Archway Health Privacy Policy


Archway Health takes very seriously its obligation to protect the confidentiality of, and to limit the uses and disclosure of your Medicare Data and your Medicare Data.


This Privacy Policy lets you know:


  • What information we collect about you when you use the Services and how that information is used;

  • The limited ways in which we use the information you provide;

  • The ways in which we protect the security of your information;

  • The ways in which you control the sharing of your information with others, and the very limited circumstances in which we might ever disclose your information to others without a direction from you to do so;

  • What happens to your information when you choose to revoke access to you information

  • Ways in which you can further protect your information;

  • How this privacy policy can change and its scope.


Capitalized terms used in this Privacy Policy have the meanings set forth in the Definitions section found at the end of the policy.


The Medicare Data we collect and how it is used

When you authorize Archway Blue Button to download your Medicare Data from, Archway will download 4 years of your Medicare Data and share it with the healthcare providers you designate.


These healthcare providers will use this data to understand your healthcare history and improve your care plan.


Medicare Data refers to your Medicare data such as type of Medicare coverage, drug prescriptions, information about your Medicare treatments and costs.  Medicare Data consists of your Part A, Part B, and Part D data. It also includes information that specifically identifies you, such as full name and Medicare insurance number.  


Our Website uses this Medicare Data solely for the purpose of helping your healthcare providers improve your care plans.  We do not use Medicare Data to contact you directly, and do not share your information with anyone other than your healthcare providers like physicians and other caregivers, each of with whom we have entered into a written agreement addressing, among other things, the types of information to be shared and the level of protection such information shall receive in compliance with the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and other laws.


We also collect and record certain information from your browser each time you connect to our Site, such as your IP address, browser type and language, date, time and duration of your connection, and the actions that you perform. That information becomes part of our Audit Files, which we use only in connection with providing, monitoring or improving the performance of the Services, and in offering any technical support or assistance you might request in connection with your use of

the Services.


We also store some information in cookies (small text files) that are created on your computer. The information stored there is retrieved when you connect to our Site and used to improve or simplify your user experience on subsequent visits. Most web browsers allow you to decline cookies, and if you’ve chosen to do so then some features or conveniences otherwise available when using the Services may not work for you.


How we use your Medicare Data

Archway Health will not use, sell, rent, lease or disclose any of your Medicare Data for the purpose of allowing third parties to advertise to you or otherwise attempt to sell you products or services or solicit you for business of any kind.

We use your Medicare Data in several ways:

  • To provide the Services to you;
  • To provide assistance or technical support in connection with your use of the Services;
  • To audit, monitor, improve and further develop the Services.


We also reserve the right to use your Medicare Data to investigate possible violations of the Terms of Service that govern your use of the Services, to protect Archway Health’s property and rights, to investigate potential fraud or security issues, and to communicate with you regarding the Services or your use of the Services.


How we protect the security of your Medicare Data

Archway Health employs a wide variety of administrative, physical and technical safeguards to protect the confidentiality, integrity, and availability of your Medicare Data.


For example, only Archway Health employees who have a need, such as those assigned to operate and provide support for the Services, are provided electronic access to the Archway Health Servers on which your Medicare Data is stored. Those Archway Health Servers are kept in secure locations and physical access to them is highly-controlled and tracked.


We use Secure Sockets Layer (SSL) certificate technology so that you have assurance when using the Services that our Site is genuine and operated by Archway Health. That technology also allows us to establish a secure, encrypted connection between our Site and the web browser you are using when you connect to the Site. When the secure, encrypted connection exists, the address appearing in your browser’s address bar will begin with https:// (not just http://). If you use a high-security browser, your browser address bar will turn green to indicate your secure connection.


Please note, however, that when the Services re-direct you to web sites operated by other organizations (such as a healthcare organization or healthcare applications at which you have an active account), you no longer are connected to our Site. At that point, the nature of your connection is governed and controlled by the technology adopted and put into place by the organization operating the web site to which you’ve been re-directed.


Other technical safeguards that we employ at Archway Health to protect your Medicare Data include the following:

Service Account passwords (if created) are stored in an encrypted format.

We provide you guidance on how to create secure passwords, if passwords are required.

The Site can be accessed only when you are using high-security browsers of certain versions, all of which must be SSL-compatible.

All transfers of data between systems made via the Internet in connection with your use of the Services occur in encrypted form using SSL protocol or similar technology this is widely regarded to be secure and reliable.

Firewalls and audit trails are used to safeguard your information further.


How you control the sharing of your Medicare Data and the limited circumstances in which we may disclose it to others


Archway Health Services allow you to share your Medicare Data with your Healthcare Providers. You control those transfers through the features provided within the Services. For instance, you can authorize the healthcare providers who can access your Medicare Data. Only those provider organizations that you authorize will be able to view your Medicare Data.  


