Privacy & Data Storage Policies
Engage Health often collects private information through market research or other projects conducted on behalf of our clients. The following outlines our privacy and data storage policies as they pertain to information that we gather.
Information from Healthcare Providers
As part of our work, we have a legitimate interest in collecting information that is provided to us by healthcare providers (HCP) under consent that help us to understand certain diseases or the opinions of healthcare providers about certain topics. Data collected is that which is necessary to answer a specific set of questions, and can be in the form of surveys or interviews and often includes the payment of an honorarium in exchange for participation.
In these cases, any data relating to that healthcare provider (or data subject) that can be used to identify or indirectly identify them (including, but not limited to, their name, address, institutional affiliation and other information describing their experience or practice) together is called “Personal Data” and is required in order that we can process an honorarium check, invite participation in future research, obtain additional information, provide information requested or additional information we believe may be of interest. If a healthcare provider elects not to provide their Personal Data, they forego the option to be invited to future research or to receive updates or remuneration as we would not have a way to know to whom or where to send it.
Data relating to the healthcare providers’ opinions about certain topics is called “Anonymous Data.”
Engage Health will collect and record the Personal Data and the Anonymous Data (together the “Survey Data”) on Engage’s proprietary, secure servers.
The Survey Data will generally be used, in combination with the data from other respondents, to provide a report to our clients, to conduct historical studies and additional analysis for internal use. Further, Engage may share aggregated non-personally identifiable statistical data about individuals to third parties for any purpose, including commercial but in such cases will not identify you or others. Generally, the ways that the data will be used are outlined for each project and the prospective participant has the opportunity to decline to participate if they so choose.
Only if a healthcare provider consents, either in writing or verbally, will the Personal Data be shared with our client or others specified in the consent. However, in the event that disclosure of your information is required by law, Engage may do so without obtaining your consent.
Information from Patients or Their Parents/Legal Guardians
As part of our work, we have a legitimate interest in collecting information provided to us by patients under consent who are impacted by a certain disease, or their parents/legal guardian(s), that helps us to understand the disease, the burden of illness, their opinions about certain topics, or other issues that will be helpful to our clients as they develop and commercialize therapies for (often rare) diseases. Data collection can be in the form of surveys, interviews, demographic profiles or others, and the data collected answers specific research questions. Often, participation includes the payment of an honorarium in exchange for the time they have taken to participate. Any and all compensation is solely for time spent and is in no way tied to the use or recommendation of any product that is owned by Engage Health or any client of Engage Health.
Data relating to that patient, or data subject, (including, but not limited to their name, address, or any other information that can be used to directly or indirectly identify them) together is called “Personal Data” and is required in order that we can process an honoraria check, invite you to participate in future research, obtain additional requested information, provide you with information you have requested or additional information we believe may be of interest to you. If a patient or their parent/legal guardian elects not to provide their Personal Data, they forego the option to be invited to future research and receive updates and remuneration as we do not have a way to know to whom or where to send remuneration.
Data relating to the patient’s or legal guardian’s opinions about certain topics is called “Anonymous Data.”
Engage Health will collect and record the Personal Data and the Anonymous Data (together the “Survey Data”) on Engage’s proprietary, secure server.
The Survey Data will generally be used, in combination with the data from other respondents, to provide a report to our clients, conduct historical studies and additional analysis for internal use. Further, Engage may share aggregated non-personally identifying statistical data about individuals to third parties for any purpose including commercial but in such cases will not identify you or others. Generally, the ways that the data will be used are outlined for each project and the prospective participant has the opportunity to decline to participate if they so choose.
Typically, the Personal Data is “de-identified” prior to sending information to our client. This is accomplished by assigning each patient a unique number. Identifying personal information such as patient name, address, email address, date of birth or other aspects that could identify research participants are removed from any files provided to the client or others specified in the consent. However, in the event that disclosure of your information is required by law, Engage may do so without obtaining your consent.
Only if a patient or their legal guardian consents, either in writing or verbally, will the Personal Data be shared with our client. Typically, this occurs in cases where patients and/or their legal guardian desire to be part of advisory groups or other activities that require face to face meetings with the client. In these cases there are clear consents, often provided by the client, that are signed by the patient and the client in order that there is clarity around how the information will be used.
In order to participate in a specific health research study, there any often specific criteria, established. These criteria are clearly laid out in the invitation to participate in order that potential participants know if a certain project pertains to them or their disease.
