Marketplace Data Use Notice
3. This Data Use Notice has been prepared in accordance with Applicable Law (as defined in our Terms) (“Applicable Law”) , including Federal Decree-Law No. 45/2021 on the Protection of Personal Data, Federal Law No. (2) of 2019 concerning the Use of Information and Communications Technology in Health Fields and its implementing regulations and the Ministry of Health and Prevention (MOHAP) Resolution No. 51/2021 on exemption for storage and transfer of health records and information.
2. DCENTRIC HEALTH LTD a company formed under the laws of the Republic of Cyprus with registration Number (ΗΕ 391425) and registered office at 7 Agiou Mina Str. PANORAMA RESIDENCE BLOCK B, Flat 101 Limassol P.C 4104 shall be the data controller in respect of all Personal Data that you provide directly to us or we receive from third parties upon your instructions and consent, for the purposes set out in our Terms and ToU.
3. This Data Use Notice describes the types of data processed by us to facilitate your access to the Aria Marketplace, the purposes for which your data may be used by Marketplace Data Recipients, your choices with regard to the purposes for which your data may be used, and how we store, transfer and erase data. Your specific, informed and unambiguous consent for data sharing on Aria Marketplace, will be obtained from you via the My Aria App, when you opt-in to the Aria Marketplace.
3. Data Collected and Processed for ARIA Marketplace
2. From Partner Medical Facilities: When you connect with our Partner Medical Facilities via the My Aria App, we will receive your medical records and a patient identifier (a pseudonymous identifier generated by the concerned Partner Medical Facility) from the Partner Medical Facilities. Before we store your medical records on Dcentric’s Servers, we double pseudonymize it to safeguard your privacy. The medical records are then stored in encrypted format on Dcentric’s Servers, making it even more challenging for anyone, to trace your medical records back to you. The medical records are encrypted with the keys generated by the specific blockchain wallet that is issued to you as part of the My Aria App and are decryptable only by you, using your private key. Upon your opting-in to the Aria Marketplace and agreeing to share your medical records with life sciences companies, medical researchers, analytics and consulting firms, healthcare payers, medical device manufacturers and universities (“Marketplace Data Recipients”), you will be granting us limited access to decrypt medical records in order to enable searches based on requests by Marketplace Data Recipients. Based on your medical records falling within the search parameters set by the Marketplace Data Recipients, we will share your medical records with Marketplace Data Recipients in the form of aggregated data sets.
3. In the hands of the Marketplace Data Recipients, your medical records are entirely dissociated from any identifiable user, making it anonymous. In practical terms, this means that your medical records are completely de-identified and devoid of any connections to specific users. The Marketplace Data Recipient does not possess the necessary information or keys required to reverse engineer the medical records in an attempt to identify you. Their access is strictly limited to the de-identified, medical records for the purpose of research, analysis, or other approved uses as outlined in the ToU. This makes your medical records anonymous in the hands of Marketplace Data Recipients.
4. Please refer to the terms and conditions and privacy policies of Partner Medical Facilities and Marketplace Data Recipients to understand their policies, procedures and practices.
5. The medical records we receive from Partner Medical Facilities include:
1. Height, weight, heart rate, and other detailed health information such as allergies, preferences and special need requirements as well as diagnoses and treatment;
2. Physical and mental healthcare records (including results and opinions from third party providers, such as X-rays, scans and blood tests; referrals and second opinions, such as written statements, medical photographs and diagrams and surgical videos);
3. Laboratory results;
4. Radiology results such as scans (e.g., magnetic resonance imaging (MRI), computed tomography (CAT) etc);
5. Medicine prescriptions and medication information; and
6. Immunisation records.
4. Marketplace Data Recipients and the Purposes for Which They Will Use Your Medical Records
1. Upon your opting-in to the Aria Marketplace and agreeing to share your medical records, gender and age with Marketplace Data Recipients, we will share your medical records along with your gender and age, with Marketplace Data Recipients as per your chosen preferences.
