Myasthenia Gravis Foundation of America Privacy and Security Policy

Date of Last Revision: 11-19-2012

This Privacy and Security Statement (“Privacy Statement”) applies to patient health information collected by Myasthenia Gravis Foundation of America (“MGFA”).  MGFA is committed to protecting the privacy of the patients (“Patients”) and the healthcare providers (“Providers”) to assist in the treatment of their Patients.  MGFA has created the following Privacy Statement to give an overview of the types of information it collects, how the information is used, and how the information is safeguarded. 


Who Collects The Information?

MGFA collects Personally Identifiable or Protected Health Information, (“PHI”) by means of electronic communication with the Patient survey filing system residing within the MGFA myMG smartphone application (“myMG App”) or other computer devise and/or on-line application substantively performing the same function.

What Information Is Collected?

Patient information that is required to use the myMG App.  This includes:

Contact information, such as name, mailing address, e-mail address and phone number;

Demographic information, such as gender and date of birth;

Health related information, such as: medical diagnosis, history of any condition, medical procedures, methods of treatment, prescribed pharmaceuticals, symptoms, severity of symptoms; and

Information provided by Patients and Providers in forms or surveys.

Why Do We Collect This Information?

Protected Health Information is provided to MGFA to allow for the purpose of providing both an accurate and complete accounting of Patient quality of life assessment scores between Patient visits to Providers.

What Information Is Shared With Third Parties?

Information collected by MGFA is shared with the Provider to assist in the treatment of their Patients.  MGFA may disclose information that Patients or Providers give to us to independent contractors, service providers and consultants (collectively known as “Business Associated”) who assist us in our business or in providing goods and services.  However, we will only share such personally identifiable information as we deem necessary and for the limited purpose of them carrying out their obligations to MGFA and for no other purpose.
We may also share aggregated patient health information with independent contractors, service providers and consultants in order to assess and disclose the performance capabilities of MGFA; and to assist in the analyses of procedure data to improve care.  Aggregated data are not linked to any personal information that can identify any individual Patient.


MGFA will disclose personal information it has collected if necessary to fulfill its obligations to Providers or if it is required to do so by law or, if in its good faith judgment, such action is reasonably necessary to comply with legal process, to respond to any claims, or to protect the rights of MGFA and the public.
In the event that MGFA goes through a business transition, such as a merger, being acquired by another company or selling a portion of its assets, all data including Patient and Provider personal information generally is one of the transferred business assets.


The following outlines different types of security procedures MGFA has in place to protect the loss, misuse or alteration of the information collected.

Identification and Authentication

Access to the data is assigned to specific individuals to maintain strict control over access.  We do not grant general access to data within MGFA and, except as set forth in this Privacy Statement, access to data is not granted to parties outside MGFA.  We also verify the identity of the persons accessing the data by using a login name and a password.  Passwords must be between 8 and 15 characters and contain 1 uppercase, 1 lowercase, 1 number and 1 special character (@#$%^&!_).  Website session times-out after a period of 20 minutes to prevent unauthorized use. 

Authorization and Access Control

Only authorized personnel have access to restricted data.  Access to sensitive data is revoked in a timely manner for employees who change function or are no longer employed by or working on behalf of MGFA.

Data Confidentiality

The myMG App uses a security firewall to restrict remote access to its internal systems. 

Data Integrity and Retention

The myMG App implements full database backups to establish data consistency and integrity.  MGFA’s servers are located in a secure and environmentally controlled room.  Backups are automated and scheduled routinely. 

Data Management and Monitoring

All employees of MGFA are informed of the Company’s security policies.  MGFA’s new hires are briefed on security and privacy issues and security measures are reviewed regularly. 

Notification of Changes

MGFA reserves the right to make changes to the Privacy Statement at any time.  If we plan to make significant changes to any of our privacy policies or practices with respect to how we use personally identifiable information, we will post those changes to our web site thirty (30) days before they take effect.

Addressing Privacy a Security Concerns

If you have any questions about this Privacy Statement, its policies or practices, or wish to receive a printed version of this Privacy Statement, please contact us:
Myasthenia Gravis Foundation of America
Attn: Ombudsman
355 Lexington Avenue, 15th Floor
New York, NY 10017