When it comes to sharing personal health information, concerns about data security are paramount, especially within the patient community. Here at the Raymond A. Wood Foundation, we prioritize the safety and privacy of your data. We want to assure you that the Hypothalamic-Pituitary Brain Tumors Patient Registry is a secure platform hosted on the National Organization for Rare Disorders (NORD) platform. This registry adheres to strict government guidelines to ensure the utmost protection of patient information.
How We Ensure Data Security
The platform is compliant with several critical privacy and data security regulations, including:
- US Health Information Privacy Laws: HIPAA, HITECH, and FISMA
- State Privacy Laws: Where applicable
- FDA Regulations on Electronic Records: 21CFR Part 11
- European Union Data Directive and General Data Protection Regulation (GDPR)
Since NORD launched its first patient registry in 2014, it has hosted over 60 registries without a single data breach or incident compromising participant data security.
Institutional Regulatory Board Approval
The Hypothalamic-Pituitary Brain Tumors Patient Registry protocol and procedures have been reviewed and approved by an Institutional Regulatory Board (IRB), specifically the North Star Review Board. This review ensures that all human subject research is conducted in accordance with federal, institutional, and ethical guidelines.
Encryption and Data Safety Measures
The platform employs HTTPS to ensure that data is encrypted when transmitted from your browser to NORD servers. Additionally, data stored in the NORD database (data at rest) is encrypted. All communications between the registry platform application server and the database are also encrypted. While any electronic information carries a minimal risk of privacy compromise, the robust security measures in place significantly minimize this risk.
De-Identification and Data Sharing
The information you provide is de-identified, meaning all Personal Health Information (PHI) is removed and the data is aggregated with other participants’ data. Typically, only de-identified data is shared with researchers, companies developing treatments, or other parties. In rare cases where the research cannot proceed without PHI, such data will be shared only after approval by the registry advisory board, in accordance with IRB-approved protocols.
Importance of Accurate Personal Information
Entering correct personal information is crucial. The consent form for participation is a legal document that must be signed with your real name. Accurate data ensures that research results are trustworthy, allowing patients’ and caregivers’ voices to be credibly heard by healthcare providers, scientists, and regulatory agencies. Incorrect information, like an inaccurate date of birth, can jeopardize the creation of crucial identification numbers such as CRID or GUID, which link medical information across different databases without sharing personal health information.
Data Storage and Ownership
NORD stores sponsor and participant registry data on encrypted servers in Canada, with regular backups. These servers meet industry standards and comply with US and international regulations, including GDPR. The data is owned by the Raymond A. Wood Foundation, which decides how and with whom to share it. NORD staff access the data only for platform support and maintenance.
Access to Protected Health Information (PHI)
Access to PHI is limited to approved members of the research team and NORD staff, if technical support is needed and with registry staff permission. All requests for data are evaluated by the Registry Advisory Board, ensuring that researchers receive only the minimum data necessary for their studies.
GDPR Considerations
For our participants in the European Union and Switzerland, we offer the same privacy protections as in the US, along with additional rights under GDPR. These include the right to access, rectify, or erase personal data, receive data in a portable format, restrict or withdraw consent for data processing, and lodge complaints with supervisory authorities.
For more detailed information, please visit the FAQs section of Hypothalamic-Pituitary Brain Tumors Patient Registry page on this website. Your privacy and trust are of utmost importance to us, and we are committed to safeguarding your information.