2. The Marketplace Data Recipients who will receive your medical records, gender and age, upon your request and consent include life sciences companies, medical researchers, analytics and consulting firms, healthcare payers, medical device manufacturers and universities. The specific types of Marketplace Data Recipients, and the purpose for which they may access your medical records are as follows:
1. Life sciences companies and medical researchers
1. Clinical Research Organizations: Clinical research organizations may use Electronic Health Records (“EHR”) data to recruit patients for clinical trials, monitor drug safety, and conduct research on the safety and efficacy of new drugs. For example, clinical research organizations may use EHR data to identify patients who meet the eligibility criteria for a clinical trial, monitor adverse drug events in real-world settings, or analyse patient-reported outcomes data.
2. Drug Safety Monitoring Companies: Drug safety monitoring companies may use EHR data to identify adverse drug events and monitor the safety of drugs in real-world settings. For example, drug safety monitoring companies may use EHR data to identify medication errors, monitor drug interactions, or track the long-term safety of medications.
3. Emerging start-ups in the field of biotechnology.
2. Analytics and consulting firms
1. Health information technology consulting firms: Health information technology consulting firms may use EHR data to help healthcare providers select and implement EHR systems, optimize workflows, and improve data quality. For example, health information technology consulting firms may use EHR data to analyze user adoption rates, identify areas for customization, or develop data migration strategies.
2. Healthcare analytics firms: Healthcare analytics firms may use EHR data to develop predictive models, identify trends, and provide insights to healthcare providers and payers. For example, healthcare analytics firms may use EHR data to predict patient risk scores, monitor population health trends, or develop performance improvement initiatives.
3. Emerging start-ups in the field.
3. Healthcare payers
1. Insurance companies: Insurance companies may use EHR data to identify high-risk patients, develop targeted interventions to improve health outcomes, and negotiate reimbursement rates with healthcare providers. For example, insurance companies may use EHR data to track patient adherence to medications, identify patients who are at risk for hospitalization, or monitor the quality of care provided by healthcare providers.
2. Government payers: Government payers, including medical authorities and regulators, may use EHR data to monitor the quality of care provided to their beneficiaries and identify areas for improvement. For example, government payers may use EHR data to track preventive care measures, identify patients who are at risk for hospitalization or readmission, or monitor the use of high-cost medications. Medical device regulators may use EHR data to evaluate the safety and effectiveness of medical devices and make regulatory decisions about their approval and clearance. For example, medical device regulators may use EHR data to evaluate the long-term safety of implantable devices, monitor adverse events associated with medical devices, or analyze post-market surveillance data.
4. Medical device manufacturers
1. Medical device manufacturers: Medical device manufacturers may use EHR data to identify unmet clinical needs and design new devices that address these needs. For example, medical device designers may use EHR data to develop new diagnostic tools, surgical instruments, or implantable devices.
2. Emerging start-ups in the field.
1. Research studies: Universities may use EHR data to conduct research studies on a wide range of health topics, such as disease prevention, treatment effectiveness, and healthcare disparities. EHR data can provide researchers with a rich source of information on patient demographics, medical history, diagnoses, treatments, and outcomes.
2. Medical education: Universities may use EHR data to teach medical students about patient care, clinical decision-making, and healthcare systems. EHR data can help students develop their clinical reasoning skills by exposing them to real-world patient cases and allowing them to practice documenting patient encounters.
3. Medical Technology Development: Universities may use EHR data to develop new medical technologies, such as diagnostic tools or patient monitoring devices. EHR data can provide insights into clinical needs and gaps in current medical technology, which can inform the design and development of new devices.
5. Your Preferences Regarding Purposes for Which Marketplace Data Recipients May Use Your Personal Data
1. You will be able to select preferences regarding the purposes for which your medical records are used by Marketplace Data Recipients. Marketplace Data Recipients will only receive medical records, gender and age. You will be presented with the following options, out of which you may select your most preferred option:
1. Accept all permissions: When you select this option, Marketplace Data Recipients that pass Dcentric’s bio-ethics policies, will be able to access your medical records as well as your gender and age. If you select this option, you will be automatically opted in for all the purposes stated in section 5.1.2 (a) to section 5.1.2 (f), section 5.1.3 (a) and section 5.1.3 (b) of this Data Use Notice. When you select this option, you will receive the highest rewards for use of your medical records. Please refer to our ToU for further information relating to rewards.
