VXN Imaging Coordination Network is committed to protecting the privacy and security of the information entrusted to us. This Privacy Policy explains how we collect, use, safeguard, and disclose information through our website and coordination services.

1. Scope of This Policy

This Privacy Policy applies to information collected through:

• Our website at https://vxnpi.com/
• Our secure referral form hosted at hptz.io
• Email, phone, and other direct communications with VXN

This policy does not apply to third-party websites, imaging facilities, or service providers with their own privacy practices.

2. Information We Collect

Information You Provide

When you submit a referral or contact us, we may collect:

• Contact information — name, email, phone number, organization, professional credentials
• Referral details — patient information, imaging type requested, clinical notes, insurance/billing details, and other information necessary to coordinate the referral
• Legal matter information — where submitted by attorneys, case-related details relevant to coordination
• Protected Health Information (PHI) — as defined under HIPAA, where transmitted through authorized channels

Information Collected Automatically

When you visit our website, we may automatically collect:

• IP address and approximate location
• Browser type, operating system, device information
• Pages visited, referring URL, and interaction data
• Cookies and similar tracking technologies (see Section 8)

3. How We Use Information

We use the information we collect to:

• Coordinate and fulfill imaging referrals between referring parties and imaging facilities
• Communicate with you regarding referrals, scheduling, and service updates
• Verify professional credentials and eligibility
• Operate, maintain, and improve our website and services
• Comply with legal, regulatory, and contractual obligations
• Detect and prevent fraud, abuse, or unauthorized access

4. HIPAA and Protected Health Information

VXN acts as a Business Associate (or subcontractor thereof) when handling PHI on behalf of Covered Entities as defined under HIPAA. Our use and disclosure of PHI is governed by:

• The HIPAA Privacy and Security Rules
• The HITECH Act and Breach Notification Rule
• Applicable Business Associate Agreements (BAAs) executed with Covered Entities
• Applicable state privacy laws

We maintain administrative, physical, and technical safeguards designed to protect the confidentiality, integrity, and availability of PHI in accordance with 45 CFR §§ 164.308–164.312.

5. How We Share Information

We share information only as necessary to deliver our services and as permitted by law. We may disclose information to:

We do not sell personal information or PHI. We do not use PHI for marketing purposes.

6. Data Security

We implement reasonable administrative, technical, and physical safeguards to protect information under our control, including:

• Encryption of data in transit (TLS) and at rest where appropriate
• Access controls limiting PHI access to authorized personnel on a need-to-know basis
• Secure referral submission through our hptz.io-hosted form
• Audit logging and monitoring of systems handling sensitive information
• Staff training on HIPAA and privacy practices

No method of transmission over the internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

7. Data Retention

We retain information for as long as necessary to provide our services, comply with legal obligations (including HIPAA’s minimum retention requirements, typically six years), resolve disputes, and enforce our agreements. Retention periods specific to PHI are governed by applicable BAAs and law.

8. Cookies and Tracking Technologies

Our website uses cookies and similar technologies for essential functionality, analytics, and to improve user experience. You may control cookie preferences through your browser settings. Disabling certain cookies may affect site functionality.

We do not currently respond to “Do Not Track” browser signals, as no consistent industry standard exists.

9. Your Rights

Depending on your jurisdiction and role, you may have rights to:

• Access, correct, or delete personal information we hold about you
• Restrict or object to certain processing
• Request data portability
• Withdraw consent (where processing is based on consent)
• Lodge a complaint with a regulatory authority

Requests regarding PHI should be directed to the Covered Entity (typically the referring provider or attorney). General privacy requests may be sent to the contact below. We will respond in accordance with applicable law.

10. State-Specific Rights

Residents of California, Virginia, Colorado, Connecticut, Utah, and other states with comprehensive privacy laws may have additional rights. Please contact us for more information or to exercise these rights. Note that much of the information we handle is PHI governed by HIPAA and may be exempt from state consumer privacy laws.

11. Children’s Privacy

Our services are directed to professional entities, not consumers, and we do not knowingly collect information directly from individuals under 18 through our website. Pediatric imaging referrals submitted by authorized providers are handled under the same HIPAA protections as all other PHI.

12. International Users

Our services are intended for use within the United States. If you access our website from outside the U.S., your information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your jurisdiction.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be indicated by an updated “Last Updated” date above and, where appropriate, notified through other channels. We encourage you to review this policy periodically.

14. Contact Us

For questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact: referrals@vxnpi.com