Our Commitment to Privacy and Security
Data Use Policy
The Intestinal Transplant Association (herein “recipient”) collects and utilizes a limited patient data set from its participating centres (herein “sender”) as described in the Statement of Agreement.
I. The sender agrees to be in compliance of the Health Insurance Portability and Accountability Act of 1996 (HIPPA) or other relevant national legal standards including but not limited to adequate institutional approval from the sender.
II. The recipient agrees that it shall not use or disclose Personal Health Information (PHI) or Limited Data Set (LDS) information except as permitted under this Statement of Agreement.
III. The recipient may use the LDS information received or created by it (a) to perform its obligation under this Agreement consistent with research connected with statistical determination of aggregate outcomes after Intestinal Transplantation as is the mission of the Recipient, and/or (b) to carry our its legal responsibilities if the disclosure is required by law, and/or (c) for data aggregation functions, as defined by HIPPA.
IV. The recipient is sole entity that is permitted to use or receive the LDS.
V. The recipient provides assurance that:
- It shall not use or disclose PHI or LDS information except as permitted under this agreement.
- Appropriate procedural, physical, and electronic safeguards, sufficient to comply and exceed with the requirements of HIPPA, are currently in use in order to prevent any use or disclosure of LDS information other than as permitted or required by this agreement. See Annex A.
- Any information regarding unapproved use or disclosure of PHI or LDS that is neither permitted by this Agreement nor HIPPA shall immediately be reported to Covered Entity.
- PHI and LDS for all subjects will be held confidentially and used or further disclosed only as required by law or for the purpose for which it is disclosed.
- The recipient will use statistical methods to effectively de-identify individual subjects and participating centers. The statistical analyses will examine data in the aggregate form only. There is no conceivable risk that the information will allow identification of a specific study subject or centre.
ITA undertakes reasonable efforts to ensure that all personally identifiable information collected on our site remains secure. The database is within a Secure Server in a Private Network, under strict electronic security measures including: (a) mirrored drives; (b) daily backups; (c) firewall; (d) record level data made anonymous; (e) entire database encryption; (f) password protected server, directory and database file; (g) limited aggregated data set used for analysis in standalone computer. Physical security measures include, but are not limited to: (a) restricted access area with individually logged key entry; (b) locked file cabinets for physical records (if any).