1. Protection of Study Participant Privacy Kristen Warren, MBS Regulatory Affairs Manager Department of Regulatory Affairs & Research Compliance Office: 424-835-1330 Email: kwarren@sanguinebio.com If, at any time, you have questions or comments about the material within this webinar or participant privacy in general, please feel free to contact us.

2. As a Sanguine Patient Advocate, you are responsible for protecting all private and confidential information associated with study participants. TABLE OF CONTENTS (p3) Definitions (p5) Scope (p6) Sanguine Privacy Protection (p9) Your Responsibilities

3. Definitions Confidentiality refers to methods in which identifiable private information will be handled, managed, and disseminated Disclosure the release (intentional or unintentional) of protected private information to parties who are not authorized to have such information ex. Documents, Email, Conversations Coded the removal of identifying information and replacement with a number, letter, symbol, or combination thereof (i.e., the code); a key that links the code to the identifying information exists Private Information individually identifiable information provided for specific research purposes and which the individual can expect will not be made public 3

4. Definitions Personally Identifiable Information information that can be used to distinguish or trace an individuals identity. This includes Private Information & Protected Health Information (PHI) Direct Identifiers Name SSN Phone Number Address Email Address Biometric Record Indirect Identifiers Date of Birth Mothers Maiden Name Place of Birth Zip Code Confidential 4

5. Scope Sanguine engages in human subjects research as defined by Department of Health and Human Services Code of Federal Regulations 45 Part 46 (45 CFR 46). We are dedicated to the protection and security of private information collected from study participants for research purposes. As a Patient Advocate, you are responsible for the safety and privacy of the subjects from whom we collect biospecimens. You are also responsible for compliance with federal, state and local regulations and company policies.

6. Scope The Department of Health and Human Services (HHS) "Common Rule" rights, safety, and welfare of research subjects, including research subjects' privacy and the confidentiality of information. Excerpts from The Common Rule 45 CFR 46.111(a)(6) When appropriate, the research plan makes adequate provision for monitoring the data collected to ensure the safety of subjects. 45 CFR 46.111(a) (7) When appropriate, there are adequate provisions to protect the privacy of subjects and to maintain the confidentiality of data.

7. How does Sanguine protect participant privacy? 1. Research Protection 2. Administrative Policies & Procedures 3. Electronic Barriers 4. Physical Barriers

8. 1. RESEARCH PROTECTION (learn more) Institutional Review Board (IRB) (learn more) Human subjects research training (learn more) Principal Investigator (PI) responsibilities Informed Consent Process

9. 2. ADMINISTRATIVE POLICIES & PROCEDURES Privacy training for all employees Limited access Employee discipline for noncompliance

10. 3. ELECTRONIC BARRIERS (learn more) 21 CFR 11 database Password protected Auditability Electronic informed consent process

11. 4. PHYSICAL BARRIERS All private information is maintained in locked buildings and cabinets Private information is destroyed when it is no longer being used You are responsible for disposing of private information appropriately

12. YOU are responsible for Protecting all Private Information from potential disclosure Exercising reasonable caution, at all times, to protect the Private Information under your control Reporting privacy problems that you cannot fix by yourself Following all federal, state and local privacy laws Complying with Sanguine policies and procedures in place to protect privacy

13. THE GOLDEN RULE Give the Private Information under your control the same respect for privacy that you'd like for your own.

14. To complete your training, take the Privacy Protection Quiz Questions or comments about the material within this webinar or privacy in general? Please feel free to contact: Kristen Warren Regulatory Affairs Manager Department of Regulatory Affairs & Research Compliance Office: 424-835-1330 Email: kwarren@sanguinebio.com