You may have questions about how AllStripes keeps your health information safe and secure — many other patients have reached out about this very thing.
We created a summary below to help you understand our privacy and security efforts. We work alongside experts in data privacy and security to ensure that the proper controls are in place for the data you trust us with. We know how sensitive your health information is and how big a deal unauthorized access would be. Please feel free to reach out to us about anything relating to data privacy and security. Below we explain in more detail how we keep your data safe.
1. Your AllStripes profile is private
When you sign up for AllStripes, you’ll get a private profile where you can manage all of your medical records, which we will retrieve for you on your behalf (all you have to do is sign up, and we’ll guide you through in a few simple steps). You can choose to share this information with a new doctor, for example, but you will never be contacted about it by anyone outside of AllStripes—unless you give explicit permission.
2. We de-identify your data
If you choose to participate in AllStripes Research, you can contribute your de-identified health information to researchers who are interested in learning more about your condition. “De-identified” data means data that is stripped of personally identifiable information, such as your name, birthday, address, email, or any other information that someone could use to find you. This way, a researcher who gets access to your personal health data will not know that this information belongs to you. We do this to protect your identity and to minimize the risk that anyone can trace health data back to you. Most of the time, we aggregate, or “pool,” your de-identified data with that of other patients, so that all the data is shown as a batch. We will never share your name or identifiable information with external researchers unless you explicitly tell us to. (And even then we will make extra sure that you are certain!)
3. You control your own data
You get to decide whether you want to contribute your information to research, and you can opt in or out at any time. We aim to be transparent and keep you posted about how your de-identified data is being used in research. Keep in mind that if you do consent to contribute your data to research and your data becomes used in a study, it cannot be withdrawn after the study has started.
4. Only authorized and trained personnel will have access to your data, and only for processing and research purposes
Because we need to retrieve, handle, process, and analyze your medical records, we have specifically trained personnel who will have access to your identifiable data. However, we don’t allow just anyone, or any employee at AllStripes to gain access. Only designated individuals who are trained in the proper handling of sensitive personal health information and human subject biomedical research will be able to login and gain access to medical records--and then only if the data has a direct connection to their work. We make sure such individuals are properly contracted with AllStripes, legally binding them to keep your information private, secure, and confidential. Additionally, we train all our employees on privacy, security, and research best practices to make sure that everyone is up-to-date on our internal procedures. If there are any suspicious activities, we respond right away.
5. We have tough security technology and policies in place
We’ve spent a lot of time investing in the latest technology and software to ensure that all your data is protected and secure. We regularly seek advice from top security and data privacy lawyers, consultants, and experts, who help us build our technology as well as our policies. We even appointed a Chief Security Officer, who makes sure that everything on our platform—meaning both hardware and software—is protected from unauthorized access and breaches as much as reasonably possible. A few examples of our privacy and security measures include:
- Separation of databases: For research purposes, we may export de-identified data to researchers who need to analyze the data. However, the database where we store exportable data is completely separate from the database where we store your identifiable contact information. That way, if a breach occurs in the database for exportable data, it would be extremely difficult to connect that data with your personal information.
- Encrypted hard drives: Encryption is a way of protecting data from people you don’t want seeing it. For example, when you use your credit card on Amazon, your computer encrypts that information so that other people can’t steal your information as it’s being transferred. Similarly, if you have a file on your computer that you want to keep secret, you can encrypt it so that no one can open that file without the password. We encrypt our hard drives so no one else can get access to the patient-data inside.
- SOPs and training: SOP stands for “Standard Operating Procedure.” We write, maintain, and follow SOPs for every step of our process, from requesting your medical records on your behalf to uploading your data so you can access it to working with patient data later in the process. For example, we have a procedure in place to verify that the file we are processing is indeed yours, and we match it to your name and birthday. Everyone at AllStripes is trained on these SOPs, to ensure that privacy and security are part of the entire fabric of the company.