Purview complies with the U.S.-EU Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries. Purview has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view Purview’s certification, please visit http://www.export.gov/safeharbor/
Purview uses secure communications to transfer all information, including protected health information (PHI) and images from the imaging provider to the Purview servers and to any user with access privileges. All data is encrypted using the same security level as (or better) used by financial institutions online.
We use a variety of security technologies and procedures to help protect your patient information from unauthorized access, use, and disclosure. For example, we store the personal information you provide on computer servers with limited access, and located in physically controlled facilities.
- All non-image communications with the Services are sent using encryption (HTTPS with 128-bit SSL).
- Data can optionally be encrypted when it is at rest. This is an optional security capability that is available to our customers.
- All clinical images communicated from imaging facilities or to users are encrypted using a 168-bit 3DES algorithm.
- Patients who visit a Participating Provider must register for access to Purview using a unique access code and verifying key demographic information.
- A patient can share his or her images with their healthcare provider using Purview using two methods:
- (a) Images can be shared with a healthcare provider. If the healthcare provider is not already a registered user of Purview, they will receive an invitation. The provider will be required to provide their NPI number in addition to key demographic information to sign-up. Because this information is publicly available, Purview additionally verifies all healthcare provider accounts using various methods including telephone calls, E-mail confirmations, etc.
- (b) Images can be accessed without creating a Purview account. A healthcare provider must enter the unique access code provided to the patient, verify key demographic information pertaining to the patient, and provide their NPI number.
We request all clients alert us, if at any time, they obtain access information that is not theirs. By emailing firstname.lastname@example.org we are better able to identify potential issues with incorrect access privileges. This identification also allows Purview, if required, to notify appropriate parties of a HIPPA violation.
How We Use Patient Data
We use patient information collected through the Services, including health information, to provide the Services, and as described in this privacy statement. Purview may access and/or disclose patient information if we believe such action is necessary to: (a) comply with the law or formal legal process served on Purview; (b) protect and defend the rights or property of Purview (including the enforcement of our agreements); or (c) act in urgent circumstances to protect the personal safety and welfare of users of Purview services or members of the public.
Patient information collected on the Services may be stored and processed in the United States or any other country in which Purview or its affiliates, subsidiaries, or agents maintains facilities, and by using the Services, the provider and patient consent to any such transfer of information outside of the U.S.
To keep users informed of the latest improvements, the Service may send you an electronic newsletter. If you do not want to receive the newsletter, you can unsubscribe through a link at the bottom of the newsletter. Purview uses your email address and password to protect your account from unauthorized access, it is important to not provide other users with this information.
Users have the ability to accept or decline cookies. Most web browsers automatically accept cookies, but users can usually modify their browser setting to decline some or all cookies, if they prefer. If users choose to decline all cookies, they may not be able to use interactive features of Purview’s or other web sites that depend on cookies.
Use of Web Beacons
Purview’s web pages may contain electronic images known as web beacons – sometimes called single-pixel gifs – that may be used for the following purposes:
- to assist in delivering cookies on our sites
- to enable us to count users who have visited those pages
- to deliver co-branded services.
We may include web beacons in promotional e-mail messages or in our newsletters in order to determine whether messages have been opened and acted upon.
Purview may also employ web beacons from third parties to help us compile aggregated anonymous statistics and determine the effectiveness of our promotional campaigns. We prohibit web beacons on our sites from being used by third parties to collect or access patient information.
In the event of any controversy or claim arising out of or relating to this contract, or a breach thereof, the parties hereto agree first to try and settle the dispute by mediation, administered by the International Centre for Dispute Resolution www.icdr.org under its Mediation Rules, before resorting to arbitration, litigation, or some other dispute resolution procedure. Such Mediation shall take place in a mutually agreed upon location and shall be conducted by one arbitrator in the English language.
Privacy Team at Purview
2001 Tidewater Colony
Annapolis, MD 21401