DICOM Grid, Inc. (dba Ambra Health®) Privacy Policy

Last modified: July 13th, 2021 (highlight most recent changes)

The Ambra Health® Privacy Policy describes how Ambra Health treats personal information when you use Ambra Health's products, including information provided when you use Ambra Health. In addition, the following describes our privacy practices that are specific to Ambra Health, a service that helps you store and organize your personal health information.

You are in control of your information

  1. You control who can access your personal health information. By default, you are the only user who can view and edit your information. If you choose to, you can share your information with others.
  2. Ambra Health will not sell, rent, or share your information (identified or de-identified) without your explicit consent, except in the limited situations described in the Ambra Health Privacy Policy, such as if Ambra Health is required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.
  3. You can completely delete your information at any time. Deletion will be initiated immediately, and your information will be purged from your account shortly thereafter. Additional backup copies of deleted information may persist for a short time. Ambra Health will not retain your information once deleted. Therefore you may want to print your information before deleting it.
  4. Ambra Health acknowledges that EU and Swiss individuals have the right to access the personal information/data that we maintain about them.  An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data, should direct a query to support@ambrahealth.com. If requested to remove data, we will respond within a reasonable timeframe.
  5. Per the California Consumer Privacy Act, California Citizens have the right to request, modify, or delete the data Ambra has collected. In general, the non-protected health information is discussed within this privacy policy in the “How Ambra Health uses your information” section. Ambra allows users equal service and price even if you exercise your privacy rights. For more information on your data or to exercise your rights, please contact us at support@ambrahealth.com or at 888-587-2280. As Ambra Health stores, displays, and transfers protected health information that is governed by the privacy, security, and breach notification rules issued by the federal Department of Health and Human Services, Parts 160 and 164 of Title 45 of the Code of Federal Regulations, established pursuant to the Health Insurance Portability and Availability Act of 1996, all data that is collected by a covered entity is not subject to this act [ CCPA 1798.145 (c)].
  6. Ambra Health is now working with FraudHL.com to support anonymous complaint reporting regarding fraud or ethics violations. These reports can be made via the web at www.fraudhl.com or by calling 1‐855‐FRAUD‐HL.

How Ambra Health® uses your information

  1. To store your information in Ambra Health, you will need an Ambra Health Account. When you create an Ambra Health Account, Ambra Health asks for your email address and a password, which is used to protect your account from unauthorized access. You can use an existing Ambra Health Account or create a new Ambra Health Account specifically for this purpose.
  2. Ambra Health's servers automatically record log information about your use of Ambra Health (such as number of sign-ins and number of times a link was clicked). This information is temporarily stored in association with your Ambra Health Account for two weeks, at which point it is aggregated with other data and is no longer associated with your account. The log information will be used to operate and improve the service and will not be correlated with your use of other Ambra Health services.
  3. Ambra Health periodically publishes trend statistics and associations (such as what is published in Ambra Health Trends). Ambra Health may use data from your Ambra Health Account as part of an aggregated data set when publishing these trends statistics and associations (e.g., Ambra Health has found that one gender uses some modalities more than the other gender). These aggregated data sets do not contain any personally identifiable information and cannot be linked to you.
  4. Certain features of Ambra Health can be used in conjunction with other Ambra Health products, and those features may share information to provide a better user experience and to improve the quality of our services.
  5. The Ambra Health website does not deliver third party online advertisements on our websites but we advertise our products and services on third party websites. We use remarketing services to advertise on third party websites to previous visitors to our website. It could mean that we advertise to previous visitors who haven’t completed a task on our website, for example using the contact form to make an enquiry. This could be in the form of an advertisement on a search results page or on third party website. Third-party vendors use cookies to serve ads based on someone’s past visits to the website. Any data collected will be used in accordance with our own privacy policy and that of our service provider’s privacy policy. To opt out of these cookies and retargeting ads please visit http://www.networkadvertising.org/choices/.
  6. Types of Data Collected through the Ambra Health website:

    Personal Information Collected

    Personal information is information that identifies you as an individual. When you request information, subscribe to a mailing list, subscribe for a service, or respond to an online survey or otherwise contact us, we usually collect personal information such as your name, e-mail address(es), mailing address(es), and telephone numbers. We take your privacy and the quality of service we offer you very seriously. To ensure we provide the highest quality of service to our international visitors, we may forward your request for information and personal contact information to one of our regional partners. You opt into this sharing by filling out a form on our website; for example, by downloading an eBook or Requesting a Demo. To opt out of this sharing please email support@ambrahealth.com with the same name and email address you used when you submitted our forms. You can also opt out of providing information by not entering it when asked and, if such information is required in order to allow us to respond to your inquiry, you will receive a notice advising you of this. If you do not provide us with some or all of the requested information we may not be able to provide services to you.

    Other Information Collected

    The site also collects information that does not reveal your specific identity or does not directly relate to an individual ("other information"). For example, when you visit the site, we also track certain information about your computer and Internet connection, such as the IP address of your computer and/or Internet service provider, the date and time you access the site, the Internet address of websites from which you link to our site, the computer technology you are using and your movements and preferences on our site. We use technology that many other websites employ, including, without limitation, "cookies" or small data files stored on your computer's hard drive, to collect such information. There are persistent cookies and session cookies.  In some instances, we use cookies to collect information in connection with future visits from that website, to recognize you as a previous visitor, or to track your activity on our site. If you follow a link to the site from an affiliate or promotion, we store information about your arrival from that affiliate or promotion in a session cookie. A persistent cookie consists of a text file sent by a web server to web browser, which will be stored by the browser and will remain valid until its set expiry date. You do not need to have cookies turned on to visit our site. You can refuse cookies by setting your browser to decline them automatically or to give you the choice of declining or accepting the placement of cookies from the site. But, if you want to access Ambra Health webpages, you need to accept a mandatory session cookie, which you can delete after you leave the site. We also may collect information related to your company, geographic location, or other demographic information that does not personally identify you. To the extent permitted by applicable law, we reserve the right to combine other information as defined above with personal information that you submit.

