The Medical & Public Health Information Sharing Environment (MPHISE) requires the collection of personal information to provide better services to its users.

MPHISE uses this information to:

  1. Offer tailored content
  2. Protect MPHISE’s integrity
  3. Improve services

The personal and employment data collected for MPHISE’s sponsored registration process is limited to the information necessary to validate the registrant’s identity as a legitimate and approved validating authority of the MPHISE community, the qualifications of entry into particular MPHISE Places, or to access specific information within MPHISE. This information is collected by authorized personnel.

MPHISE registration information is collected and stored, and may be shared for the sole purpose of processing and validating the registrant’s identity and ensuring the user’s relevance to a legitimate Place within MPHISE and/or the qualifications of entry into particular MPHISE Places. Additionally, limited amounts of data will be shared among authorized personnel supporting members of the MPHISE community for the purposes of site maintenance (administration) and for supporting collaboration (notifying users of other members in the community). Once a user has been successfully validated and accepted into MPHISE, the user may modify his or her profile to change, add, or delete all optional fields.

Information that is collected and stored on MPHISE from a new registrant includes:

Users may decline to provide their information, but by doing so, their application for access will be rejected and they will not be provided an account. The effectiveness of authentication and security protections are verified through audits of system operation and usage conducted by the MPHISE Security Assessment team. The privacy risk is also minimized by the system’s architecture which stores collected information as encrypted data in a single location or data repository. This structure reduces the risk to the data by minimizing its proliferation in multiple locations and systems.

MPHISE reserves the right to uphold the integrity of the MPHISE system, and by doing so may take any necessary actions to ensure a secure system and network. Users acknowledge that they have no expectation of privacy while using this system and consent to all activities being monitored, and that disciplinary actions may result from determination of any violations. The MPHISE PMO is a data and content steward and is not responsible for the content that users post to any element of MPHISE and/or retain custody and exclusive control over at any location within MPHISE, under their relevant and applicable Federal, state, municipal, territorial and tribal information management, privacy, public disclosure (or “sunshine”) and records management statutes, and/or regulations. The MPHISE PMO holds the duty to report breaches to the affected parties once such information is determined creditable. Furthermore, the MPHISE PMO holds itself accountable for abiding by and enforcing this privacy policy.