Privacy policy

Effective

PatientsLikeMe (https://www.patientslikeme.com) (“Platform”) is a sharing website. This Privacy Policy outlines the type of information PatientsLikeMe collects from individuals who have registered to join our Platform (“Members”) and how and why this information is shared with third parties, including, but not limited to, other Members, pharmaceutical companies, medical device companies, non-profits, and research institutions (“Partners”). This policy also governs Platform Use Data (as described below) that we may collect from Members and other visitors.

We reserve the right to modify this policy at any time, and without prior notice, by posting an amended Privacy Policy and terms on this website. We encourage Members to review this policy periodically for any updates.

If you are a participant in PatientsLikeMe’s DigitalMe™ initiative, then you are participating in a much broader sharing of information that includes biological samples, genetics, and data from a wide variety of sources. Additional information about how data is shared under that initiative is available in the DigitalMe Ignite Informed Consent Document, the terms of which govern for DigitalMe participants with respect to any conflict with this Privacy Policy. Residents of nations that are part of the European Economic Area (EEA) are not eligible to participate in DigitalMe at this time.

Why Do We Share Data

Our goal is to provide a platform for patients who want to share their health information to create collective knowledge about disease, health, and treatments. We know our success in achieving this goal depends on a shared belief in our Openness philosophy. Being open about one’s health is not for everyone, and we strive, with full transparency, to outline the benefits and risks of being part of this sharing site, including those related to privacy.

Your Data Rights, As Expressed by GDPR

All individuals have rights regarding data that is identified or connected to their identity (“Personal Data”). The European Union’s (EU) General Data Protection Regulations (GDPR) describes these rights in law, but PatientsLikeMe believes they apply to all individuals. They include:

In some cases, these rights might be restricted. Some examples would include where the information requested compromises the privacy of another individual or is the subject of legal proceedings or investigation. Additionally, processing that has already occurred cannot be undone. Further, these rights to edit, delete, be notified of a breach, and object to processing all apply to Personal Data and do not apply to De-Identified Data that, for example, has been shared by us with our Partners and Vendors.

If you have questions or complaints about our handling of these rights, see the information at the end of this policy.

What are the Legal Bases for Our Collection and Use of Personal Data

PatientsLikeMe believes that the above rights mean that any processing of your Personal Data must have a solid legal basis. GDPR sets out a few possible bases, three of which apply to PatientsLikeMe and the Platform.

As with data rights, we believe that all processing of any user’s Personal Data should be for a clear and transparent reason.

Who Uses The Data We Collect

There are four broad groups of people with whom we share data, including Personal Data.

The Community – This group is you and your fellow patients on the site. You share data, including possibly Personal Data, through your profile and the various social components on the site. By sharing your data others can learn from it.

PatientsLikeMe – We use the data you provide internally, both to improve our services and to conduct our own research.

Our Partners – PatientsLikeMe frequently partners with other institutions to conduct research. These Partners include, but are not limited to: universities, pharmaceutical companies, hospital systems, insurance companies, and regulatory bodies (including the US Food and Drug Administration – i.e. the FDA). One key group of Partners are the other members of the Digital Life Alliance — like-minded digital health, science, and technology companies who work closely with PatientsLikeMe to improve health and healthcare around the globe.

Vendors – We also contract with various service providers for business and technical services like e-mail delivery, site hosting, marketing, help desk support, and others.

Details of how these different groups use our data is provided below.

Privacy Settings

There are two privacy levels a Member may choose for participation at PatientsLikeMe:

Members only: PatientsLikeMe Members can see the data associated with the Member’s username and avatar image; or

Public: Non-members and Members can see the data associated with the Member’s username and avatar image.

Public profiles may be indexed or stored by Internet search engines (e.g. Google) or other independent sites, which means a Member’s Personal Data may come up in the search results by anyone on the Internet, even after switching privacy levels.

It is strictly against this Privacy Policy and our Terms of Use to use this public data for any purpose other than providing Internet search services. A member choosing to share their health information broadly is NOT consenting to uses outside of our Terms of Use.

Members may change their privacy level at any time. Neither option will allow non-members of the community to contact you.

What Kind of Information We Collect

Restricted Data

When a member enters what could reasonably be used to identify them, that data is treated as “Restricted Data.” Types of Restricted Data that Members may submit on the Platform include:

PatientsLikeMe may de-identify Restricted Data, such that it no longer contains identifying information and is no longer Restricted Data, in which case such data shall be treated by PatientsLikeMe as Shared Data (described below). Examples of such de-identification include, but are not limited to, using age instead of birthdate or using a zip code instead of a full address. PatientsLikeMe may also remove identifying information from free text entries like forum posts or comments. Once the identifying information is removed, PatientsLikeMe shall treat the free text as Shared Data.

PatientsLikeMe may aggregate or statistically analyze Restricted Data, including from more than one member, in which case such resulting aggregated or statistically analyzed data shall be treated as Shared Data by PatientsLikeMe.

Shared Data

“Shared Data” is all information, except Restricted Data, that Members provide about themselves when using the Platform or in other communications with PatientsLikeMe. Examples of Shared Data that Members may submit include:

PatientsLikeMe may aggregate or statistically analyze Shared Data, including from more than one member, in which case such resulting aggregated or statistically analyzed data shall also be treated as Shared Data by PatientsLikeMe.

Platform Use Data

We, and our Vendors, may use web tracking technologies such as cookies and pixel tags to understand how members use our platform. Such collected data (“Platform Use Data”) may include the URL of the websites you visited before and after you visited our Platform, the type of browser you are using, your Internet Service Provider, what pages in our Platform you visit, what links you click on, date and time of your visit and duration, and whether you open email communications we send to you. You may be able to modify your browser settings to alter which web tracking technologies are permitted when you use the Platform, but this may limit your use of the Platform.

Platform Use Data is typically only used by PatientsLikeMe and our Vendors. However, when de-identified it may be shared with our research Partners, as we do with Shared Data, to help them understand how members use and benefit from the site.

How Member Data is Used and Shared

Members should expect that every piece of Shared Data they submit (even if it is not currently displayed) may be shared with the Community and Partners. Members are encouraged to share health information but should consider that the more information that is entered, the more likely it is that a Member could be located or identified.

How Restricted Data is Used

There are only 3 ways Restricted Data is shared with the community.

If the Member is acting in a role other than patient additional restricted information may be shared. For example:

We will never sell, share, or use your restricted information for non-PatientsLikeMe advertising purposes.

PatientsLikeMe uses Restricted Data internally, as needed, for research, for maintenance and operation of the Platform, and to create the best possible tools and experience for patients. We take steps to protect this data and limit access to only those who need it for their job.

If we have a member's permission, their e-mail address will be used to send them a variety of notifications, including study invitations, newsletters, and private message notifications. A member may change this setting at signup, on their account page, or by clicking the unsubscribe link at the bottom of any email they receive from PatientsLikeMe. However, all members receive administrative emails (like forgot password messages) and you cannot opt out of administrative emails while you remain registered with the Platform.

Additionally, Restricted Data is not shared with or sold to Partners unless explicit consent is given. Specific instances where consent may be requested include:

If you are a participant in PatientsLikeMe’s DigitalMe initiative then you have consented to having your Restricted Data shared more broadly than described here (including broader than may otherwise be permitted under GDPR). Please see the informed consent document for more information.

PatientsLikeMe will share Restricted Data, in some instances, with Vendors for the purpose of operating or improving our services. Before sharing Restricted Data with a Vendor PatientsLikeMe will investigate potential Vendors to ensure that their security and privacy practices are compliant with relevant regulations and up to PatientsLikeMe standards. Specific examples where Restricted Data may be shared with Vendors include:

How Shared Data is Used

Shared Data is shared with the Community via Member profile pages and through aggregated reports that are made available to other PatientsLikeMe Members. In some instances, this Shared Data is also viewable to those not registered to join PatientsLikeMe (“Non-members”). We report publicly Shared Data in aggregate, such as the number of patients on a particular treatment or the number of patients experiencing a particular symptom (see public Treatments and Symptoms sections). If a Member chooses to designate their profile as “Public” (see Privacy Settings above), their Shared Data can also be viewed by Non-members and linked with aggregated reports. These public profiles may be used by anyone accessing the website in reports, conference presentations, media mentions, etc.

