Notice of Privacy Practices
Medna, LLC
This notice describes how medical information may be used and disclosed and how you can get access to this information. Please review it carefully.
Medna acts as a Business Associate to the licensed clinicians and organizations who use the Service ("Covered Entities"). This notice describes Medna's privacy practices for protected health information ("PHI") that we process on their behalf. It does not replace the Notice of Privacy Practices that your treating clinician or organization is required to provide to patients.
Our commitments
Medna is committed to protecting the privacy of PHI in accordance with HIPAA and the terms of the Business Associate Agreements we enter into with Covered Entities.
How we may use and disclose PHI
We use and disclose PHI only as permitted by our Business Associate Agreements and as required by law, including:
- To provide documentation services at the direction of the Covered Entity.
- For the proper management and administration of our services.
- To carry out our legal responsibilities.
- As required by law, including HIPAA breach-notification obligations.
We do not use or disclose PHI for marketing, and we do not sell PHI.
Safeguards
We maintain administrative, physical, and technical safeguards to protect PHI, including encryption in transit and at rest, access controls and row-level security, immutable audit logging of access to PHI, automatic session timeout, and private storage for any uploaded files.
Subcontractors
Where we engage subcontractors (subprocessors) that may access PHI, we require them to agree, in writing, to safeguards no less protective than those in this notice and in our Business Associate Agreements.
Breach notification
In the event of a breach of unsecured PHI, we will notify the affected Covered Entity without unreasonable delay and consistent with HIPAA requirements, so that required notifications to individuals and to the U.S. Department of Health and Human Services can be made.
Individual rights
Rights to access, amend, and obtain an accounting of disclosures of PHI are exercised through the Covered Entity (your clinician or organization). We support Covered Entities in responding to those requests as set out in our Business Associate Agreements.
Questions
Questions about this notice may be directed to privacy@medna.io.
Last updated: June 8, 2026