PEER Logo


Privacy Policy

The principal steward of the Platform for Engaging Everyone Responsibly (herein "PEER" is Genetic Alliance, Inc., a non-profit leader in health and patient advocacy founded in 1986. Genetic Alliance, and numerous communities who operate a PEER portal (each a "PEER Community" under a license with Genetic Alliance, use PEER to help engage community members and collect information ("PEER Data") from individuals ("Participants") and/or their legally authorized representatives ("Proxies") According to the terms of the agreement between Genetic Alliance and the owner of each PEER Community, such owners agree to only use PEER Data according to the express wishes of the Participant or their Proxy, as applicable. PEER Data includes information entered by the Participant and their Proxy, or that is transmitted to a Participant's account in PEER from an Electronic Health Record (EHR) system, third-party database or device, at the request of the Participant or their Proxy.

PEER enables users to set permissions under which their information may be accessed and shared. This innovation of individuals controlling the use of their own information has resulted in a number of recognitions, including by Forbes Magazine, which identified PEER as one of six approaches "that are transforming health systems around the world."

As part of our wish to afford Participants with the highest quality services and protections, Genetic Alliance voluntarily submitted PEER for review by Western Institutional Review Board (WIRB), the world's largest provider of regulatory and ethical review services for human research. WIRB is an independent organization established in 1968 specifically to certify human subject protection for health-related research programs. As part of registering to use PEER, users must acknowledge that they have considered a written information statement provided to prospective Participants in accordance with Federal Regulations. In addition to WIRB, PEER receives ongoing oversight from the Genetic Alliance Institutional Review Board and BioTrust Ethics Team, each of which includes affected individuals and domain experts.

This Privacy Policy explains the policies put in place by Genetic Alliance and used to protect the privacy of the Participants whose information is included in PEER, other databases used in conjunction with PEER and the PEER Community, and associated sub-domains and related services. The use of PEER by a Participant or their Proxy constitutes an acceptance of this Privacy Policy and our Terms of Use.

Genetic Alliance employs technologies and services from Private Access, Inc., a pioneer in privacy-management technology and along with Genetic Alliance, a co-owner of PEER, in carrying out this Privacy Policy. A separation of duties between Genetic Alliance and Private Access enables PEER to enforce a powerful security principle called 'least privilege' which says that no single person or entity should be able to access information or to exercise privileges beyond what is necessary to perform that person's or entity's assigned role.

If a Participant elects to use PEER (whether from the PEERportal.org website or from any PEER Community website), the Participant or their Proxy will need a Private Access account. As an individual user, there is no charge for a Private Access account, and there is no charge for creating a PEER account. In order to create a new Private Access account, the user will need to enter into an End-User License Agreement (EULA) between the user and Private Access, Inc. that will detail the rights and responsibilities of the respective parties. The Private Access EULA incorporates by reference Private Access' Privacy Statement, which is consistent with Private Access' role in enabling Genetic Alliance to fulfill the terms of this Privacy Policy. Once accepted, the Private Access EULA and Privacy Statement will supplement our Terms of Use and this Privacy Policy. Thus, before using PEER, we encourage you to review these materials carefully.

With respect to PEER, Private Access holds and manages all personal contact information (such as name, address, phone number and email address), privacy preferences, and date of birth; and Genetic Alliance holds and/or manages all other information included in the PEER database. This division of responsibility supports the principle of least privilege, discussed above, and enables the participant or their legally authorized representative to decide who should receive applicable portions or all of their PEER Data, and for what purpose.

Powerful encryption technology is used to protect this information, and only the Participant or their Proxy - acting through explicit privacy preferences that each individual controls through Private Access - can enable his or her information to be discoverable by searches of the PEER database, linkable to the Participant's name and contact information, and/or shared with any person or entity.

PEER's Privacy Policy is founded on the eight Fair Information Practice Principles set forth in the Department of Health and Human Services' Nationwide Privacy and Security Framework, and intended to guide the actions of all people and entities that participate in electronic sharing of individually identifiable health information. These principles, and PEER’s translation of these principles into the privacy policies that guide our day-to-day operations, are summarized below:

Individual Access Participants are able to view all of their own information held in PEER, as well as the privacy permissions they have set for that information.

Correction Participants are able to make corrections to their own information held in PEER and their PEER Community.
Openness and Transparency All PEER Communities have agreed to use PEER Data only as indicated by the Participant's privacy permissions. Unless required by law or subpoena, PEER will not make any of a Participant's PEER Data, or information about his or her individual use of the PEER Community, accessible to anyone whom the Participant has not authorized. Participants and/or their Proxy may view a report of all accesses to the Participant’s individually identified information held by PEER at any time.

Individual Choice Each Participant agrees to permit Genetic Alliance, Private Access and the applicable PEER Community to retain and manage his or her PEER Data until the Participant removes it from PEER. So long as the information is in PEER, the Participant’s PEER Data will not be included in any search result, or otherwise shared with anyone else, without the Participant's express authorization.

PEER uses Private Access technology to enable Participants (or the Proxy action on their behalf) to designate what information they wish to make available, whether it may be linked to the Participant’s contact information, and by whom and for what purposes it can be used. By default, all of a Participant's PEER Data is encrypted and may only be accessed in an unencrypted form by the Participant, their Proxy, and individuals who they have authorized to search and discover it.

Participants can change their choices at any time; and to the maximum extent permissible by law, the decision to allow (or not allow) the requested use of, or access to PEER Data is based on the Participant’s privacy preferences in effect at the time such use or access is attempted.

Collection and Use Registration requires a user to submit a valid email address, which is used to uniquely identify the account owner and retained by Private Access in the event a user loses his or her lost password or username. Once registered, users may create one or more Participant profiles which require a minimum amount of personally identifying information, including date of birth. No contact information is required unless a Participant's privacy selections allow contact, or authorize future requests to make contact or export the Participant's PEER Data. If a Participant elects to include his or her personal contact information in PEER, this information is not shared with anyone without the advance authorization or express consent of the Participant or a Proxy on the Participant's behalf.

PEER Data is provided directly by Participants through their responses to questions, or received by PEER from an EHR system or other transmittal at the request of the Participant or their Proxy. The only information PEER collects in the background without the user's explicit permission is data to help manage the user session, metrics to improve PEER's services, and audit data. Data collected to help manage the user session is stored in cookies held by the user's browser. All session information is deleted from a user's computer or mobile device immediately when he or she logs off, or after several minutes of inactivity. Genetic Alliance with respect to PEER as a whole, and each PEER Community with respect to its users, collects general (not user-specific) metrics such as length of time spent using the PEER Community and the universal resource locator (URL) of the site that referred the user to the PEER Community. We aggregate these measures with those of other users and employ these statistics to help us improve our services. To enable us to maintain system security and to detect potential malicious code activity and intrusions, we record security-relevant events in an audit trail.

With the user's explicit permission, we also may collect information that will help us identify, and enable users to employ social sharing and networking options that may be of value to the user.

Data Quality and Integrity With the exception of correcting obvious errors, no one changes a Participant's data in any PEER Community other than the Participant to whom the data relates or their Proxy. PEER uses technical measures to assure that Participants' data is not modified in unauthorized ways, or accidentally corrupted.

Safeguards It is impossible to achieve 'perfect' security because new vulnerabilities and threats appear frequently; and therefore one can only strive to minimize risk to a tolerable level. Even though 'perfect security' is neither achievable nor practical, PEER strives continuously, through our policies, operational procedures, agreements with PEER Communities, and security technology, to maintain the security of PEER Data and the privacy and safety of Participants and other system users.

Fundamental to PEER safeguards is adherence to the principle of least privilege: no PEER-related system component (individual or entity) is given more access to information or privileges than what it needs to accomplish its assigned role. This principle is reflected in the separation of duties between Genetic Alliance, Private Access and administrators of PEER Communities, as well as in the autonomous controls given to Participants and their Proxies concerning their information.

All PEER Data and PEER systems are continuously monitored and protected from unauthorized access, use, and modification. Our protective measures include physical protections, administrative processes and practices, and technical protections that meet and exceed applicable state and federal laws, and industry best practices that address the protection of electronic Personally Identifiable Information (PII) and the privacy of individuals participating in online experiences.

All personal information entered through a PEER Community and stored in the PEER database and/or in a Private Access database are encrypted, and all sensitive information transmitted over the Internet is encrypted and sent only to authorized and authenticated recipients. Recognizing that new security threats and vulnerabilities are being discovered every day, our security team continuously monitors security knowledge bases and proactively takes action to implement protective measures to effectively manage risk.

Accountability PEER systems and practices are continuously monitored for adherence to our privacy and security policies. Potential lapses in our protection are immediately and thoroughly investigated. Security-relevant events are recorded in the audit trail used to monitor the security of the system. Each access to the Participant's account, and creation, update or application of privacy preferences (including when authorized searchers access individually identifiable information held by PEER) is recorded and made available to the applicable Participant or their Proxy, as applicable.

If you have any questions about this Privacy Policy, the practices of PEER and/or a PEER Community, or your dealings with the PEER Community owner, please contact Genetic Alliance in writing at 4301 Connecticut Avenue NW, Suite 404, Washington, DC 20008, Attention: PEER Administrator.

We do our best to ensure that all information posted on this website is accurate, respects copyright and is non-defamatory. If you wish to bring our attention to content that you believe does not meet these standards, please contact us at info@geneticalliance.org with the subject line: Web Content. Please include a link to the webpage in question along with your specific concerns. We will respond promptly.

Version: July 7, 2015
Copyright © 2013-2016 Genetic Alliance, Inc. All rights reserved.


With PEER, you decide who sees your data and for what purpose. We use Private Access to let you share as much or as little of your information as you want, with whomever you choose, on your own terms.
Find Your Community Start a PEER Community Your Data Matters