What is PatientsLikeMe.com?
PatientsLikeMe provides this platform for patients who want to:
- track their health data so they can be an active participant in their own healthcare and symptom management
- create collective knowledge about disease, health, and treatments by:
- contributing their health data to research
- sharing their health information with other members of the PatientsLikeMe online Community
- helping others feel less alone and able to share their own experiences with conditions that affect health and wellness
Who Might View or Have Access to The Data We Collect?
If you become a Member of the Platform, there are four broad groups of people who might have access to your data.
The Community – This refers to your fellow Members on the platform. You can share your data through your profile and the various social components on the site. By sharing your data, others can learn from it. You can mark some data (such as a condition) to be reserved for your Personal View only and that will not be made visible to the Community.
PatientsLikeMe – We use the data you provide internally, both to improve our services and to conduct our own research.
Our Partners – PatientsLikeMe frequently partners with other institutions to conduct research. These Partners could include, but are not limited to: universities, pharmaceutical companies, hospital systems, insurance companies, and regulatory bodies (including the US Food and Drug Administration (the FDA)).
Vendors – We also contract with various service providers for business and technical services like email delivery, site hosting, marketing, help desk support, and others.
Details of how these different groups might access or use our data are provided below.
There are three privacy levels you may choose for participation on the Platform if you are a Member.
You choose one of these settings:
Public view: The data associated with your username and avatar image is viewable by both non-members and members of PatientsLikeMe; or
Community view: The data associated with your username and avatar image is only viewable on the Platform by other members of PatientsLikeMe; or
Personal view: Some data (as specified by you) will not be viewable on the Platformby anyone but you (For example, you may specify one or more conditions you are tracking should be hidden from your fellow members. Note that the PatientsLikeMe team can see this data when necessary, but other PatientsLikeMe members will not see it.)
Public profiles may be indexed or stored by Internet search engines (e.g., Google) or other independent sites, which means your information might come up in the search results by anyone on the Internet, even after you change to a different privacy level.
You can change your privacy level at any time. None of the privacy levels allows non-members of the community to contact you.
What Kind of Information We Collect
Data that is identifying or potentially identifying is treated as “Identifying Data.” This data includes:
- userID assigned by the Platform
- Platform password (this is collected as part of registration and stored as a one-way hash so that no one, other than you, knows what your password is)
- Name (Member may provide as part of registration or in a Member's Account Information)
- Date of Birth
- Email address
- Mailing address (may be collected via email, forms, or Private Message with PatientsLikeMe staff as part of Member programs such as t-shirt giveaways and PatientsLikeMe InMotion™)
- IP Addresses
- Geolocation data
- Private Message content for Private Messages between Members
- Any of the above entered as free text
PatientsLikeMe may de-identify Identifying Data. This would include removing identifying information from free text entries like forum posts or comments. Once identifying information is removed, PatientsLikeMe no longer treats the data as Identifying Data.
PatientsLikeMe may aggregate or statistically analyze Identifying Data from more than one member, in which case such resulting aggregated or statistically analyzed data will not be treated as Identifying Data by PatientsLikeMe.
“Non-Identifying Data” is all information, except Identifying Data, that Members provide about themselves when using the Platform or in other communications with PatientsLikeMe. Examples of Non-Identifying Data that Members may submit include:
- Non-identifying photographs
- Age (unless over 89)
- Location (city, state/province, country)
- Gender identity
- Condition/disease information (e.g., first symptom, family history)
- Treatment information (e.g., treatment stop reasons, dosages, side effects, treatment evaluations)
- Symptom information (e.g., severity, duration)
- Outcome scores (e.g., ALSFRS-R, MSRS, PDRS, FVC, PFRS, DailyMe, and MonthlyMe measures (not including free-text associated with this tracking))
- Health measures (e.g., weight, blood pressure, sleep, activity)
- Laboratory results and biomarkers (e.g., CD4 count, viral load, creatinine, images)
- Structured survey responses
- Non-identifying information shared via free text fields (e.g., the forums, treatment evaluations, surveys, annotations, journals, feeds)
- Connections to other people on the Platform (e.g., Followers, Leaders, and Groups)
PatientsLikeMe may aggregate or statistically analyze data, including from more than one Member. The resulting aggregated or statistically analyzed data shall be treated as Non-Identifying Data by PatientsLikeMe.
