1. Overview

The Privacy of users’ Private Information and of Patients’ Personal Information is our highest priority. This document describes the Security Practices and Privacy Policies that Viz.AI Inc. (“Viz.AI”), follow to ensure the confidentiality of users’ Private Information and Protected Health Information concerning the patients in your Healthcare Organization. Our Privacy Policy is created to provide a secure, confidential environment for storing and sharing medical imaging exams between healthcare providers. 

THIS NOTICE DESCRIBES THE CONDITIONS UNDER WHICH A USER’S PRIVATE INFORMATION AND PROTECTED HEALTH INFORMATION ABOUT THE HEALTHCARE ORGANIZATION’S PATIENTS MAY BE USED OR DISCLOSED. PLEASE REVIEW IT CAREFULLY. 

By installing the Viz.AI system, or logging into the Viz.AI mobile app as a user, the Healthcare Organization and mobile app users accept the Terms and Conditions of this Privacy Policy. Users’ Personal Information and Protected Health Information of patients will not be released or disclosed by Viz.AI, except as specifically set forth in this Privacy Policy or as required by law. 

Viz.AI system refers to the backend system installed in a Healthcare Organization’s IT infrastructure and the Viz.AI mobile application. In certain parts of this policy, the Viz.AI mobile application is specifically referred to. 

Viz.AI requests that all users read this Privacy Policy in its entirety. If you have any questions, please contact the Viz.AI Privacy Officer by phone at 1-650-265-1193.

Back to Top

2. General Definitions

Certain terms used throughout this Privacy Policy and the Viz.AI system have specific meanings and definitions with which users should be familiar: 

Personal Information Any information that uniquely identifies a Viz.AI user and includes Personal Account Information such as the user’s name, telephone number and email address. 

Personal information also includes any non-personal information that identifies Viz.AI mobile app users, such as any information that Viz.AI gathers as a user navigates our app, such as screens viewed, and the time spent using the app. 

Protected Health Information Any personally identifiable health information, or information that a patient might consider highly confidential or sensitive, that is traceable to a patient,. 

Back to Top

3. Protected Health Information Is Confidential 

All Protected Health Information provided to Viz.AI by the Healthcare Organization is considered to be Protected Health Information under the law. Viz.AI will not disclose or release any patients’ Protected Health Information to anyone, except as expressly set forth in this policy or as required by law. Whenever we are required by law to release any patients’ Protected Health Information, we will only release the Minimum Necessary Information required to accomplish the use for which the permitted release is allowed. 

Back to Top

4. Information That Viz.AI Collects 

Viz.AI collects Personal Information and Non-Personal Information when a user registers with the Viz.AI system. The user is responsible for the accuracy, completeness, and relevance of any data that they provide to our system. 

In addition, Viz.AI collects Protected Health Information related to the Healthcare Organization’s patients. 

Personal Information Personal Information is any information that uniquely identifies a user. It includes their Personal Account Information. Viz.AI treats all Personal Information as Private and Confidential. 

Viz.AI collects Personal Account Information of users, such as the user’s name, telephone number, email address, organization affiliation, user name and password, to uniquely identify the user and to enable their use of the app. We then require them to create a password to control access to our app. In some cases, this information is collected automatically and stored in our log files. We use this information to monitor aggregate usage of our app, and for internal analysis, quality control, and service improvement purposes. 

Protected Health Information Protected Health Information is any personally identifiable health information, or that the user might consider highly confidential or sensitive, that is traceable to a patient. The Protected Health Information, that we collect includes age, gender, medical images and reports, and other personal health information of patients. 

Back to Top

5. Who Can Access Private and Protected Health Information 

A Viz.AI user may access all Personal Information available to their account. Other than Viz.AI system users who have been duly approved by the Healthcare Organization, the only people who may access some parts of patients’ Protected Health Information are: 

Third Parties Viz.AI will not release or disclose patients’ Protected Information to any Third Party without the Express Consent of their Healthcare Organization, which identifies the specific information to be released and to whom it is to be released. Viz.AI assumes no responsibility or liability for the consequences of any such release. 

Law Enforcement/Public Agency Official Under certain circumstances, Viz.AI may be compelled to disclose Protected Information to satisfy a Court order, a duly executed subpoena, a government request, a law enforcement investigation, or a regulatory compliance review, in which case we will use reasonable and lawful efforts to limit the scope of any legally required disclosure. Viz.AI will also make reasonable efforts to notify the Healthcare Organization in advance of that disclosure, unless doing so would violate the law or the court order. 

Back to Top

6. The Limited Uses of Personal Information 

Viz.AI may use a user’s Personal Information, to: 

  • Authenticate their use of the Viz.AI system 

  • Provide requested services and process your requests 

  • Provide communications to you 

  • Analyze de-identified data in aggregate 

Back to Top

7. Security Protections for Patients’ Protected Health Information 

Viz .AI takes seriously the trust your Health Organization places in us to protect the privacy of patients’ Protected Health Information. We have implemented a series of physical, personnel, administrative, access control, system, third-party and transmission safeguards to prevent unauthorized access, to maintain data integrity, and to ensure that only authorized persons who need to access patients’ Protected Information can do so. 

