University at Buffalo - The State University of New York
Skip to Content
Privacy and Security Policy

Privacy and Security Policy

The National Library of Medicine (NLM) complies with requirements for privacy and security established by the Office of Management and Budget (OMB), Department of Health and Human Services (DHHS), and the National Institutes of Health (NIH). This page outlines our privacy and security policy as they apply to our sites as well as third party sites and applications that NLM uses (for example, Facebook, YouTube).

Your Visit to the NLM Websites

Your visit to the NLM websites is private and secure. When you visit the NLM websites, we do not collect any personally identifiable information (PII) about you, unless you choose to explicitly provide it to us. We do, however, collect some data about your visit to our website to help us better understand public use of the site and to make it more useful to visitors. This page describes the information that is automatically collected and stored. NLM never collects information for commercial marketing or any purpose not related to NLM's functions.

What Type of Information NLM Collects

When you visit any website, certain information about your visit can be collected. NLM automatically collects and stores the following type of information about your visit:

  • The name of the domain you use to access the Internet (for example, verizon.com, if you are using a Verizon online account, or stanford.edu, if you are connecting from Stanford University's domain)
  • The date and time of your visit to our website
  • The pages and documents you viewed on our website from an external search engine such as Bing or Google
  • The URL of the website you visited prior to ours
  • The words you searched for on our website
  • The type and version of your Web browser and operating system, and
  • Your location at the time of your visit, down to the city-level

This information is used to measure the number of visitors to the various sections of our site and improve organization, coverage, system performance or other problem areas. This information is not used for associating search terms or patterns of site navigation with individual users. When search features offer suggested terms, these suggestions are based on aggregated data only. NLM periodically deletes its web logs. On occasion, NLM may provide aggregated information to third party entities it contracts with for the purposes of research analysis. Aggregated data cannot be linked back to an individual user.

If your electronic medical record (EMR), patient health record (PHR) or other system links you to MedlinePlus, your diagnosis codes or other information, such as medications or procedures names, are sent to our site in order to link you to the most appropriate information. No personally identifiable information is collected in this process.

How NLM Uses Cookies

When you visit any web site, it may place a small text file, known as a "cookie," on your computer. The cookie allows the website to "remember" specific information about your visit while you are connected or when you return to that site. The Office of Management and Budget (OMB) Memo M-10-22, Guidance for Online Use of Web Measurement and Customization Technologies allows Federal agencies to use session and persistent cookies.

The cookie makes it easier for you to use the dynamic features of web pages. Cookies from NLM web pages only collect information about your browser's visit to the site; they do not collect personal information about you. While visiting certain NLM websites, you may occasionally encounter a web page that automatically employs cookies to make it easier to use the web page’s dynamic features.

NLM websites may use either single session (temporary) or multi-session (persistent) cookies. Session cookies last only as long as your web browser is open. Once you close your browser, the cookie disappears. Persistent cookies are stored on your computer for longer periods.

  • Session Cookies: We use session cookies for technical purposes such as to enable better navigation through our site. The OMB Memo 10-22 Guidance defines our use of session cookies as "Usage Tier 1 – Single Session." This tier encompasses any use of single session web measurement and customization technologies.
  • Persistent Cookies: We use persistent cookies to enhance the web experience for our users. Persistent cookies remain on your computer between visits to NLM until they expire. The OMB Memo 10-22 Guidance defines our use of persistent cookies as "Usage Tier 2 – Multi-session without Personally Identifiable Information (PII)." This tier encompasses any use of multi-session web measurement and customization technologies when no PII is collected.

For example, NLM uses persistent cookies to enable PubMed’s My NCBI feature. The persistent cookie retains user preferences such as search result filters, LinkOut displays, institutional icon links, document delivery services, etc. across user sessions. Users may opt out of the persistent cookie selection in their My NCBI settings at any time. NLM also uses persistent cookies to avoid repeated invitations to take our ForeSee customer satisfaction survey. The persistent cookies that block repeated survey invitations expire in 90 days. NLM may employ persistent cookies in other ways consistent with our mission and the OMB guidelines to analyze use patterns and improve our users' experience on NLM websites.

How to Opt Out or Disable Cookies

If you do not wish to have session or persistent cookies placed on your computer, you can disable them at any time from your web browser. If you opt out of cookies, you will still have access to all information and resources at NLM, but you may not be able to use cookie-dependent features.

See USA.gov’s Web Measurement and Customization Opt-Out page for instructions on disabling or opting out of cookies in the most popular browsers.  Please note when you disable cookies from your web browser, you will disable cookies from all sources, not just those from NLM.

Personally Identifiable Information (PII)

You do not have to give us personal information to visit the NLM website.

If you choose to send us personal information by email, or by filling out a form on our web site, we use this information to respond to your message and to help us provide you with the information or material you requested. If provided, personally identifiable information is maintained in a database that is regularly purged after 410 days.

Third-party contractors employed by NLM may have access to this information in order to provide a response to your question or comment. These contractors are held to strict policies to safeguard the information and provide the same level of privacy protection as guaranteed by NLM.

On occasion, we may conduct a study concerning the types of questions sent to us. These studies help us to improve our websites in order to make them more responsive to the needs of our users.

Disclosure

NLM does not give, share, sell, or transfer any personal information about our visitors, unless required by law enforcement or statute.

For further information about the NIH privacy policy, please contact the NIH Senior Official listed below, or visit https://oma.od.nih.gov/DMS/Pages/Privacy-Program.aspx

Celeste Dade-Vinson
Privacy Act Officer
NIH Office of the Senior Official for Privacy (OSOP)
National Institutes of Health, Office of Management Assessment
6011 Executive Blvd., Suite 601, MSC 7669
Rockville, MD 20852
Phone: (301) 496-4606 or (301) 402-6201
Fax: (301) 402-0169

Links from NLM to Other Websites

Some NLM websites, such as MedlinePlus and PubMed, provide links to other Internet sites that provide health information. Once you link to another site, you are subject to the privacy policy of the new site.

