Certain BrainHQ group administrators prefer to operate their group with a minimal amount of personally identifiable information (PII) about their group members in BrainHQ. There are several steps to achieve this goal, and some important notes about what PII can - and cannot - be prevented from entering and being stored in BrainHQ.
Steps to take:
- Create member accounts with anonymous email addresses: Every BrainHQ user account must have a unique email address. However, this does not have to be a functioning email address, or even a real email address - it just has to look like an email address. You can create group member accounts with anonymous or “fake” email addresses (as long as each email address is unique) to prevent the real email addresses of your users from entering and being stored with BrainHQ. Please note that if you choose to use anonymous email addresses, your users will log in to BrainHQ with the email address that you provide, will not receive email from BrainHQ (for example, the weekly update emails), and will not be able to reset their passwords (because password reset requires us to send an email to the email address of record). If you need to reset the password of a user, please contact us as support@brainhq.com. We also strongly recommend that you keep track of the anonymous email address you use for each user in a secure manner, so that when you view a user account in the group portal, you will be able to identify the real person associated with the anonymous email address..
- Create member accounts with pseudonyms: Every BrainHQ user account must have a first name and a last name. However, these do not have to be actual names of your group members. You can use a pseudonym. Please note that if you use a pseudonym, there may be situations where BrainHQ addresses your group member by the pseudonym (for example, in their BrainHQ profile). We also strongly recommend that you keep track of the pseudonym you use for each group member in a secure manner, so that when you view a member account in the group portal, you will be able to identify the real person associated with the pseudonym.
Limitations to minimizing PII entering the BrainHQ system
- IP addresses: BrainHQ is a cloud-based system, which means that the IP address of every user is transmitted to BrainHQ. This allows BrainHQ to send and receive information to your user - even for an account using an anonymous email account or a pseudonym. BrainHQ only uses the IP address while a user is actively using BrainHQ, and does not store a permanent record of the IP address.
- Administrator accounts: Group administrator accounts should be set up with the full name of the administrator and their work-related email address. This is required for us - and you - to comply with HIPAA auditability requirements. If you use an anonymous or “fake” email address or a pseudonym for your administrator accounts, we will not be able to determine which real person has taken administrator actions performed under the administrator account (for example, if an administrator views or edits user data) in the event that an audit is required. For this reason, we require that group administrator accounts be unique to each group administrator, and use the administrator’s real name and work-related email address.
Comments
0 comments
Article is closed for comments.