HELIOS CLINICAL RESEARCH
PRIVACY POLICY & RESEARCH PARTICIPANT PRIVACY NOTICE
Last Updated: June 16, 2026
Introduction
Helios Clinical Research (“Helios,” “we,” “us,” or “our”) is committed to protecting the privacy, confidentiality, and security of personal information and health-related information entrusted to us.
Helios conducts and supports clinical research activities across a network of research sites and partners. We maintain privacy and security practices designed to meet applicable HIPAA privacy and security standards, FDA regulations, Good Clinical Practice (GCP) requirements, Institutional Review Board (IRB) requirements, sponsor obligations, and applicable federal and state privacy laws.
This Privacy Policy & Research Participant Privacy Notice explains how we collect, use, disclose, store, and protect information when you:
- Visit our websites;
- Submit information to learn about clinical research opportunities;
- Participate in clinical research studies;
- Communicate with Helios personnel; or
- Otherwise interact with our services.
- Complete study pre-screening questionnaires
- Express interest in research opportunities
- Participate in a clinical trial
- Contact Helios by phone, email, website forms, or other communication channels
- Register for educational programs, events, or newsletters
- Name
- Date of birth
- Mailing address
- Email address
- Telephone number
- Emergency contact information
- Medical history
- Diagnoses and conditions
- Current and previous medications
- Treatment history
- Laboratory and diagnostic information
- Study eligibility responses
- Insurance information when applicable
- Gender
- Race and ethnicity (when voluntarily provided)
- Language preferences
- Preferred methods of communication
- Participation and outreach preferences
- IP address
- Device identifiers
- Browser information
- Operating system
- Website activity and usage information
- Pages visited
- Referral sources
- Session information
- Healthcare providers
- Physicians and referral sources
- Electronic Medical Record (EMR) systems
- Healthcare organizations participating in approved research activities
- Research sponsors
- Contract Research Organizations (CROs)
- Institutional Review Boards (IRBs)
- Recruitment partners
- Referral networks and physician partners
- Publicly available sources
- Determining study eligibility
- Conducting participant outreach
- Managing study participation
- Scheduling study visits
- Coordinating research activities
- Maintaining study records
- Supporting participant engagement
- Quality assurance and quality improvement
- Compliance monitoring
- Workforce training
- Internal auditing
- Operational management
- Compliance with FDA requirements
- Compliance with GCP standards
- Compliance with sponsor obligations
- Compliance with IRB requirements
- Compliance with federal and state laws
- Responding to inquiries
- Providing study-related updates
- Sharing educational materials
- Supporting participant engagement activities
- Website security
- Analytics and performance monitoring
- User experience improvements
- Study sponsors
- Principal investigators
- Research coordinators
- Contract Research Organizations (CROs)
- Institutional Review Boards (IRBs)
- Regulatory agencies, including the FDA
- Healthcare providers involved in your care or research participation
- Cloud hosting providers
- Website service providers
- Data storage providers
- Research technology platforms
- Electronic data capture systems
- Customer relationship management systems
- SOC 2 Type II attestation
- SOC 3 reporting
- GDPR compliance programs
- Data Processing Agreements
- Encryption of data in transit and at rest
- Role-based access controls
- Audit logging capabilities
- Secure cloud infrastructure hosted through ISO 27001-certified service providers
- Ongoing vulnerability management and security monitoring
- Comply with applicable law
- Respond to lawful requests
- Comply with court orders or subpoenas
- Report safety information or adverse events
- Protect research participants
- Protect public health and safety
- Prevent fraud or unauthorized activity
- Sharing information beyond research activities
- Certain disclosures to third parties
- Uses not otherwise described in this Notice
- Sell health-related information
- Sell personal information
- Use health information for unauthorized commercial purposes
- Share health information for non-research purposes without appropriate authorization
- Access personal information maintained by Helios
- Request correction of inaccurate information
- Request deletion of information where legally permitted
- Request restrictions on certain uses
- Obtain a portable copy of information where applicable
- Withdraw consent when permitted
- Update communication preferences
- California (CCPA/CPRA)
- Virginia (VCDPA)
- Colorado (CPA)
- Connecticut (CTDPA)
- Utah (UCPA)
- Texas (TDPSA)
- Oregon (OCPA)
- Montana (MCDPA)
- Delaware (DPDPA)
- Iowa (ICDPA)
- Nebraska (NDPA)
- New Hampshire (NHPA)
- New Jersey (NJDPA)
- Tennessee (TIPA)
- Minnesota (MCDPA)
- Access information
- Correct information
- Delete information
- Obtain portable copies
- Opt out of certain processing activities
- Appeal privacy-rights determinations
- Comply with FDA requirements
- Meet sponsor obligations
- Satisfy IRB requirements
- Preserve scientific integrity
- Maintain adverse event reporting records
- Fulfill legal retention obligations
- Protect participant safety
- Encryption of sensitive information in transit and at rest
- Role-based access controls
- Multi-factor authentication where appropriate
- Workforce privacy and security training
- Vendor security assessments
- Ongoing monitoring and compliance reviews
- Incident response procedures
- Breach notification procedures as required by law
- Conduct research activities
- Meet regulatory requirements
- Fulfill contractual obligations
- Resolve disputes
- Enforce agreements
- Improve functionality
- Analyze website performance
- Enhance security
- Remember preferences
By using our websites, submitting information, or participating in research activities, you acknowledge the practices described in this Notice.
1. INFORMATION WE COLLECT
We may collect information directly from you, automatically through your device, from healthcare providers, research partners, and other authorized third parties.
