HIPAA Notice of Privacy Practices

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

About This Notice

Porcupine LLC ("Porcupine," "we," "us," or "our") provides medical imaging AI pipeline services to healthcare providers, hospitals, and research institutions. In the course of providing these services, we may create, receive, maintain, or transmit Protected Health Information ("PHI") on behalf of healthcare providers who are covered entities under the Health Insurance Portability and Accountability Act of 1996 ("HIPAA").

When we process PHI on behalf of a covered entity, we do so as a Business Associate under a Business Associate Agreement ("BAA"). This Notice describes our practices regarding the use and disclosure of your health information and explains your rights under HIPAA.

Our Obligations

We are required by law to:

We will not use or disclose your health information without your written authorization except as described in this Notice.

How We May Use and Disclose Your Health Information

The following describes the ways we may use and disclose your health information without your written authorization:

For Treatment

We may use and disclose your health information to assist in your treatment and care. For example, we process medical images through our AI pipeline and return analysis results to your healthcare provider to support clinical decision-making, diagnosis, or treatment planning.

For Payment

We may use and disclose your health information as needed to support payment activities related to your care. For example, we may provide information to your healthcare provider's billing department to facilitate reimbursement for imaging services.

For Healthcare Operations

We may use and disclose your health information for healthcare operations purposes. This includes quality assessment and improvement activities, reviewing the performance of our AI algorithms, conducting audits, and ensuring compliance with applicable regulations.

As Required by Law

We will disclose your health information when required to do so by federal, state, or local law, including applicable reporting requirements.

Public Health Activities

We may disclose your health information to public health authorities for public health purposes, including reporting to the Food and Drug Administration (FDA) regarding the quality, safety, or effectiveness of FDA-regulated medical devices or products.

Health Oversight Activities

We may disclose your health information to health oversight agencies for activities authorized by law, such as audits, investigations, inspections, and licensure actions.

Judicial and Administrative Proceedings

We may disclose your health information in response to a court order, subpoena, or other lawful process, subject to applicable legal requirements.

Law Enforcement

We may disclose your health information to law enforcement officials as required or permitted by law, such as in response to a court order or to report certain types of injuries.

Research

We may use or disclose your health information for research purposes when the research has been approved by an Institutional Review Board (IRB) or Privacy Board that has reviewed the research proposal and established protocols to protect the privacy of your information. We may also use de-identified data for research and development of our AI models, in compliance with HIPAA de-identification standards.

To Avert a Serious Threat

We may use and disclose your health information when necessary to prevent or lessen a serious and imminent threat to your health or safety, or to the health or safety of the public or another person.

Workers' Compensation

We may disclose your health information as authorized by and to the extent necessary to comply with workers' compensation or similar programs.

Uses and Disclosures Requiring Your Written Authorization

We will obtain your written authorization before using or disclosing your health information for purposes not described in this Notice, including:

You may revoke an authorization in writing at any time. Revocation will not affect any uses or disclosures already made in reliance on the authorization.

Your Rights Regarding Your Health Information

Right to Inspect and Copy

You have the right to inspect and obtain a copy of your health information maintained by us. To request access, submit a written request to us. We will respond within 30 days. A reasonable, cost-based fee may apply for copies. You may request your information in an electronic format.

Right to Request Amendment

You have the right to request that we amend your health information if you believe it is incorrect or incomplete. To request an amendment, submit a written request to us explaining the reason for the amendment. We will respond within 60 days. We may deny the request in certain circumstances and will provide a written explanation if we do so.

Right to an Accounting of Disclosures

You have the right to request a list of disclosures we have made of your health information for purposes other than treatment, payment, or healthcare operations. The accounting covers disclosures made in the six years prior to the request. The first request within a 12-month period is free; a reasonable fee may be charged for additional requests.

Right to Request Restrictions

You have the right to request restrictions on certain uses and disclosures of your health information. We are not required to agree to all restriction requests. However, if you pay for a service or item out of pocket in full and request that we not disclose information about that service to your health plan, we are required to honor that request.

Right to Request Confidential Communications

You have the right to request that we communicate with you about your health information by alternative means or at alternative locations. For example, you may request that we contact you at a specific email address or phone number. We will accommodate reasonable requests.

Right to a Paper Copy of This Notice

You have the right to obtain a paper copy of this Notice at any time, even if you have previously received it or agreed to receive it electronically. To obtain a paper copy, contact us.

Right to Be Notified of a Breach

You have the right to be notified if we discover a breach of your unsecured Protected Health Information. We will notify you in accordance with applicable federal and state breach notification requirements.

Our Security Practices

We maintain administrative, technical, and physical safeguards to protect the confidentiality, integrity, and availability of your health information, including:

Changes to This Notice

We reserve the right to change the terms of this Notice at any time. Any changes will apply to all health information we maintain. The revised Notice will be posted on our website and will be available upon request. Each version of this Notice will include an effective date.

Complaints

If you believe your privacy rights have been violated, you have the right to file a complaint. You will not be penalized or retaliated against for filing a complaint.

You may file a complaint with:

Porcupine LLC

U.S. Department of Health and Human Services

Contact Information

For questions about this Notice or to exercise any of your rights, please contact: