HIPAA Privacy & Security Notice Effective Date: 04/29/2026 This HIPAA Privacy & Security Notice explains how TrialsNest handles protected health information ("PHI") when HIPAA applies.
When HIPAA Applies
HIPAA may apply when TrialsNest creates, receives, maintains, or transmits PHI on behalf of a healthcare provider, clinical research site, health plan, healthcare clearinghouse, or another HIPAA business associate.
In those cases, TrialsNest generally acts as a Business Associate and follows the applicable Business Associate Agreement and HIPAA requirements.
What PHI May Include
PHI may include information that identifies you and relates to your health, healthcare, payment for healthcare, or clinical research participation, such as:
Name, contact details, and identifiers Prescreening responses Medical history or medication information Diagnosis or condition interests Study interest and eligibility information Appointment and communication records Uploaded health documents Portal activity tied to your identity and healthcare or study activity
How TrialsNest May Use or Disclose PHI
Where HIPAA applies, TrialsNest may use or disclose PHI only as permitted by the applicable Business Associate Agreement, HIPAA, and law. Permitted uses may include:
Clinical trial recruitment and prescreening support Appointment scheduling and reminders Communication between authorized patients and study staff Document upload and review workflows Site, sponsor, and coordinator reporting where permitted Security, audit logging, and compliance activities Support and troubleshooting Legal and regulatory compliance De-identified or limited data set uses where permitted
Minimum Necessary
TrialsNest will make reasonable efforts to limit PHI access, use, and disclosure to the minimum necessary for the intended purpose, except where an exception applies.
Safeguards
TrialsNest maintains administrative, technical, and physical safeguards designed to protect PHI. These may include:
Role-based access controls Authentication and authorization Encryption in transit and at rest where appropriate Audit logging and monitoring Secure cloud infrastructure Vendor management Workforce access restrictions Incident response procedures Data backup and recovery controls Security training and sanctions policies
Patient Rights
When PHI is maintained by a covered entity using TrialsNest, requests for HIPAA rights such as access, amendment, accounting of disclosures, restrictions, or confidential communications may need to be directed to the applicable healthcare provider, research site, or covered entity.
TrialsNest will assist covered entities with such requests as required by the applicable Business Associate Agreement.
Breach Notification
If TrialsNest discovers a potential breach of unsecured PHI, TrialsNest will investigate and notify the applicable covered entity or business associate as required by HIPAA, the Business Associate Agreement, and law.
No Sale of PHI
TrialsNest will not sell PHI or use PHI for unauthorized marketing without required authorization and legal review.
Questions
Questions about HIPAA handling may be sent to:
privacy@trialsnest.com security@trialsnest.com