“Your information” is the information we request when you initially download and launch the app. It is then accessible from your user profile under ‘Settings.’ This information includes, but is not limited to your user name and user profile you had used to register for the app. We also receive other types of information about you that is customarily gathered by web and mobile applications:
We receive data about you whenever you interact with the mindLAMP app, such as when you launch the application, click on, view or otherwise interact with a feature. This may include date and time of the request, the feature requested, and completion status of the request. We receive data from the mobile phone you use to launch mindLAMP app. We receive data about your answers to surveys and cognitive tests. If you opt in, we receive geospatial data that can tell us where you are nearby when you interact with the app. If you opt in, we receive data about your step count and other information provided by Apple Health Kit or Google Fit.
Your personal information may be used to support internal operations, including troubleshooting/user support, and service improvements. To ensure you are receiving the highest level of service in your interaction with the mindLAMP app, your contact information may be used to communicate back with you regarding your requests. We also use the data to create aggregated statistics which helps us in the improvement of our service. Aggregated data allows us to evaluate "traffic" patterns to our app in terms of the number and role of visitors, level of demand, most popular requests, and types of errors. These statistics are not linked to any personal information that can identify any individual person. This data may be kept for an indefinite amount of time, and it may also be used at any time and in any way reasonably necessary to monitor for security breaches and to ensure the integrity of the data on our servers.
The Division of Digital Psychiatry at the Beth Israel Deaconess Medical Center will never access your data without prior consent and permission. If self-deploying the LAMP Platform, you will be in sole control and ownership of all data consumed or produced by the LAMP platform. We do not by default request, use, or store any personally identifiable information, and strongly recommend against using the user-facing utilities to do so.
We do not sell, trade, or otherwise transfer to outside parties any information we receive. We may release information we collect to judicial, law enforcement or other government agencies when we believe release is appropriate to comply with a governmental or court order, or the law, to enforce our own policies, or to protect ours or others’ rights, property or safety. We may share aggregate statistics about our visitors, general traffic patterns, app usage, survey answers, cognitive test results, and phone collected data like step count, geospatial location, flights of steps climbed (and other Apple Healthkit and Google Fit data) for purely research purposes. If used for research, your data will be only used in an aggregate form. We will never use your data for marketing or commercial purposes.
We make every reasonable effort to protect your information against unauthorized access, alteration, disclosure or destruction using current security technologies. Servers that host the mindLAMP app and store your personal information are maintained in a secured facility behind a firewall. The mindLAMP app security measures are reviewed regularly and are consonant with policies for secure healthcare data storage. Finally, we restrict access to users’ personal information to our employees, contractors and agents who need to know that information in order to process it on our behalf for purposes of providing you support and services. These individuals are required to attend training on patient privacy and confidentiality and are bound by strict confidentiality obligations.
Your account may be deleted via the app through the delete my account button. You may delete your account at any time. When you delete your account you will be asked if you want us to delete your data as well.
Yes, you can delete any content stored in the LAMP Platform. There is a soft-deletion period of 90 days during which the data is unavailable but may be restored by request. Once the 90 day period ends, the data is deleted permanently, after which it may no longer be recovered.
Here's some language you might find useful in conveying the LAMP Platform's HIPAA compliance and safety to your IRB.
Encrypted information from survey responses and passive data will be sent and stored electronically on a secure server. Responses from individual patients will be identified by a randomized number and contain no personal identifiable information apart from age and gender.
Here's another example regarding participant anonymity.
The app never records or stores any personal identity information. Every participant is assigned a randomly generated participant ID (for example, “U123456789”), and all participant data are connected only to that ID, not to a name, phone number, or address.