PatientsLikeMe (www.patientslikeme.com) (“Site”) is a sharing web site. Our goal is to provide a platform for patients who want to share their health information to create collective knowledge about disease, health, and treatments. We know our success in achieving this goal depends on a shared belief in our Openness philosophy. Being open about one’s health is not for everyone, and we strive, with full transparency, to outline the benefits and risks of being part of this sharing site, including those related to privacy.
What kind of information we collect
Some of the information that Members provide about themselves may be shared with the PatientsLikeMe community, Partners, and others (“Shared Data”). Examples of Shared Data that Members may submit at the Site, including through their health profile (“My profile”), may include:
- Biographical information, e.g. photograph, biography, gender, age, location (city, state and country), general notes;
- Condition/disease information, e.g. diagnosis date, first symptom, family history;
- Treatment information, e.g. treatment start dates, stop dates, dosages, side effects, treatment evaluations;
- Symptom information, e.g. severity, duration;
- Primary and secondary outcome scores over time, e.g. ALSFRS-R, MSRS, PDRS, FVC, PFRS, Mood Map, Quality of life, weight, InstantMe;
- Sensor information, e.g. personal activity trackers;
- Laboratory results and biomarkers, e.g. CD-4 count, viral load, creatinine, voice features, images;
- Genetic information, e.g. information on individual genes and/or entire genetic scans;
- Individual and aggregated survey responses;
- Information shared via free text fields, e.g. the forum, treatment evaluations, surveys, annotations, journals, feeds, adverse event reports; and
- Connections to other people on the Site, e.g. invited care team member, mentors, feeds, subscriptions.
In the course of using the Site, Members may share information that could be used to reasonably identify them (“Personal Information”), including name, photograph, and email address. When a Member chooses to share Personal Information via a free text field (e.g. forum, treatment evaluations, annotations, journals, feeds and adverse event reports) and photos or images, the information shall be treated as Shared Data.
Some of the information that Members enter into certain fields when registering to use or using the Site will not be shared (“Restricted Data”). The type of Restricted Data that Members may submit at the Site may include:
- Name, as collected as part of registration or in a Member’s Account Information;
- Email address, as collected and verified as part of registration or in a Member’s Account Information;
- Password, as collected as part of registration or in a Member’s Account Information;
- Mailing address, as collected via email, forms, or private message as part of Member programs such as t-shirt giveaways and PatientsLikeMeInMotion™;
- Date of birth, as collected in My Profile; and
- Private messages.
When a Member enters Personal Information, including name and email address, as part of registering to use PatientsLikeMe, that Personal Information is treated as Restricted Data.
A cookie is a small data file that often includes an anonymous, unique token, which is sent to your browser from a website’s computers and may be stored on your computer’s hard drive. Two types of cookies are required to use the Site:
- Session Cookies are temporary cookies that remain only until you log out of the website or exit your web browser. Session Cookies do not store any Personal Information, only a unique visitor ID number that may be used to ensure Members are properly authenticated and can view site information.
- Persistent Cookies remain in the cookie file of your browser for much longer, even after you leave the Site. Persistent Cookies also do not store any Personal Information. Persistent Cookies store preferences that should persist from visit to visit, like “Remember Me,” and a unique token to enable us to understand how Members use the Site (“Site Usage”).
How your data is used
Members should expect that every piece of information they submit (even if it is not currently displayed), except for Restricted Data, may be shared with the community, other patients, and Partners. Members are encouraged to share health information but should consider that the more information that is entered, the more likely it is that a Member could be located or identified.
There are instances where both Shared Data and Restricted Data, including Personal Information, may be used and disclosed including, but not limited to, the following:
- PatientsLikeMe uses Shared Data, Restricted Data, and Site Usage internally, as needed, for research, for maintenance and operation of the Site, and to create the best possible tools and functionality for patients.
- PatientsLikeMe may use a Member’s data in the case of an emergency or other circumstance that we determine requires a member of the management team to directly contact the Member.
- PatientsLikeMe may share or disclose a Member’s data where required by law or to comply with legal process.
- In the event PatientsLikeMe goes through a business transition, such as a merger, acquisition by another organization, or sale of all or a portion of its assets, the Shared Data and Restricted Data, including Personal Information, might be among the assets transferred. Members will be notified via this Site of any such change in ownership or control of Personal Information.
How Shared Data is Used
Shared Data is viewable via My Profile and through aggregated reports that are made available to other PatientsLikeMe Members. In some instances, this Shared Data is also viewable to those not registered to join PatientsLikeMe (“Non-members”). We report publicly Shared Data in aggregate, such as the number of patients on a particular treatment or the number of patients experiencing a particular symptom (see public Treatment and Symptom Reports). If a Member chooses to designate My Profile as “Public” (see Privacy Settings below), their Shared Data can also be viewed by Non-members and linked with aggregated reports.
In addition to serving the individual needs of our Members, PatientsLikeMe and its Partners are interested in better understanding the patient experience and improving treatment options and health outcomes for everyone. For example, we may look at questions such as, “Do certain treatments work better for some types of people versus others?” PatientsLikeMe provides Shared Data, in individual and aggregate format, to Partners and other third parties for use in scientific research and market research. When selling this information, PatientsLikeMe removes Members’ Restricted Data to reduce the likelihood of re-identification prior to sharing information with Partners.
PatientsLikeMe also provides a voluntary opt-in service to allow Partners to directly communicate with Members through our system.