Information from Other Interested Parties
As part of our work, we have a legitimate interest in collecting information that is provided to us by various interested parties (IP) that help us to understand their interest in certain topics (such as a specific blog post) or interest in participating in a meeting with us, interest in participating in an event or forum. Data collected is that which is necessary to set up an individual meeting, answer a question related to their topic of interest, or know that they would like to participate in an event or forum. This information is collected by Engage Health, either on its own or in its role as a partner in the Rare Collective®.
In these cases, any data relating to that interested party that can be used to identify or indirectly identify them (including, but not limited to, their name, address, institutional affiliation and other information describing their question or interest) together is called “Personal Data” and is required in order that we can set up a meeting, know that they will participate in an event or forum, invite participation in future research, events or gatherings, obtain additional information, provide information requested or additional information we believe may be of interest. If an interested party elects not to provide their Personal Data, they forego the option to have their question answered, be invited to future research or events/gatherings or to receive updates as we would not have a way to know to whom or where to send the information.
On occasion, Engage Health collects data relating to the interested parties’ opinions about certain topics is called “Anonymous Data.”
Engage Health will collect and record the Personal Data and the Anonymous Data (together the “Survey Data”) on Engage’s proprietary, secure servers.
The Data of interested parties will generally be used in a manner consistent with the purpose for which it has been collected. For example, if it has been provided to reserve a spot for an event or forum, it will be used to determine the number of persons attending, populate name tags, determine space/seating requirements and other activities related to such a gathering. If the Data have been collected as part of a survey to collect opinions on various topics, it will be used in combination with the data from other respondents, to provide a report to our clients or partners, to conduct historical studies and additional analysis for internal use. Generally, if data are used for a survey, it will include consent, and the ways that the data will be used are outlined for the survey project and the prospective participant has the opportunity to decline to participate if they so choose. Only if the interested party consents, either in writing or verbally, will the Personal Data be shared with our client or others specified in the consent. However, in the event that disclosure of your information is required by law, Engage may do so without obtaining your consent.
Information from Minor Patients
We generally only allow participation / provision of information of patients who are age 18 years or greater, and if they are younger than 18 years or in the case where someone is unable to answer for themselves, we allow participation by their parent or legal guardian. We do not collect Personal Data from persons not authorized to give it (i.e. we will not collect Personal Data of a friend, cousin, acquaintance, etc.).
Engage Health, Inc. and the US Health Information Portability and Accountability Act
HIPAA (Public Law 104-91), or the Health Information Portability and Accountability Act, establishes US national standards to protect individuals’ personal information. It is regulated by the U.S. Department of Health and Human Services.
Under HIPAA, a “covered entity” is a;
Health Care Provider: Any provider of medical or other health services, or supplies, who transmits any health information in electronic format in connection with a transaction for which HHS has adopted standard requirements.
Health Plan: Any individual or group plan that provides or pays the cost of health care.
Health Care Clearinghouse: A public or private entity that transforms health care information received from another entity into a standard (i.e. standard electronic format or data content), or vice versa.
Under HIPAA, “standard transactions” include;
The processing of claims or encounters
Eligibility inquiry and response
Prior authorization and referral
Claims status inquiry and response
Because Engage Health, Inc. does not provide any of the services noted above noted under the section that addresses “covered entities” and does not conduct one or more of the standard HIPAA transactions, counsel has determined that Engage Health, Inc. is a non-covered entity and therefore is not subject to HIPAA regulations.
However, because certain clientele of Engage Health, Inc. may consider themselves covered entities, Engage Health, Inc. uses reasonable efforts to protect patient data and privacy in the spirit of standard HIPAA regulations as follows;
Standard: Safeguards. A covered entity must have in place appropriate administrative, technical, and physical safeguards to protect the privacy of protected health information.
At no time does Engage Health, Inc. promote itself as a covered entity under HIPAA.
Data Storage Information
Engage Health is processing and storing encrypted data on its own servers (not shared by other companies) in the United States of America (the “U.S.”) and will therefore transfer Personal Data within the U.S.
Engage Health may use Agents to access, collect, record, process and use Personal Data as required for, and in compliance with, the purpose of each project. Agents will perform such activities exclusively upon, and in strict compliance with, Engage Health’s written policies and the terms of appropriate Consents. Upon request, we will provide you with the names and addresses of such agents.
While Engage Health makes every reasonable effort to protect the information it collects please be aware there is always some risk involved when submitting data over the internet. We cannot guarantee that our RSVP sites, survey site, website and servers are 100% safe from illegal tampering or “hacking.” Any data transmitted over the internet may be at risk, however, once it is received at Engage Health and entered into our database, any data you have submitted has the same protection that Engage extends to its own confidential information.
