Privacy policy

DS-Connect®: The Down Syndrome Registry ("DS-Connect®") is committed to protecting the privacy of our participating members. To better protect your privacy, we provide this notice explaining our information practices. To make this notice easy to locate, it is available as a link on the DS-Connect® home page. We define personal information to include: name(s), email address, mailing address, survey responses, registry information and non-public information included in your correspondence with us.

When you contact the DS-Connect® Registry Coordinator at This e-mail address is being protected from spambots. You need JavaScript enabled to view it , your email address and other information included in your email may be forwarded to the appropriate person(s) within DS-Connect® for a response. A copy of your correspondence may be retained at the DS-Connect® office.

The DS-Connect® registry has established and maintains a mailing database. The mailing list includes families of individuals with DS, friends, physicians, scientists, contributors and others interested in Down syndrome. DS-Connect® will never release our mailing list or the names of our member families to any outside organization or third party unless required to do so by law. However, if an outside organization sends us information for distribution to DS-Connect® registry participants, we may post it on our website or send it to you in case you have indicated to do so in the contact preferences page.

Information determined to be confidential can only be released by written or verbal permission by the subject of the information or organization that owns the information. Information may be released if required by law, such as in response to an investigation or subpoena. DS-Connect® registry web site provides links to other sites that may be of interest.  Note that neither DS-Connect® nor PatientCrossroads are responsible for the privacy practices or content of other such web sites.

DS-Connect® is firmly committed to maintaining the confidentiality of your personal information in all of our activities. Every reasonable effort will be made to maintain the privacy and security of all personal information in our possession. Access to personal information will be limited to NIH and PatientCrossroads personnel who are working directly on DS-Connect®. All individuals will be instructed of their obligations under Federal confidentiality and security requirements.

You must read this Privacy Policy (the "Privacy Policy") and the Website (defined below) terms of use (the "Terms and Conditions") prior to using any portion of the DS-Connect® Website or Services located at (http://DSConnect.nih.gov). By using the Website, you agree to all the terms of the Privacy Policy and Terms and Conditions. If you do not agree with the terms of this Privacy Policy, you may not use any portion of the Website.

The DS-Connect® registry is owned by the NIH and operated under contract by the Innolyst, Inc. / DBA PatientCrossroads (PatientCrossroads), a California corporation. The NIH and PatientCrossroads respect your privacy and have written the Privacy Policy so that you are aware of the information the DS-Connect® collects from you, how that information is protected, and how it is used. If you have any questions or comments regarding the Privacy Policy, or you feel that DS-Connect® is not abiding by its posted Privacy Policy, please contact us at: This e-mail address is being protected from spambots. You need JavaScript enabled to view it .

1. Purpose

This chapter establishes policies and procedures for ensuring the privacy and protection of personal information collected, stored, used, maintained and disseminated via NIH Web sites. This policy applies to NIH Internet Web sites that are developed and/or maintained by NIH staff or by contract personnel. This policy does not apply to internal agency activities (such as on intranets, applications, or interactions that do not involve the public) or to activities that are part of authorized law enforcement, national security, or intelligence activities.

This Privacy Policy outlines the type of information DS-Connect® collects from the users of the registry. We reserve the right to modify the Privacy Policy at any time, and without prior notice, by posting amended terms and conditions on the DS-Connect® Website. We encourage you to review the Privacy Policy periodically for any updates or changes.

2. Collection, Use and Disclosure of Information

a. Collection of Information. All of the information you provide to DS-Connect® will be maintained in a secure database, and any information that could identify you will not be shared without your express written consent, unless otherwise required by law.

b. Use and Disclosure of Information. The goal of this registry is to make the information you provided searchable, while protecting your identity. De-identified data (information where all personal identifiers such as name, address, email) gathered from this profile will be made available to registrants in the hope that analyses of a substantially larger database will support breakthroughs and clinical trials that could lead to better treatments and care management.

c. At any time, you have the right to withdraw your information from DS-Connect®. You may exercise this right by contacting the DS-Connect® Registry coordinator at This e-mail address is being protected from spambots. You need JavaScript enabled to view it and your account will be deactivated and the identifying information in your profile will be removed. Please note that any de-identified data accessed before your request for removal will however not be able to be retrieved.

4. Protection of User Information

All users are required to review and abide by the Website Terms and Conditions and the Privacy Policy. We employ best practices from our networking to our secure servers to protect data from intrusion.

Where you use passwords, ID numbers, or other special access features on the Website, you should take special care to safeguard them.

The HIPAA privacy rules and HIPAA security rules mandate that covered entities have in place appropriate policies and procedures to protect the confidentiality and security of protected health information.  In compliance with these regulations, the database security features of PatientCrossroads target multiple levels including the data element (e.g., restricted access to fields), user (e.g., password authentication access), application (e.g., role-based access to features, access audit trails), and hosting services (e.g., firewall, secure sockets layer).  Taken together, these features ensure access control, audit control, data integrity, user authentication, and transmission security.  Administrative users of DS-Connect® ensure exported datasets are de-identified as defined in the HIPAA privacy regulation [45 C.F.R. §164.514 (b)(2)]. 