PatientsLikeMe may also periodically ask Members to complete short surveys about their experiences (including questions about products and services). Survey responses are analyzed, combined with Members’ Shared Data and shared with and/or sold to Partners. Member participation in these surveys is not required, and refusal to do so will not impact a Member’s experience on the Site.
PatientsLikeMe may also report individual adverse event and drug safety information to the FDA, CDC, and/or other regulatory bodies (U.S. and international) as well as directly to pharmaceutical and biotechnology companies. PatientsLikeMe does not provide Restricted Data to such regulatory bodies, although we reserve the right to contact Members for follow-up at the request of agencies or Partners. The information PatientsLikeMe reports includes, but is not limited to, all of the information about the Member and/or free text or images on the forums or evaluations, which may include Shared Data. In addition, certain areas within our Site are provided with the support of Partners. These Partners may have adverse event reporting requirements that relate to regulated products that are used by Members of our community, and PatientsLikeMe assists such Partners with reporting adverse events to regulatory agencies.
PatientsLikeMe, like most Internet communities, is a public forum, and Members acknowledge and accept that any information shared through free text or images might be connected to Members’ Shared Data (which may be shared with, sold to, or displayed for others). For example, if a Member puts his or her name (or other Personal Information) into a free text field like the biography, forum, journals or annotations, the Member should know this information may be included in what is shared with, displayed for, or sold to Partners.
How Restricted Data is Used
Restricted Data is not automatically shared with, sold to, or displayed for other Members or Partners. Specific instances where Restricted Data may be used include, but are not limited to, the following:
- If a Member provides a date of birth, the Member’s current age will be viewable via My Profile;
- If a Member registers with, or is switched to, an official doctor and research account, the Member’s full name and affiliation will be viewable via My Profile;
- If a Member chooses the Public privacy setting (see below), PatientsLikeMe and others may use public profiles in reports, conference presentations, media mentions, etc.;
- If a Member agrees to participate in a media interview (as arranged by PatientsLikeMe), PatientsLikeMe will share the contact information the Member provides (i.e. name, email, telephone) with the reporter for the purpose of conducting an interview;
- If a Member OPTS IN to a public registry (e.g. the PatientsLikeMe ALS public registry), PatientsLikeMe will display the Member’s name and some Shared Data and/or Restricted Data as part of this registry (which is viewable by anyone on the Internet);
- If a Member explicitly opts in to have their Restricted Data shared with a Partner, PatientsLikeMe will share the information as instructed by the Member (e.g. co-registration with a non-profit);
- If a Member makes a request, PatientsLikeMe may use Restricted Data, including sharing the Member’s Restricted Data with software/service vendors, for the purpose of fulfilling the request. Examples include requesting to receive the company newsletter via email, requesting an email response from the PatientsLikeMe support team, and requesting a t-shirt be mailed to the Member’s residence.
There are two privacy levels a Member may choose for participation at PatientsLikeMe:
- Visible: Only PatientsLikeMe Members can see My Profile and user name, and can contact you through PatientsLikeMe;
- Public: Non-members and Members can see My Profile and user name, but only PatientsLikeMe Members can contact you through PatientsLikeMe.
Members may change their privacy level at any time. Public profiles may be indexed or stored by Internet search engines (e.g. Google) or other independent sites, which means a Member’s Shared Data, including any Personal Information shared, may come up in the search results by anyone on the Internet, even after switching privacy levels.
Because the value of PatientsLikeMe is in sharing one’s experiences to help others, we hope that Members feel comfortable enough to make their profiles as public as possible.
Other security issues
PatientsLikeMe cannot guarantee the identity of any other Members with whom a Member may interact in the course of using the Site or who may have access to a Member’s Shared Data. Additionally, we cannot guarantee the authenticity of any data that Members may provide about themselves.
Finally, Members should know that PatientsLikeMe takes commercially reasonable technical precautions to help keep Member data secure.
Risks and benefits
While our goal is to help patients improve health outcomes, there are no certain benefits to using this website. However, keeping track of personal well-being, treatments, and symptoms has been shown to be helpful in improving overall health.
There are also no known risks to using this website, but there is a possibility that users may feel uncomfortable sharing information online. It is possible that a Member could be identified using information shared on PatientsLikeMe (and/or in conjunction with other data sources). A Member could be discriminated against or experience repercussions as a result of the information shared. For example, it is possible that employers, insurance companies, or others may discriminate based on health information.
In using the Site, Members are free to skip any non-required questions or data fields that make them feel uncomfortable. Members are also free to stop using this service at any time. If a Member chooses to deactivate his/her account, PatientsLikeMe will not display or sell the data in that account as of the date of deactivation. However, the Member’s data will remain in the system for auditing purposes, and research conducted prior to the deactivation of a Member’s account will still include the Member’s data.
Safe Harbor Compliance
PatientsLikeMe complies with the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland. PatientsLikeMe has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view PatientsLikeMe’s certification, please visit http://www.export.gov/safeharbor/
History of Updates/Changes to Terms and Conditions of Use:
- On , additional examples of shared data were added.
- On , the heading to “How Your Data is Used” was changed and clarifying language was added to both the Cookies and How Your Data is Used sections.
- On , the Safe Harbor section was updated.
- On , the following section was added: “EU Save Harbor”.
- On , the following clauses were added: “We will provide our Partners with anonymized, aggregated community data with the goal of increasing involvement in disease research” and “except in incidents when you have given explicit permission, e.g. in the ALS Registry.”