Privacy Policy
Effective Date: February 7, 2022
To review material modifications and their effective dates, scroll to the bottom of the page.
For a summary of the terms in this Privacy Policy and guidance on how we handle your health data, see our Privacy Notice.
Darena Solutions LLC (“Darena” or “We,” or “Us”) owns the software, technology, and content that enables Darena’s MeldRx™, MyMeldRx™, and MyMipsScore™ Services, more particularly identified on the website that is accessible through a downloaded and installed application on a desktop or a mobile device, through a web browser or otherwise acquired application (collectively the “App” or “Services”).
Darena collects data about the user’s device and operating system when the App is downloaded. Darena may also receive technical data about the user’s device and app software that is gathered to manage updates and resolve App errors. This information does not identify the user.
We respect and are committed to protecting your privacy. When you choose to provide us with your Personal Identifiable Information (PII) (defined below), this Privacy Policy describes how we collect, use, and disclose your PII and individually identifiable health information submitted by you in the course of using the App.
The App contains features designed to inter-operate with EHRs, Healthcare Providers, HIEs, and Payers (including but not limited to CMS Blue Button 2.0) (“Patient Data Providers”) to access, use, and exchange health information. To use such features, you may be required to obtain access to such Patient Data Providers, or App may be required to obtain access to such Patient Data Providers on your behalf. You are solely responsible for compliance with the terms and conditions applicable to any Patient Data Provider accessed by you through the Apps and Services. You indemnify Darena from any and all harm, damages, costs, and expenses incurred by Darena in connection with a breach of the foregoing. Darena shall not be responsible for any disclosure, modification, or deletion of data resulting from any such access to Patient Data Providers. If any Patient Data Provider ceases to make the application available for inter-operation with the corresponding feature of the App on reasonable terms, Darena may cease providing such features without entitling the User to any refund, credit, or other compensation. Any exchange of information between an end user and any Patient Data Provider is directly between the end users and the applicable Patient Data Provider. DARENA EXPRESSLY DISCLAIMS RESPONSIBILITY AND LIABILITY FOR ANY CLAIMS OR DAMAGES ARISING IN CONNECTION WITH OR RELATING TO ANY END-USER INTERACTIONS WITH THE APP OR ANY PATIENT DATA PROVIDER.
MyMeldRx Account
Personal Identifiable Information ("PII") means any information that may be used to identify an individual, including, but not limited to, a first and last name, email address, a home, postal or other physical address, and phone number. We collect your PII when you register for a “MyMeldRx Account” through the App. MyMeldRx Account allows you to use the App on multiple devices and sync your data across all of these devices. After registering for a MyMeldRx Account, you may create one or more accounts for one or more individuals to manage individually identifiable healthcare data (“Healthcare Data”) for yourself or others.
Information Sharing by You
You can share information through our App by (i) exporting a copy of your Healthcare Data as a “FHIR Bundle,” (ii) sending your Healthcare Data to Patient Data Providers or Third Parties such as your providers integrated with the App, and (iii) other features that may be offered through our App. You provide consent to sharing through the settings in the App. Third Parties may store, process, or use your Healthcare Data differently than what we describe in our Privacy Policy.
Information Sharing by Darena
Your PII and Healthcare Data are not shared without your permission, except as described below.
Information Shared with Our Services Providers. We engage cloud service providers such as Microsoft Azure (“Service Providers”) to work with us to administer and provide the hosting services for the App. These service providers have access to your PII and Healthcare Data only for the purpose of performing services on our behalf, and are expressly obligated not to disclose or use your PII and Healthcare Data for any other purpose.
Information Sold to Third Parties. We do not sell, lease, or rent your individual-level information to any third party (“Third Parties”). Examples of Third Parties include but are not limited to: registries, data brokers, marketing firms, advertising firms, or analytics firms.
Information Shared with Third Parties. With your consent, we may share your aggregated information and non-identifying information with Third Parties to conduct ongoing quality improvement activities or for industry research and analysis, demographic profiling, and other similar purposes. This information will not be shared without your consent.
Information Disclosed for Our Protection and the Protection of Others. We cooperate with government and law enforcement officials or private parties to enforce and comply with the law. We may disclose any information about you to the government or law enforcement officials, or private parties as we, in our sole discretion, believe necessary or appropriate: (i) to enforce our Terms of Service, (ii) to respond to claims, legal process (including subpoenas); (iii) to protect our property, rights, and safety; and the property, rights, and safety of a Patient Data Provider, our users, or the public in general; (iv) to stop any activity that we consider illegal, unethical or legally actionable; and (v) as required in accordance with HIPAA or related applicable local, state or federal laws.
An account owner may at any time withdraw previously granted consent to a Third Party at which point no new data will be sent to the Third Party on a patient’s behalf. Darena Solutions is not responsible for previously consented data that has already been sent to a Third Party. To have this data removed, the account owner must directly contact the Third Party.
Compliance with Applicable Laws and Data Transmission
Certain Services that Darena offers to Patient Data Providers or makes available to their patients involve access to and the processing of PII/PHI (defined below) provided to us pursuant to the contract that we have entered with a Patient Data Provider.
With respect to the operation of our Services, and to the extent required by (A) the Health Insurance Portability and Accountability Act of 1996, as amended, and its implementing regulations (“HIPAA”), and (B) the Health Information Technology for Economic and Clinical Health Act (“HITECH”) and any regulations promulgated thereunder (HIPAA and HITECH are collectively referred to herein as the “Privacy Laws”), Darena will adhere to the Privacy Laws applicable to it as a Business Associate and maintain the confidentiality of any Personal Identifying Information (“PII”) or Protected Health Information that is protected by HIPAA and is transmitted or made available through the functionality of the Services. If you are a patient of a Healthcare Provider (Patient Data Provider), our use of PHI is governed by HIPAA and other Applicable Laws and the contract with your Patient Data Provider.
You acknowledge and agree that these terms may be amended from time to time if necessary to comply with the Privacy Laws.
When you use the Services to upload/Access, transmit/Exchange, or receive/Use PHI, you agree that, to the extent applicable, you shall comply with all applicable local, state, federal, or international laws, rules, or regulations, including, but not limited to, the Privacy Laws, any court order, or other order or decision in any governmental, administrative, or judicial proceeding (collectively “Applicable Laws”). You represent and warrant that you will, at all times, comply with all directly or indirectly Applicable Laws that may now or hereafter govern the gathering, use, transmission, processing, receipt, reporting, disclosure, maintenance, and storage of PHI.
Darena DISCLAIMS ANY LIABILITY FOR YOUR USE OR MISUSE OF PHI OR OTHER INFORMATION TRANSMITTED, MONITORED, STORED, OR RECEIVED WHILE USING THE SERVICES WHETHER TO A HEALTHCARE PROVIDER USING THE SERVICES OR OTHERWISE. DARENA RESERVES THE RIGHT TO AMEND OR DELETE ANY UPLOADED CONTENT (ALONG WITH THE RIGHT TO REVOKE ANY MEMBERSHIP OR RESTRICT ACCESS TO THE SERVICES) THAT IN DARENA’S SOLE DISCRETION, VIOLATES ANY PROVISIONS OF THIS SECTION OR THE TERMS OF USE IN GENERAL.
Data Security
We have implemented reasonable and appropriate safeguards to protect any data provided by you to our platform from any loss, misuse, unauthorized access, disclosure, alteration, and destruction. We leverage enterprise-grade encryption standards such as TLS/SSL and Transparent Data Encryption to protect your PII and PHI / EHI both in transit and at rest. Data may be accessed either by a person leveraging a web client (including but not limited to a web browser, app, or service) or programmatically via our Application Programming Interface (API). We leverage modern authentication and authorization frameworks, and all data returned is scoped either to a single Patient Data Provider or patient. Darena Solutions is not responsible for any data that is improperly accessed using stolen or weak Patient Data Provider credentials, leaked Patient Data Provider API keys, or any other type of credential leakage caused by a Patient Data Provider. Darena Solutions highly recommends that you do not share application credentials or API keys with anyone other than those whom they are specifically intended for. It is also highly recommended to enable Multifactor Authentication for all end-user accounts and leverage universally unique passwords stored in a password manager. Darena Solutions highly recommends rotating developer application secrets, and API keys regularly and exclusively storing them in a secrets/credential vault and do not commit them to a source code repository in plain text. Change your passwords often, use a combination of letters and numbers, and make sure you use a secure browser.
Darena Solutions complies with all applicable laws regarding breaches. In the event of a security or data breach, we have an incident response team on standby that will coordinate any investigations and notifications to affected parties. Additionally, we are committed to the security and protection of your data and have a dedicated Security Operations Center that proactively monitors for malicious activity and other threats.
Opt-Out
We may periodically send you free newsletters and e-mails that directly promote our App or Services. When you receive such promotional communications from us, you will have the opportunity to "opt-out" (either through your account or by following the instructions to unsubscribe provided in the e-mail you receive). We do need to send you certain communications regarding the App and Services, and you will not be able to opt-out of those communications – e.g., communications regarding updates to our Terms of Service or this Privacy Policy or information about billing.
Children and Privacy
Our Apps and Services do not target and are not intended to attract children under the age of 13. We do not knowingly solicit PII from children under the age of 13 or send them requests for PII. If we learn that we have collected the PII of a child under 13 directly from that child, we will take steps to delete such information from our files as soon as possible. Notwithstanding the foregoing, we may collect PII about children under 13 that parents or guardians provide to us when establishing an account for their children’s records.
Account Closure
You may close your account and delete all your Healthcare Data at any time. Please note that the deletion of Healthcare Data through the App does not include any information that you previously provided to a Third Party through our App. You must contact Third Parties separately regarding controls and choices for the personal information that you shared.
We may retain your PII in backup copies as required by law or contractual obligations with Patient Data Providers or as needed for accounting, audit, and compliance purposes.
In the event that an account is dormant for a period of five (5) years (e.g., no active connections to providers, no new data, no logins, or account activity), the account will automatically be flagged for deletion. An email stating the account’s status will be sent to the account owner ninety (90) days prior to the deletion. During this 90-day period, an account owner may log in to their account and halt the deletion process.
If the company is sold, a communication will be sent to all users of the application informing them of the events. Additionally, an updated privacy policy and terms of service will be released and distributed to all users of the application. To continue using the App or Service, the new privacy policy and terms of service must be read and consented to by users.
Questions or Suggestions
If you have questions or concerns about our collection, use, or disclosure of your PII or Healthcare Data, please email us at support@darenasolutions.com. You may also contact us by writing to Darena Solutions, 100 Chesterfield Business Parkway, Suite 200, St. Louis, MO 63005.
Material Modifications Since February 7, 2022: None