Privacy Policy

1. Introduction

Third Opinion ("we," "our," or "us") is committed to protecting the privacy and security of personal information we collect from patients, clinical trial sites, healthcare providers, and other users. This Privacy Policy outlines how we collect, use, store, and protect personal information in compliance with the Health Insurance Portability and Accountability Act (HIPAA), U.S. state laws, and applicable regulations governing data privacy, retention, and deletion.

By using our services, you consent to the practices described in this Privacy Policy.

2. Information We Collect

We may collect the following types of information to match patients with clinical trials effectively:

  • Personal Information: Name, contact information, date of birth, and other identifiers.
  • Health Information: Medical history, diagnostic and treatment information, medications, and other health-related data necessary for trial eligibility.
  • Usage Data: Information about your interaction with our services, including IP address, browser type, and usage patterns.

3. How We Use Information

We use the information collected for purposes that include:

  • Matching patients to suitable clinical trials based on health information and trial criteria.
  • Improving our services by analyzing usage patterns and user feedback.
  • Communicating with patients, healthcare providers, and trial sites regarding trial eligibility and other related information.
  • Complying with legal and regulatory requirements, including those mandated by HIPAA.

4. Legal Basis for Processing

We process personal information under the following legal bases:

  • Patient Consent: Where applicable, we obtain explicit consent from patients to process health information.
  • HIPAA Compliance: We implement safeguards required by HIPAA to protect identifiable health information, including physical, technical, and administrative controls.
  • Legitimate Interest: For purposes related to the performance, improvement, and security of our services.

5. Data Sharing and Disclosure

We may share personal information with:

  • Clinical Trial Sites and Healthcare Providers: Information is shared only as necessary to facilitate trial matching and participation.
  • Service Providers: We may engage third-party vendors for IT support, data analytics, and other services that support our operations. These parties are obligated to maintain data confidentiality and security.
  • Regulatory and Legal Authorities: Where required by law, we disclose information to regulatory authorities to comply with subpoenas, court orders, and other legal processes.

6. Data Security

We are committed to securing personal information using industry-standard methods that align with HIPAA requirements, including but not limited to:

  • Encryption of data in transit and at rest.
  • Access control to restrict data access to authorized personnel only.
  • Regular security assessments and monitoring.

7. Data Retention and Deletion

In compliance with HIPAA and U.S. state laws, we retain personal and health information only as long as necessary to fulfill the purposes for which it was collected, unless a longer retention period is required or permitted by law.

  • Data Retention: Clinical trial information and health records will be retained in line with HIPAA and other relevant regulations.
  • Data Deletion: Upon request, and where permissible by law, we will delete identifiable information within a reasonable timeframe. In states with specific requirements, such as California or New York, we adhere to state-specific retention and deletion protocols.

8. Patient Rights

Under HIPAA and applicable state laws, patients have the right to:

  • Access: Request a copy of their personal and health information.
  • Correction: Request corrections to inaccurate or incomplete information.
  • Deletion: Request deletion of personal data, subject to regulatory requirements.
  • Restrict Processing: Limit the ways in which we process personal data, if allowed by law.

To exercise these rights, please contact us at [email protected].

9. Changes to This Policy

We reserve the right to update this Privacy Policy to reflect changes in our practices, legal requirements, or other factors. The "Revision Date" date at the top of this policy indicates the latest revision. Any changes will become effective when posted.

10. Contact Us

If you have questions or concerns regarding this Privacy Policy or our data practices, please contact us at [email protected].