Engage Health often collects private information through market research or other projects being conducted on behalf of our clients. The following outlines our privacy and data storage policies as they pertain to information that we gather.

Information from Healthcare Providers

As part of our work, we often collect information from healthcare providers (HCP) that help us to understand certain diseases or the opinions of healthcare providers about certain topics. Data collection can be in the form of surveys or interviews and often includes the payment of an honorarium in exchange for participation.

In these cases, data relating to that healthcare provider (such as their name, address, institutional affiliation and other information) together is called “Personal Data” and is required in order that we can process an honorarium check. If a healthcare provider elects not to provide their Personal Data, they forego the option to receive remuneration as we would not have a way to know to whom or where to send it.

Data relating to the healthcare providers’ opinions abut certain topics is called “Anonymous Data.”

Engage Health will collect and record the Personal Data and the Anonymous Data (together the “Survey Data”) on Engage’s proprietary, secure server.

The Survey Data will generally be used, in combination with the data from other respondents, to provide a report to our clients. Generally, the ways that the data will be used are outlined for each project and the prospective participant has the opportunity to decline to participate if they so choose.

Only if a healthcare provider consents, either in writing or verbally, will the Personal Data be shared with our client.

 

Information from Patients or Their Legal Guardians

As part of our work, we often collect information from patients who are impacted by a certain disease, or their legal guardian(s), that helps us to understand the disease, the burden of illness, their opinions about certain topics, or other issues that will be helpful to our clients as they develop and commercialize therapies for (often rare) diseases. Data collection can be in the form of surveys or interviews and often includes the payment of an honorarium in exchange for the time they have taken to participate. Any and all compensation is solely for time spent and is in no way tied to the use or recommendation of any product that is owned by Engage Health or any client of Engage Health.

Data relating to that patient (such as their name, address, or any other information that could lead someone to reasonably determine their identity) together is called “Personal Data” and is required in order that we can process an honoraria check. If a patient or their legal guardian elects not to provide their Personal Data, they forego the option to receive remuneration as we do not have a way to know to whom or where to send remuneration.

Data relating to the patient’s or legal guardian’s opinions about certain topics is called “Anonymous Data.”

Engage Health will collect and record the Personal Data and the Anonymous Data (together the “Survey Data”) on Engage’s proprietary, secure server.

The Survey Data will generally be used, in combination with the data from other respondents, to provide a report to our clients. Generally, the ways that the data will be used are outlined for each project and the prospective participant has the opportunity to decline to participate if they so choose.

Typically, the Personal Data is “de-identified” prior to sending information to our client. This is accomplished by assigning each patient a unique number. Identifying personal information such as patient name, address, email address, date of birth or other aspects that could identify survey participants are removed from any files provided to the client.

Only if a patient or their legal guardian consents, either in writing or verbally, will the Personal Data be shared with our client. Typically, this occurs in cases where patients and/or their legal guardian desire to be part of advisory groups or other activities that require face to face meetings with the client. In these cases there are clear consents, often provided by the client, that are signed by the patient and the client in order that there is clarity around how the information will be used.

In order to participate in a specific health research study, there any often specific criteria, established. These are clearly laid out in the invitation to participate in order that potential participants know if a certain project pertains to them or their disease.

We only allow participation / provision of information of patients who are age 18 years or greater, and if they are younger than 18 years or in the case where someone is unable to answer for themselves, we allow participation by their parent or legal guardian. We do not collect Personal Data from persons not authorized to give it (i.e. we will not collect Personal Data of a friend, cousin, acquaintance, etc.).

Engage Health, Inc. and the US Health Information Portability and Accountability Act

HIPAA (Public Law 104-91), or the Health Information Portability and Accountability Act, establishes US national standards to protect individuals’ personal information. It is regulated by the U.S. Department of Health and Human Services.

Under HIPAA, a “covered entity” is a;

Health Care Provider: Any provider of medical or other health services, or supplies, who transmits any health information in electronic format in connection with a transaction for which HHS has adopted standard requirements.

Health Plan: Any individual or group plan that provides or pays the cost of health care.

Health Care Clearinghouse: A public or private entity that transforms health care information received from another entity into a standard (i.e. standard electronic format or data content), or vice versa.

Under HIPAA, “standard transactions” include;

The processing of claims or encounters

Remittance advice

Eligibility inquiry and response

Prior authorization and referral

Claims status inquiry and response

Because Engage Health, Inc. does not provide any of the services noted above noted under the section that addresses “covered entities” and does not conduct one or more of the standard HIPAA transactions, counsel has determined that Engage Health, Inc. is a non-covered entity and therefore is not subject to HIPAA regulations.

However, because certain clientele of Engage Health, Inc. may consider themselves covered entities, Engage Health, Inc. uses reasonable efforts to protect patient data and privacy in the spirit of standard HIPAA regulations as follows;

Standard: Safeguards. A covered entity must have in place appropriate administrative, technical, and physical safeguards to protect the privacy of protected health information.

At no time does Engage Health, Inc. promote itself as a covered entity under HIPAA.

 

Data Storage Information Applicable to Those in the US

Engage Health is running its database application on its own servers (not shared by other companies) operated by one selected vendor in the United States of America (the “U.S.”) and will therefore transfer Personal Data within the U.S.

 

Data Storage Information Applicable to Those in EU Member States

Engage Health is running its database application on its own servers (not shared by other companies) operated by one selected vendor in the United States of America (the “U.S.”) and will therefore transfer Personal Data within the U.S. The U.S. are not ensuring an adequate level of protection of personal data as is applied in the member States of the EU.

Engage Health may use Agents to access, collect, record, process and use Personal Data as required for, and in compliance with, the purpose of each project. Agents will perform such activities exclusively upon, and in strict compliance with, Engage Health’s written policies and the terms of appropriate Consents. Upon request, we will provide you with the names and addresses of such agents.

 

Your Consent

By accessing and providing data to a survey or an RSVP for an interview or other activities, you agree and consent that Engage Health may collect, transfer, record, store, process and use Personal and Anonymous Data through its own personnel, and through Agents, as outlined above. You have, at any time, the right to access your Personal Data stored by Engage Health, to have the data rectified, completed, blocked or deleted and you may at any time withdraw your consent to the storage, processing and use of your data with effect for the future. Further, your consent is optional and voluntary. Denying consent does not have any negative consequences for you other than you will not be able to participate in a given survey or interview as outlined above.