Join NowJoin Now

Coming Together to Find a Cure

ALD Connect Network Privacy Policy and Data Security Measures

Privacy Policy

  • Your information will be used for research: Information that might help us predict your future health will be collected about your identity, health, and some of your behaviors. This information will be used in research analyses, and results of these analyses will be presented in scientific conferences and published. These presentations and publications will never show any information that identifies you or any other individual in the network. Summary information that does not contain any identifying information will be shared with other participants in the network.
  • Your information will never be sold, rented, or leased.
  • ALD Connect Network staff will never voluntarily share identifying information about you without your permission.
  • You might be able to see some of your study information: When you register to join the network, you will provide us with a username and a password. You can use this to log in to the network and see some of the health information you’ve provided to us (e.g., your surveys and health profile). You should be very careful not to give your login information to anyone else, or he/she could sign in as you and be able to see your health information. If you are worried that someone else might be using your login information, please let us know immediately, or change your password yourself through the members-only homepage.
  • Protection against involuntary disclosure of your information: ALD Connect Network staff will do everything we can to keep your information private.
  • Electronic security and adherence to the HIPAA privacy rule: The ALD Connect Network follows the security guidelines of the U.S. Health Insurance Portability and Accountability Act of 1996 (HIPAA), which has been modified slightly given that this an online study. All study data is transmitted, stored, and processed in a secure environment. During this research study, identifiable information about your health will be collected.  In the rest of this section, we refer to this information simply as “health information.” In general, under federal law, health information is private. However, there are exceptions to this rule, and you should know who may be able to see, use, and share your health information for research and why they may need to do so. 

In this study we may collect health information about you from research procedures, including tests and questionnaires.

Who may see, use, and share your identifiable health information and why they may need to do so:

  • Partners, a group of healthcare providers in Massachusetts, and research staff involved in this study
  • The sponsor(s) of this study and the people or groups it hires to help perform this research
  • A group that oversees the data (study information) and safety of this research
  • Non-research staff within Partners who need this information to do their jobs, such as for treatment, payment (billing), or health care operations
  • The Partners ethics board, which oversees the research, and the Partners research quality improvement programs
  • People from organizations that provide independent accreditation and oversight of hospitals and research
  • People or groups that we hire to do work for us, such as data storage companies, insurers, and lawyers
  • Federal and state agencies (such as the Food and Drug Administration, the Department of Health and Human Services, the National Institutes of Health, and other U.S. or foreign government bodies that oversee or review research)
  • Public health and safety authorities (for example, if we learn information that could mean harm to you or others, we may need to report this, as required by law)
  • Other:       

Some people or groups who get your health information might not have to follow the same privacy rules that we follow and might use or share your health information without your permission in ways that are not described in this form. For example, we understand that the sponsor of this study may use your health information to perform additional research on various products or conditions, to obtain regulatory approval of its products, to propose new products, and to oversee and improve its products’ performance. We share your health information only when we must, and we ask anyone who receives it from us to take measures to protect your privacy. The sponsor has agreed that it will not contact you without your permission and will not use or share your information for any mailing or marketing list. However, once your information is shared outside Partners, we cannot control all the ways that others use or share it and cannot promise that it will remain private.

Because research is an ongoing process, we cannot give you an exact date when we will either destroy or stop using or sharing your health information.

The results of this research study may be published in a medical book or journal or used to teach others. However, your name or other identifying information will not be used for these purposes without your specific permission.

Your Privacy Rights

You have the right not to complete this form, which allows us to use and share your health information for research; however, if you don’t complete it, you can’t take part in this research study. 

You have the right to withdraw your permission for us to use or share your health information for this research study. If you want to withdraw your permission, you must notify the person in charge of this research study in writing. Once permission is withdrawn, you cannot continue to take part in the study.

If you withdraw your permission, we will not be able to take back information that has already been used or shared with others.

You have the right to see and get a copy of your health information that is used or shared for treatment or for payment. To ask for this information, please contact the person in charge of this research study. You may get such information only after the research is finished.

Data Security Measures

The following is a technical explanation of the measures we take to protect your data. If you have any questions about this information, please contact us by email at ??? or by phone at 617-??? weekdays between the hours of 9:00 a.m. and 5:00 pm. You can expect a response within 72 hours of contacting us on a weekday or up to five days if contacting us on a weekend or holiday.

The PHS Research IT Facilities Security Center will host the web and database servers for the ALD Connect Network. All information will be stored in linked data tables on ALD Connect Network secure network servers. Identifying information (name and email address) will be stored in separate (but linked) data tables so that health-related data can be viewed by study staff as needed without inadvertent association with identifiers when such linkage is not required. All systems are secured behind the Partners firewall and follow Partners Healthcare Information Security policies for authenticated, minimum access. All systems are patched, monitored, and scanned routinely for vulnerabilities and intrusions by the systems administrator and PHS Information Security. Data is encrypted, where applicable, in compliance with state and federal government standards, regulations, and in accordance with Partners security and privacy policies. The web server and database server are hosted within the Partners firewall and use the 128-bit Secure Sockets Layer (SSL) protocol.

The ALD Connect Network Data Management Center (DMC) is experienced in data management for multicenter clinical studies and utilizes the following data security measures:

  • Data transmission: The ALD Connect Network web server (provisioned by Partners Research Computing) currently uses the 128-bit Secure Sockets Layer (SSL) protocol.
  • Secure server room: All data is housed in a secure server room. The server room is in a building that is locked other than during normal business hours and is located in a limited-access locked suite fitted with an access control system. Within the locked suite is a locked server room fitted with an additional secure door.
  • Antivirus software: All servers are protected from viruses by McAfee VirusScan.
  • Firewall: The network, including all the servers that will store ALD Connect Network data, is behind a secure firewall that does not allow unauthorized access to any research data server.

Will your data be shared with other investigators and used by these investigators for future research?

Data from this study will be stored in a computer data repository at the Massachusetts General Hospital (MGH) Neurological Clinical Research Institute (NCRI). The purpose of this data repository is to capture and store data for clinical research. The repository will combine data from multiple studies. We will share datasets with researchers who want to advance understanding of adrenoleukodystrophy. These datasets will not contain any personal identifiable information.

For this research project, some identifiable information may be collected and stored in the database. This might include information like your date of birth or the date your symptoms began. At the end of this project, all identifying information including dates will be removed (de-identified). The de-identified dataset combined with information from other projects will then become available for sharing with other researchers.

Global Unique Identifier (GUID)

In this study participants who wish to sign up for the ALD Connect Network will be assigned a unique patient identifier called a Global Unique Identifier (GUID). If you are participating in another clinical study that uses this GUID, it is hoped that data for this current study can be linked to data from other projects. Linking data to other projects makes it more useful.

The GUID is created on a secure website by a specialized computer program that uses 12 pieces of information about you (e.g., first and last name, gender, birthday). The website and computer program used to create the GUID does not store any personal information, but if the same information is entered again in the future, the program will return the same GUID every time. Once generated, this GUID will be used to uniquely identify you. This is how data from this study might be linked to data from another study you participate in that uses the GUID. Because the GUID is generated randomly, it is impossible to identify you from the GUID.

The GUID and any identifiable information will be removed from your record before your data are shared.