Platform Use Data
We, and our Vendors, use analytics code and may use web tracking technologies such as cookies and pixel tags to understand how Members use our platform and to improve products and services. Such collected data (“Platform Use Data”) can include the URL of the websites you visited before and after you visited our Platform, the type of browser you are using, your Internet Service Provider, what pages in our Platform you visit, what links you click on, date and time of your visit and duration, and whether you open email communications we send to you. The analytics code also collects information about you such as geolocation, age, gender, affinity categories, and interests, which can be used by PatientsLikeMe. You may be able to modify your browser settings to alter which web tracking technologies are permitted when you use the Platform, but this may limit your use of the Platform.
Platform Use Data is typically only used by PatientsLikeMe and our Vendors. However, when de-identified it may be shared with our research Partners to help them understand how members use and benefit from the site.
How Data is Used and Shared
You should expect that every piece of Non-Identifying Data you submit on PatientsLikeMe.com may be shared with Partners.
Members are encouraged to share health information but should consider that the more information that is entered, the more likely it is that you could be located or identified.
How Identifying Data is Used
There are only 3 ways Identifying Data is shared with the community.
- The username you created on PatientsLikeMe.com is used throughout the site to represent you and your profile.
- Your avatar image, whether or not it is identifying, is also used to represent you and your profile on the site.
- Any identifying information you choose to share as free text in the various social features of the site will be shared with everybody on the site who chooses to read it.
If you are using the Platform with a special account type other than the regular Patient account type, additional identifying information about you may be shared. For example:
- Doctors or Researchers who were granted an official doctor or research account, will have their full name and affiliation viewable by the Community via their profile;
- PatientsLikeMe employees and contractors may have a Staff account which identifies them as PatientsLikeMe Staff.
We will never sell your identifying information for non-PatientsLikeMe advertising purposes.
PatientsLikeMe uses Identifying Data internally, as needed, for research, for maintenance and operation of the Platform, and to create better tools and more personalized experiences for you. We take steps to protect this Identifying Data and limit access to only those who need it for their job.
If we have a Member's permission, their e-mail address will be used by PatientsLikeMe to send them a variety of notifications, including private message notifications, newsletters, study invitations, and promotional content from PatientsLikeMe and some of our Partners. You may change this setting at signup, on your account page, or by clicking the unsubscribe link at the bottom of any email you receive from PatientsLikeMe. However, all Members receive administrative emails (e.g., password reset), which you cannot opt out of while you remain registered with the Platform.
Additionally, Identifying Data is not shared with or sold to Partners unless explicit consent is given. Specific instances where consent may be requested include:
- Special research projects and studies
- Co-registration with a Partner
- Media interviews of a Member
- Participation in a health management program or sponsored group on PatientsLikeMe
PatientsLikeMe, in some instances, will allow Vendors to have access to Identifying Data for the purpose of operating or improving the Platform or other PatientsLikeMe activities and offerings (such as research studies). PatientsLikeMe investigates all engaged Vendors to ensure that their security and privacy practices are compliant with relevant regulations and up to PatientsLikeMe standards. Specific examples where a Vendor may have access to Identifying Data include:
If you make a request, PatientsLikeMe may provide a Vendor the minimum amount of Identifying Data needed to fulfil the request. Examples include requesting to receive the company newsletter via email, requesting an email response from the PatientsLikeMe support team, or requesting a t-shirt be sent to your postal mail address.
We may use your identifying information to exclude you from certain PatientsLikeMe advertisements or to present certain participation opportunities to you.
How Non-Identifying Data is Used
Aggregated data (for example, counts of the number of Members with a certain condition or on a particular treatment) is not identifying and is displayed to the Community and shared with Partners. Data that a Member has marked as reserved to their Personal View may be included in such counts.
In addition to serving the individual needs of our Members, PatientsLikeMe and its Partners are interested in better understanding the patient experience and improving treatment options and health outcomes for everyone. For example, we may look at questions such as, “Do certain treatments work better for some types of people versus others?” PatientsLikeMe provides Non-Identifying Data, in individual and aggregate format, to Partners for use in scientific research, product development, and market research. When selling this information, PatientsLikeMe removes Members’ Identifying Data (de-identification) to reduce the possibility of re-identification and contractually forbids Partners from trying to re-identify Members.
PatientsLikeMe may periodically ask Members to complete surveys about their experiences (including questions about products and services). Survey responses (possibly in combination with data from the Platform) are analyzed by PatientsLikeMe researchers. Insights from the analysis may be shared with and/or sold to Partners in a way that does not identify any respondent. Member participation in these surveys is not required and refusal to do so will not impact a Member’s experience with PatientsLikeMe.
PatientsLikeMe may report individual adverse event and drug safety information to regulatory Partners like the FDA, CDC, or other bodies (US and international) as well as directly to pharmaceutical and other Partners. When reporting such information, PatientsLikeMe does not provide Identifying Data, although we reserve the right to contact Members for follow-up at the request of agencies or Partners. In this context, the data that PatientsLikeMe reports may include free text or images on the forums or evaluations.
Finally, PatientsLikeMe may use Non-Identifying Data internally or send it to Vendors who assist with operating our services. For example, we may send treatment or condition information to an e-mail provider so that information can be included in messages we send to you. In addition, some Vendors may use Non-Identifying Data to improve their own products and services.
PatientsLikeMe, like other online communities, is a “public forum.” Be aware that Non-Identifying Data, in the right combinations, might be used by other Members of the community to identify you. For example, having a very rare disease might make it easier to identify somebody when gender and state of residence are also known.
How Platform Use Data is Used
We use Platform Use Data for several purposes:
Authentication: We use Platform Use Data stored in cookies on your computer to indicate that you have logged into your PatientsLikeMe account and to enable you to use certain portions of our Platform.
Understand Our Users: We use Platform Use Data to analyze trends, track users' movements around the Platform, and gather demographic information about our user base as a whole. This provides us with the ability to determine aggregate information about our user base and usage patterns. Understanding how people use our Platform allows us to make the Platform better for everybody. It may also be used by our Vendors to improve their products and services. We may use this information, possibly in coordination with one of our research Partners, to do relevant research on user behavior or medical outcomes. We do not sell this usage data to third parties for advertising or marketing purposes. We sometimes provide our Partners with aggregated usage data of all individuals they have referred to our site. We will only provide your personally identifying or identifiable Platform Use Data to Partners with your express consent.
Administer Platform: We use Platform Use Data to help administer the Platform and Members’ use of the Platform. We may, in some circumstances, need to review this Platform Use Data in combination with specific Identifying Data to troubleshoot and resolve issues for individual users.
Closing Your Account
You are free to stop using this service at any time.
- You can "deactivate" your account, in which case PatientsLikeMe keeps your data stored so that you can return and reactivate without losing that data. If you choose to deactivate your account, PatientsLikeMe will not display or share your data as of the date of deactivation. PatientsLikeMe will not use your data in any research that begins after the date of your deactivation.
- Alternatively, you can "delete" your account and data, in which case your data is permanently removed from PatientsLikeMe and cannot be recovered.
Note: If you request deactivation or deletion, research that is already in progress or that was conducted prior to your request, will still include your data. This is important to support peer review of the research and replication of results — important parts of the scientific process. PatientsLikeMe keeps special archives of your data for this purpose in accordance with relevant US and EU/EEA/UK regulations.
Other Special Cases
There are instances, not covered above, where your Non-Identifying Data, Identifying Data, and Platform Use Data may be used and disclosed, including, but not limited to, the following:
- PatientsLikeMe may use your data in the case of an emergency or other circumstance that we determine requires a member of the management team to directly contact the Member (for example, a data breach that put the Member’s data at risk).
Other Security Issues
PatientsLikeMe cannot guarantee the identity of any Members with whom you may interact in the course of using the Platform or who may have access to your displayed data. Additionally, we cannot guarantee the authenticity of any data that Members may provide about themselves.
PatientsLikeMe takes commercially reasonable technical precautions to help keep Member data secure, consistent with applicable EU, UK, and US laws. We take these precautions in an effort to protect your information against security breaches. However, this is not a guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of firewalls and secure server software. By using our Platform, you acknowledge that you understand and agree to assume these risks.
In the event of a breach, PatientsLikeMe will notify relevant regulatory authorities within 72 hours of becoming aware of the breach. We will notify affected Members as soon as possible after that.
Risks and Benefits
While our goal is to help patients improve health outcomes, there are no certain benefits to using this website. However, keeping track of personal well-being, treatments, and symptoms has been shown to be helpful in improving overall health.
There is a possibility that you may feel uncomfortable sharing information online. It is possible that you could be identified using information you elect to display on PatientsLikeMe (and/or in conjunction with other data sources). You could be discriminated against or experience repercussions as a result of the information you share. For example, it is possible that employers, insurance companies, or others may discriminate based on health information.
You should understand that anyone can register on PatientsLikeMe and view the data you have elected to share on the Platform.
In using the Platform, you are free to skip any non-required questions or data fields that make you feel uncomfortable.
Links to Other Websites or Apps
Attn: Privacy and Compliance Dept.
6 Liberty Square, Suite 2602
Boston, MA 02109
California Online Privacy Protection Act Notice
On September 27, 2013, California enacted A.B. 370, amending the California Online Privacy Protection Act to require website operators like us to disclose how we respond to "Do Not Track Signals" and whether third parties collect personally identifiable information about users when they visit us.
We do not track user activity that does not occur on our site and therefore do not use "do not track" signals.
We do not authorize the collection of personally identifiable information from our users for non-PatientsLikeMe advertising purposes through advertising technologies without separate member consent.
California Civil Code Section 1798.83 also permits our members who are California residents to request certain information regarding our disclosure of Personal Data to third parties for their direct marketing purposes. To make such a request, please send an email to firstname.lastname@example.org. Please note that we are only required to respond to one request per Member each year.
Governing Law and Platform Visitors from outside the United States
We and our servers are located in the United States and are subject to the applicable US local and national laws. These laws may not have equivalent privacy protection as those in your country of residence. When we share information about you with our various Partners, the data-sharing agreement includes data protection clauses. PatientsLikeMe, LLC adheres to the EU-U.S. DPF Principles with regard to personal data transferred from the European Union and the United Kingdom and the Swiss-U.S. DPF Principles with regard to personal data transferred from Switzerland. We also comply with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.
Be aware that the European Court of Justice (ECJ) has determined that no data transferred to the United States can be adequately protected from the United States government and that the United States does not provide adequate judicial remedies against the United States government for invasions of Europeans’ privacy.
PatientsLikeMe LLC is subject to the regulatory and enforcement authority of the US Federal Trade Commission.
We acknowledge the right of EU, UK, and Swiss individuals to access their personal data under the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF. Individuals wishing to exercise this right may do so by contacting our community team.
We will also provide EU, UK, and Swiss individuals opt-out or opt-in choices before we share their data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, you may do so by contacting our Community team.
Pursuant to the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, PatientsLikeMe LLC is liable for the onward transfer of personal data to third parties unless we can prove we were not a party to the actions resulting in the damages.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, PatientsLikeMe, LLC commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU and UK individuals and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF should first contact PatientsLikeMe, LLC at:
PatientsLikeMe, LLC has further committed to refer unresolved privacy complaints under the DPF Principles to an independent dispute resolution mechanism, Data Privacy Framework Services, operated by BBB National Programs. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/programs/all-programs/dpf-consumers/ProcessForConsumers for more information and to file a complaint. This service is provided free of charge to you.
