- We will use your information for research: We collect information about your identity, your health, and some of your behaviors that might help us predict your future health. This information will be used in research analysis, presented at scientific conferences, and then published. These presentations and publications will never show any information that identifies you or any other individual in the study.
- We will not sell your data to drug companies for market research: We will never voluntarily share identifying information about you without your permission. We may share de-identified health data with other researchers for the purpose of research.
- Protection again involuntary disclosure of your information: We will do everything we can to keep your study information private. See below for more information about our data security measures.
- Electronic security and adherence to the HIPAA privacy rule: The EGID Partners Study follows the general security guidelines of the U.S. Health Insurance Portability and Accountability Act of 1996 (HIPAA). All study data is transmitted, stored, and processed in a secure environment
- While we cannot provide an absolute data security guarantee, your information will be transmitted and stored using state-of-the-art security systems similar to those that protect websites used by banks and electronic health systems. If despite our best efforts, we ever experience a breach of the security of your personal information, we will notify you in accordance with federal and state laws.
Data security measures
The following is a technical explanation of the measures we take to protect your data. If you have any questions about this information, please contact us by email at firstname.lastname@example.org or by using one of the other options described in the “Contact Us” section of the website.
All study information will be stored in linked data tables. Identifying information (email address) will be stored in separate (but linked) data tables so that health-related data can be viewed by EGID Partners study staff as needed without inadvertent association with identifiers when such linkage is not required.
- The EGID Partners study teams will take the following data security measures:
- Data Transmission: EGID Partners currently utilizes advanced encryption technology to protect all data transmitted over the Internet between the coordinating center’s web server and every client machine (including our research participants’ machines) that accesses our study web sites.
- Secure Servers: All study data is housed on secure servers.
- Antivirus Software: All servers are protected from viruses using anti-virus software. This software automatically checks for virus signature file updates once an hour, and if necessary, directly updates itself. All antivirus software is monitored and network personnel are notified in the event that the software stops functioning on a server.
- Firewall: The network, including all the servers that will store our research data, is behind a secure firewall that does not allow unauthorized access to any research data server.
- Disaster Recovery: The study database is backed up regularly to ensure that no data is lost. Our disaster recovery system also follows Standard Operating Procedures to maintain full security of backup data.
- Cloud Services: In addition to use of our secure servers, we may use your data in conjunction with cloud storage and computing services in order to assist with communication, data collection, storage, and processing. Third-party vendors will be vetted for their security practices and will meet or exceed privacy and security standards for the University of North Carolina at Chapel Hill electronic research health records management.
“Personal Information” is information you supply to EGID Partners that allows you to be individually identified. This includes (a) identifiable contact information, such as name, address, telephone, and email address, (b) information you provide about yourself, such as your health or lifestyle information, and (c) “coded information,” which is the same information as (b), but with all of your identifiers and contact information removed and a random alphanumeric code assigned to it for search purposes.
“De-Identified Data” means information that does not identify individuals. In regards to your health-related information, EGID Partners will follow the standard set by a federal law called HIPAA (the Health Care Portability and Accountability Act). The HIPAA Privacy Rule specifies eighteen (18) data elements that, alone or in combination, could identify a person. These include information such as your name, address, phone number, social security number, and photos of your face. Generally speaking, when all 18 of these identifiers specified by HIPAA are removed, the information that remains is “de-identified”.