Data Privacy

Data privacy refers to the proper handling, storage, and protection of, sensitive or confidential data.

This may include general information about you such as your name, age, or zip code, or more sensitive and private information such as your social security number, address, or private health information (PHI).

Some data privacy regulations or laws require us to store your sensitive information within secure networks or prohibit us from sharing certain information without your permission.

Additionally, our institution has requirements about which secure platforms we may store data on and how we share certain information.

This mix of laws, regulations, and organizational standards are intended to protect you and minimize risk to you when participating in research with us.

 E-consent:

• • Anyone consenting to participate in START via an anonymous electronic link will submit their first and sur (last) names and email address, with middle name and phone numbers optional.

  • This information will be stored on a secure, password protected, cloud based platform approved by OHSU (e.g., Box or Microsoft OneDrive).

  • Only approved study staff will have access to the identified data.

  • Any data shared with other researchers will be de-identified and required to be stored on a secure platform, server, or computer.

Paper consent: 

• • Anyone consenting to participate in START via a paper consent form will submit their first and sur (last) names and email address, with middle name and phone numbers optional.

  • This information will be transferred to, and stored on a secure, password protected, cloud based platform approved by OHSU (e.g., Box or Microsoft OneDrive), then the original paper forms will be destroyed.

  • Only approved study staff will have access to the identified data.

  • Any data shared with other researchers will be de-identified and required to be stored on a secure platform, server, or computer.

Identified data - includes information that can be linked directly to you, such as your name, email or physical address, social security number, birthdate, etc. 

De-identified data - any identifying is information removed; Often a participant ID, only known to a few research staff and kept securely stored, will be used instead of a name to help protect participant identity.

Anonymous - literally means "not known by name"; your data becomes anonymous once it is de-identified, helping to protect your privacy.

Confidential - private data you don't want shared without permission; this refers to any data collected that you do not authorize to be shared.

HIPAA - The Health Insurance and Portability Accountability Act is a  Federal law created to protect your health information, give you rights over your health information, and sets rules and limits on who can view and receive your health information.

FCRA -  The Fair Credit Reporting Act is a Federal law protecting consumer information collected and used by groups such as credit bureaus, tenant screening services, and medical information companies.

FERPA - Family Educational Rights and Privacy act is a Federal law intended to protect the privacy of student education records.

GLBA -  The Gramm-Leech-Bliley Act is a Federal law requiring financial institutions to disclose how they share consumer information and to safeguard their data.

COPPA - The Children's Online Privacy Protection Rule is a Federal law is designed to protect the personal information of children 13 and under using the internet, and outlines specific ways parental consent must be obtained by organizations collecting information from them.

VPPA - The Video Privacy Protection Act is a Federal law that protects identifiable video rental records from being shared.