Visiting an Official NLM Page on Third-Party Websites

NLM maintains accounts on third-party websites, such as social media sites, as tools to better interact with the public. The security and privacy policies of third-party websites apply to your activity on those sites. Users of third-party websites often share information with the general public, user community, and/or the third-party operating the website. You should review the privacy policies of all websites before using them and ensure that you understand how your information may be used. You should also adjust privacy settings of your account for any third-party website to match your preferences.

See the list of NLM’s social media accounts on the Fan, Follow, and Connect with NLM page.

NLM Accounts

Common third-party website privacy policies used by NLM include:

How NLM Collects and Uses Information from Third-Party Websites

If you have an account/profile with a third-party website, and choose to follow, like, friend, or comment on a third-party website managed by NLM, certain personal information associated with your account may be made available to us based on the privacy policies of the third-party website and your privacy settings within that website. We do not share personally identifiable information made available through these websites.

NLM conducts and publishes a Privacy Impact Assessment for each use of a third-party website. Each use of a third-party website may have unique features or practices. NLM sometimes collects and uses the information made available through third-party websites.

Google Analytics

When you browse through the NLM websites, we use Google Analytics software to gather and temporarily store a variety of information about your visit. However, this information cannot be used to identify you as an individual.

We do not associate any of the data we collect with you as an individual. Instead, we aggregate this data from all visits in order to improve our website and provide a better user experience to our visitors. The aggregate data is available only to NLM web managers and other designated staff who require this information to perform their duties. It is retained only for as long as needed for proper analysis.  The Google Analytics Privacy Policy is available at https://www.google.com/intl/en/policies/privacy/.

Demographic and Interest Data

On some portions of our website we have enabled Google Analytics and other third-party software (listed below), to provide aggregate demographic and interest data of our visitors. This information cannot be used to identify you as an individual. While these tools are used by some websites to serve advertisements, NLM only uses them to measure demographic data. NLM has no control over advertisements served on other websites.

  • DoubleClick: NLM uses DoubleClick to understand the characteristics and demographics of the people who visit NLM sites. Only NLM staff conducts analyses on the aggregated data from DoubleClick. No personally identifiable information is collected by DoubleClick from NLM websites. The DoubleClick Privacy Policy is available at https://www.google.com/intl/en/policies/privacy/

    You can opt-out of receiving DoubleClick advertising at https://support.google.com/ads/answer/2662922?hl=en.

  • ForeSee: NLM also uses the ForeSee survey to collect opinions and feedback from a random sample of visitors and to understand our visitors’ satisfaction with the NLM website. This survey does not collect PII and participation in the survey is voluntary. If you decline the survey, you will still have access to the identical information and resources on the NLM website as those who take the survey. Answers to the survey help NLM improve its website to make it easier to use and more responsive to the needs of our visitors. The ForeSee Privacy Policy is available at https://www.foresee.com/about-us/privacy-policy/.

Web Measurement and Customization Tools

NLM uses the specified software and features below:

AddThis: NLM offers AddThis on its websites, giving visitors the option to bookmark and share NLM website content on certain social media sites.  Using AddThis on NLM websites does not require registration or personally identifiable information. The AddThis Privacy policy is available at https://www.addthis.com/privacy.

Bit.ly and Go.USA.gov: NLM uses Bit.ly and Go.USA.gov to shorten long URLs for use in email and social media messages.

  • Bit.ly provides analytics on how many people clicked on the URLs distributed by NLM.  Bit.ly analytics do not provide any personally identifiable information about the visitors who click the shortened links. The Bit.ly Privacy Policy is available at https://bitly.com/pages/privacy.   
  • Go.USA.gov creates short URLs out of any .gov, .mil, .fed.us, .si.edu, or .state.xx.us URL that a government user has shortened. Go.USA.gov provides these links as a service to our users. Some shortened URLs may become obsolete in the future. Go.USA.gov will maintain a database of the original URL and its shortened key but cannot verify the availability of the shortened URL when the original URL has been removed, changed, or altered by the URL owner.

CrazyEgg: NLM uses CrazyEgg to obtain information on how visitors are interacting with specific NLM web pages. This allows NLM to evaluate and to modify its websites to improve value and usability. The data CrazyEgg collects includes information about how visitors navigate around a web page and the most commonly clicked links on a specific web page. CrazyEgg does not collect personally identifiable information. The Crazy Egg Privacy Policy is available at https://www.crazyegg.com/privacy.

GovDelivery: NLM uses the Granicus GovDelivery Communications Suite to email newsletters and other messages to visitors who subscribe to them on NLM websites. Only NLM staff and managers who email newsletters using GovDelivery and/or monitor the results of email initiatives have access to the subscriber lists. GovDelivery never allows access to the subscriber lists to anyone outside of NLM for any purpose. GovDelivery also provides aggregate data, such as email opens rates, and total clicks on links. The Granicus privacy policy is available at https://granicus.com/privacy-policy/.

Security

The U.S. Government maintains this site. For site security purposes and to ensure that this service remains available to all users, we use software programs to monitor traffic to identify unauthorized attempts to upload or change information, or otherwise cause damage. Causing damage to federal computer systems is a violation of U.S. law and is subject to criminal prosecution in federal court. In the event of authorized law enforcement investigations, and pursuant to any required legal process, information from NLM web logs may be used to help identify an individual.