2. Set custom preferences: When you select this option, you will be allowed to choose specific purposes for which your data may be used. The rewards you may receive will vary based on your selected preferences. Please refer to our ToU for further information relating to rewards. You will be able to select one or more of the following preferences:
1. Contribute to research to improve patient care: When you select this option, you will be granting consent for your medical records along with gender and age to be used in research studies conducted by Marketplace Data Recipients, to identify patterns and trends that can contribute to developing solutions for improving patient care.
2. Support development of new health technologies: When you select this option, you will be granting consent for your medical records along with gender and age to be used to support the creation of new products and services for patients, medical professionals and others, to improve patient care and bring down healthcare costs. This option does not include the use of your medical records for innovations in artificial intelligence (“AI”).
3. Help train AI to improve healthcare delivery: When you select this option, you will be granting consent for your medical records along with gender and age to be used to develop fair, safe, secure and robust AI for healthcare. AI can uncover patterns and insights to help transform medical research and healthcare delivery.
4. Support efforts to increase patient safety: When you select this option, you will be granting consent for your medical records along with gender and age to be used to help ensure quality health services are provided to reduce unintended patient harm.
5. Help improve public health: When you select this option, you will be granting consent for your medical records along with gender and age to be used to help public authorities set guidelines, policies and regulations that prevent poor health, improve quality of life, reduce inequalities and support research, innovation and public safety.
6. Help develop personalised medicine: When you select this option, you will be granting consent for your medical records along with gender and age to be used to help researchers develop medicines and treatments which can be better tailored to an individual’s personal needs, speeding up diagnosis and delivering desired health outcomes from treatments with less side effects.
3. Set custom preferences for data requests: When you choose to set custom preferences regarding the use of your data on Aria Marketplace, you will be required to select preferences for receiving additional requests and invitations from Marketplace Data Recipients. These requests and invitations are as follows:
1. Information Requests: If you consent to receive information requests, Marketplace Data Recipients will be able to request additional information from you via the My Aria App. Such additional information may be in the form of participating in research for patient reported outcomes (“PROs”). Your participation in research for PROs will require your consent via a separate consent form presented to you by the Marketplace Data Recipient via the My Aria App, that might reveal your identity like in a real-life consent form. Your participation in research for PROs will be governed by separate agreement between you and the concerned Marketplace Data Recipient. The Marketplace Data Recipient will be the data controller for data collected by it for such purposes. Dcentric will not be a party to the arrangements between you and the Marketplace Data Recipient and Dcentric will not be responsible, accountable or liable in relation to your participation in research for PROs.
2. Clinical Trial Invites: If you consent to receive clinical trial invites, Marketplace Data Recipients will be able to invite you to participate in clinical trials via the My Aria App. Your participation in clinical trials will require your consent via a separate consent form presented to you by the Marketplace Data Recipient via the My Aria App, that might reveal your identity like in a real-life consent form. Your participation in clinical trials will be governed by separate agreement between you and the concerned Marketplace Data Recipient. The Marketplace Data Recipient will be the data controller for data collected by it for such purposes. Dcentric will not be a party to the arrangements between you and the Marketplace Data Recipient and Dcentric will not be responsible, accountable or liable in relation to your participation in clinical trials.
2. Opt-out of the Aria Marketplace: When you select this option, Marketplace Data Recipients will not be able to access any of your information. However, Marketplace Data Recipients who have already received access to your medical records, along with gender and age, based on your prior opt-in and consent to the Aria Marketplace, will have access to that information as part of aggregated datasets.
6. Storage and Transfer of Personal Data
1. Your Personal Data is stored and transferred in compliance with Applicable Law.
2. We use third party cloud storage to store data. The storage region selected is the United Arab Emirates (“UAE”) for all Personal Data, including medical records, whether received from our Partner Medical Facilities or collected by us directly from you. Medical records are stored in separate databases from other Personal Data (i.e., the Personal Data collected directly from you as stated in section 3.2).
