INFORMATION ABOUT PRIVACY OF BRAIN DONORS AND THEIR FAMILY
Health information that identifies an individual is private under federal law; its handling is regulated according to the Health Insurance Portability and Accountability Act, was passed by Congress in 1996.
HBTRC staff is highly trained to follow this regulation, and several measures are in place to protect the confidentiality of brain donors and their families:
- The Staff at the HBTRC will assign a code number to the tissue and health information. The donor’s name, medical record number, or other identifiable information will not be stored with the tissue or health information. The key to the code that connects the name and other identifiers to the tissue and information will be stored securely in a separate file.
- The coded tissue and health information may be shared with researchers to carry out studies on the human brain and on brain disorders. We will not share information that identifies the donors with researchers.
- In order to allow researchers to share research results, agencies such as the National Institutes of Health (NIH) have developed secure banks that collect and store research samples and/or health information. The HBTRC will share potentially identifiable health information (e.g. date of birth, date of death, dates of admission to hospitals) with the national institutes of health (NIH; NIMH, NICHD, and NINDS brain and tissue repository, Neurobiobank). The central banks may share these samples or information with other qualified and approved researchers to do more studies. Results or samples given to the central banks will not contain information that directly identifies the donor. There are many safeguards in place at these banks to protect the donor’s privacy.
Last revised: August 30, 2018
2. INFORMATION THAT WE COLLECT
Information You Provide to Us
We collect information you provide to us, for example when you create or modify your account, register to use our Site, purchase services from us, request information from us, contact customer support, or otherwise communicate with us. This information may include:
- Billing address
- Email address
- Telephone number
- Credit card number (solely for payment purposes)
- Date of birth
- Medical history, medical records and other health related information, including images
- Insurance carrier and subscriber information
Information We Collect Through Your Use of our Site
Google and Other Third Party Services
We may use web analytics and tag management services and tools service provided by Google, Inc. (“Google”) and other third parties to collect certain information relating to your use of the Site. Google Analytics uses “cookies”, which are text files placed on your computer, and tags (such as tracking codes and event codes) to help us analyze how users use the site. You can find out more about how Google uses data when you visit our Site by visiting “How Google uses data when you use our partners' sites or apps” (located at https://policies.google.com/privacy).
Information Collected Through Cookies and Similar Technologies
No Information from Children Under Age 13
If you are under the age of 13, please do not attempt to register with us at this Site or provide any personal information about yourself to us. If we learn that we have collected personal information from a child under the age of 13, we will promptly delete that information. If you believe we have collected personal information from a child under the age of 13, please Contact Us CISPO@partners.org.
3. HOW WE USE AND SHARE YOUR INFORMATION
To Facilitate or Provide Services and Information. We collect information from you in order to facilitate or provide services that you request from us; register and service your online account; provide information that you request from us; contact you about your services requests; and process credit card transactions.
For Clinical Research. We (and our researchers and affiliates) may collect, use and share information from you for the purposes of determining which clinical research opportunities may be of interest to you, contacting you to participate in research opportunities, or conducting clinical research as part of a research study in which you have agreed to participate as a research subject or researcher or in which your existing data is used, or providing information to you regarding research studies or medical information you have requested.
Please note that not every research study will collect, use and share data in the same way. In certain cases, you will be provided with a consent or authorization form relating to a specific research project that explains the types of information collected and the purposes for which the information is collected, used and shared. If you are provided with a consent or authorization form for a particular research study, the description of the collection, use or sharing of your information contained in such form shall apply to the specific study in question.
Sharing with Third Parties. We may provide information to third party service providers that help us operate and manage our Site, process services requests, and deliver services that you purchase through the Site. We may also provide information affiliated individuals and organizations providing professional medical services that you access through the Site. These service providers will have access to your personal information in order to provide these services, but when this occurs we implement reasonable contractual and technical protections to limit their use of that information to helping us provide the service.
Your Consent. In addition to the sharing described elsewhere in this Policy, we will share personal information with companies, organizations or individuals outside of Partners and its affiliates when we have your consent to do so. By using our Site, you consent to the collection, use and sharing of this information as described in this Policy.
Legal Proceedings. We will share personal information with third party companies, organizations or individuals outside of Partners and its affiliates if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to:
- Meet any applicable law, regulation, subpoena, legal process or enforceable governmental request.
- Detect, prevent, or otherwise address fraud, security or technical issues.
- Protect against harm to the rights, property or safety of Partners, the site, our users, customers or the public as required or permitted by law.
4. ACCESS TO YOUR INFORMATION AND CHOICES
5. SECURITY OF YOUR INFORMATION
We use industry standard physical, technical and administrative security measures and safeguards to protect the confidentiality and security of your personal information. However, since the Internet is not a 100% secure environment, we cannot guarantee, ensure, or warrant the security of any information you transmit to us. There is no guarantee that information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards. It is your responsibility to protect the security of your login information. Please note that while communications and information you send to us using our Site are encrypted, e-mails and other communications you send to us outside of the Site are not encrypted. Thus, we strongly advise you not to communicate any confidential information through unencrypted email.
7. QUESTIONS AND HOW TO CONTACT US
Partners HealthCare System, Inc.
399 Revolution Drive
Somerville, MA 02145
Attn: Chief Information Security and Privacy Officer
8. USERS IN THE EUROPEAN ECONOMIC AREA (EEA) AND SWITZERLAND
If you are a resident of the EEA or Switzerland, the following information applies with respect to personal data collected through your use of our Site.
Purposes of processing and legal basis for processing: As explained above, we process personal data in various ways depending upon your use of the services. We process personal data on the following legal bases: (1) with your consent; (2) as necessary to provide the services; and (3) as necessary for our legitimate interests in providing the services where those interests do not override your fundamental rights and freedom related to data privacy.
Transfers: Personal data we collect may be transferred to, and stored and processed in, the United States or any other country in which we or our affiliates or processors maintain facilities. We will use reasonable efforts to ensure that transfers of personal data to a country or an international organization outside the EEA or Switzerland are subject to appropriate safeguards.
Your rights: You are entitled to the rights under Chapter III of the EU General Data Protection Regulation or Section 2 of the Swiss Federal Act on Data Protection with respect to the processing of your personal data, which include the right to access and rectify and to request erasure of personal data. In order to verify your identity, we may require you to provide us with personal information prior to accessing any records containing information about you.