms and Conditions, and specific Business Associate Agreements (BAAs) executed with each client, which detail the permissible uses and disclosures of PHI.
Information We Process
Through our Services, we may process various types of information, including:
Protected Health Information (PHI)
This includes individually identifiable health information created or received by a healthcare provider and transmitted or maintained by us in any form or medium. Examples include patient names, dates of birth, medical record numbers, diagnostic images (ultrasounds), clinical findings, treatment plans, and other data related to a patient's past, present, or future physical or mental health condition or the provision of healthcare.
Technical and Usage Data
Information automatically collected when our Services are accessed and used, such as device information, IP addresses, operating system details, application usage data, and performance metrics. This data is primarily used for service delivery, maintenance, security, and improvement, and is generally de-identified or aggregated where possible.
How We Use Information
We use the information we process solely for the purposes specified in our agreements with healthcare providers, including:
Providing and Maintaining Services: To deliver our AI-powered ultrasound diagnostic services, process ultrasound data, generate reports, and ensure the proper functioning of our technology.
Service Improvement: To analyze usage patterns, troubleshoot issues, and enhance the accuracy, efficiency, and features of our AI algorithms and diagnostic tools. This often involves the use of de-identified or aggregated data.
Support and Maintenance: To provide technical support, respond to inquiries, and perform necessary maintenance on our systems.
Security and Compliance: To ensure the security and integrity of our systems and data, and to comply with applicable laws and regulations, including HIPAA.
Research and Development: With appropriate de-identification and/or patient consent obtained by the covered entity, we may use data for research and development to advance medical knowledge and improve our AI models.
Disclosure of Information
We do not sell or rent PHI. We disclose information only as permitted or required by our agreements with healthcare providers and applicable law, including:
To Covered Entities: We disclose PHI back to the healthcare providers who provided it to us, as necessary for their treatment, payment, and healthcare operations.
To Subcontractors: We may engage third-party subcontractors to assist us in providing our Services. These subcontractors are also bound by confidentiality obligations and Business Associate Agreements to protect PHI.
As Required by Law: We may disclose information when legally compelled to do so, such as in response to a court order, subpoena, or other legal process, or to comply with regulatory requirements.
For Public Health Activities: As permitted by HIPAA, we may disclose PHI for public health activities, such as preventing or controlling disease.
Data Security
Healium Intelliscan implements robust administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of the information we process, particularly PHI. These measures include:
Encryption: Data is encrypted both in transit and at rest.
Access Controls: Strict access controls are in place to limit access to PHI to authorized personnel only, based on the principle of least privilege.
Auditing and Monitoring: Our systems are regularly monitored and audited to detect and prevent unauthorized access or data breaches.
Employee Training: Our staff receive regular training on privacy, security, and HIPAA compliance.
Physical Security: Our data centers and infrastructure are protected by physical security measures.
Data Retention
We retain information, including PHI, for as long as necessary to provide our Services to our clients, fulfill our contractual obligations, and comply with legal, regulatory, and audit requirements. Retention periods are often dictated by our Business Associate Agreements and applicable healthcare regulations.
Your Rights
As a healthcare provider, you maintain control over the PHI you provide to us. Your rights, and the rights of your patients, regarding PHI are primarily exercised through your organization as the covered entity. We will cooperate with our clients to fulfill patient rights requests (e.g., access, amendment, accounting of disclosures) as required by HIPAA and our BAAs.
