The Vigilant Medical privacy policy is to ensure the confidentiality of all Protected Health Information (PHI) as related to the use of our ImageShare product and services to store, access, and share medical images. By registering as a user of our service, you accept the Terms and Conditions of this Privacy Policy.

All PHI is your property at all times and is under your discretion to control access to it by others. We will not disclose any of your PHI to others without documented consent by you or only if required by law.

All user account information including name, email address, institutional affiliation, and password is private and confidential. We use this information strictly to authorize access to our services, process your transactions, and provide communications to you. This account information will not be disclosed to any third party without documented consent by you or only if required by law.

To ensure the highest protection of privacy of your account information and PHI. We have implemented a series of physical, personnel, administrative, access control, system, third party and transmission safeguards to prevent unauthorized access, to maintain data integrity, and to ensure that only authorized persons who need to access your account information or PHI can do so.

Physical Security measures include:

• Physical access to servers is restricted to designated IT personnel who have been authorized for server access
• Disaster recovery plan

Personnel Security measures include:

• Background and criminal reference checks for employees
• Annual HIPAA Privacy and Security Training for employees

Administrative Security measures include:

• Privacy Policy and Security Policy Compliance
• Sanctions for Employee violations of company policies
• Documentation of Compliance Training

Access Control Security measures include:

• Restricting access to data to designated IT personnel on need basis only
• Authentication by written signature, passwords, challenge questions or a combination thereof.

System Security measures include:

• Virtual private cloud architecture to protect our network and databases
• Encryption of data in our databases and of PHI in storage
• Internal log monitoring of access to these databases

Third Party Security measures include:

• Business Associate Agreements and/or other business agreements with all partners, third parties and vendors with whom we share information that requires them to implement all appropriate security procedures to maintain confidentiality
• Individual Confidentiality Agreements with all employees who are required to come into contact with your account Information or PHI

Transmission Security measures include:

• Encryption of all data transmitted to and from our product and services

While we cannot guarantee that loss, misuse or alteration of data will not occur, we are committed to using proven safeguards and security audit procedures designed to prevent any loss, misuse or alteration of data. You will be promptly notified of any security breach which may have allowed disclosure or compromised the security and privacy of any of your Protected Health Information.

Under certain circumstances, disclosure of your account Information or PHI may be required to satisfy a Court order, duly executed subpoena, government request, law enforcement investigation, or regulatory compliance review. We will use reasonable and lawful efforts to limit the scope of any legally required disclosure. Under the law, required disclosures include:

• When a law or duly executed Court Order requires disclosure of your account Information and PHI, in which case only the information expressly ordered to be disclosed shall be released with notice to you of both the legal order and the information disclosed. We will make reasonable efforts to notify you in advance of that disclosure, unless doing so would violate the law or the court order.
• When government officials investigating compliance with various security and privacy laws and regulations require disclosure of information relevant to their investigation.

Use of our product and services implies consent to our privacy practices as described in this privacy statement. If you do not consent to our privacy practices, you are not authorized to use our service. You may withdraw your consent by inactivating your account.

We may choose to communicate with you to inquire about the services you have received and to alert you about service updates. Promotional marketing communications sent via email will be sent to the address provided in your account Information and will include a link for opting out of future marketing communications.

If you have any questions or concerns regarding this Privacy Statement, please contact privacy@vigilantmedical.net

---