LyfeSci Research & Innovation
Home
Legal Compliance

Privacy Policy

Effective Date: December 2024 | Last Updated: December 2024

Contact Information

LyfeSci Research & Innovation

250 Parkway Drive, Ste. 150

Lincolnshire, IL 60069

For privacy-related inquiries, please contact us through our contact page.

1. Introduction and Scope

LyfeSci Research & Innovation ("LyfeSci," "we," "us," or "our") is committed to protecting the privacy and security of personal information, including Protected Health Information (PHI) as defined under the Health Insurance Portability and Accountability Act (HIPAA). This Privacy Policy describes how we collect, use, disclose, and safeguard information in compliance with:

  • Health Insurance Portability and Accountability Act (HIPAA)
  • Food and Drug Administration (FDA) regulations (21 CFR Parts 11, 50, 56, 312, 314)
  • International Council for Harmonisation Good Clinical Practice (ICH-GCP)
  • General Data Protection Regulation (GDPR) where applicable
  • California Consumer Privacy Act (CCPA) where applicable
  • State and federal privacy laws

2. Types of Information We Collect

Protected Health Information (PHI)

In our role as a clinical research organization, we may collect, process, and maintain PHI including:

  • Medical records and health information
  • Clinical trial data and research results
  • Demographic information linked to health data
  • Laboratory results and diagnostic information
  • Treatment and medication information
  • Adverse event reports

Personal Information

  • Contact information (name, email, phone, address)
  • Professional information (company, title, credentials)
  • Website usage data and analytics
  • Communication preferences and history
  • Business relationship information

3. How We Use Information

Clinical Research Activities

  • Conducting FDA-regulated clinical trials
  • Safety monitoring and adverse event reporting
  • Regulatory submissions and compliance
  • Data analysis and statistical reporting
  • Quality assurance and audit activities

Business Operations

  • Providing clinical research services
  • Client communication and support
  • Service improvement and development
  • Legal and regulatory compliance
  • Business relationship management

4. HIPAA Compliance and PHI Protection

Business Associate Obligations

LyfeSci serves as a Business Associate under HIPAA for covered entities. We maintain comprehensive safeguards including:

  • Administrative, physical, and technical safeguards for PHI
  • Employee training on HIPAA compliance and data handling
  • Incident response procedures for potential breaches
  • Regular security risk assessments and audits
  • Secure data transmission and storage protocols

Minimum Necessary Standard

We adhere to the HIPAA minimum necessary standard, using and disclosing only the minimum amount of PHI necessary to accomplish the intended purpose of the use or disclosure.

5. FDA Regulatory Compliance

21 CFR Part 11 Compliance

Our electronic records and signatures systems comply with FDA 21 CFR Part 11 requirements:

  • Validated electronic signature systems
  • Audit trails for all electronic records
  • System access controls and user authentication
  • Data integrity and security measures
  • Record retention and retrieval capabilities

Clinical Trial Data Integrity

We maintain clinical trial data in accordance with FDA Good Clinical Practice (GCP) guidelines, ensuring data quality, integrity, and traceability throughout the clinical research process.

6. Information Sharing and Disclosure

We may share information in the following circumstances:

Regulatory Authorities

FDA, EMA, and other regulatory agencies as required for clinical trial submissions, safety reporting, and compliance activities.

Authorized Representatives

Sponsors, CROs, investigators, and other authorized parties involved in clinical research activities under appropriate agreements.

Service Providers

Qualified vendors and contractors who assist in our operations under strict confidentiality and security requirements.

Legal Requirements

When required by law, court order, or to protect rights, property, and safety.

7. Data Security Measures

T

Technical Safeguards

Encryption, access controls, secure networks, and system monitoring

P

Physical Safeguards

Secure facilities, controlled access, and environmental protections

A

Administrative Safeguards

Policies, procedures, training, and workforce security measures

8. Individual Rights

Depending on applicable laws and your relationship with us, you may have the following rights:

  • Access: Right to access your personal information
  • Correction: Right to correct inaccurate information
  • Restriction: Right to restrict processing in certain circumstances
  • Portability: Right to data portability where applicable
  • Objection: Right to object to processing
  • Deletion: Right to deletion subject to legal and regulatory requirements

9. Data Retention

We retain information in accordance with:

  • FDA regulations requiring clinical trial records retention for at least 2 years after drug approval or investigation discontinuation
  • ICH-GCP guidelines for essential document retention
  • HIPAA requirements for PHI retention
  • Contractual obligations with sponsors and clients
  • Applicable state and federal record retention laws

10. International Data Transfers

When transferring data internationally, we implement appropriate safeguards including:

  • Standard Contractual Clauses (SCCs) for GDPR compliance
  • Adequacy decisions where available
  • Additional security measures for sensitive data
  • Compliance with local data protection laws

11. Breach Notification

In the event of a suspected or confirmed data breach involving PHI or personal information, we will:

  • Conduct immediate investigation and containment
  • Notify affected covered entities within 60 days (HIPAA requirement)
  • Notify regulatory authorities as required
  • Notify affected individuals when required by law
  • Implement corrective measures to prevent future incidents

12. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices, legal requirements, or regulatory guidance. We will provide appropriate notice of material changes as required by applicable law.

13. Contact Information

For questions about this Privacy Policy, to exercise your rights, or to report privacy concerns:

Privacy Officer

LyfeSci Research & Innovation

250 Parkway Drive, Ste. 150

Lincolnshire, IL 60069

Contact us through our contact page or mark your inquiry as "Privacy-Related."

This Privacy Policy demonstrates our commitment to protecting your privacy while conducting clinical research in compliance with the highest regulatory and ethical standards.