Privay Policy | LUXE Medical Imaging

Privacy Policy
Effective Date: November 1, 2025
Luxe Medical Imaging (“we,” “us,” or “our”) is committed to protecting the privacy and security of your personal health information (PHI) in full compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its implementing regulations, including the Privacy Rule, Security Rule, and Breach Notification Rule. This Privacy Policy describes how we collect, use, disclose, and safeguard PHI when you interact with our website (the “Site”), schedule appointments, or receive imaging services.
By using the Site, you acknowledge that you have read and understand this Privacy Policy.

1. Scope of This Policy
This Policy applies to PHI we collect through:

The Site (including forms, patient portals, and scheduling tools)
Email, phone, or in-person communications
Imaging services performed at our facilities

It does not apply to information collected by third-party websites or services linked from the Site.

2. What Is Protected Health Information (PHI)?
PHI is any information that:

Relates to your past, present, or future physical or mental health or condition;
Identifies you or could reasonably be used to identify you; and
Is created, received, or maintained by us in connection with providing healthcare services.

Examples include medical records, imaging results, appointment details, billing information, and demographic data.

3. How We Collect PHI
We collect PHI only when necessary to provide services or operate the Site. Common collection methods:
SourceExamples of PHI Collected
Patient Portal / FormsName, date of birth, contact info, insurance details, medical history, imaging orders
Scheduling ToolsAppointment dates, referring physician, reason for exam
Imaging ServicesRadiology reports, images (MRI, CT, X-ray, ultrasound), diagnostic notes
CommunicationsEmails or messages containing health questions or updates
Website AnalyticsIP address, browser type (de-identified where possible)
We do not sell PHI or use it for marketing without your explicit authorization.

4. How We Use PHI
Permitted uses under HIPAA include:
Treatment

Reviewing imaging results with radiologists and referring physicians
Coordinating follow-up care

Payment

Billing insurance or patients
Verifying coverage

Healthcare Operations

Quality assurance and improvement
Staff training
Legal and regulatory compliance

Other Permitted Uses

Public health reporting (e.g., cancer registries)
Research (only with IRB approval and de-identification or authorization)
As required by law (e.g., subpoenas, abuse reporting)

5. When We Disclose PHI
We disclose PHI only as permitted or required by HIPAA:
RecipientPurposeSafeguards
Referring PhysiciansContinuity of careSecure transmission (encrypted email, PACS)
Insurance CompaniesClaims processingMinimum necessary rule
Business AssociatesIT, billing, transcriptionHIPAA-compliant Business Associate Agreements (BAAs)
Patient or Authorized RepresentativeAccess to recordsIdentity verification
Government AgenciesAudits, public healthLegal mandate only
We never share PHI with advertisers or third-party marketers.

6. Your HIPAA Rights
You have the following rights regarding your PHI:

Right to Access – Obtain a copy of your records (electronic or paper) within 30 days.
Right to Amend – Request corrections to inaccurate or incomplete information.
Right to Accounting of Disclosures – Receive a list of certain disclosures made in the past 6 years.
Right to Request Restrictions – Ask us to limit uses/disclosures (we may deny if it affects treatment/payment).
Right to Confidential Communications – Request contact by alternative means (e.g., email instead of phone).
Right to Complain – File a complaint with us or the U.S. Department of Health and Human Services (HHS) if you believe your rights are violated.

Contact our Privacy Officer to exercise any right: Email: privacy@luxemedicalimaging.com Phone: (555) 123-4567 Mail: Luxe Medical Imaging, Attn: Privacy Officer, 123 Imaging Lane, Suite 100, Anytown, USA

7. Security of PHI
We implement administrative, physical, and technical safeguards per the HIPAA Security Rule:

Encryption for PHI in transit (TLS 1.3) and at rest (AES-256)
Access Controls – Role-based access, unique user IDs, automatic logoff
Audit Logs – Tracking who accesses PHI and when
Workforce Training – Annual HIPAA training for all staff
Incident Response Plan – Rapid response to breaches, notification within 60 days if required