Information You Provide Directly
You may provide information when you:
Information collected may include:
Personal Information
Health-Related Information
Demographic Information
Communication Preferences
Information Collected Automatically
When visiting our websites, we may automatically collect:
We may use cookies and similar technologies to improve functionality, website performance, analytics, and security.
Information Received from Third Parties
Where permitted by law and authorized by you, we may receive information from:
Online Forms and Study Interest Submissions
Information submitted through website forms, pre-screening questionnaires, study interest forms, event registrations, referral forms, or similar online tools may be reviewed by authorized Helios personnel to determine potential eligibility for research opportunities and to facilitate communication regarding studies, educational programs, events, or services that may be of interest.
Information submitted through these forms may be entered into authorized research, operational, and participant engagement systems for follow-up, scheduling, study matching, regulatory compliance, and communication purposes.
2. HOW WE USE INFORMATION
We use information for legitimate research, operational, compliance, and communication purposes.
Clinical Research Activities
Research Operations
Regulatory Compliance
Communications
Website Administration
3. HOW WE SHARE INFORMATION
Helios does not sell personal information.
We may share information when necessary to support clinical research activities, research operations, regulatory obligations, or legal requirements.
Clinical Research Partners
Information may be shared with:
Technology Providers & Data Security
Helios works with trusted service providers that support our operations, including:
HubSpot Security & Compliance
Helios utilizes HubSpot as a customer relationship management (CRM) platform to support participant engagement, study inquiries, scheduling workflows, communication management, website functionality, and operational activities.
HubSpot maintains a comprehensive security and compliance program that includes:
Helios configures and manages HubSpot in accordance with applicable privacy, security, and regulatory requirements and limits the use of information to authorized research, operational, and participant engagement activities.
Information maintained within HubSpot is used solely to support clinical research recruitment, participant communications, scheduling workflows, research operations, website interactions, and related business functions.
Legal & Safety Requirements
Information may be disclosed when necessary to:
4. HEALTH INFORMATION PRIVACY
Helios may receive, create, maintain, or process health-related information in connection with research activities.
While Helios may not be a HIPAA Covered Entity in all circumstances, we maintain privacy and security practices designed to meet or exceed applicable HIPAA privacy and security standards.
Helios implements administrative, technical, and physical safeguards designed to protect health information from unauthorized access, use, disclosure, alteration, or destruction and limits access to authorized personnel with a legitimate business or research need.
Where health information is received from healthcare providers, sponsors, or other regulated entities, Helios handles such information in accordance with applicable legal, contractual, and regulatory requirements.
5. USES REQUIRING AUTHORIZATION
Certain uses or disclosures may require your authorization.
Examples may include:
You may revoke an authorization at any time in writing unless action has already been taken in reliance upon that authorization.
Helios will not:
6. YOUR PRIVACY RIGHTS
Subject to applicable law, you may have the right to:
You may submit requests by contacting our Privacy Officer.
7. STATE PRIVACY RIGHTS
Residents of certain states may have additional rights under applicable privacy laws, including:
Depending on applicable law, individuals may have rights to:
Certain rights may be limited by research, legal, scientific, public health, safety, or regulatory requirements.
8. RESEARCH PARTICIPANT DATA & REGULATORY REQUIREMENTS
Clinical research is subject to extensive federal regulations and scientific standards.
As a result, certain participant information and study records may be retained even if a participant requests deletion or modification.
Information may be retained to:
Where permitted by law, Helios will honor privacy requests. However, research-related records may be exempt from deletion or modification when retention is required by law, regulation, contract, or scientific necessity.
9. DATA SECURITY
Helios maintains administrative, technical, and physical safeguards designed to protect personal and health-related information.
Security measures include:
Only authorized personnel with a legitimate business or research need may access sensitive information.
10. DATA RETENTION
Information is retained only as long as necessary to:
Certain research records may be retained for extended periods as required by FDA regulations, sponsor agreements, Institutional Review Board requirements, Good Clinical Practice (GCP) guidelines, applicable laws, or scientific and research integrity obligations.
11. COOKIES & WEBSITE TECHNOLOGIES
Our websites may use cookies and similar technologies to:
Users may manage cookies through browser settings.
12. CHILDREN’S PRIVACY
Our websites are generally not intended for children under the age of 18 unless participation is part of a parentally authorized clinical research study.
If we become aware that personal information has been collected without appropriate authorization, we will take reasonable steps to remove the information.
13. CHANGES TO THIS NOTICE
Helios may update this Privacy Policy & Research Participant Privacy Notice periodically to reflect changes in legal requirements, research practices, technology, or business operations.
The most current version will be posted on our website with an updated effective date.
14. RESEARCH PARTICIPANT PRIVACY NOTICE
This Privacy Policy & Research Participant Privacy Notice describes Helios Clinical Research’s privacy and information-handling practices. It is not intended to constitute a Notice of Privacy Practices under HIPAA unless otherwise required by applicable law.
Helios maintains privacy and security safeguards designed to meet applicable HIPAA privacy and security standards, FDA regulations, Good Clinical Practice (GCP) requirements, Institutional Review Board (IRB) requirements, sponsor obligations, and applicable federal and state privacy laws governing clinical research activities.
15. CONTACT US
Helios Clinical Research
1307 8th Avenue, Suite 201
Fort Worth, Texas 76104
Privacy Officer
Email: info@heliosclinical.com
Phone: 214-550-3029
Questions, privacy requests, concerns, or complaints may be directed to the Privacy Officer using the contact information above.
