General Privacy Policy

InDxLogic, Inc. (“InDxLogic”) respects the privacy of visitors to its site. This privacy policy is intended to protect an individual's privacy.  It explains what type of information we collect from our users on this site and in the course of our relationship, what we do with that information, and how users can update and control the use of information provided on this site. This policy may change from time to time, so please check it frequently.

Effective April 15, 2005

You are welcome to browse some portions of the InDxLogic web site without becoming a registered user. For some services or areas on the site, we will ask that you register if you have not already done so and provide us with information about you and/or your company such as name, job title, email address, and other types of information which enable us to provide services and information to you. Once we provide you with a user name and password you will be able to access other parts of our site.

If you order from our online catalog or use other services available through our site, we may ask you to provide further information, including but not limited to financial information, equipment information, and other personal information.

If you use our online job search program, our Human Resources staff will review and process your application. If no opportunities are available at this time, we may keep your information on file for purposes of identifying future employment opportunities for you at InDxLogic.

If you provide us with personal data about other individuals, please ensure that they are aware of our privacy policy.

If you participate in any group forums or use other interactive tools (such as message boards or chat rooms) available on or through the InDxLogic site, you should use care not to disclose your personal information. In general, such forums may be viewed by others who visit the site.

We periodically conduct two types of surveys on our corporate Web site.  General surveys on our site are randomly generated for all users.  Specific surveys are offered to InDxLogic members only within the secure members area. We may collect other personal information when you provide comments or participate in surveys. We encourage you to participate in these surveys because they provide us with important information to improve the services we offer. Your personal information and responses remain strictly confidential.  Participation in our surveys is voluntary.

When you visit our site, we collect certain technical and routing information about your computer to facilitate your use of the site. For example, we log environmental variables, such as browser type, operating system and CPU speed, and the Internet Protocol address of your originating Internet Service Provider, to bring you the best possible service. We also record search requests and results to ensure the accuracy and efficiency of our search engine. We use your IP address to track your use of the site.

The InDxLogic site uses two types of cookies. "Cookies" are small data files, typically made up of a string of text and numbers, which assign you a unique identifier. A "client cookie" is sent to your browser so that our systems remember your requests and keep track of the pages you view on our site and which services you use. A "server cookie" is maintained on our systems to recognize you when you return to the site. This information allows us to better administer the site and provide a more tailored and user-friendly service to you. You may set your browser to notify you when you receive a cookie or to prevent cookies from being sent; if so, you may limit the functionality we can provide you when you visit our site.

In addition, InDxLogic may work with trusted partners and third parties to serve advertisements on our sites. These ads may contain cookies which are maintained or tracked by the ad server or advertiser. InDxLogic does not control or have access to the advertiser cookies.

Finally, we collect aggregate information about the use of our site, such as which pages are most frequently visited, how many visitors we receive daily, and how long visitors stay on each page.

InDxLogic strives to have in place appropriate means to protect your information.  We employ industry standard encryption technologies such as SSL (128 bit Secured Socket Layer technology) both internally and externally and utilize the latest firewall technologies to mitigate risks.  However, in providing your information over a public or third party network, it is important to understand you do so at your own risk.

How Do We Use The Information We Collect?

The information we collect about you in the course of our relationship is used to facilitate your orders or other activities between us, and to provide you with both general and tailored information about offers, products, services or other useful information from us or others. If you order products or services from us, we may maintain an order history for your account. All responses to our surveys are aggregated to create summarized results (such as gender, age, or other demographic information). We then use the summarized results to improve the quality of our services to you. We also may combine information you have provided to us in communications offline with the information you have given us online (or vice versa), to provide a more customized experience for you when you deal with us. We use demographic and site usage information collected from visitors to improve the usefulness of our site and to prepare aggregate, non-identifying, information used in marketing, site advertising, or similar activities.

By visiting our web site and providing us with data, you acknowledge and agree that due to the international dimension of our company we may use the data collected in the course of our relationship for the purposes identified in this policy, for the purposes identified in our other communications with you, or to provide the information to other InDxLogic businesses and selected trusted third parties which may be outside your resident jurisdiction. In addition, such data may be stored on servers located in other jurisdictions. By providing us with your data, you consent to the transfer of such data.

As our services evolve, the types of information we collect may change. Please check this policy frequently for the most current explanation of our data practices.

With Whom Do We Share Information?

