Additional Details about Privacy and Security
Here’s how it works. When you make a profile, you start with AAFA’s recommended sharing, privacy and data access settings as your default. After you create an account, you can review and edit your default privacy settings. If desired, you can edit these settings on your own, or with the help of a community guide. The guide can recommend settings for people with low, medium or high concerns about privacy. You can come back and change these settings at any time.
Genetic Alliance’s PEER (Platform for Engaging Everyone Responsibly) allows individuals to make their own health information available to researchers and support groups, according to each individual’s detailed permissions. Using PEER’s access controls, for example, one person can say that absolutely no one has any right to access any of their information (including de-identified data and/or identifying information). Someone else can say all of their information is available to anyone who either has Institutional Review Board (IRB) approval, or has been approved by a trusted organization. The system assumes most people will not be at one extreme or the other, but will have different attitudes about how much, and how broadly, they wish to share information. We expect this will be based on:
- The type of information
- The level of trust in the proposed researcher or the process by which the proposed researcher is selected
- The purpose for which the information might be used
The Genetic Alliance Ethics Team and various Institutional Review Boards (discussed below) who have reviewed the PEER system have helped to establish categories for data access options. Depending on how individual users employ these tools, they may “Allow” or “Deny” access, or set a control called “Ask Me.” “Ask Me” requires potential data users to provide participants with more details about the intended data use, and the party seeking such access, before participants decide whether to allow or deny access. By using the controls, it is possible for individuals to restrict access to their information to a single researcher; just to researchers approved by AAFA’s Registry Advisory Board; to IRB-approved researchers working on a study that addresses one or more of the conditions affecting the individual; or to all researchers with IRB approval.
What is the security level of the servers and how is the data encrypted?
All of the data in the system is encrypted when in transit and while at rest. We use Secure Sockets Layer (SSL) encryption of the site, and nationally-recognized cloud services.
The production systems are hosted in the EC2 Elastic Web service of the Amazon Web Services (AWS). Physical access to these data centers is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, intrusion detection systems, and other electronic means. For additional information about AWS’ security, see http://aws.amazon.com/security.
The approach to security protocols used by PEER technology partner Private Access has been to design, express and enforce security as bounded architectural attributes, shared technical services and redundant platform operations that occur as multiple occurrences throughout the service, both procedurally (user prompted) and systemically (automatically), and not merely as single points of occurrence (such as standard user name and password authentication and/or authorization techniques).
The system is encrypted and monitored at each level, and uses secured HTTPS internally, as well as externally. The architecture secures data at a data persistence level, by encrypting all transported data between web servers and web browsers, including incorporating cryptographically randomized pseudonyms, secure API calls for all internal and external web services, and the use of decoupled Identity Provider (IdP) and Identity verification (IdV) systems. All internal and external API calls within the PEER registry utilize secure API calls. The API security enforces message authenticity, integrity and confidentiality.
Survey responses and other de-identified data are held separate from the personally-identifying information and retained on behalf of Genetic Alliance by Private Access. All survey responses are encrypted at rest using AmazonRDS encryption; see http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.Encryption.html for reference.
PEER works in conjunction with the consent management systems to provide accessibility for individual account profiles via the customized PEER system. The security attributes built into Private Access augment the network, system and platform security designed into AWS’ environment. This architecture secures data at a data persistence level, so that: (i) all personally identifiable data (PII) is encrypted using symmetric cryptography algorithms; (ii) all data is encrypted within data backups and redundant data services; (iii) no PII is logged, nor maintained, within application audit logs as a measure of security; and (iv) no personal information is ever emailed or sent in any notifications.