Data Sharing and Protection Policy
Our mission is to seek fundamental knowledge about rare diseases and genetic disorders, with an emphasis on their physical manifestation in facial morphology. Our ultimate goal is enhancing innovative medical research, facilitating accelerated and improved patient diagnosis and supporting more efficient development and administration of life-saving therapeutics. Our Data Sharing & Protection Policy supports this mission by promoting the broad and responsible sharing of phenotype and genotype data collected and submitted by our Members (users), which to the best of our knowledge are certified physicians, researchers and other healthcare providers, while providing the utmost protection of patient privacy. Sharing will amplify the scientific value of data and complement multiple research efforts conducted world-wide for the benefit of science and of patients with urgent and unmet medical needs.
The protection of patients’ privacy and confidentiality is paramount, and this Data Sharing & Protection Policy reflects our continued commitment to responsible data stewardship, which is essential to uphold the public trust in medical research. Therefore, personal identifiers such as name, address, and social security number are not collected by us and Members should avoid sharing such data with us or other Members through our products and services. The collected data may, however, include facial images, clinical observations, test results, family history and other demographic information, which may be shared on an individual-level, in accordance with the access designation, as more fully described below, and in accordance with applicable HIPAA and EU data protection and privacy regulations. Individual-level data is coded in our data repositories and a corresponding unique case identifier number is provided to the submitting Member.
Protected Health Information (PHI) Protection
In order to maintain the privacy of patient photos provided by clinicians and researchers, the Face2Gene software employs facial analysis technology to automatically extract de-identified data from individual patient facial photos. Upon input of a patient photo, the photo is analyzed to detect visual data from the face, including facial features, such as eyes, eyebrows, ears, nose, mouth, forehead, jawline, and chin. These features are mapped and abstracted into de-identified data points and ratios between them, creating a mathematical facial descriptor of the patient’s face. The facial descriptor is created by machine learning through autonomous computing processes that are inherently non-linear. This means that the original facial image cannot be reverse engineered into an identifiable facial photo.
It is only the patient’s de-identified facial descriptor that interacts with the Face2Gene learning system, where it is compared to thousands of known syndrome facial descriptors, looking for correlating mathematical patterns between them. For each validated syndrome in the Face2Gene learning system, a digital facial descriptor (known as a syndrome gestalt) has been developed based on real world data. Syndrome gestalts are created by analyzing and finding patterns across of large sets of de-identified facial data from individuals diagnosed with specific genetic syndromes. The Face2Gene learning system provides the clinician or researcher with a list of best-matched syndromes based on the comparative analysis.
Face2Gene’s composite photos are syndrome models that are de-identified facial images representing the typical facial gestalt of a syndrome. These models allow clinicians to visually compare their patient to typical syndrome gestalts during evaluation. A model-generation algorithm builds these de-identified models automatically by averaging (creating a digital composite) of dozens of photos from patients with confirmed diagnoses. Only the completed models are seen by clinicians or Face2Gene staff and never the patient photos used to create them.
While only de-identified data is accessed by the Face2Gene learning system, original photos are encrypted and stored securely in a separate area of the Face2Gene database which is available only to the individual clinician or researcher who submitted the case. If the Member chooses, he/she may elect to share access to case data with clinical team members or collaborators. When using Face2Gene to work on cases privately or within your own clinical team, your institutional photo consent form is sufficient, as the patient’s PHI remains private to you and your clinical team. When sharing cases with collaborators outside your clinical team, it is the clinician’s or researcher’s responsibility to obtain appropriate consent from the patient or parent/guardian. The Member has the ability to delete patient photos at any time.
The following data fields are treated as PHI within the Face2Gene system: case name, date of birth, date of visit, and case notes. Since data in these fields is or may be identifiable, it is treated in the same manner as patient photos, encrypted and stored securely in a separate area of the Face2Gene database which is available only to the individual clinician or researcher who submitted the case. All digital communication links between Members and the Face2Gene private cloud occurs over secure, encrypted communication protocols.
The Face2Gene team is also working directly with clinical and research collaborators to facilitate a process for the capture of valuable data from clinical documents, including diagnoses, phenotypic features, and genetic test results. In order to maintain patients’ privacy, a process of automatic PHI redaction and data extraction is employed. The resulting de-identified data can then be incorporated into the individual patient case, enabling the Member more effective use of the Face2Gene software for clinical evaluation and/or research analysis. Similar to the analysis and extraction of de-identified data from a photo, only the de-identified clinical data interacts with the Face2Gene learning system. Meanwhile, the original clinical document(s) are encrypted and stored securely for the benefit of the Member, who may wish to access the document(s) at a later date. As with any other PHI data, the original document is available only to the individual clinician or researcher who submitted the case.
Tiered System for Data Collection and Sharing
Our Phenotype Data Sharing & Protection Policy is a four-tiered system for collecting, storing and sharing the data, based on the following incremental access rights designated by Members:
- Private Access (default): for data gathered and transmitted by each of our Members, processed by our technology and stored privately and securely;
- Controlled Access: for sharing case data with fellow colleagues within a clinical department or internal Members of the institution.
- Collaborative Access: for data made available only for review by our network of Members for professional information and educational purposes, as well as sharing comments and observations within Face2Gene Forums; and
- Open Access, for data made available to the public without restrictions, subject to applicable HIPAA and EU data protection and privacy regulations.
In accordance with our four-tiered system, data will be stored in four separate designated data repositories, corresponding to the access level indicated by Members. Our data repositories are hosted in a secure private cloud environment and apply the appropriate technical protection measures necessary to comply with data security, confidentiality, and privacy laws and regulations. We audit our security policies and technical measures periodically to ensure compliance with applicable HIPAA and EU data protection and privacy regulations.
The four data repositories are:
- Data designated as Private Access will be stored in a data repository partitioned in a way that allows only the submitting Member to access, review and retrieve such data.
- Data designated as Controlled Access will be stored in a data repository partitioned in a way that allows only the submitting Member and other Members actively selected by the submitting Member to access, review and retrieve such data. Except when the submitting Member actively selects to share these data with other specific Members, such data will not be shared with any third party on an individual-level and may only be shared on an aggregate-level (such as general statistics across multiple data sets or subsets) to ensure that no patient’s personal health information (PHI) is publicly disseminated nor re-identified.
- Data designated as Collaborative Access will be stored in a data repository accessible only to other Members where case data is shared with Face2Gene Forums. Such data may be shared on an individual-level only with other Members and may not be disseminated publicly on an individual-level. It may, however, be shared on an aggregate-level.
- Data designated as Open Access will be stored in a separate data repository. Such data may be retrieved and shared on an individual- and aggregate-level with third parties without restrictions through a written request for data access submitted to and reviewed by us on a case by case basis. We have the right to monitor, retrieve, store, review and use all data, regardless of privacy level designated by Members, only to the extent actually required to ensure the proper operation and maintenance of our products and services.
Access to data by FDNA personnel for maintenance and support purposes is limited strictly on a “need-to-access” basis and requires compliance with rigid internal authorization policies. In addition, all data stored in our repositories are used to train and improve our technology automatically for the continued development thereof.
Designating data as either Private, Controlled, Collaborative or Open Access should be consistent with the original informed consent or permission under which the data were collected and submitted. It is each Member’s responsibility to determine whether a patient consent or permission is required or advisable in order to disclose, process, retrieve, transmit, and view the PHI, based on the laws and regulations of the Member’s jurisdiction and/or the policies of the Member’s institution. If applicable, it is the Member’s responsibility to obtain and maintain such consents or permissions. Click here to download a sample patient informed consent.
By uploading data to our products and services, Members certify and assure that the data has been collected in a legal and ethically appropriate manner and that patients’ identifiable PHI, which are not the minimum necessary to accomplish the intended purpose of such use, disclosure or request, respectively, have been removed or de-identified before submission. Members control whether the data will be submitted to a Private, Controlled, Collaborative or Open Access data repository and assure that: The data submission is consistent with applicable laws, regulations, and institutional policies, specifically such laws and regulations which are in effect in the patient’s jurisdiction; Data submission and subsequent data sharing (if applicable) are consistent with the informed consent or permission; Risks to individuals and their families associated with data submitted to the designated data repositories were considered; and, to the extent relevant and possible, risks to groups or populations associated with data submitted to designated data repositories were considered. If no indication is made, data will be designated as Private Access by default.
Data Withdrawal or Change in Access Designation
An access level may be increased by a Member, provided the consent obtained from the patient supports such change. If, at any time, a patient revokes his or her consent in whole or in part, the respective data may be removed from the data repository completely or transferred to another data repository, as applicable. To change the access designation or withdraw data from our repositories, Members may contact us in writing via e-mail sent to email@example.com and clearly indicate the case identifier number and nature of the change. We will apply the change within 10 business days and certify such change in writing to the requesting Member. It is important to note that data already shared or disseminated in accordance with the original access designation before requesting a change in designation has been received and processed by us, may not be retrieved.
Requests for Data Access
Data stored in our designated repositories may be accessed either on an individual- or aggregate-level, based on the submitting Members’ designation of such data, the corresponding informed consents or permissions and applicable laws and regulation. Requests for access to data are reviewed by us on a case by case basis. Decisions are based primarily on conformance of the purpose described in the access request to the data use with the values and missions described in this Policy, as well as on the scope of data requested and the identity of the requesting entity. Generally, data will be shared with any entity or individual with a valid reason to request such data and will be limited to the minimum necessary to accomplish the intended purpose of such use. Third parties approved to access data from our repositories are expected to abide by terms and conditions specified in a separate agreement signed with us in accordance with HIPAA and EU data protection and privacy regulations, including:
- Using the data only for the approved purpose;
- Protecting data confidentiality;
- Following all applicable laws, regulations, and policies for handling such data;
- Not attempting to identify individual participants from whom the data were obtained;
- Not selling any of the data obtained from our data repositories;
- Not sharing any of the data obtained from our data repositories with individuals or entities other than those listed in the data access request;
- Complying with security practices that outlines expected data security protections (e.g., physical security measures) to ensure that the data are kept secure and not released to any person not permitted to access the data.
If requests for access to data are submitted by entities or individuals for non-commercial / non-profit purposes only, we will consider, based on certain criteria, such as the identity of the requester, the purposes listed in the request and the scope of data requested, granting access to such data on a non-profit basis, and in certain cases, on a pro-bono basis (bearing all costs ourselves), and, as necessary, in accordance with applicable HIPAA and EU data protection and privacy regulations.
Anyone accessing datasets from our designated data repositories, whether on an individual- or aggregate-level, will be required to acknowledge our contribution in all resulting oral or written presentations, disclosures, or publications.
Last update: March 28, 2017