In addition to serving the individual needs of our Members, PatientsLikeMe and its Partners are interested in better understanding the patient experience and improving treatment options and health outcomes for everyone. For example, we may look at questions such as, “Do certain treatments work better for some types of people versus others?” PatientsLikeMe provides Shared Data, in individual and aggregate format, to Partners for use in scientific research and market research. When selling this information, PatientsLikeMe removes Members’ Restricted Data (de-identification) to reduce the possibility of re-identification and, where possible, contractually forbids Partners from trying to re-identify Members.

PatientsLikeMe may also periodically ask Members to complete surveys about their experiences (including questions about products and services). Survey responses are analyzed, combined with Members’ Shared Data and shared with and/or sold to Partners. Member participation in these surveys is not required and refusal to do so will not impact a Member’s experience with PatientsLikeMe.

PatientsLikeMe may also report individual adverse event and drug safety information to regulatory Partners like the FDA, CDC, and/or other bodies (US and international) as well as directly to pharmaceutical and biotechnology companies. PatientsLikeMe does not provide Restricted Data to such regulatory bodies, although we reserve the right to contact Members for follow-up at the request of agencies or Partners. The Shared Data that PatientsLikeMe reports may include free text or images on the forums or evaluations. In addition, certain areas within our Platform are provided with the support of Partners. These Partners may have adverse event reporting requirements that relate to regulated products that are used by Members of our community and PatientsLikeMe assists such Partners with reporting adverse events to regulatory agencies.

Finally, PatientsLikeMe may use Shared Data internally or send Shared Data to Vendors who assist with operating our services or performing research. This data is used to provide or improve the services offered and to conduct newer multi-omics research. For example, we may send treatment or condition information to an e-mail provider so that information can be included in message we send to you.

PatientsLikeMe, like other Internet communities, is a “public forum.” Members acknowledge and accept that Shared Data might be used by members of the community to identify them in the right combinations. For example, having a very rare disease might make it easier to identify somebody when age and gender are also known.

For clarity, “public forum” in this context does NOT mean that the content and data are freely usable by third parties. Any uses outside of our Terms of Use and this Privacy Policy are prohibited.

How Platform Use Data is Used

We use Platform Use Data for several purposes:

Authentication: We use Platform Use Data stored in cookies on your computer to indicate that you have logged into your PatientsLikeMe account and to enable you to use certain portions of our Platform.

Understand Our Users: We use Platform Use Data to analyze trends, track users' movements around the Platform, and gather demographic information about our user base as a whole. This provides us with the ability to determine aggregate information about our user base and usage patterns. Understanding how people use our Platform allows us to make the Platform better for everybody. We may also use this information, possibly in coordination with one of our research Partners, to do relevant research on user behavior or medical outcomes. We do not sell or provide this usage data to third parties for advertising or marketing purposes, but we sometimes provide our Partners with aggregated usage data of all individuals they have referred to our site. We will only provide personally identifying or identifiable Platform Use Data to Partners with your express consent.

Administer Platform: We use Platform Use Data to help administer the Platform and members’ use of the Platform. We may, in some circumstances, need to review this Platform Use Data in combination with specific Restricted Data to identify and resolve issues for individual users.

Advertising: We may use cookies or Platform Use Data to tailor advertisements about joining PatientsLikeMe, to promote certain participation opportunities to you, or to exclude you from advertising that is not relevant to you, including when you are visiting other sites or platforms.

Closing Your Account

Members are free to stop using this service at any time. If a Member chooses to deactivate his/her account, PatientsLikeMe will not display or sell the Member’s Personal Data as of the date of deactivation. However, the Member’s Personal Data, including Shared and Restricted Data, will remain in the system for up to 3 years unless you contact our community team to request that your data be deleted.