If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/G-Arbitration-Procedures-dpf?tabset-35584=2
General Data Protection Regulation (GDPR)
All individuals have rights regarding their data. The European Union’s (EU) General Data Protection Regulations (GDPR) describes these rights in law. They include:
- You have the right to clear and transparent communication about your data. We want to make this policy as clear as possible and provide a friendlier version to help you understand it.
- You have the right to request a copy of your data in a common digital format. To request this information, please contact our community team.
- You have the right to edit or correct your data. You can edit most of your information on the Platform. If you need help with this, contact our community team.
- You have the right to request that your data be deleted. To do this, contact our community team.
- You have the right to be notified of any breach involving your data. We will notify the appropriate data protection authority within 72 hours of detecting a breach involving your data. We will notify you as soon as possible after that.
- You have the right to object to the processing of your data. You may decline any consent request to share your identifying data with a Partner and this will have no impact on your use of the service. For clarity, we may still share with our Partners data regarding you that does not identify you and is not connected with you. You may request to close your account at any time (see Closing Your Account above).
In some cases, these rights might be restricted. Some examples would include where the information requested compromises the privacy of another individual or is the subject of legal proceedings or investigation. Additionally, processing that has already occurred cannot be undone. If you have questions or complaints about our handling of these rights, see the information at the end of this policy.
What are the Legal Bases for Our Collection and Use of Your Data?
GDPR sets out a number of possible bases, three of which apply to PatientsLikeMe and the Platform:
- We need to use some identifying information just to operate the service. This includes your email address, username, password, and IP address, among other items.
- In rare cases we may need to share your data to comply with a legal obligation. See "Other Special Cases" above.
GDPR Recourse For Individuals in the EEA
Our representative in the EU for GDPR purposes is Foley Hoag AARPI. If you are a resident of the EEA, you can contact our representative at:
Foley Hoag AARPI
153 rue du Faubourg Saint-Honoré
75008 Paris, France
If you are a resident of the European Union or the UK and have a complaint about our use or processing of your data, you have a right to lodge a complaint with a national Data Protection Authority. The UK and each European Union member nation has established its own Data Protection Authority; you can find out about the Data Protection Authority in your country.
History of Updates/Changes to Terms and Conditions of Use:
- On , Updates have been applied to the section of the agreement Governing Law and Platform Visitors from outside the United States. These changes have been made to comply with the EU-US Data Privacy Framework (DPF) launched by the Commerce department effective July 17, 2023 as the successor regime to Privacy Shield. These changes have been made with guidance provided during renewal of BBB Data Privacy Frameworks Services with the Data Privacy Framework Services at BBB National Programs and the DPF Program self-certification via the Office of Digital Services Industries Data Privacy Framework (DPF) Team Industry and Analysis at the U.S. Department of Commerce, International Trade Administration.
- On , minor updates to sections about data from the EU and UK
- On , minor updates based on annual review to provide increased clarity and reflect changes in business. Updated link to the Council of Better Business Bureaus for Privacy Shield complaints.
- On , updated Privacy Shield compliance language.
- On , updated language to comply with GDPR and clarified some language aimed at researchers considering using PLM data.
- On , clarified language differentiating vendors and partners, as well as cookie and Platform Use Data usage. Also, added new language for biology and multi-omics, updated advertising policies and other minor changes and reorganization.
- On , added statement to explain ways a member can unsubscribe from emails.
- On , additional examples of shared data were added.
- On , the heading to “How Your Data is Used” was changed and clarifying language was added to both the Cookies and How Your Data is Used sections.
- On , the Safe Harbor section was updated.
- On , the following section was added: “EU Safe Harbor”.
- On , the following clauses were added: “We will provide our Partners with anonymized, aggregated community data with the goal of increasing involvement in disease research” and “except in incidents when you have given explicit permission, e.g. in the ALS Registry.”