Lena Health
Privacy Policy
1.Overview
Bloom Circle, Inc., doing business as Lena Health ("Lena," "we," "us," or "our"), helps patients get to the care they need. We provide two kinds of services to the healthcare industry:
- Care navigation services — our care navigation staff support patients on behalf of health systems, physician groups, health plans, and other healthcare organizations, helping patients understand their care plans, resolve barriers, and follow through after discharge or referral.
- AI software services — our AI-powered software places calls and sends text messages on behalf of healthcare organizations and their care management partners to introduce care programs, enroll patients, answer questions, and activate patients to their next step in care, such as scheduling a visit.
This Privacy Policy explains how we collect, use, disclose, and protect information when you visit lena.io (the "Site"), contact us, or interact with the services described above (together with the Site, the "Services"), including our calling and text messaging programs. By using the Site or interacting with the Services, you agree to the practices described in this policy, which is incorporated into our Terms of Service.
2.Our Role Under HIPAA
Lena provides its Services to HIPAA covered entities — such as health systems, providers, and health plans — and to other companies that themselves serve covered entities, such as care management organizations. When we receive or handle protected health information ("PHI") in these engagements, we act as a business associate, or as a subcontractor business associate when our client is itself a business associate, under the Health Insurance Portability and Accountability Act ("HIPAA"). Our handling of PHI is governed by written business associate agreements ("BAAs") with our clients and by HIPAA — not by this policy.
Your healthcare provider or health plan remains responsible for its own notice of privacy practices, which describes how your health information may be used and disclosed and the rights you have with respect to it. If you wish to exercise your HIPAA rights — such as requesting access to or amendment of your health records — please contact your healthcare provider or health plan directly; we will assist them as our agreements require. We use and disclose PHI only as permitted by our BAAs and applicable law. We do not sell PHI, and we do not use or disclose PHI for marketing purposes.
3.Information We Collect
- Information from healthcare organizations we serve. When a healthcare organization or its care management partner engages Lena, it may provide us with information about you — such as your name, contact information, preferred language, and information about the care program you are eligible for or enrolled in — so that we can reach you and support your care.
- Information you provide to us. When you speak with our care navigators or our AI assistants, reply to our messages, fill out a form on the Site, request a demo, or contact us, we collect the information you choose to share, such as your name, contact details, organization, scheduling preferences, and the content of your communications.
- Call recordings and transcripts. Calls with our team and our AI assistants may be recorded and transcribed for care documentation, quality assurance, safety, and service delivery, as permitted by law and by our agreements with the healthcare organizations we serve.
- Information collected automatically. When you visit the Site, we collect standard technical information such as browser and device type, pages viewed, and IP address. We do not currently use cookies or similar tracking technologies on the Site for advertising; if our use of these technologies changes, we will update this policy. Because there is no consistent industry standard, we do not respond to browser "Do Not Track" signals.
4.How We Use Information
We use the information we collect to: provide and operate the Services, including conducting outreach by phone and text message on behalf of the healthcare organizations we serve; enroll you in care programs you are eligible for and help you take next steps in your care, such as scheduling appointments; document our interactions with you and report to your healthcare organization as our agreements require; respond to your questions and requests; maintain the quality, safety, and security of the Services; develop and improve the Services; and comply with legal obligations. We do not sell personal information, and we do not use PHI to train general-purpose artificial intelligence models.
5.Calls and AI-Assisted Communications
Some outreach calls are conducted by Lena's AI-powered virtual assistants, which use an artificial or prerecorded voice and may be supported by automated dialing technology. These calls are placed on behalf of your healthcare provider, health plan, or their care management partner in connection with your care — for example, to introduce a care program, complete enrollment, or help you schedule a visit.
You may ask at any time to be connected to a human team member, and you may ask us not to call you again. Calls may be recorded and transcribed as described in Section 3. To manage your call preferences, tell us during any call or contact support@lena.io.
6.SMS / Text Messaging
How you opt in. You will only receive text messages from Lena if you have opted in: (a) through enrollment in a care program offered through your healthcare provider, health plan, or their care management partner; (b) by providing your mobile phone number and consent directly to Lena; or (c) as a Lena employee or contractor who has provided written consent to receive test messages during development and testing of our application.
Message frequency varies. Message and data rates may apply.
Opting out and help. You can cancel at any time by replying STOP to any message. After you send STOP, you will receive one final message confirming that you have been unsubscribed, and no further messages will be sent. To rejoin, reply START. For assistance, reply HELP to any message or contact support@lena.io.
No sharing of mobile information. Mobile phone numbers and text messaging opt-in data and consent will not be shared with or sold to third parties or affiliates for marketing or promotional purposes. We use service providers (such as our text messaging delivery platform) solely to deliver messages on our behalf; they are not permitted to use this information for any other purpose.
7.How We Share Information
We do not sell personal information. We share personal information only:
- With the healthcare organization on whose behalf we act — including your provider, health plan, or their care management partner — in connection with the program in which you participate, such as reporting enrollment status, scheduling outcomes, and barriers to care.
- With service providers that perform services on our behalf, such as communications delivery, hosting, and analytics, under contracts that limit their use of the information to providing those services.
- For legal and safety purposes, when required by law or when reasonably necessary to protect the rights, safety, or property of Lena, the people we serve, or others.
- In a business transfer, such as a merger, acquisition, or sale of assets, subject to the commitments in this policy.
Notwithstanding anything else in this policy, mobile phone numbers and text messaging opt-in data and consent will not be shared with or sold to third parties or affiliates for marketing or promotional purposes. We may create and use de-identified or aggregated data that does not identify you, as permitted by law and our client agreements.
8.Data Security
We maintain a security program with administrative, technical, and physical safeguards appropriate to the sensitivity of the information we handle, including encryption of data in transit and at rest, access controls, network isolation, and data isolation technologies for sensitive information. Lena maintains SOC 2 Type II attestation. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
9.Data Retention
We retain personal information for as long as necessary to provide the Services, meet our legal and contractual obligations — including obligations to the healthcare organizations we serve — and resolve disputes. Retention and return or destruction of PHI is governed by our BAAs.
10.Your Choices and Rights
You can opt out of text messages at any time by replying STOP, ask not to receive further calls during any call or by contacting us, and unsubscribe from marketing emails using the link in any message. Depending on where you live, you may have rights to access, correct, or delete personal information we hold about you; to make a request, contact us using the information below, and we will respond as applicable law requires. Because most of the information we hold about program participants is PHI processed on behalf of a healthcare organization, we may refer your request to that organization, and requests concerning your health records should be directed to your provider or health plan.
11.Children's Privacy
The Site and the Services are not directed to children under 18, and no one under 13 may provide information through the Site. We do not knowingly collect personal information from children under 13, and if we learn that we have done so without verified parental consent, we will delete it.
12.International Users
Lena is based in the United States, and the Services are intended for use in the United States. Information we collect is processed and stored in the United States.
13.Changes to This Policy
We may update this policy from time to time. If we make material changes, we will update the effective date above and post the revised policy on this page.
14.Contact Us
Bloom Circle, Inc. d/b/a Lena Health
7710 Frida Bnd. Austin, Texas 78744
Privacy questions: privacy@lena.io
Support: support@lena.io