Privacy & Data Policy

We collect medical imaging data (DICOM files, X-rays, CT scans, MRIs, and other radiological studies), patient demographic information, clinical history, and referring physician details as necessary to provide teleradiology interpretation services.

For healthcare providers and partner facilities, we collect organizational details, professional credentials, contact information, and account authentication credentials to manage platform access.

We automatically collect log data, IP addresses, browser/device information, access timestamps, and platform interaction data to ensure system security, performance, and compliance with audit requirements.

Patient data and imaging studies are used exclusively to provide diagnostic radiology interpretations, generate reports, and communicate findings to the ordering provider.

We use de-identified or aggregated data to monitor diagnostic quality, conduct peer reviews, and continuously improve the accuracy and reliability of our radiologist network.

Information is processed as required to comply with HIPAA, applicable state medical practice laws, ACR standards, and other healthcare regulations governing teleradiology services.

Technical data is used to authenticate users, maintain system integrity, prevent unauthorized access, troubleshoot issues, and fulfill our contractual obligations to partner facilities.

Voxel Teleradiology operates as a Business Associate under HIPAA. We execute Business Associate Agreements (BAAs) with all covered entity partners before any protected health information (PHI) is transmitted or processed.

We adhere strictly to the HIPAA Minimum Necessary Standard, ensuring that only the PHI required for the specific radiology service is accessed, used, or disclosed.

In the event of a breach involving unsecured PHI, we will notify affected covered entities and individuals in accordance with the HIPAA Breach Notification Rule, within the timeframes mandated by law.

We do not sell, rent, or trade patient data or PHI. Information is shared only with the referring facility, treating clinicians, and other parties explicitly authorized by the patient or required by law.

Any subcontractors or technology vendors who access PHI on our behalf are bound by HIPAA-compliant BAAs and are required to uphold the same privacy and security standards we maintain.

We may disclose information as required by valid legal process, court order, or to respond to lawful requests from public authorities in accordance with applicable law.

All medical imaging data and PHI are encrypted in transit using TLS 1.2 or higher and encrypted at rest using AES-256 encryption. DICOM data is transmitted exclusively over secured, dedicated connections.

Role-based access controls (RBAC) and multi-factor authentication (MFA) are enforced across all platform access points. Access to PHI is logged, monitored, and limited to authorized personnel only.

Our infrastructure is hosted in HIPAA-eligible, SOC 2 Type II certified data centers. We conduct regular vulnerability assessments, penetration testing, and internal/external audits.

Radiology reports and associated imaging studies are retained in accordance with applicable state and federal medical records laws, typically a minimum of seven (7) years from the date of service, or longer as required.

Upon expiration of applicable retention periods, PHI and related records are securely destroyed using methods that render the data unrecoverable, consistent with HIPAA requirements.

Patients have the right to access their radiology reports and, where applicable, request amendments to their health information. Requests should be directed to the originating healthcare facility.

Patients may request an accounting of disclosures of their PHI made by Voxel Teleradiology, as provided under HIPAA, by contacting our Privacy Officer.

Patients who believe their privacy rights have been violated may file a complaint with their healthcare provider, with Voxel Teleradiology directly, or with the U.S. Department of Health and Human Services Office for Civil Rights.

The Voxel platform uses only essential session cookies required for secure authentication and platform operation. We do not use advertising trackers, third-party analytics cookies, or behavioral profiling technologies.

We do not share platform usage data with advertisers or third-party marketing platforms. Our data practices are oriented solely around clinical service delivery and regulatory compliance.

For privacy-related inquiries, BAA requests, breach reporting, or to exercise your rights under HIPAA, please contact our designated Privacy Officer.

Email: privacy@voxelradiology.com Phone: 1-800-VOXEL-RX Mail: Voxel Teleradiology, Privacy Officer 1200 Imaging Way, Suite 400 San Francisco, CA 94105