Privacy Policy



Diagnostic Imaging Associates, Incorporated (hereafter referred to as "DIA") is required to maintain the privacy of your protected health information and to provide you with a notice of our privacy practices. Protected health information (hereafter referred to as "PHI") is information that individually identifies you and pertains to your past, present, or future health status. To promote quality of care, DIA maintains a subset of an electronic health record ("EHR"). The privacy obligations of DIA apply to information stored in the EHR. DIA and the individual members of its professional staffs are providing you with a joint Notice with respect to services provided by DIA. We will not use or disclose your PHI except as described in this Notice. In certain situations, we must obtain your written authorization in order to use and/or disclose your PHI. With some exceptions, we may not use or disclose any more of your PHI than is necessary to accomplish the purpose of the use or disclosure. This Notice applies to all PHI generated or maintained by DIA services.


DIA does not need any type of authorization from you in order to treat you, obtain payment for services provided to you and conduct our "healthcare operations" as discussed below.

  • Treatment: We may use your PHI to provide you with medical treatment and services. We may disclose your PHI to physicians, nurses, technicians, medical students, and other health care personnel who need to know your PHI for your care and continued treatment. We may make your PHI available electronically through a secure state, regional or national exchange service to other healthcare providers, health plans and healthcare clearinghouses that request your information for treatment or payment for that treatment. We may use and disclose your PHI to tell you about or arrange for possible treatment options for your continued care.
  • Payment: We may use and disclose your PHI for the purpose of determining coverage, billing, collections, claims management, medical data processing, and reimbursement. PHI may be released to an insurance company, third party payer or other entity (or their authorized representatives) involved in the payment of your medical bill and may include copies or excerpts of your medical record that are necessary for payment of your account. For example, a bill sent to a third party payer may include information identifying you, your diagnosis, procedures and supplies used. We may also tell your health plan about a treatment you are going to receive in order to obtain prior approval or determine whether your plan will cover the treatment.
  • Healthcare Operations: We may use and disclose your PHI during healthcare operations. These uses and disclosures are necessary to provide services and make sure our patients receive quality care. Common examples include conducting quality assurance, performance improvement, utilization review, medical review, peer review, internal auditing, investigation of complaints, accreditation, certification, licensing, credentialing, medical research, training and education. For example, we may use your PHI to contact you for the purpose of conducting patient satisfaction services.


  • Emergencies: Your authorization is not required if you need emergency treatment. We will try to get your authorization as soon as practical after the emergency.


  • Family/Friends/Caregivers: Unless you object in writing, we may disclose your PHI to a friend, family member or other caregiver who is involved in your medical care or who helps pay for your care. We may also tell your family or friends about your location of care, general condition or death. We may disclose your PHI to an entity assisting in a disaster relief effort so that your family can be notified about your condition, status and location. If you are unable or unavailable to agree or object, we will use our best judgment in communicating with your family and others.
  • Communications: We may use and disclose your PHI to contact you for a variety of reasons, such as appointment reminders, refill reminders, financial clearance, or to obtain additional information. This may be done by letter, email, automated system or by another method of communication. If you are not home, we may leave a message on an answering machine or with the person answering the telephone. Generally, we will use the address, telephone number and, in some cases, the email address you give us to contact you.
  • Health-Related Business and Services: Provided we do not receive any payment for making these communications, we may use and disclose your PHI to tell you of health- related products, benefits or services related to your treatment, case management, care coordination, or to direct or recommend alternative treatments, therapies, providers or care settings.
  • Health Information Exchange: We may participate in a secure state, regional or national health information exchange ("HIE"). Generally, an HIE is an organization in which providers exchange patient information in order to facilitate health care, avoid duplication of services (such as tests) and to reduce the likelihood that medical error will occur. By participating in a HIE, we may share your PHI with other providers that participate in the HIE or participants of other health information exchanges. If you do not want your medical information to be available through the HIE, you must request a restriction using the process outlined below.
  • Business Associates: We may disclose your PHI to business associates with whom we contract to provide services on our behalf. Examples of business associates include copy services used to copy medical records, consultants, accountants, lawyers, medical transcriptionists and third-party billing companies. We will only make these disclosures if we have received satisfactory assurance that the business associate will properly safeguard your PHI. Each business associate is required to receive satisfactory assurances from its subcontractors that they will likewise properly safeguard your PHI.
  • Research: Under certain circumstances, we may use and disclose your PHI to researchers whose clinical research studies have been approved by an Institutional Review Board ("IRB"). While most clinical research studies require patient consent, there are some instances where your PHI may be used or disclosed pursuant to IRB waiver or as required or permitted by law. For example, a research project may involve comparing the interpretations of all patients with the same medical condition who were processed under a specific protocol to those who received another. PHI may be disclosed to researchers preparing to conduct a research study, for example, to help them look for patients with specific medical needs, so long as the PHI they review does not leave with the researchers. PHI regarding people who have died may be disclosed without authorization in certain circumstances.
  • Limited Data Set: If we use your PHI to make a "limited data set," we may give the "limited data set" that includes your information to others for the purposes of research, public health action or health care operations. We must make reasonable efforts to limit use, disclosure of, and requests for PHI to the minimum necessary to accomplish the intended purpose of the use, disclosure or request. The persons who receive "limited data sets" are required to agree to take reasonable steps to protect the privacy of your medical information.
  • Limited Marketing Purposes: We must obtain your authorization for any use or disclosure of PHI for marketing, except if the communication is in the form of: (a) a face-to-face communication made by DIA to an individual; (b) a promotional gift of nominal value; or (c) falls under an exception recognized by HIPAA. With some exceptions, marketing includes any type of communication for treatment and health care operations when DIA is paid to provide the communication. If we receive any form of payment for a marketing communication, we must obtain your authorization and tell you that payment is involved. Marketing does not include communications pertaining to (i) refill reminders so long as any payment received is limited to the cost of making the communication; (ii) case management; (iii) care coordination; (iv) communications that merely promote health in general; and (v) communications to you concerning health-related products, benefits or services related to your treatment or alternative treatments, therapies, providers or care settings. We may disclose your PHI for workers’ compensation or similar programs in order to comply with workers’ compensation and similar laws.
  • Data Breach Notification Purposes: We may use or disclose your Protected Health Information to provide legally required notices of unauthorized access to or disclosure of your health information.
  • Regulatory Agencies: We may disclose your PHI to a health oversight agency for activities required or permitted by law, including, but not limited to, licensure, certification, audits, investigations, inspections and medical device reporting. We may provide your PHI to assist the government when it conducts an investigation or inspection of a healthcare provider or organization.
  • Law Enforcement: We may disclose your PHI if asked to do so by law enforcement: (1) when we receive a court order, warrant, summons or other similar process; (2) to identify or locate a suspect, fugitive, material witness, or missing person; (3) when the patient is the victim of a crime, if we are unable to obtain the person’s agreement; (4) when we believe the patient’s death may be the result of criminal conduct; (5) about criminal conduct at facilities in which we provide services; and (6) in emergency circumstances to report a crime, the location of a crime or victims, or the identity, description or location of the person who committed the crime.
  • Lawsuits and Disputes: If you are involved in a lawsuit or dispute, we may disclose your PHI in response to a valid court or administrative order. In limited circumstances, we may disclose PHI in response to a subpoena, discovery request or other lawful process, when required by law.
  • Public Health: As required or permitted by law, we may disclose your PHI to public health (including social service or protective services agencies) or legal authorities charged with preventing or controlling disease, injury or disability. For example, we are required to report abuse, neglect, domestic violence, tumors, reactions to medications, and various diseases and/or infections to government agencies in charge of collecting that information.
  • Judicial and Administrative Proceedings: We may disclose your PHI in the course of any administrative or judicial proceeding.
  • Specific Government Functions: We may disclose your PHI to military personnel and veterans in certain situations. We may disclose your PHI for national security purposes, such as protecting the President of the United States or conducting intelligence operations.
  • Military/Veterans: We may disclose your PHI as required by military command authorities, if you are a member of the armed forces.
  • Inmates: If you are an inmate of a correctional institute or under the custody of a law enforcement officer, we may release your PHI to the correctional institute or law enforcement official.
  • Health and Safety: In order to avoid a serious threat to the health and safety of a person or the public, we may disclose PHI to law enforcement personnel or persons able to prevent or lessen such harm. We may notify a person who may have been exposed to a disease or may be at risk for contracting or spreading a disease or condition as ordered by public health authorities or allowed by state law.
  • Records of Deceased Individuals: We may disclose your PHI pursuant to either a court order or a written release of executor, administrator or other personal representative appointed by the court. If there is no such appointment, we may disclose your PHI to your spouse or responsible family member upon receipt of a signed written authorization.
  • As Required by Law: We will disclose your PHI when it is required or permitted to do so by federal, state, or local law. For example, we are required to report criminally injurious conduct.
  • Coroners, Medical Examiners, Funeral Directors: We may release your PHI to a coroner or medical examiner. This may be necessary, for example, to identify a deceased person or to determine a cause of death. We may also release your PHI to funeral directors as necessary to carry out their duties.
  • Prohibition on Sale of PHI: We will not directly or indirectly receive remuneration or payment in exchange for any PHI unless DIA obtains a valid authorization that includes a specification of whether the PHI can be further exchanged for remuneration by the entity receiving PHI of the individual. The prohibition against selling PHI will not apply if the purpose of the exchange is for:
    • Public health activities (The Secretary may issue regulations limiting the price charged for PHI under this exception for public health activities);
    • Research, but only if the price charged reflects the costs of preparation and transmittal of the data for such purpose;
    • Treatment and payout purposes;
    • Healthcare operations associated with the sale, transfer, merger or consolidation of all or part of DIA;
    • Remuneration provided by DIA to a Business Associate pursuant to a legitimate Business Associate services contract or arrangement;
    • Providing an individual with a copy of his/her medical record; and
    • As required by law any other purpose approved by the Secretary.
  • Any Other Uses: We must obtain a separate authorization from you to use or disclose your PHI for situations not described in this Notice.
  • Fundraising: We may use your PHI (specifically, demographic information related to you including name, address, telephone, other contact information age, gender, date of birth), the dates of your healthcare services, the department of service, treating physician, outcome information and health insurance status, to contact you about fundraising programs. We may disclose this information to a business associate or foundation to assist us in fundraising efforts. Each fundraising communication will include a clear and conspicuous statement allowing you the opportunity to elect not to receive any further fundraising communications. We will not send any further fundraising communications to you if you elect not to receive them. DIA may permit you to opt back into receiving fundraising communications. We will not condition treatment or payment on your choice with respect to the receipt of fundraising communications.
  • Note: If you do not want to be contacted for fundraising efforts, you must notify the DIA Administrator in writing at the address shown at the bottom of this Notice or you may email DIA at


Although all records created through services provided by DIA are the property of DIA, you have the following rights concerning your PHI.

  • Right to Receive Electronic Copy of Your PHI (fees may apply): If DIA uses or maintains an electronic health record, or EHR, you have the right to receive a copy of such information in an electronic format upon request. The electronic copy will be provided in the form or format you request, if it is readily producible in such form or format; or if not, in a readable electronic form and format as agreed to by you and DIA. Additionally, at your direction DIA will transmit the copy, whether in electronic or paper form, directly to an entity or person designated by you. Your request must be in writing, signed, and clearly identify the designated person and where to send the copy of your PHI.
  • Right to Confidential Communications: You have the right to receive confidential communications of your PHI by alternative means or at alternative locations. For example, you may request that we only contact you at work or by mail. You must submit your request in writing and identify how or where you wish to be contacted. We will accommodate all reasonable requests.
  • Right to Inspect and Copy: You have the right to inspect and copy your PHI as provided by law. This right does not apply to psychotherapy notes. Your request must be made in writing. We have the right to charge you the amounts allowed by state or federal law for such copies. We may deny your request to inspect and copy in certain circumstances. If you are denied access, you may request that the denial be reviewed. A licensed healthcare professional chosen by us will review your request and the denial. The person conducting the review will not be the person who denied your request. We will comply with the outcome of the review.
  • Right to Amend: If you feel that the PHI we have about you is incorrect or incomplete, you have the right to request an amendment of your PHI. You must submit your request in writing and state the reason(s) for the amendment. We may deny your request for an amendment if (1) the request is not in writing or does not include a reason to support the request; (2) the information was not created by us or is not part of the medical record that we maintain; (3) the information is not part of the information that you would be permitted to inspect or copy; or (4) the information is accurate and complete. If we deny your amendment, you have a right to file a statement of disagreement with our Privacy Officer.
  • Right to an Accounting: You have the right to obtain a statement of certain disclosures of your PHI to third parties, except those disclosures made for treatment, payment or healthcare operations, authorized by you or pursuant to this Notice. To request this list, you must submit your request in writing and provide the specific time period requested. You may request an accounting for up to six (6) years prior to the date of your request (three years if PHI is an electronic health record). If you request more than one (1) accounting in a 12-month period, we may charge you for the costs of providing the list. We will notify you of the cost involved and you may choose to modify or withdraw your request before any costs are incurred.
  • Right to Request Restrictions on Disclosure(s): You have the right to request restrictions or limitations on PHI we use or disclose about you unless our use or disclosure is required or permitted by law. Any agreement to additional restrictions must be in writing and signed by a person authorized to make such an agreement on behalf of DIA. To request restrictions, you must make your request in writing and tell us (1) what information you want to limit; (2) whether you want to limit our use, disclosure or both; and (3) to whom you want the limits to apply. We will grant a request for restriction if (1) the disclosure is to a health plan for purposes of either payment or health care operations, and (2) the PHI pertains to a service for which you have already paid in full out-of-pocket. We are not required to honor other requests. However, if we agree, we will comply with your request unless the information is needed to provide emergency treatment to you.
  • Out-of-Pocket-Payments: If you have paid out-of-pocket in full prior to the provision of a specific health care item or service (in other words, you have paid in full and have requested that we not bill your health plan to obtain payment), you have the right to ask that your PHI with respect to that item or service not be disclosed to a health plan for purposes of payment or health care operations, and we will honor that request, unless we must disclose the information for treatment or legal reasons.
  • Right to Receive a Paper Copy of this Notice: You have the right to a paper copy of this Notice. If you have received this Notice in electronic form and would like a paper copy, please contact the DIA Privacy Officer at the number or email address listed below. You may obtain a copy at our website:
  • Right to Revoke Authorization: You have the right to revoke your authorization to use or disclose your PHI, except to the extent that action has already been taken by us in reliance on your authorization.
  • Right to Get Notice of a Breach: You have the right to be notified upon a breach of your unsecured PHI. In some circumstances, our business associate may provide the notification. If you have provided us with a current email address, we may use email to communicate information related to the breach. We may also provide notification by other methods as appropriate.


We will abide by the terms of the Notice currently in effect. We reserve the right to change the terms of the Notice and to make the new Notice provisions effective for the entire PHI we maintain. We will make available the Notice available when and where applicable.


In the event that DIA is sold or merged with another organization, your PHI may become property of the new owner.


October 1, 2013.


If you believe your privacy rights have been violated, you may call (918) 935-3590, or send an email to or you may file a complaint with our Corporate Administrator at:

Diagnostic Imaging Associates, Inc.
4500 S. Garnett, Suite 112
Tulsa, OK 74146
866-309-1825 fax

You may also report a privacy rights violation to the Secretary of the Department of Health and Human Services, 200 Independence Avenue, S.W., Washington, D.C. 20201. All complaints must be in writing and filed within 180 days of when you knew or should have known that the act or omission complained of occurred. You will not be penalized for filing a complaint.