All server requests are transmitted over SSL.  All servers have several layers of data and access protection:  (1) A dedicated, managed Cisco router firewall, (2) A redundant array of independent disk [RAID] Level 5 is used to ensure that data will not be lost if a hard drive fails between backups, (3) A system level backup is performed nightly and retained for 2 weeks and is stored in the data center, (4) a database level backup is performed nightly and retained for 2 months and is stored at the data center.

Participant medical information will be stored electronically within DS-Connect®. The database design is such that participant identifiable information is kept in data tables separate from the medical information. 

DS-Connect® de-identified data also may be requested by physicians/study centers and other interested parties to conduct research on the prevalence of clinical manifestations and/or to determine numbers of Registry participants who may be eligible for participation in ongoing or upcoming studies or clinical trials.  Such requests will be reviewed by the Registry coordinators and the DS-Connect® Operations Board, which comprises designees from NIH, the Down Syndrome Registry, and DS investigators.  The DS-Connect® coordinators and Operations Board will review requests for data, and such requests and approvals will be documented.  Any individual listings generated from participant data and provided to such external entities will use only a subject identification number to protect the identity of participants.

Participant information will be stored in the DS-Connect® for an indefinite period of time. If for some reason the registry is closed at any time, the information would be retained on a secure NIH database.

5. Ownership of Information

All of the information you provide to DS-Connect® in connection with the Website is owned by you. You agree to grant DS-Connect® the right to maintain, use and disclose your de-identified data as set forth in this Privacy Policy and DS-Connect® Website Terms and Conditions. Your information may contribute to the development of inventions or commercial products from which others may derive economic benefit. You will have no rights to any inventions, commercial products or other such discoveries and you will receive no economic benefit.

6. Website Links

The DS-Connect® Website may contain links to other NIH web sites and the DS Registry members website. This Privacy Policy applies solely to information collected on or submitted to the Website. DS-Connect® is not responsible for the privacy practices of other sites linked to the Website. DS-Connect® encourages users to read the privacy policies of websites and third party advertisers when they connect to them through the Website.

7. Communications from DS-Connect®

From time to time, the NIH, DS-Connect®, or other related entities will notify users of updates and other valuable information about the DS-Connect® and related clinical and research information. By using the DS-Connect® Website, or registering or subscribing for services provided on or through the Website, users consent to being contacted by the DS-Connect® coordinator at This e-mail address is being protected from spambots. You need JavaScript enabled to view it , and to receiving such updates and information. DS-Connect® participants to follow best practices with respect to email communications, security and privacy.

In the case of emails coming directly from the NIH, such emails will clearly be from DS-Connect® and will include instructions on how to unsubscribe from future emails.

8. Required Disclosures

You understand and agree that the DS-Connect® may disclose information provided by you if in its good faith belief that such disclosure is required by applicable law.

9. Contact Us; Member Accounts

If you elect to contact DS-Connect® through contact information provided on the DS-Connect® Website, or register for an account, you may be asked for any of the following: name, password, e-mail address, e-mail subject and a message containing your inquiry (in the case of a "contact us" inquiry), and certain profile and account information (in the case of a member account registration). DS-Connect® stores this data in order to reply to the submitted inquiry or to establish and service the member account. The submitted information is then subject to the terms detailed in this Privacy Policy.

10. Children Under The Age Of Thirteen (13)

DS-Connect® shall comply with the Children’s Online Privacy Protection Act of 1998 (COPPA) which restricts the marketing of products and services online to children under 13. NIH "Kid’s Pages" shall comply with the following standards set forth in the COPPA. DS-Connect® is unable to prevent children under the age of thirteen (13) from visiting the DS-Connect® Website; however, no part of the Website is directed at or intended for persons under the age of thirteen (13). If you are under the age of thirteen (13), please do not access the Website at any time or in any manner. By providing personal identifiable information through the Website including, but not limited to, your name and e-mail address, you represent and warrant that you are at least at least eighteen (18) years of age and that you agree to comply with the Privacy Policy. If, at any time, DS-Connect® learns that personally identifiable information has been collected from persons under the age of thirteen (13) without parental or legally authorized representative consent, DS-Connect® Registry will take the appropriate steps to delete such information.

11. Change of Control

In the event that PatientCrossroads is involved in a bankruptcy, merger, acquisition, reorganization or sale of assets, your information will not be sold or transferred as part of that transaction. Your information will be stored with DS-Connect® at NIH even if the ownership of PatientCrossroads changes.

12. Notification of Changes

You should review the Privacy Policy whenever you use the Website in order to be aware of the ways that your information is used. The NIH, through PatientCrossroads, reserves the right to change the Privacy Policy at any time, without prior notice.