RADSOURCE LLC & Imaging Specialists PLLC
JOINT NOTICE OF PRIVACY PRACTICES
Effective Date: August 23, 2023

THIS NOTICE DESCRIBES HOW CUSTOMER HEALTH INFORMATION MAY BE USED AND DISCLOSED AND HOW CUSTOMER CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW THIS NOTICE CAREFULLY.

We are contractually bound parties with our customers (Healthcare Imaging Providers). Should patients desire to request any data stored on our PACS, all such requests must be submitted to the Healthcare Imaging Provider for receipt. All such requests received by us will be re-directed to the Healthcare Imaging Provider. Any questions about this notice or need for further information, please contact our Privacy Officer, Michelle Whitlock, at mwhitlock@radsource.us<mailto:mwhitlock@radsource.us> or our Security Officer, Mike Bragg, at mbragg@radsource.us<mailto:mbragg@radsource.us>. To reach our team by phone, please call (615) 376-7502. Please direct all written requests to the following:

Radsource, LLC & Imaging Specialists PLLC
750 Old Hickory Blvd. Suite 1-260
Brentwood, TN 37027
Attn: Privacy Officer & Security Officer

OUR PLEDGE REGARDING CUSTOMER PROTECTED HEALTH INFORMATION:

The privacy of Radsource LLC & Imaging Specialists PLLC, customer’s protected health information or \”PHI\” is important to us. This notice will tell you about the ways in which we may use and disclose PHI. This notice describes rights with respect to the PHI that we collect and maintain for a Healthcare Imaging Provider, and also describes certain obligations we have regarding the use and disclosure of the PHI.
We are required by law to:

1. Maintain the privacy of your PHI;

2. Provide this notice describing our legal duties, privacy practices, and your rights regarding the PHI we collect and maintain;

3. Provide notification if we discover a breach of any PHI that is not secured in accordance with federal guidelines; and

4. Follow the terms of the Notice of Privacy Practices that is currently in effect.

CUSTOMER RIGHTS REGARDING CUSTOMER’S PROTECTED HEALTH INFORMATION:

Customer has the following rights with respect to their PHI:

1. Right to Inspect and Copy: Radsource hosts health information on behalf of our Customer’s via PACS, a medical imaging technology that provides storage and access to images from multiple modalities. Patient information stored by us in PACS is secure and only accessible by authorized users. Customers nevertheless have the right to inspect and copy all or any part of the data, medical, or health record, as provided by federal regulations and to inspect and/or copy all or any part of the medical or health record maintained by us on PACS. Patients must contact the Healthcare Imaging Provider directly for copies of any data. Any requests for inspection or copies of patient information submitted to us must be in writing and will be forwarded to the Healthcare Imaging Provider’s Privacy Officer for review and approval, pursuant to our written agreement with your provider, and may result in unnecessary delay.

2. Right to Amend: Customer has the right to request that we amend PHI or a medical or health record if customer feels that the health information that we have is incorrect or incomplete. The customer has the right to request an amendment for as long as we keep the information. To request an amendment, the customer is to contact us directly as appropriate and in accordance with HIPAA guidelines. Any requests for amendment submitted to us must be in writing from the Healthcare Imaging Provider. It is the responsibility of the Healthcare Imaging Provider to review and approve all amendments.

3. Right to an Accounting of Disclosures: Customer has the right to request a list accounting for any disclosures of its PHI we have made, except for disclosures made for the purpose of treatment, payment, health care operations and certain other purposes if such disclosures were made through a paper record or other health record that is not electronic, as set forth in federal regulations. If a customer requests an accounting of disclosures of their PHI, the accounting may include disclosures made for the purpose of treatment, payment, and health care operations to the extent that disclosures are made through an electronic health record.

For customers to request an accounting of disclosures, directly contact the Privacy Officer of Radsource. Any requests for an accounting of disclosures submitted to us must be in writing and will be forwarded to the customer’s Privacy Officer for review and approval, pursuant to our written agreement with the customer.

4. Customer Right to Request Restrictions: Customer has the right to request a restriction or limitation on the use and disclosure of their PHI. Customer also has the right to request a restriction or limitation on the disclosure of their PHI to someone who is involved in the care or the payment of care, such as a family member or friend. Patients requesting a restriction must do so with their Healthcare Imaging Provider.

5. Right to Receive Confidential Communications: Customer has the right to request that we communicate with them about PHI in a certain way or have such communications addressed to a certain location.

Patients must forward a request for confidential communications directly to their Healthcare Imaging Provider. Any requests for confidential communications submitted to us will be forwarded to the Healthcare Imaging Provider’s Privacy

6. Right to a Paper Copy of this Notice: Customer has the right to obtain a paper copy of this notice at any time upon request. To obtain a copy of this notice, please request it from our Privacy Officer at the address listed on the first page of this notice.

7. Right to Revoke Authorization: If customer executes any authorization(s) for the use and disclosure of their PHI, customer has the right to revoke such authorization(s), except to the extent that action has already been taken in reliance on such authorization.

HOW WE MAY USE AND DISCLOSE CUSTOMER’S PROTECTED HEALTH INFORMATION WITHOUT YOUR AUTHORIZATION:

The following categories describe different ways that Radsource, LLC or Imaging Specialists, PLLC may use and disclose customer PHI without authorization. Certain disclosures of PHI may be made electronically.

1. For Treatment: We may use PHI as necessary to facilitate health care treatment or services and as directed by the Healthcare Imaging Provider. At the request of the Healthcare Imaging Provider, we may disclose your PHI to other doctors, nurses, technicians, health students, or other personnel who are involved in patient’s care.

2. For Payment: We may use and disclose PHI so that the treatment and services received from the Healthcare Imaging Provider may be billed and payment collected from an insurance company, or a third party.

3. For Health Care Operations: We may use and disclose customer PHI for operations of our company. For example, we may use health information to review our services and to evaluate the performance of our systems.

4. For Research: We may disclose customer PHI for the purpose of research. We will only disclose customer PHI for research purposes upon your express authorization or if the research protocol has been approved by an institutional review board that has reviewed the research proposal and established protocols to ensure the privacy of your PHI.

5. As Required by Law: We may disclose customer PHI when required to do so by federal, state, or local law.

6. To Avert a Serious Threat to Health or Safety: We may use and disclose customer PHI when necessary to prevent a serious threat to the health and safety or the health and safety of the public or another person.

7. Military and Veterans: All such requests for disclosure must be made to the Healthcare Imaging Provider first and only if the Healthcare Imaging Provider is unable to provide PHI stored in the PACS for a member of the armed forces or separated/discharged from military services, that has been lawfully requested, we may release PHI as required by military command authorities or the Department of Veterans Affairs as may be applicable. We may also release health information about foreign military personnel to the appropriate foreign military authorities.

8. Workers’ Compensation: All such requests for disclosure must be made to the Healthcare Imaging Provider first and only if the Healthcare Imaging Provider is unable to provide PHI stored in the PACS we may release your PHI as authorized by law, and in compliance with, laws related to workers’ compensation and similar programs established by law that provide benefits for work-related illnesses and injuries without regard to fault.

9. Public Health Activities: If required of Radsource or Imaging Specialists by law, we may be required to disclose customer PHI for public health activities. These activities generally include the following:

· to prevent or control disease, injury, or disability;
· to report births and deaths;
· to report child abuse or neglect;
· to report reactions to medications or problems with products;
· to notify people of recalls of products they may be using;
· to notify person or organization required to receive information on FDA-regulated products; and
· to notify a person who may have been exposed to a disease or may be at risk for contracting or spreading a disease or condition.

10. Health Oversight Activities: All such requests for disclosure must be made to the Healthcare Imaging Provider first and only if the Healthcare Imaging Provider is unable to provide PHI stored in the PACS we may release your PHI. We may disclose your PHI to a health oversight agency only for activities authorized by law. These oversight activities include, for example, audits, investigations, inspections, and licensure. These activities are necessary for the government to monitor the health care system, government programs, and compliance with civil rights laws.

11. Lawsuits and Disputes: If customers or patients are involved in a lawsuit or a dispute, we may disclose PHI in response to a court or administrative order. We may also disclose your PHI in response to a subpoena, discovery request, or other lawful process by someone else involved in the dispute, but only if efforts have been made to tell customer about the request or to obtain an order protecting the information requested.

12. Law Enforcement: All such requests for disclosure must be made to the Healthcare Imaging Provider first and only if the Healthcare Imaging Provider is unable to provide PHI stored in the PACS Radsource may release your PHI as authorized by law. We may disclose your PHI to law enforcement officials for law enforcement purposes including the following:

· in reporting certain injuries, as required by law, gunshot wounds, burns, injuries to perpetrators of crime;
· in response to a court order, subpoena, warrant, summons or similar process;
· to identify or locate a suspect, fugitive, material witness, or missing person;
· about the victim of a crime, if the victim agrees to disclose or under certain limited circumstances, we are unable to obtain the person’s agreement;
· about a death we believe may be the result of criminal conduct;
· about criminal conduct at our facility; and
· in emergency circumstances to report a crime; the location of the crime or victims; or the identity, description, or location of the person who committed the crime.

13. Abuse, Neglect and Domestic Violence: All such requests for disclosure must be made to the Healthcare Imaging Provider first and only if the Healthcare Imaging Provider is unable to provide PHI stored in the PACS Radsource may release your PHI as authorized by law. We may disclose your PHI to an appropriate governmental authority if we reasonably believe that you may be a victim of abuse, neglect, or domestic violence. We will only make this disclosure if you agree or when required or authorized by law.

14. Coroners, Health Examiners and Funeral Directors: All such requests for disclosure must be made to the Healthcare Imaging Provider first and only if the Healthcare Imaging Provider is unable to provide PHI stored in the PACS Radsource may release your PHI as authorized by law. We may disclose your PHI to a coroner or health examiner. This may be necessary, for example, to identify a deceased person or determine the cause of death. We may also disclose your PHI to funeral directors as necessary to carry out their duties.

15. National Security and Intelligence Activities: All such requests for disclosure must be made to the Healthcare Imaging Provider first and only if the Healthcare Imaging Provider is unable to provide PHI stored in the PACS Radsource may release your PHI as authorized by law. We may disclose your PHI to authorized federal officials for intelligence, counterintelligence, and other national security activities authorized by law, or for the purpose of providing protective services to the President or foreign heads of state.

16. Inmates: All such requests for disclosure must be made to the Healthcare Imaging Provider first and only if the Healthcare Imaging Provider is unable to provide PHI stored in the PACS we may release your PHI as authorized by law. For patients that are an inmate of a correctional institution or under the custody of a law enforcement official, we may disclose PHI to the correctional institution or law enforcement official. This release would be necessary (a) for the institution to provide you with health care; (b) to protect your health and safety or the health and safety of others; or (c) for the safety and security of the correctional institution.

EXAMPLES OF OTHER PERMISSIBLE OR REQUIRED DISCLOSURES OF CUSTOMER’S PROTECTED HEALTH INFORMATION WITHOUT YOUR AUTHORIZATION:

1. Business Associates and/or Subcontractors: Some of our activities are provided on our behalf through contracts with business associates or subcontractors. Examples of when we may use a business associate or subcontractor include consulting and quality assurance activities provided by an outside consultant, audits performed by an outside auditor, and other legal and consulting services provided in response to operational issues that may arise from time to time. When we enter into contracts to obtain these services, we may need to disclose your PHI to our business associate or subcontractor so that they may perform the job which we have requested. To protect your PHI, however, we require our business associates and subcontractors to appropriately safeguard your information.

2. Notification: We may use or disclose patient PHI to assist patient’s Healthcare Imaging Provider in notifying a family member, personal representative, close personal friend, or other person responsible for your care of your location and general condition as requested by the Healthcare Imaging Provider. We will not disclose patient PHI to patient’s family members, personal representative, or close personal friends as described in this paragraph if Healthcare Provider or patient objects to such disclosure. Patients must follow the procedures outlined in the paragraph titled Right to Request Restrictions, above, to notify of such objections.

3. Unlawful Conduct: Federal law allows for the release of PHI to appropriate health oversight agencies, public health authorities or attorneys, provided that a work force member or business associate believes in good faith that we have engaged in unlawful conduct or otherwise violated professional or clinical standards and are potentially endangering one or more patients, workers, or the public.

WE MAY NOT USE OR DISCLOSE CUSTOMER’S PROTECTED HEALTH INFORMATION FOR THE FOLLOWING PURPOSES WITHOUT YOUR AUTHORIZATION:

1. We must obtain an authorization for any use or disclosure of customer PHI for any marketing communications about a product or service that encourages customer to use or purchase the product or service unless the communication is either (a) a face-to-face communication or (b) a promotional gift of nominal value. However, we do not need to obtain an authorization from customers regarding case management or care coordination, to describe health-related products or services that we provide, or if applicable, to contact you in regard to treatment alternatives. We must notify you if the marketing involves financial remuneration.

2. We must obtain an authorization for any disclosure of your PHI which constitutes a sale of such PHI.

3. We must obtain an authorization for all other uses and disclosures of your PHI not described in this notice.

4. If you provide us with written authorization to use or disclose your PHI, you may revoke that authorization, in writing, at any time.

CHANGES TO THIS NOTICE:

We reserve the right to change our privacy practices and any terms of this notice. If our privacy practices materially change, we will revise this notice and make copies of the revised notice available upon request and post to our website. We reserve the right to make the revised or changed notice effective for PHI we already have about you as well as any PHI we receive in the future.

TO MAKE A COMPLAINT:

If you believe your privacy rights have been violated, you may file a complaint with us or with the United States Department of Health and Human Services Office of Civil Rights. To file a complaint with us, contact our Privacy Officer at the contact information on the first page. All complaints must be submitted in writing. There will be no retaliation against you for filing a complaint.