Privacy policy

MedPeers implements rigorous security measures to protect patients’ personal and medical data.

1. In compliance with the European General Data Protection Regulation (GDPR) and the United States Health Insurance Portability and Accountability Act of 1996 (HIPAA), MedPeers does not allow the use of patient-identifiable data, even if the patient provided written informed consent. Identifiable is herein defined as data that can be directly or indirectly identified, either by reference to an identifier such as a name, an identification number, an online identifier or one of several special characteristics, which expresses the physical, physiological, genetic, mental, commercial, cultural or social identity of these persons. In practice, these also include all data which are or can be assigned to a person in any kind of way. For example, birthdate, telephone or national security number, hospital registration code and any other personal number are all personal data.

2. For the use of unidentifiable data, patients have to be pre-informed complying fully with institutional standards, national and international jurisdiction and provide informed consent, preferably as provided by the institution. The signed informed consent form should be stored by the author(s) in the electronic patient database and/or archived for a period of minimum 15 years. Patients have the right to withdraw their consent at any point in time (opting-out) and, should the patient be deceased, the nearest relatives inherit this right. MedPeers will be responsible for the complete removal of data on the platform.

3. Co-workers, other than the co-authors, should either not be identifiable on the content provided by the author(s) or they should provide informed consent. The consent forms should be archived by the author(s) for a minimum period of 15 years. Co-workers that can be identified, as defined above, reserve the right to request for partial or complete removal of the content.