Information Security and Privacy Agreement

Inview Imaging Diagnostics, Inc. and its subsidiaries and affiliates (collectively, “Inview
Imaging" or "Inview") are committed to maintaining high standards of confidentiality. The
responsibility to preserve the confidentiality of information in any form (electronic, verbal, or written)
rests with each User granted access to Inview's information systems who may have access to
Confidential Information, including Protected Health Information (PHI), Electronic Protected
Health Information (ePHI), employee information, physician information, vendor information,
medical, financial, or other business-related or company confidential information. Any information
created, stored or processed on Inview systems, or systems maintained on Inview’s behalf by a
vendor or other individual or entity, is the property of Inview Imaging, as is any information created by
or on behalf of Inview, whether written, oral or electronic. Inview reserves the right to monitor and/or
inspect all systems that store or transmit Inview Imaging data, the data stored therein, as well as all
documents created by or on behalf of Inview Imaging.

Definitions:
Agreement means this Inview Imaging Information Security and Privacy Agreement.
Confidential Information means confidential information that is created, maintained, transmitted
or received by Inview and includes, but is not limited to, Protected Health Information (“PHI”),
Electronic Protected Health Information (“ePHI”), other patient information, Workforce member
information, employee, physician, medical, financial and other business-related or company private
information in any form (e.g., electronic, verbal, imaged or written).
Protected Health Information (“PHI”) means individually identifiable health information that relates
to the past, present, or future physical or mental health or condition of an individual, the provision of
health care to an individual, or the past, present, or future payment for the provision of health
care to an individual. PHI can be oral, written, electronic, or recorded in any other form.
Electronic Protected Health Information (“ePHI”) means Protected Health Information in
electronic form.

User means a person or entity with authorized access to any Inview Imaging network and/or other
information systems, including PACS, RIS and computer systems.
Workforce means employees, volunteers, trainees, and persons whose conduct, in the performance
of work for Inview Imaging, are under the direct control of Inview, whether or not they are paid by
Inview. Workforce also include management and employed m edical staff.

I HAVE READ AND UNDERSTAND THIS ENTIRE AGREEMENT, AND I AGREE TO
THE FOLLOWING:

I understand it is my personal responsibility to read, understand and comply with all
applicable Inview policies and procedures, including all requirements specified in
the HIPAA Security Rule and its implementing regulations (45 CFR Part 160
and Parts A and C of Part 164). I understand that these policies provide
important information about the acceptable use of Inview's information systems,

protection from malicious software, data encryption, and mobile device usage.

I have been provided access to the Security and Privacy policies, as applicable.

I agree not to disclose any PHI, ePHI or any other Confidential Information obtained by
accessing Inview's information systems to any unauthorized party. I agree not to
access or use any PHI, ePHI or any other Confidential Information unless I am
authorized to do so. I agree that all patient-related information shall be held to the
highest level of confidentiality.

4. I agree to access Inview information systems only for the purposes related to the scope
of the access granted to me, in accordance with the minimum necessary standard of the
Privacy Rule, which means I will only access PHI of patients who I am personally
treating, and only such information that is necessary to the patient's treatment or care.

5. I understand that Inview regularly audits access to information systems and the
data contained in these systems. I agree to cooperate with Inview regarding
these audits or other inspections of data and equipment.
6. I agree that I will not share or disclose User IDs, passwords or other methods that allow
access to Inview information systems to anyone, at any time, nor will I share my account.

7. I agree to create a password meeting Inview's minimum complexity requirements for access to
all Inview information systems (8 characters, capital letter, lower case letter, special symbol).

8. I agree to contact the applicable Inview Business or Security Officer contact immediately
if I have knowledge that any password is inappropriately revealed or any inappropriate
data access or access to Confidential Information has occurred, or if any violation of any
Inview or HIPAA policy is suspected to have occurred.

9. I understand that Confidential Information includes, but is not limited to PHI, ePHI, other
patient information, employee, physician, medical, financial and all other business-related
or company private information (electronic, verbal or written).

10. I agree that I will not install or use software that is not licensed by Inview (or that
is otherwise unlawful to use) on any Inview information systems, equipment,
devices or networks. I understand that unauthorized software may pose security risks
and will be removed by Inview Imaging.

11. I agree to report any and all activity that is contrary to this Agreement or the Inview
Security or Privacy policies to my IS Security Officer, as well as the applicable Inview
Business or Security Officer contact immediately.

12. I understand that this signed agreement will be kept on file by Inview and that failure to
comply with this Agreement and the Inview Security and Privacy policies may
result in revocation of access and the termination of any agreements or
relationships with Inview Imaging.

13. I understand that all information and/or data transmitted by or through or stored on any
Inview device, or system maintained on any Inview company’s behalf by a vendor or
other individual or entity, will be accessible by Inview and considered the property
of Inview, subject to applicable law. I understand this includes, without limitation, any
personal, non-work related information. I do not have any expectation of
privacy with regard to information on any Inview network and/or other information
systems, including computer systems, and understand that Inview has no obligation to
maintain the privacy and security of the information. I understand that Inview reserves the right to monitor and/or inspect all systems that store or transmit Inview data,
the data stored therein, as well as all documents created by or on behalf of Inview, or
any PHI or ePHI maintained by Inview.

14. I agree to comply with Inview requirements to encrypt electronic Confidential Information
in accordance with Inview security policies, including the requirement that encryption
software be installed on all laptop computers used to access ePHI and that
emails transmitted over an electronic network outside of Inview be encrypted, as
described in the Inview Security policy Transmission Security.

15. I agree that all devices used by me that are connected to an Inview network and/or
other information systems, including computer systems, whether owned by me or not,
will be continually running approved and updated anti-virus software.

16. I will follow the requirements for Users described in all Inview Security and Privacy
policies, as well as those requirements discussed in this Information Security Agreement.

17. I agree to immediately inform Inview Security Officer or Business Contact in the event
that I stop practicing medicine or no longer have a legitimate need for access to Inview's
Information Systems provided to me by this Agreement.

By signing this Agreement, I understand and agree to abide by the conditions imposed above.

Your name

Organization name

Your email

Date

Signature