It is important to note that, even if you request deletion, any research conducted, or in progress, prior to deactivation will still include your data. This is important to support things like peer review and the replication of results — important parts of the scientific process. PatientsLikeMe keeps special archives of your data (which include profile, survey, and DigitalMe data) for this purpose in accordance with relevant US and EU/EEA regulations.

Other Special Cases

There are instances, not covered above, where Shared Data, Restricted Data, and Platform Use Data may be used and disclosed including, but not limited to, the following:

Other Security Issues

PatientsLikeMe cannot guarantee the identity of any Members with whom a Member may interact in the course of using the Platform or who may have access to a Member’s Shared Data. Additionally, we cannot guarantee the authenticity of any data that Members may provide about themselves.

Finally, Members should know that PatientsLikeMe takes commercially reasonable technical precautions to help keep Member data secure, consistent with applicable EU and US laws. We take these precautions in an effort to protect your information against security breaches. However, this is not a guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of such firewalls and secure server software. By using our Platform, you acknowledge that you understand and agree to assume these risks.

In the event of a breach, PatientsLikeMe will notify relevant regulatory authorities within 72 hours of becoming aware of the breach. We will notify you as soon as possible after that.

Risks and Benefits

While our goal is to help patients improve health outcomes, there are no certain benefits to using this website. However, keeping track of personal well-being, treatments, and symptoms has been shown to be helpful in improving overall health.

There are also no known risks to using this website, but there is a possibility that users may feel uncomfortable sharing information online. It is possible that a Member could be identified using information shared on PatientsLikeMe (and/or in conjunction with other data sources). A Member could be discriminated against or experience repercussions as a result of the information shared. For example, it is possible that employers, insurance companies, or others may discriminate based on health information.

Members should understand that anyone can register at PatientsLikeMe and view the Shared Data in the system. If you are reading this Privacy Policy because you have access to a Member’s information, we urge you to recognize and fulfill your responsibility to protect the privacy of that person.

In using the Platform, Members are free to skip any non-required questions or data fields that make them feel uncomfortable.

Governing Law and Platform Visitors from outside the United States

We and our servers are located in the United States and are subject to the applicable US local and national laws. These laws may not have equivalent privacy protection as those in your country of residence. When we share information about you with our various Partners we use contractual data protection clauses which have been approved by the European commission.

Those who choose to access the Platform do so on their own initiative and understanding that their use of the Platform and PatientLikeMe’s use of the Shared Data, Restricted Data, and Platform Use Data is subject to EU and US laws and regulations including the GDPR. If users choose to access or use the Platform, they consent to the use and disclosure of information in accordance with this privacy policy and subject to such laws.

Questions about the Privacy Policy

If you have questions or comments about our Privacy Policy, please let us know, or contact us at:

PatientsLikeMe Inc.
Attn: Privacy Issues
160 Second Street
Cambridge, MA 02142

California Online Privacy Protection Act Notice

On September 27, 2013, California enacted A.B. 370, amending the California Online Privacy Protection Act to require website operators like us to disclose how we respond to "Do Not Track Signals" and whether third parties collect personally identifiable information about users when they visit us.

  1. We do not track user activity that does not occur on our site and therefore do not use "do not track" signals.
  2. We do not authorize the collection of personally identifiable information from our users for non-PatientsLikeMe advertising purposes through advertising technologies without separate member consent.

California Civil Code Section 1798.83 also permits our members who are California residents to request certain information regarding our disclosure of Personal Data to third parties for their direct marketing purposes. To make such a request, please send an email to privacy@patientslikeme.com. Please note that we are only required to respond to one request per member each year.

GDPR Recourse For Individuals in the EEA

Our representative in the EU for GDPR purposes is Foley Hoag AARPI. You can contact our representative at:

Foley Hoag AARPI

153 rue du Faubourg Saint-Honoré

75008 Paris, France

If you are a resident of the European Union and have a complaint about our use or processing of your Personal Data, you have a right to lodge a complaint with a national Data Protection Authority. Each European Union member nation has established its own Data Protection Authority; you can find out about the Data Protection Authority in your country.

History of Updates/Changes to Terms and Conditions of Use: