People-Powered Medicine
Privacy Policy
The Harvard Medical School ("us", "we", or "our") operates the People Heart Study App (the "App"). This page informs you of our policies regarding the collection, use and disclosure of Personal Information we receive from users of the app and participants of the study.
Information Collection and Use
While using our App, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you. Personally identifiable information may include, but is not limited to your name ("Personal Information").
If you enroll in the study, we may ask for your name and email address. After enrollment, we receive a signed consent document and subsequently select part of your health record (if applicable) or data about your medical history. We use this information to respond to your inquiries.
Your Data will never be sold or used for advertising.
The App collects your Data for the purposes of medical research
Data Access
A limited group of staff and researchers will have access to your data. Institutional Review Board (IRB) approval , whose sole purpose is to protect and safeguard participants, was required to provide access to individuals with access to study data.
Data Storage
Data will be stored in the secure AWS managed cloud maintained by Harvard University; no transmission beyond original receipt of data and placement in the cloud will occur. Because data are obtained from fully-consented participants and may be extremely valuable over the duration of this and related studies, data will be stored indefinitely.
Data security
Your privacy and security is our primary concern. The IRB's purpose is to review and monitor all procedures in a study to ensure safety and security remain the top priority. The IRB requires the appropriate steps are followed and the necessary safeguards are put in place to protect participant data at all costs. In addition, all data is stored using Amazon Web Services (AWS), an industry leader in data storage and security. AWS currently stores sensitive data for thousands of other healthcare, financial and government agencies and ensures your data will not be viewed or accessed by anyone but the PPM team.
Despite these safety precautions, users are aware of the fact and agree that the App can be used over the internet and mobile networks. Therefore, no absolute security can be guaranteed either on the part of the Harvard Medical School or on the part of the user in the context of data transmission.
We recommend that users use the necessary security measures (such as password protection and the latest version of the operating system) on their mobile devices. The users are responsible for risks arising from manipulation of their mobile devices, misuse of their mobile devices, or in the context of data transmission.
More information about data storage can be found on the consent forms that participants sign. Here are blank copies of these consent forms for your review
Log Data
Like many site operators, we collect information that your mobile device sends whenever you launch our App ("Log Data").
This Log Data may include information such as your device’s Internet Protocol ("IP") address, browser type, browser version, the pages of our App that you visit, the time and date of your visit, the time spent on those pages and other statistics.
We may use the Log Data to understand, customize and improve user experience with the App. For example, we may engage analytics services to analyze this information in order to help us understand how users engage with and navigate the App, how and when features within the App are used and by how many users.
Information and revocation
Users can request information about their personal data used by the Harvard Medical School via email to ppm@hms.harvard.edu
Users can revoke their consent to the use of their personal data at any time. You can do this in your profile under "Withdraw from study" and by deleting the app. However, personal data that has already been transmitted will remain in the research data repository.