How We Secure Your Data

 

 Our Commitment to your Security 

Your trust is foundational to our mission. That’s why we’ve built multiple layers of protection into our activities — combining technology, thoughtful processes, and responsible oversight to safeguard your information. 

Below, you’ll find an overview of the specific measures we use to protect your data. These best practice safeguards are designed to prevent unauthorized access, ensure confidentiality, and maintain the integrity of our work. 

You may occasionally notice additional verification steps or security requirements. While these precautions can sometimes feel inconvenient, they exist to protect you, your information, and the broader PCORI community we serve. Thank you for partnering with us in maintaining a secure and trusted environment. 

  • Submission and Peer Review System 
    • Our submission and peer review system, PeerTrack, is central to activities that include author submission of the final research report, editorial evaluation, and patient-centered peer review. Everybody involved in these activities is required to provide information to verify identity, send and receive important communications, and fully participate in the peer review of PCORI-funded research. Serving as the home of each of these activities, PeerTrack is protected by two separate Privacy Policies.  
    • One policy is on behalf of PCORI 

Together, these two policies represent a shared commitment to transparency, detailing why and how personal information for anybody participating in PCORI-funded peer review is collected, managed, and used. 

    • PeerTrack requires a username and password for users to access. 
  • Compensation and Data Protection 
    • Peer reviewers receive compensation for their contributions. Payments are handled through Bill.com, providing a single, secure platform for managing sensitive financial information. This reduces the need to share or store details across multiple systems.   
    • The system streamlines payment processing, helping to minimize delays and improve transparency around payment status.  
    • Reviewers have the ability to manage their own payment preferences, update their information as needed, and choose how they would like to receive compensation.   
  • Secure System Access 
    • We implement strong access controls across all systems used in the peer review process. This includes password protection and multifactor authentication (MFA), providing multiple layers of security to safeguard sensitive and personal information. 
    • Our Peer Track platform uses role-based access controls, meaning users can only view or interact with information necessary for their specific responsibilities. These protections are consistently applied across all user types, whether submitting a Draft Final Research Report (DFRR), conducting peer review, or supporting peer review processes for PCORI-funded research.  
  • Protected Virtual Meetings 
    • To maintain confidentiality, our virtual meetings are invitation-only and access-controlled. This ensures that only authorized participants can join discussions, helping to protect sensitive information and maintain the integrity of the submission and peer review process. Note that we may record or transcribe the meeting, but only if all participants agree.  
  • Secure File Sharing 
    • Some submission and peer review activities require the exchange of files that may contain personal or sensitive information. To protect this data, we provide secure, access-controlled links for file uploads and sharing. 
    • We also follow strict data handling practices, including requiring reviewers to delete all DFRR-related files from their local systems once their evaluations are complete. These measures help reduce the risk of unauthorized access and support responsible data stewardship. 
  • User Device Security and Updates 
    • Maintaining the security of your personal devices is an important part of protecting sensitive information. We strongly encourage all users to regularly update their operating systems, browsers, and applications to ensure the latest security patches and protections are in place. 
    • Keeping devices up to date helps guard against known vulnerabilities and enhances overall system security. We also recommend using trusted antivirus or protection software and enabling automatic updates whenever possible. Please refrain from using public networks without a virtual private network app (VPN). 

 Reviewer Responsibility 

A core responsibility of peer reviewers is to protect the confidentiality of the research they are evaluating. This means following practices that help prevent unauthorized access to any materials or information.  

Reviewers must: 

    • NOT upload full or parts of their Draft Final Research Reports (DFRRs) or their review into AI platforms. 
    • NOT share reports via email. 
    • Delete any saved copies of DFRRs from their computer once the peer review has been completed and submitted. 
    • Avoid storing or sharing DFRR content on cloud-based platforms.