Policies
Privacy Notice

UMEDEOR TECHNOLOGIES LTD AND UMEDEOR TECHNOLOGIES LLC

(collectively “uMed”)

HIPAA TRANSPARENCY NOTICE – uMed’s Role in Research Studies and Patient Registries

THIS NOTICE DESCRIBES uMed’s LIMITED ROLE WITH YOUR HEALTH INFORMATION. PLEASE READ IT CAREFULLY.

uMed is never a HIPAA Covered Entity (such as a doctor, hospital, or health plan).

We always act only as a Business Associate under signed Business Associate Agreements (BAAs) with your healthcare provider and/or the registry sponsor.

We help healthcare providers and IRB-approved or ethics-committee-approved research studies and patient registries find and invite patients who may be eligible to take part. We never use your information for your own treatment or for any payment or billing purposes.

How uMed Receives and Uses Your Information

There are only two ways we ever receive Protected Health Information (PHI):

Model 1 – Provider Performs the Search (most common)

  1. Your healthcare provider identifies potentially eligible patients using its own records.
  2. The provider (or uMed on the provider’s behalf) sends the invitation.
  3. Only after you actively respond and agree to learn more does the provider send us a limited roster file so our trained research nurses can discuss the study/registry with you and obtain your explicit consent.

Model 2 – uMed Performs the Search

  1. Your healthcare provider sends uMed a limited, secure roster file under a signed BAA.
  2. uMed applies the approved eligibility criteria.
  3. uMed (or the provider) contacts you to offer the opportunity to learn more.
  4. No further information is used or shared unless you give explicit consent.

In both models we use the absolute minimum PHI necessary and delete or return it when our work for that study/registry is complete (unless retention is required by the IRB, ethics committee, or law).

How uMed May Contact You

We may reach out by:

  • Letter or postcard from your provider
  • Telephone call from one of our specially trained research nurses
  • Secure email
  • SMS/text message (only if you have provided your mobile number or replied to an invitation)

SMS/Text Message Details

  • Purpose: Invitations to learn about a study/registry, scheduling links, secure consent forms, or study updates.
  • Consent: By providing your mobile number and responding, you consent to these messages. Consent is voluntary and can be withdrawn at any time.
  • Frequency: Usually 1–6 messages per opportunity.
  • Charges: Message and data rates may apply.
  • Opt-Out: Text STOP to any uMed message or contact privacy@umed.io. You will receive one confirmation and no further texts.
  • Help: Text HELP or call +1 888-454-5580.
  • Security: Standard SMS is not encrypted. Do not reply with sensitive details.

Our Legal Obligations as a Business Associate

We are required by our BAAs and HIPAA to:

  • Keep your information secure using administrative, technical, and physical safeguards
  • Use it only for the approved research or registry purpose
  • Require all subcontractors we use (e.g., secure cloud providers such as AWS) to sign BAAs and protect your information to the same standards
  • Report any breach to the Covered Entity without unreasonable delay
  • Delete or return PHI when no longer needed

Your Choices

  • You are never required to speak with us or join any study or registry.
  • You can tell us or your provider “Do not contact me about research or registries” – we will add you to our permanent “Do Not Contact” list.
  • You may withdraw from a study or registry at any time without affecting your medical care.

All of your HIPAA rights (access, amendment, restrictions, complaints, etc.) are exercised through your healthcare provider or the registry sponsor – not through uMed.

Other Privacy Laws

This notice covers only HIPAA. If you are in the European Union, United Kingdom, California, or another jurisdiction, additional rights may apply under laws such as UK GDPR, EU GDPR, or CCPA/CPRA. Please see our full privacy policy at https://www.umed.io/privacy for details.

Contact Us

If you:

  • Do not want to be contacted about research studies or patient registries
  • Have questions about this notice
  • Want to be added to our “Do Not Contact” list

uMed Privacy Officer

Email: privacy@umed.io

US toll-free phone: +1 888-454-5580

Post: Umedeor Technologies Ltd, Attn: Privacy Officer, 8 Warner Yard, London EC1R 5EY, United Kingdom

You may also contact your healthcare provider or file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights at ocrportal.hhs.gov/ocr/smartscreen/main.jsf

Changes to This Notice

We may update this notice. The current version is always available at https://www.umed.io/hipaa-research-registry-notice

Effective Date: 1 December 2025, v4.0

Navigation
HomeAbout usCase studiesNews & InsightsCareersContact us
Platform
CohortsStudy ServicesCollectRecruitSpanACCESSSnapACCESS
Platform
Access CMDAccess PDAccess ILD
Legal
Security & Privacy
Privacy Notice
Website Terms & Conditions
Patient Privacy Notice
Data processing agreement
SMS Terms & Conditions
Privacy Notice
Cookie Policy
By signing up you agree to our Privacy Policy
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.