DS-Connect®: The Down Syndrome Registry ("DS-Connect®") is committed to protecting the privacy of our participating members. To better protect your privacy, we provide this notice explaining our information practices. To make this notice easy to locate, it is available as a link on the DS-Connect® home page. We define personal information to include: name(s), email address, mailing address, survey responses, registry information and non-public information included in your correspondence with us.
The DS-Connect® registry has established and maintains a mailing database. The mailing list includes families of individuals with DS, friends, physicians, scientists, contributors and others interested in Down syndrome. DS-Connect® will never release our mailing list or the names of our member families to any outside organization or third party unless required to do so by law. However, if an outside organization sends us information for distribution to DS-Connect® registry participants, we may post it on our website or send it to you in case you have indicated to do so in the contact preferences page.
Information determined to be confidential can only be released by written or verbal permission by the subject of the information or organization that owns the information. Information may be released if required by law, such as in response to an investigation or subpoena. DS-Connect® registry web site provides links to other sites that may be of interest. Note that neither DS-Connect® nor PatientCrossroads are responsible for the privacy practices or content of other such web sites.
DS-Connect® is firmly committed to maintaining the confidentiality of your personal information in all of our activities. Every reasonable effort will be made to maintain the privacy and security of all personal information in our possession. Access to personal information will be limited to NIH and PatientCrossroads personnel who are working directly on DS-Connect®. All individuals will be instructed of their obligations under Federal confidentiality and security requirements.
This chapter establishes policies and procedures for ensuring the privacy and protection of personal information collected, stored, used, maintained and disseminated via NIH Web sites. This policy applies to NIH Internet Web sites that are developed and/or maintained by NIH staff or by contract personnel. This policy does not apply to internal agency activities (such as on intranets, applications, or interactions that do not involve the public) or to activities that are part of authorized law enforcement, national security, or intelligence activities.
2. Collection, Use and Disclosure of Information
a. Collection of Information. All of the information you provide to DS-Connect® will be maintained in a secure database, and any information that could identify you will not be shared without your express written consent, unless otherwise required by law.
b. Use and Disclosure of Information. The goal of this registry is to make the information you provided searchable, while protecting your identity. De-identified data (information where all personal identifiers such as name, address, email) gathered from this profile will be made available to registrants in the hope that analyses of a substantially larger database will support breakthroughs and clinical trials that could lead to better treatments and care management.
4. Protection of User Information
Where you use passwords, ID numbers, or other special access features on the Website, you should take special care to safeguard them.
The HIPAA privacy rules and HIPAA security rules mandate that covered entities have in place appropriate policies and procedures to protect the confidentiality and security of protected health information. In compliance with these regulations, the database security features of PatientCrossroads target multiple levels including the data element (e.g., restricted access to fields), user (e.g., password authentication access), application (e.g., role-based access to features, access audit trails), and hosting services (e.g., firewall, secure sockets layer). Taken together, these features ensure access control, audit control, data integrity, user authentication, and transmission security. Administrative users of DS-Connect® ensure exported datasets are de-identified as defined in the HIPAA privacy regulation [45 C.F.R. §164.514 (b)(2)].
All server requests are transmitted over SSL. All servers have several layers of data and access protection: (1) A dedicated, managed Cisco router firewall, (2) A redundant array of independent disk [RAID] Level 5 is used to ensure that data will not be lost if a hard drive fails between backups, (3) A system level backup is performed nightly and retained for 2 weeks and is stored in the data center, (4) a database level backup is performed nightly and retained for 2 months and is stored at the data center.
Participant medical information will be stored electronically within DS-Connect®. The database design is such that participant identifiable information is kept in data tables separate from the medical information.
DS-Connect® de-identified data also may be requested by physicians/study centers and other interested parties to conduct research on the prevalence of clinical manifestations and/or to determine numbers of Registry participants who may be eligible for participation in ongoing or upcoming studies or clinical trials. Such requests will be reviewed by the Registry coordinators and the DS-Connect® Operations Board, which comprises designees from NIH, the Down Syndrome Registry, and DS investigators. The DS-Connect® coordinators and Operations Board will review requests for data, and such requests and approvals will be documented. Any individual listings generated from participant data and provided to such external entities will use only a subject identification number to protect the identity of participants.
Participant information will be stored in the DS-Connect® for an indefinite period of time. If for some reason the registry is closed at any time, the information would be retained on a secure NIH database.
5. Ownership of Information
6. Website Links
7. Communications from DS-Connect®
In the case of emails coming directly from the NIH, such emails will clearly be from DS-Connect® and will include instructions on how to unsubscribe from future emails.
8. Required Disclosures
You understand and agree that the DS-Connect® may disclose information provided by you if in its good faith belief that such disclosure is required by applicable law.
9. Contact Us; Member Accounts
10. Children Under The Age Of Thirteen (13)
11. Change of Control
In the event that PatientCrossroads is involved in a bankruptcy, merger, acquisition, reorganization or sale of assets, your information will not be sold or transferred as part of that transaction. Your information will be stored with DS-Connect® at NIH even if the ownership of PatientCrossroads changes.
12. Notification of Changes