• We will use your information for research: We collect information about your identity, your health, and some of your behaviors that might help us predict your future health. This information will be used in research analysis, presented at scientific conferences, and then published. These presentations and publications will never show any information that identifies you or any other individual in the study.
• We will not sell your data to drug companies for market research: We will never voluntarily share identifying information about you without your permission. We may share de-identified health data with other researchers for the purpose of research.
• Protection against involuntary disclosure of your information: We will do everything we can to keep your study information private. See below for more information about our data security measures.
• Electronic security and adherence to the HIPAA privacy rule: The EGID Partners Study follows the general security guidelines of the U.S. Health Insurance Portability and Accountability Act of 1996 (HIPAA). All study data is transmitted, stored, and processed in a secure environment
• While we cannot provide an absolute data security guarantee, your information will be transmitted and stored using state-of-the-art security systems similar to those that protect websites used by banks and electronic health systems. If despite our best efforts, we ever experience a breach of the security of your personal information, we will notify you in accordance with federal and state laws.

Data security measures

The following is a technical explanation of the measures we take to protect your data. If you have any questions about this information, please contact us by email at info@egidpartners.org or by using one of the other options described in the “Contact Us” section of the website.

All study information will be stored in linked data tables. Identifying information (email address) will be stored in separate (but linked) data tables so that health-related data can be viewed by EGID Partners study staff as needed without association with identifiers when such linkage is not required.

The EGID Partners study teams will take the following data security measures:

• Data Transmission: EGID Partners currently utilizes advanced encryption technology to protect data transmitted over the Internet between the coordinating center’s web server and every client machine (including our research participants’ machines) that accesses our study web sites. NOTE: email communications by EGID Partners to you may not be encrypted.
• Secure Servers: All study data is housed on secure servers.
• Antivirus Software: All servers are protected from viruses using anti-virus software. This software automatically checks for virus signature file updates once an hour, and if necessary, directly updates itself. All antivirus software is monitored and network personnel are notified in the event that the software stops functioning on a server.
• Firewall: The network, including all the servers that will store our research data, is behind a secure firewall that does not allow unauthorized access to any research data server.
• Disaster Recovery: The study database is backed up regularly to ensure that no data is lost. Our disaster recovery system also follows Standard Operating Procedures to maintain full security of backup data.
• Cloud Services: In addition to use of our secure servers, we may use your data in conjunction with cloud storage and computing services in order to assist with communication, data collection, storage, and processing. Third-party vendors will be vetted for their security practices and will meet or exceed privacy and security standards for the University of North Carolina at Chapel Hill electronic research health records management.

Unencrypted Communications

EGID Partners may contact you through unencrypted electronic means to the email address that you or any person acting on your behalf provide to EGID Partners for survey related inquiries. EGID Partners will limit identifying information contained in communications to your email address and communications will not contain your personal information aside from your participation in the study and a link to login to your study account. EGID Partners can provide no assurance as to the confidentiality of information communicated to you by use of unencrypted email based on the risk that unencrypted messaging may be intercepted or visible to be read by third parties.

Glossary

Here are terms are used in this Privacy Policy and referenced in the study consent:

“Personal Information” is information you supply to EGID Partners that allows you to be individually identified. This includes (a) identifiable contact information, such as name, address, telephone, and email address, (b) information you provide about yourself, such as your health or lifestyle information, and (c) “coded information,” which is the same information as (b), but with all of your identifiers and contact information removed and a random alphanumeric code assigned to it for search purposes.

“De-Identified Data” means information that does not identify individuals. In regards to your health-related information, EGID Partners will follow the standard set by a federal law called HIPAA (the Health Insurance Portability and Accountability Act). Under HIPAA, health information is individually identifiable if it contains any of the 18 individual identifiers. These identifiers include your email address and internet protocol (IP) address numbers. Generally speaking, when all 18 of these identifiers are removed, the information that remains is “de-identified.”

Thank you for reviewing our Privacy Policy.