3. Some of the countries or jurisdictions to which your Personal Data and medical records may be transferred may not benefit from an appropriate data protection regulatory framework. For transfer of your Personal Data and medical records outside the UAE to such countries or jurisdictions, we shall transfer your Personal Data and medical records, upon ensuring that a suitable degree of protection is afforded to it through the implementation of the necessary safeguards, such as an adequacy decision by the relevant authority, adequate binding corporate rules or through the inclusion of standard contractual clauses in our agreements with recipients of your Personal Data and medical records. We may also transfer your Personal Data and medical records to recipients outside the UAE based on your express consent; or if such transfer is necessary for judicial processes; or if such transfer is necessary for entering into or performing a contract between Dcentric and you or between Dcentric and a third party for your interests, or if such transfer is necessary for an act relating to international judicial cooperation; or if the transfer is necessary for protection of public interest.
4. In case of Marketplace Data Recipients who receive your medical records based upon your express consent, some of these Marketplace Data Recipients will likely be located outside of the UAE. We will only allow transfer and secondary use of Personal Data for purposes permitted under the Ministry of Health and Prevention (MOHAP) Resolution No. 51/2021 on exemption for storage and transfer of health records and information. Such transfers of data outside the UAE will be for the purpose of scientific research and based upon your consent. Your opting-in for sharing of your Personal Data and medical records with Marketplace Data Recipients outside the UAE will constitute a specific, formal request by you for sharing of medical records with such Marketplace Data Recipients.
7. Data Retention and Erasure
1. Your Personal Data and medical records will be stored, retained, and processed for no period longer than as required by us for the purposes it was collected for, for the purposes of your participation in the Aria Marketplace, and for meeting any legal, accounting, reporting, government, regulatory or law enforcement requirements. Section 7.2 below describes what happens when you delete your account on the My Aria App.
2. Dcentric uses a blockchain implementation to store medical records. Dcentric facilitates the exercise of the right to erasure by delinking and destroying the recovery phrase (private key) which connects the encrypted health data stored on the blockchain with a natural person (i.e., the user). This process also takes effect when you delete your account on the My Aria App.
3. What remains after the delinking and destruction of the phrase (key) is health data which cannot be connected to a natural person (non-identifiable personal data).
8. Important Information About Your Participation in ARIA Marketplace
1. When you opt-in to Aria Marketplace, you will be opting into allowing approved Marketplace Data Recipients, based upon the preferences selected by you, to access all of your medical records. Sharing of medical records for the selected purposes with approved Marketplace Data Recipients will be done on an ‘all or nothing’ basis, i.e., to ensure data integrity, the patient cannot determine which parts of the medical records will be shared.
2. Medical records relating to you will be accessible to Marketplace Data Recipients only if you have expressly opted-in to Aria Marketplace.
3. Your medical records will be anonymous to the Marketplace Data Recipients, meaning that those accessing your medical records will not see your name or contact details. Your Personal Data, such as name and/or contact details will only ever be shared with Marketplace Data Recipients if you manually opt-in to a clinical trial or research for PROs. At the time of opting-in to a clinical trial or research for PROs, we will specifically seek your consent for sharing your Personal Data such as name and / or contact details with the concerned Marketplace Data Recipient.
4. You will be opting in to allow certain Personal Data, such as your gender and age to be used in conjunction with your medical records. If you do not wish to allow your gender and age to be used in conjunction with your medical records, please do not opt into the Aria Marketplace.
5. Your Personal Data and medical records may be used as part of aggregated data reports. It will not be possible to relate these reports back to you.
6. You can change or revoke your permissions at any time by accessing your preferences within the Marketplace tab in the My Aria App. However, you will not be able to revoke permission for studies that have already used your data.
8. To get in touch with us in connection with your Personal Data and medical records processed by us, please contact us via email at <firstname.lastname@example.org>