Please note that Archway Health cannot control and is not responsible for the privacy and security of your Medicare Data once it has left Archway Health in accordance with your requests and directives when using the Services. We cannot retrieve that information after you’ve shared it; and we cannot control or restrict the use of your Medicare Data by your Healthcare Providers.  How your Healthcare Providers treat your Medicare Data is determined by their own privacy practices.


There are very few instances in which your Medicare Data ever will be disclosed by us other than as directed by you through your use of the Services. We may disclose your Medicare Data in the following circumstances:

As we in good faith consider necessary for us to comply with any applicable law compelling a disclosure of the information, to comply with legal process served on us, or in response to the request of a law enforcement or government regulatory agency in circumstances that we believe warrant the disclosure;

As we in good faith believe is necessary or appropriate in order to protect the personal safety or health of the public or users of the Service;

As we in good faith believe is necessary or appropriate to protect and defend our rights and property, including the enforcement of the Terms or Service that govern your use of the Services;

As we in good faith believe is necessary to protect against or address fraud or security breaches.


In addition, Archway Health may at times engage other companies or individuals to perform certain activities on our behalf and related to our provision of the Services, such as assistance in improving software, off-site storage of information for disaster recovery, web site hosting, or technical assistance regarding operating systems, web browsers or other non-Archway Health software with which the Services might interact. Archway Health will provide such third parties access to your Medicare Data only (i) when such access is necessary to accomplish the activity for which we have engaged the third party; and (ii) when the third-party is contractually bound to us: (a) to use the information only in connection with accomplishment of the activity for which they’ve been engaged and (b) to provide administrative, physical and technical safeguards to protect the confidentiality and security of the information.


How to Revoke Access to your Medicare Data

Access may be revoked at anytime by emailing us at: with “Revoke Access” in the subject line.


What happens to your Medicare Data when you revoke access

You can choose to revoke access to your Medicare Data at any time. If you choose to do so, we will permanently delete your Medicare Data from our servers and we will no longer request your Medicare Data from Medicare.

Please note that revoking access affects only your Medicare Data that is stored on Archway Health Servers. It does not affect, alter or accomplish the deletion of any Medicare Data that is stored or maintained on other systems, such as those of your healthcare providers.


After revoking access, your Medicare Data may persist in Backup Files for up to a year and in our Audit Files for longer periods of time based upon government agency and private organization guidelines and recommendations that pertain to analogous categories of data and information. Our Backup and Audit Files are never stored on computers connected to the Internet and the data in such files is not readily or even easily accessible. We therefore reserve the right to decline to process requests to provide access to, to delete or to correct inaccurate Medicare Data if such requests would be impractical, require disproportionate technical efforts, jeopardize the security of other individuals’ Medicare Data or interfere with Archway Health’s legal obligations or its legitimate efforts to protect its business interests.


Changes to this Privacy Policy

We may make changes to this policy from time to time by posting revised versions on this page.


Questions and concerns

If you have any questions regarding this Privacy Policy or concerns about our use, disclosure or handling of your Medicare Data, please contact us by emailing, with 'Privacy Policy' in the subject.



Audit Files refers to files in which logs are made to track the activity occurring on a Service Account, which can be useful in providing support to account holders.

Backup Files refers to copies of Archway Health Servers periodically made and retained for the purpose of being able to restore our systems in the event of an occurrence that would necessitate such restoration.

Archway Health refers to Archway Health, LLC. and all of its controlled affiliates and subsidiaries.

Archway Health Servers means all tangible computer equipment and storage media of any kind owned and controlled by Archway Health.

Archway Blue Button Services refers to the service Archway Blue Button provides which allows you to  share your Medicare Data with designated healthcare providers.

Archway Blue Button Account refers to web-based patient access and services accounts that you hold at healthcare organizations offering such accounts using Archway Health personal health record software.

Medicare Data refers to any information that reasonably could be identified as pertaining to you or your Service Accounts or otherwise used to identify you, whether that information is information that we collected about you or that you provided or directed to be transferred into your Service Accounts when using the Services.

Production Servers refer to those Archway Health Servers through which the Services are actively being provided via the Internet and on which Service Account holders’ live, up-to-date information is stored and actively accessed in connection with the provision of the Services, including any real-time copies of such servers that we might maintain and operate for the purpose of providing continuity of service in the event of a disaster at our principle server site.

Service Accounts refers to active Archway Health Services and Archway Health Services accounts residing on Archway Health Servers and accessible via the Internet in which you manage and access the information you enter or transfer into the accounts.

Site means the web sites, applications, and interfaces through which Archway Health provides the Services and for which Archway Health is the registered owner.

Terms of Service means the Archway Health Terms of Service for Web-Based Services to which you agree when you establish a Service Account.