We do not sell your email address or other identifying information to third parties. We may, however, share your information with companies that are part of the InDxLogic family, other InDxLogic businesses or selected trusted third parties to achieve the purposes identified in this policy, in our other communications with you, or on the site (for example, to provide you additional promotional materials in which you may have an interest).

We may provide to others the aggregate statistics about our customers' orders or related site activity for purposes of marketing or promotion.

We may disclose information about you to others if we have a good faith belief that we are required to do so by law or legal process, to respond to claims, or to protect the rights, property or safety of InDxLogic or others.

Other companies that provide services on our site, that provide a co-branded version of our site, or that advertise or link on our site, may use cookies or collect other information about you when you go to their site. InDxLogic does not control the collection or use of information by these companies. You should contact these companies directly if you have any questions about their collection or use of information about you.

Protecting our Children

In compliance with the Children's Online Privacy Protection Act of 1998 (COPPA), we do not knowingly solicit data from children under 18 years of age, and we do not knowingly market to children under 18 years of age. We recognize that protecting children's identities and privacy online is important and that the responsibility to do so rests with both the online industry and with parents.

HIPAA Privacy Policy

Please read InDxLogic’s HIPAA Privacy Policy here

Opting Out, Accessing Or Changing Information

InDxLogic maintains customer information, including order history and site usage data, for a length of time appropriate to our business needs. You may contact us to correct or update any personal identifying information which you have submitted to us, or should you have questions about information maintained by us. If you operate in the European Union or other jurisdictions that provide access rights under law, you may access your personal information or have it corrected or updated in accordance with applicable law by contacting us. In some jurisdictions, you may be charged a reasonable fee for access to information. You can opt out of receiving information about non-InDxLogic activities, products or services and/or opt out of having your data provided to third parties for marketing purposes by contacting us.

Questions or Concerns?

Please feel free to contact us at privacy@indxlogic.com if you have questions or concerns about this privacy policy or about InDxLogics' collection of your information.

HIPAA Privacy Policy

InDxLogic, Inc. (“InDxLogic”) respects the privacy of visitors to its site. This Health Insurance Portability and Accountability Act (“HIPAA”) privacy policy is intended to protect an individual's privacy and comply with the Privacy Rule promulgated under HIPAA.  This policy may change from time to time, so please check it frequently.

Effective April 15, 2005

The Health Insurance Portability and Accountability Act (HIPAA) final Privacy regulations were published on December 28, 2000 with a compliance deadline of April 14, 2003. InDxLogic agrees to adhere to the Standards of Privacy of Individually Identifiable Health Information published by the US Department of Health and Human Services Offices for Civil Rights (CFR 45 Parts 160 and 164).

The Privacy Rule under HIPAA requires that “covered entities” enter into “business associate” agreements with entities that perform services on their behalf involving protected health information (“PHI”). In some instances, to effectively provide service to our clients, it is necessary for us to receive and utilize your PHI.

Therefore, to the extent you are a “covered entity,” and to the extent we act as a “business associate” on your behalf, we are providing you with these written assurances as required for your compliance with the HIPAA Privacy Rule.

HIPAA has established a deadline of April 5, 2005 for all health care providers to implement secure networks for the transmission of all private health information. For information transmission to be considered secure, three elements are necessary:

1) Authentication – identification of the senders/receivers of the information (i.e. must have a unique username)

2) Non-repudiation – verification that the senders/receivers of the information are who they say they are (i.e. must use a password)

3) Integrity – verification that information cannot be tampered with in transit (i.e. the information is sent through a network that cannot be easily “hacked” or “broken into”)

In other words, to be considered “secure” under HIPAA guidelines, the network used by the covered entity must require that users have both a unique username and password and take steps to ensure that data is transmitted over the system in a way such that it cannot be easily intercepted by an entity outside the network. InDxLogic has implemented a secure network that meets these criteria. This network security is similar in design, function and compliance to those used by the banking and financial industries for monetary transactions over the Internet.

InDxLogic is committed to providing the highest data security and integrity standards in its software and operations to meet or exceed the requirements set forth by published HIPAA regulations. Protected Health Information (PHI) shall be used solely under the Treatment, Payment or Healthcare Operations (TPO), as defined by the US Department of Health and Human Services.

In regard to technology use, InDxLogic’s networks are protected by the latest firewall technology and it utilizes SSL (128 bit Secured Socket Layer technology) for transmission of all web-based transactions. All file transfers occur over encrypted communications lines using 128 bit Secured Socket Layer technology and all data is encrypted at the client site and at InDxLogic before such transmission.  We utilize Verisign, Inc. as our Certificate Authority for all SSL-based communications.  PHI data and personal identifying information that resides at InDxLogic is also encrypted using the Advanced Encryption Standard (AES) Rijndael cipher before storage.

InDxLogic strives to have in place appropriate means to protect your information.  We employ industry standard encryption technologies such as SSL (128 bit Secured Socket Layer technology) both internally and externally and utilize the latest firewall technologies to mitigate risks.  However, in providing your information over a public or third party network, it is important to understand you do so at your own risk.

All internal InDxLogic processes related to the Protected Health Information (PHI) have been assessed to ensure that current operations comply with HIPAA privacy and security requirements. Each InDxLogic employee, contractor and Strategic Business Partner has received the HIPAA Privacy Training necessary to understand and adhere to the provisions of this important piece of legislation. In addition, on-going employee communication and education of HIPAA-related issues is being facilitated through the internal corporate intranet.

We will, effective April 15, 2005, carry out our responsibilities in compliance with the HIPAA Privacy Rule to protect the privacy of any personally-identifiable PHI that we collect, process or learn of as a result of providing services on your behalf.

Furthermore, we agree that we will:

(1) not use or further disclose PHI except as permitted by you and as required or permitted by law;

(2) use appropriate safeguards to prevent use or disclosure of PHI we have access to;

(3) mitigate, to the extent practicable, any harmful effect that is known to us of a use or disclosure of PHI by us in violation of this assurance;

(4) report to you any use or disclosure of PHI not provided for by our business engagement with you of which we become aware;

(5) ensure that any agents or subcontractors to whom we provide PHI, or who have access to PHI, agree to the same restrictions and conditions that apply to us with respect to such PHI;

(6) make PHI available to you and to the individual who has a right of access as required under HIPAA within thirty (30) days of the request by you regarding the individual;

(7) incorporate any amendments to PHI when you notify us to do so;

(8) provide an accounting of all uses or disclosures of PHI made by us as required under the HIPAA privacy rule within sixty (60) days;

(9) make our records relating to the use and disclosure of PHI available to the Secretary of the Department of Health and Human Services for purposes of determining your compliance with HIPAA; and

(10) at the termination of our representation, return or destroy all PHI received from, or created or received by us on your behalf, and if return is infeasible, the protections as set forth in this engagement letter will continue to extend to such PHI.

Our specific uses of your PHI may include those services as outlined in our original contract with you. By way of example, some of those uses might include, as necessary:

(1) use of PHI to test software and to perform maintenance on any software and hardware products you have purchased from us; and

(2) other uses or disclosures of PHI as permitted by the HIPAA Privacy Rule.

In accordance with the business associate requirements of the Privacy Rule, you may terminate your business relationship with us if we have violated our responsibilities as a business associate under the HIPAA Privacy Rule, or if we engage in conduct, which would result in a violation of the HIPAA Privacy Rule by the client.

Our applications combine proven, government accepted encryption technologies for secure data transfer and storage with other capabilities, such as Electronic Signature to help ensure that the only people who can access a patient's information are those intended to see the information.  In addition, our user, group, and role-based security options support privacy without impeding care.  Other access controls are built into InDxLogic applications, including automatic password time-outs, length controls for password, unique usernames, electronic signatures; automatic password expirations; and login attempt restrictions.

Each time protected health information is accessed, our solutions track details of the event.  Extensive audit trail reports allow organizations to answer queries into who, when and how protected health information has been updated or modified.

While we use SSL encryption to protect sensitive information online, we also do everything in our power to protect user-information off-line. All of our users' information, not just the sensitive information mentioned above, is restricted in our offices. Only employees who need the information to perform a specific job (for example, our billing clerk or a customer service representative) are granted access to personally identifiable information. Our employees must use password-protected screen-savers when they leave their desk. When they return, they must re-enter their password to re-gain access to user information. Furthermore, all employees are kept up-to-date on our security and privacy practices. Every quarter, as well as any time new policies are added, our employees are notified and/or reminded about the importance we place on privacy, and what they can do to ensure our users' information is protected. Existing employees are re-educated about company privacy practices every quarter, and new employees are required to participate in mandatory privacy training.  Additionally, the servers that store personally identifiable information and all backup devices and media are in a secure, controlled access environment.

Please direct specific questions about InDxLogic's HIPAA compliance program to hipaa@indxlogic.com

Questions or Concerns?

Please feel free to contact us at hipaa@indxlogic.com if you have questions or concerns about this HIPAA Privacy Policy.