HIPAA Compliance Statement
Any health-related information entered on the PCRI website is handled by systems that are compliant with the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"). All HIPAA requirements and standards have been met for the sources and uses of data promulgated under the U.S. Department of Health and Human Services regulations (the "HIPAA Regulations").
All personnel involved in data handling or management have passed HIPAA compliance standards tests and the system is continually upgraded to ensure secure data exchange. All PCRI systems meet the highest research standards for human subject data and is very sensitive to participant confidentiality and consent. Security is always a high priority, not only to protect from data or hardware loss, but also to ensure confidentiality.
All data transactions with users on the PCRI site are 128-bit SSL encrypted. Servers employ power-on and user passwords, virus protection, and battery backup systems in an SAS-70 compliant data center with restricted access to authorized maintenance through 24/7 biometric security measures. Operating System and security patches are current. Servers are constantly monitored for break-in attempts or other illegal activity. Personal data storage is maintained with scrambled, de-identified numbers. Therefore, if security is breached, no personal data are recognized or accessed.