This Privacy Statement explains how Merge Healthcare Incorporated and its affiliated entities (collectively referred to herein as "Merge") collect, use and disclose Personal Information.  "Personal Information", as used in this Privacy Statement, means any information which may be directly or indirectly linked to an identifiable individual, and may include health information.

This statement does not apply to information regarding the citizens of Switzerland or countries that are members of the European Union. See Merge’s “US-EU Safe Harbor Data Privacy Statement” how the information of citizens of EU member countries and Switzerland is handled.

Collection, use, disclosure and retention of Personal Information
Merge collects Personal Information that customers and others voluntarily provide to us, for example, when using Merge services, placing a product order through our website, requesting technical support, joining our mailing list, etc. This information is only used for purposes for which it is collected, including:
  • providing services;
  • facilitating sales transactions;
  • processing payments;
  • responding to inquiries;
  • providing product support; and
  • sending information about products and services (e.g., by email).

Any other information collected, such as originating domain, time of visit, connection speed, and pages accessed is maintained in aggregate form.  Merge makes no attempt to correlate such information to an individual user.  This information is not individually identifiable and will only be used to improve the performance and responsiveness of our website.

Merge will not share your Personal Information with third parties except:
  • with your consent;
  • where  necessary to fulfill a purpose for which the Personal Information was collected (e.g. we may provide your Personal Information to a service provider in order to process a payment);
  • to respond to a subpoena, warrant or court order;
  • to comply with court rules regarding the production of records and information;
  • in urgent circumstances to protect the life, health or security of any person; or
  • where otherwise required by law.

Merge will only retain Personal Information as long as necessary to fulfil the purpose of its collection.

Merge provides products and services that allow healthcare providers to more effectively manage, access, share and utilize medical images and health records. Depending on the product or service provided, we may store and/or process Personal Information about the patients of a healthcare provider on behalf of that provider, or Merge may be required to collect Personal Information in the course of providing service or support to a healthcare provider.  Healthcare providers are required to ensure that they have consent or other lawful authority to transfer Personal Information to Merge.  We will only collect and use this information for the purposes of serving our customers and will only retain such information as long as necessary to meet those purposes.

Storage outside of your country
Personal Information collected by Merge may be transferred between and stored outside of the country in which you reside. As such, Merge may be legally required to provide Personal Information to government institutions, law enforcement agencies or courts in either in those countries in order to respond to a subpoena, warrant, or other lawful order.

Merge endeavours to keep Personal Information as secure as possible and employs industry best practices to do so.  The following is a summary of the measures taken by Merge to protect your information.

Secure Protocols
Merge uses Secure HTTP (HTTPS) encryption when transmitting certain kinds of information, such as Personal Information or payment information, so that no one else can read it while it is being transmitted over the Internet.

Secure Storage
Merge maintains reasonable physical, electronic, and procedural safeguards that comply with federal regulations to protect personal information about you.

Vendors and Partners
Merge requires its vendors and partners to protect the security and privacy of Personal Information.

Employee and Contractor Access to Information
Merge limits access to Personal Information to those employees and contractors who reasonably require such access in order to provide products or services to you or in order to do their jobs.

Education and Training for Employees
Merge has implemented a company-wide education and training program about security that is required of every Merge employee.

Security Steps You Can Take
If you are a user of a Merge service that requires you to create an account with a password, do not share that password with anyone.  Please contact us if you believe your Merge account has been compromised or if you have been contacted by someone about your Merge account asking for a password or other Personal Information.  In the event that you believe that your personal safety is at risk or if you believe that you may be the victim of identity theft or other illegal conduct, please contact the appropriate federal, state or local law enforcement agencies directly.

Access to your Personal Information
You may request at any time that Merge provide you with access to your Personal Information. We will attempt to respond to the request within 30 days of receipt.  Such access requests may be subject to fees for reasonable cost recovery.  You may also request that Merge correct or dispose of any or all Personal Information about you, and we will abide by your requests unless otherwise required by law.  If you are a user of Merge iConnect® Cloud Archive, you can access and make changes to the Personal Information in your account by logging into your account.   You can find out more about Merge iConnect® Cloud Archive here:

Can I be denied access to my Personal Information?
There are times when Merge may deny access to your Personal Information such as:
  • denial of access is required or authorized by law ;
  • information relates to existing or anticipated legal proceedings against you;
  • when granting you access would have an unreasonable impact on other people’s privacy, security or proprietary information;
  • to protect Merge’s rights and/or property; or
  • where the request is frivolous or vexatious or generates costs which are prohibitively expensive.

If we deny your request for access to, or refuse a request to correct information, we shall do so in writing and explain why.
Also, Merge cannot provide patients with access to their Personal Information if that information was provided to Merge by a healthcare provider.  Patients of Merge's healthcare provider customers should contact their healthcare providers to obtain access to their Personal Information.

Links to other websites: 
The Merge website provides links to other websites. No individually identifiable information is shared between Merge and these other websites.  Once a visitor or member leaves the Merge website, they are subject to the policy of that new site and should consult the privacy policy of that site to learn about its information handling practices.

Use of cookies
We may use cookies to help customize your use of the Merge website and on-line services.  A "cookie" is a small text file sent by a web server to a web browser to transmit information back to that browser. Cookies are a way to have the browser remember specific bits of information to improve the user experience by simplifying the delivery of relevant content, making site navigation easier, etc.   We do not record personal or sensitive information in our cookies.  Most web browsers are configured to accept cookies automatically. If you prefer not to accept cookies, you may adjust your browser settings to notify you when a cookie is about to be sent, or you may configure your browser to refuse cookies automatically.  If you choose not to accept cookies, you may continue to use the Merge site; however, your browsing experience may not be optimal.

Use of web beacons
We may use web beacons to track browsing activities in order to measure how users interact with the Merge website and the effectiveness of advertisements or promotional campaigns.  A “web beacon” is an electronic image that can be used to recognize a cookie on your computer when you view a web page. Web beacons are used for analytics, to inform customization of product and services offerings, and to optimize the browsing experience.  Web beacons are not used to collect personal or sensitive information.

Contacting Merge
If you have any questions or concerns about Merge's privacy practices please contact our Privacy Officer

When contacting us, please be sure to provide us with your exact e-mail address, name, address and/or telephone number(s) in order to be sure we handle your inquiry correctly.

Requesting to be removed from email lists; deleting your Merge iConnect® Cloud Archive account
If you have subscribed to receive email updates from Merge, and no longer wish to receive email from us in the future, you can let us know by completing our unsubscribe form at  If you are a user of Merge iConnect® Cloud Archive, you may delete your Merge iConnect® Cloud Archive account by logging in, going to your Account Settings, and selecting “Delete Account”.

This Privacy Statement was last updated on May 1, 2015.  Merge reserves the right, at its discretion, to change, modify, add, or remove portions of this Privacy Statement at any time. You should check this page periodically for changes. Your continued use of Merge services following the posting of changes to this Privacy Statement will mean that you accept those changes.