* Confidentiality *
All Nurses' Health Study data (including questionnaire responses, medical information, and name and address information) are kept strictly confidential. We never release individual information about any participant to anyone for any reason, period. We do not sell, rent, or lend our mailing list to any other group. Only senior Channing Laboratory staff members, who perform updates to the file and generate questionnaire or follow-up mailings, have access to the name and address file. The Nurses' Health Study complies with the Health Insurance Portability and Accountability Act (HIPAA) regulations concerning the storage and sharing of data. To protect your answers to our questionnaires, each member of the cohort is assigned a unique ID number that is printed on paper questionnaires and used as a username for the Web-based survey. The ID allows us to match your current responses with your questionnaire data from previous years, without using your name or address to identify it.
* Physical and Data Security *
This website was developed by Channing Laboratory and is hosted on state-of-the-art servers. HostGator maintains rigorous control over the privacy of data within their infrastructure (e.g. “back office network”) in compliance with existing laws, regulations, and best-practices within the Industry. The datacenters feature redundant power, HVAC, and fire detection systems, and are monitored 24/7 by both HostGator and The Planet's Network Operation Centers. In addition to a fully redundant network and top of the line data centers, HostGator system administrators monitor all servers 24 hours a day, 7 days a week. Servers are monitored and issues are acted upon before they become serious. Additionally, the network and datacenters are monitored and managed by on-site technicians dedicated to ensuring maximum uptime and reliability. Data centers located only in facilities with controlled access and 24-hour security, No server room doors are public-facing, Server rooms are staffed 24/7, Digital security video surveillance, Server room access strictly limited to employees and escorted contractors or visitors, All data removed from re-provisioned machines with drive wipe software approved by the Department of Defense, Engineers and technicians trained on internal industry standard policies and procedures and audited yearly, Private Network allows for true out-of-band management through a distinct stand-alone third carrier over SSL, PPTP, or IPSEC VPN gateways,
To all practical ends, sensitive information regarding data, deployment structure, etc. is protected via Verio’s security structure, which includes firewalls, IDS/IPS, forced authentication of employees who need to access such data, contracted penetration testing, etc. They have obtained the SAS-70 type I and type II certifications for their Data Centers. They use a third party auditor to conduct SAS-70 audits annually. All vectors of remote or console administrative access to the network equipment are password and/or crypto-key protected. Passwords are changed periodically and different un-guessable passwords are used for different locations/systems. No vendor-default or well-known access communities/passwords are ever used. The network and equipment is constantly monitored for reach-ability and various operational parameters. In addition, all data between our server and respondents' computers is protected by 128-bit SSL data encryption. This level of data security is usually reserved only for online credit card transactions. SSL transmission protects your answers as they travel over the Internet from your computer to our web server.
* HIPPA *
Federal research regulations require us to include the following information. There are no direct benefits to you from participating in this study. The risk of breach of confidentiality associated with participation in this study is very small. Your choice to participate in this study is completely voluntary and you may decline or withdraw at any time without penalty. You may skip any question you do not wish to answer. You will not receive monetary compensation for participating. If you have any questions regarding your rights as a research participant you are encouraged to call a representative of the Human Subjects Committee at the Harvard School of Public Health (617-384-5480).