Privacy Policy
Prime Radiology Consultants
Effective Date: July 9, 2025
​​
This Privacy Policy outlines how Prime Radiology Consultants (“we,” “our,” or “us”) collects, uses, discloses, and protects Protected Health Information (PHI) in the course of providing teleradiology and diagnostic interpretation services on behalf of referring medical facilities. This Notice complies with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its implementing regulations.
​
1. Who We Are
​
Prime Radiology Consultants is a professional medical group that contracts with board-certified radiologists to provide diagnostic image interpretation services to hospitals, imaging centers, clinics, and other healthcare providers (“Referring Facilities”). We do not provide direct patient care, but we receive, transmit, and generate PHI as part of the radiology services we offer to these facilities.
​
2. Our HIPAA Compliance Obligation
​
As a Business Associate under HIPAA, Prime Radiology Consultants is legally required to protect the privacy and security of all PHI we receive or generate. We may only use or disclose PHI as permitted by HIPAA, our contracts, or the Business Associate Agreements (BAAs) we have in place with each Referring Facility. Our responsibilities include implementing safeguards to prevent unauthorized access, using PHI only for permitted purposes such as diagnosis and reporting, and notifying the appropriate parties if there is any breach of patient data. We are committed to full compliance with HIPAA’s Privacy and Security Rules.
​
3. What Information We Receive
​
When a Referring Facility sends us imaging studies for interpretation, we typically receive a variety of patient information necessary to accurately complete our diagnostic duties. This may include the patient's full name, date of birth, gender, medical record number, and referring provider details. We also receive the imaging modality used (e.g., X-ray, CT, MRI, ultrasound), clinical indications, prior imaging for comparison, and sometimes relevant patient history or biometric data such as height and weight. In some cases, patient contact information is also included, though we do not communicate directly with patients unless required or instructed by the Referring Facility.
​
4. How We Use and Disclose PHI
​
We use and disclose PHI solely to perform our contracted services and comply with legal obligations. The primary use of PHI is for reviewing medical images and generating diagnostic reports to send back to the Referring Facility. When necessary, we may communicate with the ordering provider to clarify clinical details or urgently relay critical findings. Additionally, we may use PHI for internal operations such as quality assurance, compliance, credentialing, and radiologist training. In limited circumstances, PHI may be used for billing or payment-related activities, though we do not bill patients directly. We may also be required to disclose PHI if mandated by law, such as responding to a subpoena or court order.
​
5. Methods of Communication
​
PHI may be received and transmitted through a variety of secure channels, depending on the systems and preferences of the Referring Facility. These include secure Picture Archiving and Communication Systems (PACS), Radiology Information Systems (RIS), and encrypted email platforms. We may also use HIPAA-compliant text messaging applications or secure phone calls when necessary to coordinate care or relay urgent results. In some cases, PHI may be transmitted via secure web portals or fax, depending on the requesting facility’s workflow. We take care to ensure that all communications comply with HIPAA’s encryption and security standards, and we never use unencrypted email or SMS unless the Referring Facility has approved it or the patient has given documented consent. SMS opt-in and phone numbers collected for SMS communication purposes will not be shared with any third party or affiliate for marketing purposes.
​
6. Data Retention and Security
​
PHI is retained only as long as necessary to fulfill our legal, regulatory, and contractual obligations. To protect the confidentiality and integrity of this information, we employ administrative, physical, and technical safeguards. These include user access controls, secure storage systems, encryption of data at rest and in transit, and staff training on HIPAA compliance. Access to PHI is strictly limited to authorized personnel who require it to perform their job duties, and all radiologists and staff are trained to follow our privacy and security protocols.
​
7. Patient Rights and Access
​
Although we typically do not have direct contact with patients, we support and respect all patient rights under HIPAA. Patients have the right to request access to their radiology reports and images through the Referring Facility. They also have the right to request corrections to any inaccurate or incomplete information, to obtain an accounting of disclosures of their PHI, and to receive a copy of the applicable privacy policies upon request. If a patient believes their privacy rights have been violated, they may file a complaint through the Referring Facility or with the U.S. Department of Health and Human Services. Prime Radiology Consultants will cooperate fully in addressing any such concerns in accordance with HIPAA requirements.
​
8. Changes to This Policy
​
We may update this Privacy Policy from time to time to reflect changes in the law, our business operations, or security practices. When changes are made, the revised policy will be made available to our Referring Facilities and the effective date will be updated accordingly.