* Confidentiality *

  All Growing Up Today Study data (including questionnaire responses, medical information, and name and address information) are kept strictly confidential. We never release individual information about any participant to anyone for any reason, period. We do not sell, rent, or lend our mailing list to any other group. Only senior Channing Laboratory staff members, who perform updates to the file and generate questionnaire or follow-up mailings, have access to the name and address file.

 

The Growing Up Today Study complies with the Health Insurance Portability and Accountability Act (HIPAA) regulations concerning the storage and sharing of data. To protect your answers to our questionnaires, each member of the cohort is assigned a unique ID number that is printed on paper questionnaires and used as a username for the Web-based survey. The ID allows us to match your current responses with your questionnaire data from previous years, without using your name or address to identify it.

* Physical Security *

This Growing Up Today Study website was developed by Channing Laboratory and is hosted on a state-of-the-art server at Verio, an NTT communications company.

Verio maintains rigorous control over the privacy of data within their infrastructure (e.g. “back office network”) in compliance with existing laws, regulations, and best-practices within the Industry. To all practical ends, sensitive information regarding data, deployment structure, etc. is protected via Verio’s security structure, which includes firewalls, IDS/IPS, forced authentication of employees who need to access such data, contracted penetration testing, etc.

 

NTT/Verio has obtained the SAS-70 type I and type II certifications for our Data Centers. They use a third party auditor to conduct SAS-70 audits annually. In addition, ISS has a Systrust Certification which was awarded by Ernest &Young and is renewed annually. NTT/Verio employees undergo Social Security Number, credit and criminal background checks for all employees.

*Data Security – Access to Configurations and Systems *

The following network security measures and policies are in place at Verio:

Access to internal and production network equipment is restricted to a small group of highly qualified and trusted network technicians, and their remote sessions are allowed only from very specific, secure points within the corporate network.

Network equipment is physically secured. Nobody other than Verio data center operations staff has physical access to Verio network equipment.

All access attempts and all commands/actions on the equipment are logged locally and on redundant remote servers. Logs and all configuration changes are monitored

Authentication is controlled by centralized and secured TACACS servers

All sensitive areas and types of access are protected by strict access-lists. All unused or unsecured forms of access are disabled in configuration.

All vectors of remote or console administrative access to the network equipment are password and/or crypto-key protected. Passwords are changed periodically and different un-guessable passwords are used for different locations/systems. No vendor-default or well-known access communities/passwords are ever used.

The network and equipment is constantly monitored for reach-ability and various operational parameters.

 In addition, all data between our server and respondents' computers is protected by 128-bit SSL data encryption. This level of data security is usually reserved only for online credit card transactions. SSL transmission protects your answers as they travel over the Internet from your computer to our web server.  

Federal research regulations require us to include the following information.

There are no direct benefits to you from participating in this study. The risk of breach of confidentiality associated with participation in this study is very small. Your choice to participate in this study is completely voluntary and you may decline or withdraw at any time without penalty.

You may skip any question you do not wish to answer. You will not receive monetary compensation for participating.

If you have any questions regarding your rights as a research participant you are encouraged to call a representative of the Human Subjects Committee at the Harvard School of Public Health (617-384-5480).