PLEASE REVIEW IT CAREFULLY

Our HIPAA & SOC 2 Privacy Commitment

Cyber Imaging Inc., including Eyeweb and all direct and indirect subsidiaries (“we,” “our,” or “us”), is committed to protecting your privacy and maintaining the confidentiality of your health information.

This Notice explains how we use and disclose your Protected Health Information (PHI), the rights you have regarding your PHI, and our obligations under both

  • The Health Insurance Portability and Accountability Act (HIPAA).
  • The AICPA SOC 2 Trust Services Criteria for Privacy, which guide how we collect, use, retain, and secure personal information.

Our Legal Duties

We are required by federal and state law to:

  • Maintain Privacy and Security: Safeguard your health information using administrative, physical, and technical safeguards that meet or exceed HIPAA and SOC 2 Privacy standards.
  • Provide this Notice: Explain our privacy practices, your rights, and our legal duties regarding your health information.
  • Breach Notification: Notify you and affected individuals promptly (no later than 60 days after discovery) if a breach of unsecured health information occurs.
  • Follow this Notice: Abide by the privacy practices described here while it is in effect.

This Notice takes effect on [Insert Effective Date] and remains in effect until replaced. We reserve the right to change our privacy practices and this Notice in compliance with applicable law and SOC 2 Privacy criteria. You may request a copy of the current Notice at any time.

Uses and Disclosures of Health Information

We use and disclose your health information only as permitted by HIPAA and consistent with SOC 2 Privacy principles of notice, choice & consent, collection, use, retention, access, and disclosure:

  • Treatment: To provide and coordinate your care, consult with other healthcare providers, make referrals, or provide appointment reminders and recall information.
  • Payment: To facilitate payment for treatment and services, including billing, claims submission, and—when necessary—disclosure to consumer reporting agencies for payment collection.
  • Health Care Operations: For operational purposes such as quality assessments, staff training, medical reviews, legal services, fraud and abuse detection, and business management. This includes improving the quality and effectiveness of the care we provide.
  • Notification: To notify a family member, personal representative, or other responsible individual of your location or general condition, as appropriate.
  • Required by Law: To comply with legal requirements such as court orders, custody arrangements, reporting abuse or neglect, assisting law enforcement officials, or protecting public health and safety.

Your Health Information Rights

You have the following rights regarding your health information:

  • Access: Request access to and obtain copies of your health information, subject to limited exceptions. A reasonable fee may apply.
  • Disclosure Accounting: Request a list of non-routine disclosures of your health information made within the past six years (or a shorter period if you prefer). Additional requests within a year may incur a reasonable fee.
  • Restriction: Request additional restrictions on our use or disclosure of your health information. We are not obligated to agree except in limited circumstances required by law.
  • Alternative Communication: Request communications of health information by alternative means or at alternative locations.
  • Amendment: Request amendments to your health information. We may deny requests where permitted by law.
  • Breach Notification: Receive prompt notice in the event of a breach of unsecured health information.
  • Notice of Changes: Receive updates if we materially change our privacy practices.

Data Retention

We retain PHI and other personal information only as long as necessary to fulfill the purposes described above or as required by law, consistent with HIPAA and SOC 2 Privacy retention standards.

Security Measures

To protect your information we maintain:

  • Encryption of sensitive data in transit (SSL/TLS) and, where appropriate, at rest.
  • Access controls, authentication, and monitoring to prevent unauthorized use.
  • Regular risk assessments, security testing, and workforce training to meet SOC 2 and HIPAA Security Rule standards.

Privacy Questions and Complaints

If you have questions, concerns, or believe your privacy rights have been violated, contact:

  • Senior Security & Privacy Official:
    Privacy Office
  • Address: 8300 Falls of Neuse Road Suite 110
    Raleigh, NC 27615 USA
  • Phone: 888.449.9540
  • Email: service@eyeweb.com

You may also file a complaint with the U.S. Department of Health and Human Services, Office for Civil Rights.

We will not retaliate against you for filing a complaint.

Please wait.....