You may have questions about how RDMD keeps your health information safe and secure—many other patients have reached out about this very thing. We take security and data privacy very seriously—in fact, it’s one of our top priorities. We created a summary below to help you understand our privacy and security efforts. We work alongside experts in data privacy and security to ensure that the proper controls are in place for the data you trust us with. We know how sensitive your health information is and how big a deal unauthorized access would be. Please feel free to reach out to us about anything relating to data privacy and security. Below we explain in more detail how we keep your data safe.
When you sign up for RDMD, you’ll get a private profile where you can manage all of your medical records, which we will retrieve for you on your behalf (all you have to do is sign up, and we’ll guide you through in a few simple steps). You can choose to share this information with a new doctor, for example, but you will never be contacted about it by anyone outside of RDMD—unless you give explicit permission.
If you choose to participate in RDMD Research, you can contribute your de-identified health information to researchers who are interested in learning more about your condition. “De-identified” data means data that is stripped of personally identifiable information, such as your name, birthday, address, email, or any other information that someone could use to find you. This way, a researcher who gets access to your personal health data will not know that this information belongs to you. We do this to protect your identity and to minimize the risk that anyone can trace health data back to you. Most of the time, we aggregate, or “pool,” your de-identified data with that of other patients, so that all the data is shown as a batch. We will never share your name or identifiable information with external researchers unless you explicitly tell us to. (And even then we will make extra sure that you are certain!)
Not only do you get to choose whether to contribute your de-identified data to research broadly, you also get to choose which researchers can access this data. Of course, RDMD tries to ensure that each research project we facilitate is ethical, appropriate, and compelling, but on the off chance that you do have a personal concern, it is your right to withdraw all research involvement. We want to be transparent about which researchers get access to your data, and for what reason, so we do our best to show you which research projects have used your de-identified data. Keep in mind that if you do consent to contribute your data to research and your data becomes used in a study, it cannot be withdrawn after the study has started.
Because we need to retrieve, handle, process, and analyze your medical records, we have specifically trained personnel who will have access to your identifiable data. However, we don’t allow just anyone, or any employee at RDMD to gain access. Only designated individuals who are trained in the proper handling of sensitive personal health information and human subject biomedical research will be able to login and gain access to medical records--and then only if the data has a direct connection to their work. We conduct background checks, consult references, and make sure such individuals are properly contracted with RDMD, legally binding them to keep your information private, secure, and confidential. Additionally, we train all our employees on privacy, security, and research best practices to make sure that everyone is up-to-date on our internal procedures. If there are any suspicious activities, we respond right away.
We’ve spent a lot of time investing in the latest technology and software to ensure that all your data is protected and secure. We regularly seek advice from top security and data privacy lawyers, consultants, and experts, who help us build our technology as well as our policies. We even appointed a Chief Security Officer, who makes sure that everything on our platform—meaning both hardware and software—is protected from unauthorized access and breaches as much as reasonably possible. A few examples of our privacy and security measures include: