Privacy Policy

Advanced Clinical Imaging is a diagnostic medical imaging centre licensed and operating in the State of Illinois. We provide outpatient diagnostic imaging services including mobile vascular ultrasound and related diagnostic services.

We are a Covered Entity under HIPAA, and we comply with all applicable federal and state privacy laws, including:

• Health Insurance Portability and Accountability Act (HIPAA), 45 C.F.R. Parts 160 and 164
• Health Information Technology for Economic and Clinical Health Act (HITECH Act)
• Illinois Personal Information Protection Act (PIPA), 815 ILCS 530
• Children's Online Privacy Protection Act (COPPA), 15 U.S.C. § 6501 et seq.
• CAN-SPAM Act of 2003
• California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA) — applicable to California residents

We collect two types of information: information you provide directly, and information collected automatically.

A. Information You Provide Directly

When you contact us through our website, by phone, by email, or in person, we may collect:

• Full name
• Email address
• Phone number
• Mailing address
• The content, subject, and date of your message or inquiry
• Insurance information (provided only through secure, HIPAA-compliant channels — never through public website forms)
• Appointment-related details provided voluntarily

B. Information Collected Automatically

When you visit our website, certain technical information may be collected automatically through cookies and similar technologies, including:

• IP address and approximate geographic location
• Browser type and version
• Operating system
• Pages visited and time spent on each page
• Date and time of your visit
• Referring website or URL
• Links clicked
• Device type (desktop, mobile, tablet)

C. What We Do NOT Collect Through This Website

We use the information we collect for the following purposes:

• To respond to your questions, inquiries, and appointment scheduling requests
• To confirm, reschedule, or follow up on appointments (with your consent)
• To send administrative communications related to your care coordination
• To improve the content, functionality, and performance of our website
• To analyse how visitors use our website (using aggregated, anonymous data)
• To comply with applicable federal and state laws and regulations
• To enforce our legal rights and protect against fraudulent, abusive, or unlawful activity
• To respond to legal process, court orders, or lawful governmental requests

What Is PHI?

Protected Health Information (PHI) is any individually identifiable health information that relates to your past, present, or future physical or mental health condition; the provision of healthcare services to you; or payment for those healthcare services — in any form (electronic, paper, or oral).

How We Handle PHI

As a HIPAA Covered Entity, all PHI we receive in connection with your care is governed by our HIPAA Notice of Privacy Practices (NPP). Under HIPAA, we are permitted to use and disclose your PHI without specific authorization for:

• Treatment — to provide, coordinate, or manage your healthcare
• Payment — to bill and collect payment from you, your insurer, or other payers
• Healthcare Operations — for quality assurance, training, accreditation, and business management

For all other uses and disclosures of your PHI — including most marketing uses, research, and sale of PHI — we are required by law to obtain your written authorization. You have the right to revoke that authorization at any time in writing.

Your HIPAA Rights as a Patient

To exercise any of the above rights, contact our Privacy Officer at (630) 402-1902 or visit our facility at 12 Salt Creek Ln, Suite 105, Hinsdale, IL 60521.

To file a complaint with HHS OCR: www.hhs.gov/ocr/complaints

Cookies are small text files placed on your device by a website to store preferences and collect usage data. We use cookies and similar tracking technologies on our website.

Types of Cookies We Use

• Strictly Necessary Cookies — Required for basic website functionality. These cannot be disabled.
• Analytics / Performance Cookies — Help us understand how visitors use our website (e.g., Google Analytics). Data collected is aggregated and anonymous.
• Functional Cookies — Remember your preferences to improve your experience.

Your Cookie Choices

You may disable or delete cookies at any time through your browser settings. Disabling cookies may affect the functionality of certain areas of our website.

Third-Party Analytics

We may use third-party services such as Google Analytics to help analyse website usage. These services may collect anonymized usage data using their own cookies. We do not share any personally identifiable information with these analytics providers.

We may share your information only in the following limited circumstances:

• Service Providers — Trusted vendors who perform services on our behalf, subject to written confidentiality and data protection agreements
• Legal Requirements — When required by law, subpoena, court order, or other valid legal process
• Safety & Protection — When necessary to protect the rights, health, safety, or property of ACI, our patients, staff, or the public
• Business Transfers — In the event of a merger, acquisition, or sale of assets, subject to the same privacy protections
• With Your Consent — For any other purpose with your explicit prior consent

For PHI specifically, all sharing is governed by HIPAA and our Notice of Privacy Practices.

We implement and maintain reasonable administrative, technical, and physical safeguards to protect personal information from unauthorized access, disclosure, alteration, or destruction. These include:

• Encrypted data transmission (SSL/TLS) on our website
• Secure access controls for staff with a need to know
• Regular security assessments and staff training
• HIPAA Security Rule-compliant safeguards for all electronic PHI (ePHI)

In the event of a data breach involving PHI, we will notify affected individuals in accordance with the HIPAA Breach Notification Rule (45 C.F.R. § 164.400–414) and the Illinois Personal Information Protection Act.

We retain personal information collected through this website for as long as necessary to fulfil the purposes described in this Policy, respond to inquiries, comply with legal obligations, resolve disputes, and enforce our agreements.

Patient medical records and PHI are retained in accordance with applicable federal and Illinois state law — generally a minimum of 10 years for adult patients and until age 22 for minor patients, or as otherwise required by law.

Our website is intended for use by adults 18 years of age or older and is not directed to children. We do not knowingly collect personal information from anyone under 18 through our website. Consistent with COPPA, we do not knowingly collect personal information from children under 13 under any circumstances.

If you are a parent or guardian and believe your child has submitted personal information to us through this website, please contact us immediately at (630) 402-1902 and we will take prompt steps to delete that information.

For clinical services involving minor patients, all information is handled under HIPAA and applicable state laws governing the healthcare of minors, with parental consent and privacy rights handled as required by law.

If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) may provide you with the following rights:

• Right to Know — Request disclosure of the categories and specific pieces of personal information we have collected about you
• Right to Delete — Request deletion of personal information we have collected from you, subject to certain exceptions
• Right to Correct — Request correction of inaccurate personal information we maintain about you
• Right to Opt-Out of Sale or Sharing — We do not sell or share personal information for cross-context behavioral advertising. No opt-out is required.
• Right to Limit Use of Sensitive Personal Information — We do not use sensitive personal information for purposes requiring a limitation right under CPRA
• Right to Non-Discrimination — We will not discriminate against you for exercising any CCPA/CPRA rights

To exercise your California privacy rights, contact us at (630) 402-1902. We will verify your identity before processing your request and respond within 45 days as required by law.

Authorized Agent: You may designate an authorized agent to submit requests on your behalf. We may require written proof of authorization and may verify your identity directly.

Illinois residents are protected under PIPA, 815 ILCS 530. In the event of a breach of security of computerized data containing personal information, we will provide notice to affected Illinois residents in the most expedient time possible and without unreasonable delay, consistent with the legitimate needs of law enforcement and the measures necessary to determine the scope of the breach and restore the integrity of the data system.

Our website may contain links to third-party websites for informational or referral purposes. These linked websites are not operated or controlled by Advanced Clinical Imaging. We are not responsible for the content, privacy practices, or data security of any third-party website. We strongly encourage you to review the privacy policy of every website you visit before providing any personal information.

Some browsers offer a "Do Not Track" (DNT) signal to indicate that you do not wish to be tracked online. Currently, there is no universally accepted standard for how websites should respond to DNT signals. Our website does not currently alter its data collection practices in response to DNT signals. We will update this Policy if a standard is established and we adopt it.

We reserve the right to update or modify this Privacy Policy at any time. When we make material changes, we will update the "Last Updated" date at the top of this Policy and post the revised Policy on our website.

Your continued use of our website after any changes are posted constitutes your acceptance of the updated Policy. For material changes affecting your rights, we may provide additional notice such as a banner on our website homepage.

If you have any questions about this Privacy Policy, wish to exercise any rights described above, or wish to report a privacy concern, please contact us: