top of page

Notice of Privacy Practices

Effective Date: May 20, 2026

This Notice of Privacy Practices (“Notice”) describes how OIVI INC (“Oivi,” “we,” “our,” or “us”) may use, maintain, and disclose Protected Health Information (“PHI”) in connection with the services we provide to healthcare providers and clinics utilizing the Oivi platform, equipment, and related services.

 

Oivi acts as a service provider and Business Associate to healthcare providers and clinics that are Covered Entities under the Health Insurance Portability and Accountability Act of 1996, as amended (“HIPAA”). Oivi does not provide medical care, medical diagnosis, or medical treatment services, and Oivi is not a substitute for a licensed healthcare provider.

 

This Notice is intended primarily to describe Oivi’s privacy and security practices in connection with the services it provides to healthcare organizations.

Scope of Services

Oivi provides technology-enabled retinal imaging workflow services, including:

  • retinal imaging equipment,

  • hosted software and platform services,

  • image transmission and storage functionality,

  • workflow management tools,

  • technical support services,

  • and preliminary informational outputs generated from retinal image submissions.

 

Oivi does not provide medical advice, clinical interpretation, diagnosis, or treatment recommendations. Oivi’s services are intended to support healthcare providers and are not intended to replace clinical judgment or licensed medical review.

Use of Oivi’s services does not create a provider-patient relationship between Oivi and any patient or individual.

Information We Recieve and Maintain

In connection with providing services to healthcare providers and clinics, Oivi may create, receive, maintain, or transmit information including:

  • retinal images,

  • patient demographic information,

  • patient identifiers,

  • encounter-related information,

  • provider and clinic information,

  • device and system metadata,

  • audit logs,

  • and other information provided by healthcare providers in connection with use of the Oivi platform and services.

 

Such information may constitute PHI or electronic PHI (“ePHI”) under HIPAA.

Consistent with HIPAA rules, Oivi uses, discloses, and requests only the minimum amount of PHI necessary to accomplish the intended purpose of the use, disclosure, or request, unless an exception applies under HIPAA.

How We Use Information

Oivi may use PHI and ePHI solely as necessary to:

  • provide and support the Oivi platform and related services;

  • facilitate image transmission, routing, hosting, and storage;

  • provide technical support and customer service;

  • maintain system security, integrity, and performance;

  • conduct troubleshooting, quality assurance, and operational support activities;

  • comply with applicable legal and regulatory obligations;

  • and perform other activities permitted under applicable agreements and HIPAA.

 

Oivi does not use PHI for advertising purposes.

Permitted Disclosures

Oivi may disclose PHI:

  • to the applicable healthcare provider or clinic;

  • to authorized users acting on behalf of the healthcare provider or clinic;

  • to subcontractors and service providers assisting Oivi in performing services, provided such parties are subject to appropriate confidentiality and security obligations;

  • as required by law, regulation, court order, or governmental request;

  • or as otherwise permitted under HIPAA and applicable agreements.

 

Oivi does not sell PHI.

De-Identified Information

Oivi may de-identify information in accordance with applicable law, including HIPAA de-identification standards.

 

De-identified information may be used internally by Oivi for limited purposes including:

  • system administration,

  • quality assurance,

  • service improvement,

  • operational analytics,

  • security monitoring,

  • and platform performance optimization.

 

Oivi does not use de-identified information for advertising purposes.

Security Practices

Oivi maintains administrative, technical, and physical safeguards designed to protect the confidentiality, integrity, and availability of PHI and ePHI in accordance with applicable HIPAA Security Rule requirements.

 

Such safeguards may include:

  • access controls,

  • authentication measures,

  • audit logging,

  • secure transmission technologies,

  • workforce training,

  • and ongoing security monitoring practices.

 

No system can be guaranteed to be completely secure, and Oivi cannot guarantee absolute security of information transmitted electronically.

Breach Notification

Retention and Disposal

In the event of a Breach of Unsecured PHI, Oivi will notify the applicable Covered Entity (healthcare provider or clinic) without unreasonable delay and in no case later than sixty (60) calendar days after discovery of the Breach. Notification will include the information required by applicable law, including a description of the Breach, the types of information involved, and the steps individuals may take to protect themselves

Oivi retains PHI and related records only for so long as necessary to:

  • provide contracted services,

  • satisfy legal and regulatory obligations,

  • resolve disputes,

  • enforce contractual obligations,

  • and maintain required business and compliance records.

 

Unless otherwise required by law or contractual obligation, Oivi generally maintains applicable HIPAA-related documentation and records for a period consistent with HIPAA retention requirements, including up to six (6) years where applicable.

 

Upon termination of applicable services or agreements, Oivi will return, destroy, or continue protecting PHI as required by applicable agreements and law.

Website Analytics and Cookies

Oivi’s public-facing website may utilize basic cookies, analytics tools, and similar technologies to:

  • support website functionality,

  • understand website usage,

  • improve user experience,

  • and maintain website security and performance.

 

These technologies are not intended to collect PHI through public-facing website interactions.

 

Users may adjust browser settings to limit certain cookies or tracking technologies; however, some website functionality may be affected.

Patient Rights and Covered Entity Responsibilities

Healthcare providers and clinics utilizing Oivi’s services remain responsible for:

  • providing patients with applicable HIPAA Notices of Privacy Practices;

  • obtaining any necessary patient authorizations or consents;

  • maintaining designated medical records;

  • responding to requests for access, amendment, restrictions, confidential communications, or accounting of disclosures;

  • and fulfilling other obligations imposed on Covered Entities under HIPAA.

 

Individuals seeking information regarding their medical records or healthcare information should contact their healthcare provider or clinic directly.

 

Oivi may assist healthcare providers and clinics in responding to such requests as required under applicable Business Associate Agreements and HIPAA.

Changes to This Notice

Oivi reserves the right to revise or update this Notice at any time to reflect:

operational changes,
legal or regulatory developments,
security practices,
or service modifications.

 

Any updated version will become effective as of the revised effective date posted on the updated Notice.

Contact Information

Questions regarding this Notice or Oivi’s privacy and security practices may be directed to:

 

OIVI INC
2200 N Federal Highway
Boca Raton, Florida 33431
United States

 

Email: contact@oivi.co

bottom of page