UpdatedApril 23, 2019
by Talea Miller
You may have questions about how AllStripes keeps your health information safe and secure—many other patients have reached out about this very thing. We take security and data privacy very seriously—in fact, it’s one of our top priorities. We created a summary below to help you understand our privacy and security efforts. We work alongside experts in data privacy and security to ensure that the proper controls are in place for the data you trust us with. We know how sensitive your health information is and how big a deal unauthorized access would be. Please feel free to reach out to us about anything relating to data privacy and security. Below we explain in more detail how we keep your data safe.
When you sign up for AllStripes, you’ll get a private profile where you can manage all of your medical records, which we will retrieve for you on your behalf (all you have to do is sign up, and we’ll guide you through in a few simple steps). You can choose to share this information with a new doctor, for example, but you will never be contacted about it by anyone outside of AllStripes—unless you give explicit permission.
If you choose to participate in AllStripes Research, you can contribute your de-identified health information to researchers who are interested in learning more about your condition. “De-identified” data means data that is stripped of personally identifiable information, such as your name, birthday, address, email, or any other information that someone could use to find you. This way, a researcher who gets access to your personal health data will not know that this information belongs to you. We do this to protect your identity and to minimize the risk that anyone can trace health data back to you. Most of the time, we aggregate, or “pool,” your de-identified data with that of other patients, so that all the data is shown as a batch. We will never share your name or identifiable information with external researchers unless you explicitly tell us to. (And even then we will make extra sure that you are certain!)
You get to decide whether you want to contribute your information to research, and you can opt in or out at any time. We aim to be transparent and keep you posted about how your de-identified data is being used in research. Keep in mind that if you do consent to contribute your data to research and your data becomes used in a study, it cannot be withdrawn after the study has started.
Because we need to retrieve, handle, process, and analyze your medical records, we have specifically trained personnel who will have access to your identifiable data. However, we don’t allow just anyone, or any employee at AllStripes to gain access. Only designated individuals who are trained in the proper handling of sensitive personal health information and human subject biomedical research will be able to login and gain access to medical records--and then only if the data has a direct connection to their work. We make sure such individuals are properly contracted with AllStripes, legally binding them to keep your information private, secure, and confidential. Additionally, we train all our employees on privacy, security, and research best practices to make sure that everyone is up-to-date on our internal procedures. If there are any suspicious activities, we respond right away.
We’ve spent a lot of time investing in the latest technology and software to ensure that all your data is protected and secure. We regularly seek advice from top security and data privacy lawyers, consultants, and experts, who help us build our technology as well as our policies. We even appointed a Chief Security Officer, who makes sure that everything on our platform—meaning both hardware and software—is protected from unauthorized access and breaches as much as reasonably possible. A few examples of our privacy and security measures include: