MyLymeData Privacy Policy & Data Security Measures

Who has access to my data and how will it be used?

We respect your right to control who has access to your information. Your health information will be used for Lyme disease research that is patient-centered. Patient-centered research is intended to improve quality of life for patients with Lyme disease or to increase our understanding of the disease. Your data will not be sold or leased. You can withdraw from the MyLymeData patient registry at any time.

When you consent to joining MyLymeData, you permit LymeDisease.org and researchers working with us to review and analyze your de-identified data (without your name or identifiers) for LymeDisease.org projects. You also permit us to share your de-identified data with independent researchers working on patient-centered research projects approved by LymeDisease.org.

From time-to-time we may be contacted by researchers who are recruiting patients for studies and clinical trials (for example testing new treatments). We will let you know about patient-centered clinical trials so that you can decide whether or not you want to contact the researcher.

If your healthcare provider is signed up to participate in our clinician portal, you can choose whether or not to allow your provider access to your data.

Participation in this registry is entirely voluntary, and you do not have to share any information you do not want to. With few exceptions, you can simply skip questions that you prefer not to answer.

You are also free to withdraw from the registry at any time without having to provide any explanation. Simply contact the registry and all of your data will be removed from the database. Data accessed or assigned to a specific study prior to your request for removal cannot be retrieved from researchers that have already accessed it.

How secure is my data?

We have partnered with experts in the field of online protection and privacy to protect your information and keep it secure.  PatientCrossroads is an authorized contractor for the National Institute of Health in the development of global disease registries. Their programs are designed in accordance with applicable US privacy protection provisions of HIPAA (Health Insurance Portability and Accountability Act of 1996) as well as the Federal Information Security Management Act of 2002 (FISMA). FISMA compliant hosting is much more extensive than HIPAA and requires specific documented operational controls and security procedures, which are audited by an independent IT security firm annually to ensure compliance. Employees handling data must have a background check and pass high level security testing . Your information is stored off-site in a secured environment on secure Amazon servers located in the USA. All storage and transmittal is done in encrypted form.

Any personal information that could be used to identify you or your family is labeled with a special code. The code is securely stored with a password. Only authorized staff will be able to access the code and contact you if needed. Information that has had all of the personally identifying information changed to a code is called “de-identified.”