Due to the nature of pharmaceutical market research, Engage Health retain your Personal Data for no longer than is necessary for the purposes for which it has been collected. Details of retention periods of your Personal Data can be obtained by contacting our Data Privacy Officer at firstname.lastname@example.org . Engage Health will destroy or de-identify Personal Data that is no longer needed for the purposes for which it was collected, using secure methods to destroy or de-identify the information. If you revoke your consent or request erasure of your Personal Data, we will delete the data collected in a timely manner.
By accessing and providing data to a survey or an RSVP for an interview or other activities, you agree and consent that Engage Health may collect, transfer, record, store, process and use Personal and Anonymous Data through its own personnel, and through Agents, as outlined above. You have, at any time, the right to access your Personal Data stored by Engage Health, to have the data rectified, completed, blocked or deleted and you may at any time withdraw your consent to the storage, processing and use of your data with effect for the future. Further, your consent is optional and voluntary. Denying consent does not have any negative consequences for you other than you will not be able to participate in a given survey or interview as outlined above.
Engage Health, Inc. and the General Data Protection Regulation (GDPR) of the European Union (EU)
GDPR (Regulation EU2016/679), or the General Data Protection Regulation, establishes EU standards to protect the personal data of natural persons, while ensuring free movement of information between Member States.
Under GDPR; a “controller” is the organization directing how the data will be used. This may be Engage Health or its client. A “processor” is the organization that uses the data, for example, to conduct analyses. This may be Engage Health or its agents.
Consistent with GDPR, Engage Health has established real and stable activities to ensure data protection, even though processing of data is not conducted in EU, despite Engage Health not offering goods or services, and even in cases where payment is not made. Data protection is also ensured when monitoring the behavior of an individual (such as capturing the name of someone who publishes a case study in a particular rare disease), and in all cases where consent is given.
The processing of personal data by Engage Health is lawful, fair, and along with data use is implicitly outlined in the consent for a given project – and all prospective research participants have the right to decline participation if they desire.
Engage Health routinely collects personal data that are particularly sensitive, including, but not limited to information regarding racial/ethnic origin, information regarding diagnosis, treatment and other issues related to one or more rare diseases, and other health issues. These data are processed for the purposes of benefit to the respondent, other rare disease patients and/or health research purposes, and are subject to consent prior to the time of data collection.
Engage Health Website
The Children’s Online Privacy Protection Act (http://www.ftc.gov/ogc/copa1.htm) defines the term “child” to mean an individual under the age of 13. If you are under the 13 years of age, you may not use this site or submit to Engage Health information about yourself including, but not necessarily limited to, your name, address, telephone number or e-mail address without the written permission of your parent or guardian. We suggest that you have your parent register if you are interested in viewing this website. Only the parent/guardian of a child under the age of 13 has been submitted by someone other than a parent or guardian, we will remove that information from our databases as soon as possible.
Visitors between the ages of 13 and 18 must obtain permission from their parents or guardian before registering on this website, sending any personally identifiable information, participating in online discussions, or submitting content to this website.
Engage Health may restrict the ability of any visitor to submit content or to access any part of the website at Engage Health’s sole discretion.
We may track the total number of visitors to our website, the number of visitors to each page of our website, the sequence or duration of visitors to each age, IP addresses, and the domain names of our users’ Internet Services Providers, and we may analyze these data for trends and statistics in the aggregate, but such information will be in aggregate form only and it will not contain personally identifiable data. Such aggregate information is not linked to any personally identifiable information that can identify any individual.
Links to Third Party Sites
As a convenience to our visitors, our sites currently contain links to a number of other (non-Engage Health) sites that we believe may offer useful information. Such links do not constitute an endorsement by Engage Health of those other websites, the content displayed therein, or the persons or entities associated therewith. The Privacy Notice presented here does not apply to those sites. You should contact those sites directly for information on their privacy policies, confidentiality agreements, and data collection/distribution procedures.
Our website uses a technology called cookies, which is a small data file that a server gives to your browser when you access a website in order to let you access the pages you request and to track the pages visited. Using cookies to track page visits helps us analyze our site usage more accurately. In cases in which cookies are used, we will not collect your personally identifiable information except with your explicit permission.
Please see previous sections if you use our website to sign up for participation in health research.
Complete Agreement and the Privacy and Data Storage Policies, and Website Use Notice
How to contact us:
Any healthcare provider who desires to see their data, know how their data is being used, or desires that their data be updated or deleted (also called the Right to Be Forgotten), can do so by contacting our data protection officer by email providing your name and the nature of your request. Such requests will be met typically within 15 business days, but in no case greater than one month.
Mr. Steve Stevenson
3265 Lexington Avenue S
Eagan, MN 55121