Security Policy
Effective Date: April 2, 2024
Through this security policy, Imagen Technologies, Inc. (“Imagen,” “we,” “us,” or “our”), recognizes the critical importance of safeguarding patient data and maintaining the highest standards of security and privacy. Our security policy outlines the measures we take to protect the confidentiality, integrity, and availability of sensitive healthcare information. By accessing and using our services, you agree to adhere to the principles outlined in this policy.
We may modify this Policy at any time. All changes will be effective immediately upon posting to the Site. Material changes will be conspicuously posted on the Site or otherwise communicated to you.
Data Protection and Confidentiality
We are committed to protecting the confidentiality of patient data at all times. Access to patient information is restricted to authorized personnel only, and we implement strong encryption protocols to ensure data remains secure both in transit and at rest.
Compliance with Healthcare Regulations
We adhere to all applicable healthcare regulations and standards, including but not limited to the Health Insurance Portability and Accountability Act (HIPAA), the HITRUST Framework (HITRUST CSF®), and the SOC 2 Type II compliance. Our security practices are designed to comply with these regulations and undergo regular audits to ensure ongoing compliance. Our design is also influenced by the Health Information Technology for Economic and Clinical Health (HITECH) Act and National Institute of Standards and Technology (NIST) best practices.
Secure Data Storage and Transmission
Patient data is stored in secure, HIPAA-compliant applications with access controls and audit trails to track all privileged and normal interactions with sensitive information. When transmitting data over networks, we utilize encrypted channels to prevent interception or unauthorized access.
User Authentication and Access Controls
Access to patient records and healthcare systems is granted based on the principle of least privilege, ensuring that users only have access to the information necessary to perform their duties. We enforce strong password policies and implement multi-factor authentication to enhance user authentication and prevent unauthorized access.
Incident Response and Reporting
In the event of a security incident or data breach involving patient information, we have established procedures for prompt response, investigation, and mitigation. We will notify affected individuals, regulatory authorities, and other relevant stakeholders as required by law.
Employee Training and Awareness
All employees undergo comprehensive training on security best practices, including handling of patient data, recognizing phishing attempts, and reporting security incidents. Regular security awareness programs are conducted to ensure employees remain vigilant and informed about emerging threats.
Third-Party Vendors and Business Associates
We carefully vet and monitor all third-party vendors and business associates, especially those who may have access to patient data to ensure they meet our security and compliance standards. We require contractual assurances that they will uphold the same level of protection for patient information.
Continuous Monitoring and Improvement
We continuously monitor our systems and security controls to detect and respond to potential threats or vulnerabilities. Regular risk assessments and security audits are conducted to identify areas for improvement and ensure ongoing effectiveness of our security measures.
Contact Us
If you have questions or concerns regarding this Policy, contact us at:
Imagen Technologies
224 W 35th St Ste 500
New York, NY 10001