Sharing your information with people and services you trust

This section is specific to Ambra Health® products:

  1. If you share your information with others, you can view a list of who has access to your information and you can revoke sharing privileges at any time. When you revoke someone’s ability to read your health information, that party will no longer be able to read your information, but may have already seen or may retain a copy of the information.
  2. You can approve access for some of these service providers to view and copy your health information. If a service provider accesses your health information and stores a copy of your information, that copy will be governed by that service provider's privacy policy. Others at that facility – like an on-call doctor – may be able to view your information. Ambra Health is not responsible for the content, performance, or privacy policies of third-party service providers.
  3. Some of these third-party service providers will be covered by federal and state health privacy laws (such as the Insurance Portability and Accountability Act, or “HIPAA”), and those laws will govern how they may use and share your information. HIPAA requires (as does Ambra Health) that you must authorize these providers to send information to your Ambra Health account. With that authorization, you also give them permission to send certain especially sensitive types of health information (such as mental health or substance abuse records) that are protected by federal and state laws and require special authorization. When you ask Ambra Health to send your health information to others, you will also be giving Ambra Health permission to send those sensitive types of health information.
  4. All entities or business associates covered by HIPAA are contractually required to comply with HIPAA's rules related to collection, use, and sharing of your information. All other third-party service providers are contractually required to abide by the Ambra Health Developer Policies, which require that they comply with strict privacy standards for how they collect, use, or share your information.
  5. Ambra Health’s accountability for personal data of EU and Swiss individuals that it receives under the Privacy Shield Framework and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, Ambra Health remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the Principles, unless Ambra Health proves that it is not responsible for the event giving rise to the damage.

EU General Data Protection Regulation (GDPR)

Ambra Health complies with the EU GDPR for the lawful processing of subject’s health data consistent with this privacy policy and the Regulation. This processing is based upon your consent as a subject, and can be withdrawn at any time by contacting Ambra Health Customer Service at support@ambrahealth.com.

Ambra may use information provided from you as a user to send marketing and product information. This information is not sold to a third party and is based upon a previous legitimate interest in our products and services. You may revoke this right and have your data removed from these communication lists at any time by clicking the unsubscribe link in the communications or contacting the Ambra Customer Service Group at support@ambrahealth.com

Your healthcare data will be stored in the Ambra Health system indefinitely, or until such time you request your data be removed or transferred to another system, or until your care provider terminates their account with Ambra.

Incorrect information in your records can be rectified through your care provider or contacting Ambra Health Customer Service.

In compliance with the General Data Protection Regulation, Ambra Health commits to resolve complaints about your privacy and our collection or use of your personal information. European Union individuals with inquiries or complaints regarding this privacy policy should first contact Ambra Health, but you also have the right to lodge a complaint with a supervisory authority.

Should you have additional questions, or would like more information on how your data is collected, stored, or processed, please contact our Data Protection Officer at the following address:

Ambra Health
Attention: Data Protection Officer
228 Park Avenue S.
PMB 16306
New York, New York 10003-1502

Additionally you may contact our European Union Representative at the following address:

Cimar Cloud (EU) Ltd.
Inniscarra, Main Street, Rathcoole, Co.
Please reach out to pnedelec@ambrahealth.com for any related inquiry

EU-US and Swiss Privacy Shield

Ambra Health complies with the EU-US Privacy Shield Framework (“Privacy Shield”) and the Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union member countries and Switzerland to the United States. Ambra Health has certified that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability.

On July 16, 2020 the EU-US Privacy Shield was struck down by the European Court of Justice. The ruling does not stop data transfers between the EU and the US, as the court upheld the use of standard contractual clauses to allow specific consent for such transfers. Ambra Health rigorously maintains any and all data protection practices in place prior to July 16, 2020. In keeping with the US Department of Commerce Guidance published on the same day, Ambra Health continues to be a participant in the program and fully complies with Privacy Shield obligations.

The Ruling from the European Court of Justice does not impact the Swiss-US Privacy shield, with which Ambra Health continues to fully comply.

If there is any conflict between the policies in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/.

In compliance with the Privacy Shield Principles, Ambra Health commits to resolve complaints about your privacy and our collection or use of your personal information. European Union individuals and Swiss citizens with inquiries or complaints regarding this privacy policy should first contact Ambra Health at:

Ambra Health
228 Park Avenue S.
PMB 16306
New York, New York 10003-1502

Ambra Health has further committed to refer unresolved privacy complaints under the Privacy Shield Principles BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/privacy-shield-complaints/ for more information and to file a complaint.

Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available to you before a Privacy Shield Panel as further explained in the Privacy Shield Principles in order to address residual complaints not resolved by any other means.

Ambra Health is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).

If you have additional questions, please contact us any time. Or write to us at:

Ambra Health
228 Park Avenue S.
PMB 16306
New York, New York 10003-1502