Physical Security measures include: 

  • Physical access to servers is restricted to Viz.AI and third-party personnel who have been authorized for server access 

  • Disaster recovery plan 

Personnel Security measures include: 

  • Background and for employees 

  • Annual Privacy and Security Training for Employees 

Administrative Security measures include: 

  • Privacy Policy and Security Practices Compliance 

  • Sanctions for Employee violations of company policies and practices 

  • Documentation of Compliance Training 

Access Control Security measures include: 

  • Restricting access to data to approved personnel on a needs basis only 

  • Identity Authentication by written signature, passwords, challenge questions, tokens, biometrics or a combination thereof 

System Security measures include: 

  • Firewall, Data Protections Systems, Intrusion Detection and Monitoring Devices to protect our network and databases 

  • Encryption of Protected Health Information data in our databases, and of medical images on disk 

  • Internal and External System Auditing with Audit Trails that monitor, record, and document access to these databases 

Third Party Security measures include: 

  • Business Associate Agreements and/or other business agreements with all partners, third parties and vendors with whom we share information that requires them to implement all appropriate security procedures to maintain confidentiality 

  • Individual Confidentiality Agreements with all employees and consultants who are required to come into contact with patients’ Protected Health Information 

Transmission Security measures include: 

  • Encryption of all data transmitted to and from our Cloud and our app 

While it is not possible to guarantee that loss, misuse or alteration of data will not occur, Viz.AI is committed to using proven safeguards and security audit procedures designed to prevent any loss, misuse or alteration of data. The Healthcare Organization will be promptly notified of any security breach that might have allowed disclosure, or compromised the security and privacy of any patients’ Protected Health Information. 

Back to Top

8. Disclosures of Personal Information or Protected Health Information Required by Law 

Under certain circumstances, Viz.AI might be compelled to disclose a user’s Personal Information, or patients’ Protected Health Information to satisfy a Court order, duly executed subpoena, government request, law enforcement investigation, or regulatory compliance review. We will use reasonable and lawful efforts to limit the scope of any legally required disclosure. Under the law, required disclosures include: 

  • When a law or duly executed Court Order requires disclosure of a user’s Personal Information, or patients’ Protected Health Information, in which case only the information expressly ordered to be disclosed shall be released with notice to the Healthcare Organization of both the Order and the information disclosed. We will make reasonable efforts to notify the organization in advance of that disclosure, unless doing so would violate the law or the court order. 

  • When government officials investigating compliance with various Security and Privacy laws and regulations require disclosure of information relevant to their investigation.  

Back to Top

9. No Disclosure to Linked Websites 

Viz.AI does not link to any third-party websites operated by organizations that are not affiliated with our service. We do not release any users’ Personal Information or patients’ Protected Health Information to organizations operating any third-party web sites. 

Back to Top

10. Possible Use of Aggregated De-Identified Data 

Viz.AI may combine and aggregate health information from a sufficiently large group of individuals in a non-individually identifiable format, to create “Aggregated De-Identified Data”. Aggregated De-Identified Data does not contain any information that could be used to contact or identify users or patients and is not personally identifiable to users or patients. Aggregated De-Identified Data may be prepared for an analysis of health trends by Viz. 

Back to Top

11. How Users Can Help Protect Personal and Protected Information 

In addition to the Privacy Policies implemented by Viz.AI, protecting Personal Information and patients’ Protected Health Information also relies on the compliance of Viz.AI system users with certain basic security practices. Viz.AI cannot secure any Personal Information that a user releases on their own, or that is released through another third party to whom they give account access, nor can it secure patients’ Protected Health Information that is accessible through access to a user’s account if that user has shared their account information. 

A user must safeguard their user name, password and other authentication information that they use to access our services. A user must not disclose this information to any individual without the express permission of their Healthcare Organization’s security control officer. They must immediately notify their Healthcare Organization’s security control officer and Viz.AI of any unauthorized use of their user name, password or other authentication information. 

Back to Top

12. Accessing, Updating, Requesting Corrections and Deleting an Account 

A user may access their Personal Information in their account at any time through the app. They may update their Personal Account Information at any time through the app. They may make a Request for Correction of their Personal Information. They may request a copy of information stored in their account. Any written request for correction or access to data that is denied will result in an explanation in writing. A user may inactivate their Viz.AI account by calling Customer Support at 1-650-265-1193. We will verify the user’s identity before taking any action. Please be aware that while this information will no longer be accessible, it will be retained for the period of time required by the law in backup media. 

Back to Top

13. Use of Our Services 

Use of our services implies consent to our privacy practices as described in this Privacy Policy. If a user does not consent to our privacy practices, they are not authorized to use our service. A Healthcare Organization may withdraw consent by uninstalling the Viz.AI system from its IT infrastructure. A Viz.AI app user may withdraw consent by inactivating their Viz.AI account as described in the section entitled “Accessing, Updating, Requesting Corrections and Deleting an Account.” 

Back to Top

14. Changes to this Privacy Statement 

Viz.AI reserves the right to amend or modify this Privacy Policy at any time. Any material changes will be posted on the Viz.AI website, and organizations who are party to a Business Associate Agreement will also be notified of such changes. Changes will take effect seven (7) days after the changes have been first posted on the website. 

Back to Top

15. Communications From Us 

From time to time, we may contact a user to ask about their experience with the Viz.AI system, to inquire about the quality of service they have received and to alert them about updates. Promotional marketing communications sent via email will be sent to the address provided in a user’s login credentials.

Back to Top

16. Contacting Us 

If you have any questions or concerns regarding this Privacy Policy, please contact the Viz.AI Privacy Officer via phone, Monday through Friday between 8:30AM and 5:30PM at 1-650-265-1193, or send mail to:

Viz.AI Inc.
c/o Privacy Official
855 El Camino Real, Ste. 13A-252
Palo Alto, CA 94301 

Back to Top