BORRADOR — Estos documentos se proporcionan con fines informativos durante nuestra beta y no han sido revisados por asesoría jurídica. No constituyen un acuerdo vinculante. Por favor, revísalos con un abogado cualificado antes de basarte en ellos.

Notice of Privacy Practices

Medna, LLC

This notice describes how medical information may be used and disclosed and how you can get access to this information. Please review it carefully.

Medna acts as a Business Associate to the licensed clinicians and organizations who use the Service ("Covered Entities"). This notice describes Medna's privacy practices for protected health information ("PHI") that we process on their behalf. It does not replace the Notice of Privacy Practices that your treating clinician or organization is required to provide to patients.

Our commitments

Medna is committed to protecting the privacy of PHI in accordance with HIPAA and the terms of the Business Associate Agreements we enter into with Covered Entities.

How we may use and disclose PHI

We use and disclose PHI only as permitted by our Business Associate Agreements and as required by law, including:

  • To provide documentation services at the direction of the Covered Entity.
  • For the proper management and administration of our services.
  • To carry out our legal responsibilities.
  • As required by law, including HIPAA breach-notification obligations.

We do not use or disclose PHI for marketing, and we do not sell PHI.

Safeguards

We maintain administrative, physical, and technical safeguards to protect PHI, including encryption in transit and at rest, access controls and row-level security, immutable audit logging of access to PHI, automatic session timeout, and private storage for any uploaded files.

Subcontractors

Where we engage subcontractors (subprocessors) that may access PHI, we require them to agree, in writing, to safeguards no less protective than those in this notice and in our Business Associate Agreements.

Breach notification

In the event of a breach of unsecured PHI, we will notify the affected Covered Entity without unreasonable delay and consistent with HIPAA requirements, so that required notifications to individuals and to the U.S. Department of Health and Human Services can be made.

Individual rights

Rights to access, amend, and obtain an accounting of disclosures of PHI are exercised through the Covered Entity (your clinician or organization). We support Covered Entities in responding to those requests as set out in our Business Associate Agreements.

Questions

Questions about this notice may be directed to privacy@medna.io.

Última actualización: June 8, 2026