8. Breach Notification
If a breach of unsecured PHI occurs, we will notify:

Affected individuals (without unreasonable delay, max 60 days)
HHS (annually for <500 individuals; promptly for ≥500)
Prominent media (if ≥500 residents of a state affected)

Notifications will include:

Description of the breach
Types of PHI involved
Steps to take to protect yourself
Our mitigation actions
Contact information for questions

9. Website-Specific Practices

Cookies & Tracking: We use essential cookies for Site functionality (e.g., secure login). Analytics cookies are anonymized and do not collect PHI.
Patient Portal: Requires two-factor authentication (2FA) and encrypts all data.
Third-Party Tools: Any vendor processing PHI (e.g., scheduling software) signs a BAA.

10. Changes to This Policy
We may update this Policy to reflect changes in law or operations. The revised version will be posted on the Site with a new “Effective Date.” Continued use of the Site after changes constitutes acceptance.

11. Contact Us
Privacy Officer: Amber Pellham
Email: admin@luxemedicalimaging.com
Phone: (479) 774-5266
Address: 361 Millsap Rd, Fayetteville, AR 72703
To file a complaint with HHS: Office for Civil Rights U.S. Department of Health and Human Services 200 Independence Avenue, S.W. Washington, D.C. 20201 https://ocrportal.hhs.gov/ocr/smartscreen/main.jsf
Luxe Medical Imaging will not retaliate against you for exercising your HIPAA rights.
This Privacy Policy is designed for Luxe Medical Imaging’s website and services. It will be prominently linked in the footer of every page and displayed during any patient portal registration.

The Site (including forms, patient portals, and scheduling tools)

Email, phone, or in-person communications

Imaging services performed at our facilities

It does not apply to information collected by third-party websites or services linked from the Site. 2. What Is Protected Health Information (PHI)? PHI is any information that:

Relates to your past, present, or future physical or mental health or condition;

Identifies you or could reasonably be used to identify you; and

Is created, received, or maintained by us in connection with providing healthcare services.

Reviewing imaging results with radiologists and referring physicians

Coordinating follow-up care

Payment

Billing insurance or patients

Verifying coverage

Healthcare Operations

Quality assurance and improvement

Staff training

Legal and regulatory compliance

Other Permitted Uses

Public health reporting (e.g., cancer registries)

Research (only with IRB approval and de-identification or authorization)

As required by law (e.g., subpoenas, abuse reporting)

Right to Access – Obtain a copy of your records (electronic or paper) within 30 days.

Right to Amend – Request corrections to inaccurate or incomplete information.

Right to Accounting of Disclosures – Receive a list of certain disclosures made in the past 6 years.

Right to Request Restrictions – Ask us to limit uses/disclosures (we may deny if it affects treatment/payment).

Right to Confidential Communications – Request contact by alternative means (e.g., email instead of phone).

Right to Complain – File a complaint with us or the U.S. Department of Health and Human Services (HHS) if you believe your rights are violated.

Encryption for PHI in transit (TLS 1.3) and at rest (AES-256)

Access Controls – Role-based access, unique user IDs, automatic logoff

Audit Logs – Tracking who accesses PHI and when

Workforce Training – Annual HIPAA training for all staff

Incident Response Plan – Rapid response to breaches, notification within 60 days if required

8. Breach Notification If a breach of unsecured PHI occurs, we will notify:

Affected individuals (without unreasonable delay, max 60 days)

HHS (annually for <500 individuals; promptly for ≥500)

Prominent media (if ≥500 residents of a state affected)

Notifications will include:

Description of the breach

Types of PHI involved

Steps to take to protect yourself

Our mitigation actions

Contact information for questions

9. Website-Specific Practices

Cookies & Tracking: We use essential cookies for Site functionality (e.g., secure login). Analytics cookies are anonymized and do not collect PHI.

Patient Portal: Requires two-factor authentication (2FA) and encrypts all data.

Third-Party Tools: Any vendor processing PHI (e.g., scheduling software) signs a BAA.

It does not apply to information collected by third-party websites or services linked from the Site.

2. What Is Protected Health Information (PHI)?
PHI is any information that:

8. Breach Notification
If a breach of unsecured PHI occurs, we will notify: