Registry FAQ

Slide background

Because we don't know what's possible

Registry Frequently Asked Questions (FAQ)

1. What is the difference between registering and adding a profile?

When you sign on initially as a parent, your first step will be to complete the registration with basic information.  The next step would be to set up a profile for your child for whom you will be entering data.

2. Can I designate someone else to enter data and complete survey questions?

Yes, you can. After you have created a profile for your child, you can authorize someone else (an aunt, uncle, grandparent, etc) to take surveys on his or her behalf.

Download the complete FAQ list that includes step-by-step instructions on how to authorize someone else to take surveys on behalf of your child.

3. Will the registry be a one-time capture of information or will it be on-going?

The registry will be on-going.  We are starting with 3 surveys but will be adding additional surveys in the coming months.  Additional surveys will be addressing topics like GI issues, seizures, developmental issues and medications among others.

4. Is the registry compatible with all internet browsers?

The registry works best with Google Chrome, Mozilla Firefox, Safari, and Microsoft Edge. If you are using Internet Explorer, the system will try to pop the registry up into a separate window, away from the Mowat-Wilson Syndrome Foundation website. For this reason, we do not recommend using the registry in Internet Explorer – we think it’s important to use the registry with other MWSF resources, like this FAQ, close to hand!

5. Can I use the registry on my phone?

The registry works best on laptop or desktop computers. While you can use it on your phone or tablet, we don’t recommend it!

6. What happens if I skip a question because I’m not sure of the answer?

If you skip a question, you can always come back to answer it later! You’ll be able to look the question up under “My Data” and edit your response. To do so:

  • Click on “My Data” from your dashboard.
  • Select the survey answers you wish to view, and choose to “Show responses”.
  • Use the search toolbar to look up questions you skipped (just type in “skipped”).  Once you find the question you need to answer, click on the blue “skipped” link in the responses column. You’ll be taken back to the survey, where you can update your answer.

Download the complete FAQ list to see illustrative screen shots of the steps described above.

7. Can I go back and change an answer?

While you can correct an answer if you accidentally enter something incorrectly in the course of taking a survey, at this time you should not come back and add new information to your surveys once they are complete. As we develop new surveys for the registry, there may be surveys that repeat earlier questions if we find that “updated” or “current” information is needed.

8. If I need help with the process, who can I contact?

You can email Al Triunfo with your question or provide contact information and a few “best times” you can be reached by phone.

9. Why do I have to give an email address to proceed with the registry?

Several pieces of information are sought before consent, including an email address, username, password, security questions, and a site key. Use of this information is covered by the Private Access Privacy Policy (note: Private Access is the company that handles accounts for the registry system we use, the Platform for Engaging Everyone Responsibly or PEER). Your email address is employed solely to confirm that you, the user, are in control of the account. This protection is used to reduce the chance that a user is pretending to be someone else, since it confirms that the user is at least in control of the email account he or she is using.

10. What are the password requirements?

  • A length of at least 8 characters.
  • At least 1 capital letter.
  • At least 1 lowercase letter.
  • At least one number (0-9).

11. What is the security level of the servers and how is the data encrypted?

All of data in the system is encrypted when in transit and while at rest. We use Secure Sockets Layer encryption of the site, and nationally-recognized cloud services.  A more detailed description of the security measures in place is provided below.

The production systems of the registry are hosted in the S3 Elastic Web service of the Amazon Web Services (AWS). Physical access to these data centers is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, intrusion detection systems, and other electronic means. For additional information about AWS’ security, see http://aws.amazon.com/security.

PEER’s approach to security protocols has been to design, express, and enforce security as bounded architectural attributes, shared technical services, and redundant platform operations that occur as multiple occurrences throughout the service, both procedurally (user prompted) and systemically (automatically), and not merely as single points of occurrence (such as standard user name and password authentication and/or authorization techniques).

The system is encrypted and monitored at each level, and uses secured HTTPS internally, as well as externally. The architecture secures data at a data persistence level, by encrypting all transported data between web servers and web browsers, including incorporating cryptographically randomized pseudonyms, secure API calls for all internal and external web services, and the use of decoupled Identity Provider (IdP) and Identity verification (IdV) systems. All internal and external API calls within the PEER registry utilize secure API calls. The API security enforces message authenticity, integrity, and confidentiality.

Survey responses and other de-identified data are held separate from the personally-identifying information and retained on behalf of Genetic Alliance by Private Access. Any columns in the Private Access database table for a PEER participant that could conceivably contain individually identifiable health information are encrypted using an encryption algorithm approved in Annex A of FIPS 140-2. This expressly includes (i) the randomly-generated foreign user id that is provided by Private Access for the participant to whom said data pertains; (ii) the identity of the host for said foreign_user_id; (iii) the “source” from which an answer came (e.g., the embed_id that identifies the website where the iFrame containing the PEER Survey Toolkit survey widget is contained; and (iv) any answers provided by PEER participants in free-text fields, as and when used in the PEER Survey Toolkit questionnaire.

PEER works in conjunction with the consent management systems described below to provide accessibility for individual account profiles via the customized PEER system. The security attributes built into Private Access augment the network, system and platform security designed into AWS’ environment. This architecture secures data at a data persistence level, so that: (i) all personally identifiable data (PII) is encrypted using symmetric cryptography algorithms; (ii) all data is encrypted within data backups and redundant data services; (iii) no PII is logged, nor maintained, within application audit logs as a measure of security; and (iv) no personal information is ever emailed or sent in any notifications.

12. Who can access my data and how?

PEER (the registry platform we use for the Mowat-Wilson Syndrome Patient Registry) enables individuals to make their own health information available to researchers and support groups, in accordance with each individual’s granular permissions. Using PEER’s access controls, for example, one participant can say that absolutely no one has any right to access any of their information (including de-identified data and/or identifying information), while another participant can say all of their information is available to anyone who either has IRB approval, or has been approved by a trusted organization. The system assumes most people will not be at one extreme or the other, but will have different attitudes about how much, and how broadly, they wish to share information — and that this will be dictated based on (i) the type of information (i.e., de-identified information versus personally identifying information), (ii) the level of trust in the proposed recipient or the process by which the proposed recipient is selected, and  (iii) the purpose for which the information might be used. Accordingly, the system provides highly granular and dynamic access controls to empower individuals with this level of oversight, and has a strict Privacy Policy that indicates that the only access to the data will be based on the express wishes of the individual themselves.

PEER has been designed by Private Access (a privacy technology expert) and Genetic Alliance (a nonprofit organization committed to developing new and safer ways of supporting community engagement in research). Genetic Alliance’s  BioTrust Ethics Board, as well as various Institutional Review Boards (discussed below) who have reviewed the PEER system have helped to establish categories for data access options. Depending on how individual users employ these tools, they may “Allow” or “Deny” access, or set a control called “Ask Me”. “Ask Me” requires potential data users to provide participants with more details about the intended data use, and the party seeking such access, before participants decide whether to allow or deny access. By using the controls, it is possible for individuals to restrict access to their information to a single researcher; just to researchers approved by this organization’s medical advisory board; to IRB-approved researchers working on a study that addresses one or more of the conditions affecting the individual; or to all researchers with IRB approval.

13. Is there an IRB approval for this registry, and if so by what board?

Yes – actually there are several! The overall PEER Platform was reviewed and approved by Western Institutional Review Board (WIRB) in June 2014, with a renewal granted in June 2015, and another in June 2016. The WIRB approval is explicitly referenced in a Prospective Participant Informational Notice that accompanies the verification email that is sent to anyone signing up for the registry. In addition to WIRB, the Genetic Alliance IRB has reviewed the questionnaire and marketing materials for this registry, as well as other case-specific details. The BioTrust Ethics Committee of the Genetic Alliance is also actively overseeing this work, and has been instrumental in creating the PEER platform and its approach for empowering individuals to set granular and dynamic access levels.

14. How does one remove health data from the Registry?

If you would like to remove your information from the registry for any reason, you may do so by first deleting all health profiles from your account, then deleting the account itself. To delete a profile, click on “delete this profile” in the profile menu (which you can access through the profile picture or icon in the top right corner of the registry screen). Once all profiles have been removed, click on the “My Account” link in the profile menu, and follow the instructions at the bottom of the screen to completely delete your account.

15. Where can I find the Privacy policy and security guidelines on the Registry site?

Most of these are available in the public links to the Privacy Policy or Terms of Service located in the bottom right hand corner of the registry screens. You can also read them using the links provided here.

We highly recommend reading the FAQs before starting to add your data to the registry.

For your convenience, a PDF version is provided for download.

Ready to Start?

© Copyright - Mowat-Wilson Syndrome Foundation