Legal

HIPAA Policy

This page is maintained by Imaging Diversified to describe how we approach the Health Insurance Portability and Accountability Act (HIPAA) during training and imaging support engagements.

Last updated: January 2, 2026

1. Our Role

Imaging Diversified provides radiology technologist training, protocol development, and imaging support services. Depending on the engagement, we may act as an independent contractor providing on-site or remote services to a covered entity or its business associate. We do not operate as a healthcare provider, health plan, or clearinghouse, and we do not maintain patient records on behalf of covered entities as a primary service.

2. Business Associate Agreements (BAAs)

When an engagement will involve access to Protected Health Information (PHI), Imaging Diversified will execute a Business Associate Agreement with the covered entity or business associate prior to that access. The BAA governs permitted uses and disclosures, safeguards, subcontractor obligations, breach notification timelines, and return or destruction of PHI at the end of the engagement.

3. Minimum Necessary Standard

We work with our customers to limit access to PHI to the minimum necessary to perform the requested training or support. Whenever practical, training is delivered using de-identified data, phantom scans, test patients, or synthetic datasets rather than live PHI.

4. Website and Inquiry Forms

Our website and public forms are not intended for the submission of PHI. Please do not include patient names, medical record numbers, dates of service tied to an individual, diagnostic images, or any other patient identifiers in messages sent through the site, email, or our support intake forms. If PHI is inadvertently submitted, we will take reasonable steps to secure or delete it.

5. Safeguards

We maintain administrative, physical, and technical safeguards designed to protect PHI we are authorized to access, including:

  • Workforce training on HIPAA Privacy and Security Rules.
  • Role-based access controls and unique user credentials.
  • Encryption in transit and, where applicable, at rest.
  • Secure disposal or return of PHI upon completion of an engagement.
  • Incident response procedures and breach notification workflows consistent with 45 CFR §§ 164.400–414.

6. Subcontractors

Where subcontractors may create, receive, maintain, or transmit PHI on our behalf, we require them to enter into written agreements that impose substantially the same restrictions and conditions that apply to us.

7. Breach Notification

In the event of a suspected or confirmed breach of unsecured PHI in our possession, we will notify the affected covered entity or business associate without unreasonable delay and consistent with the terms of the applicable BAA and HIPAA Breach Notification Rule.

8. Individual Rights

Individuals seeking to exercise HIPAA rights — such as access, amendment, accounting of disclosures, or restrictions — should contact the covered entity that provided their care. We will support covered entities in responding to such requests as required by the applicable BAA.

9. Contact

To request a Business Associate Agreement, report a potential incident, or ask a HIPAA-related question, contact us at info@imagingdiversified.com.

This page is provided for informational purposes and does not constitute legal advice. Specific obligations are governed by the executed agreements between Imaging Diversified and its customers.