MRILogic – Privacy Policy

This Privacy Policy describes how SMART-PRAXIS LLC collects, uses, maintains, discloses, and safeguards information through the MRILogic mobile application, website, and related services (collectively, the “Platform”).

This Policy is designed to comply with applicable U.S. federal and state laws, including the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), the HIPAA Privacy Rule, the HIPAA Security Rule, the HITECH Act, and other applicable healthcare data protection laws.

1. Definitions

• Protected Health Information (PHI) – as defined under HIPAA (45 C.F.R. § 160.103)
• Covered Entity – as defined under HIPAA
• Business Associate – as defined under HIPAA
• Personal Information – information that identifies or can reasonably identify an individual
• User – any individual or entity accessing or using the Platform

2. Scope and Applicability

• Healthcare providers, institutions, and workforce members
• Patients whose information is processed through the Platform
• Website visitors and prospective customers

Where the Company acts as a Business Associate, PHI is processed pursuant to a separate Business Associate Agreement (BAA).

3. Information We Collect

3.1 Protected Health Information (PHI)

• Patient names and identifiers
• Medical record numbers
• Device or treatment information
• Diagnostic and clinical information
• Imaging-related data
• Treatment determinations
• Dates of service
• Provider notes and documentation

3.2 Personal Information

• Name, email address, phone number
• Professional credentials
• Organization affiliation
• Account login credentials

3.3 Technical and Usage Data

• IP address
• Device identifiers
• Log files
• Browser type
• Access timestamps
• Audit trail data

4. Purposes of Collection and Use

• Provide and operate the Platform
• Facilitate healthcare operations
• Support treatment and clinical decision-making
• Maintain system security and integrity
• Comply with legal and regulatory obligations
• Enforce contractual rights
• Improve Platform functionality

5. HIPAA Compliance

The Company complies with the HIPAA Privacy, Security, and Breach Notification Rules.

6. Disclosure of Information

We do not sell PHI. Disclosures occur only as permitted by law.

7. Data Security

• AES-256 encryption
• TLS 1.2+ encryption
• Secure healthcare-compliant cloud hosting
• Continuous monitoring

8. Breach Notification

In the event of a breach of unsecured PHI, notification will occur without unreasonable delay and no later than 60 days.

9. User Rights

Requests must be directed to the applicable Covered Entity.

10. Data Retention

Data is retained as required by law and securely destroyed when no longer needed.

11. Third-Party Services

All subcontractors handling PHI are under HIPAA-compliant agreements.

12. Cookies and Tracking

Cookies are used for authentication, security, and performance only.

13. Children’s Privacy

The Platform is not directed to children under 18.

14. State Law Compliance

We comply with applicable state privacy laws including CCPA where applicable.

15. Changes to This Policy

Updates will be posted with a revised “Last Updated” date.

16. Contact Information