Herniamed Data Protection Concept
The software for recording data in the Herniamed project was developed by the firm StatConsult and is based on the libraries of the ClinWise-HealthCare study design tools.
On the basis of ClinWise-HealthCare, internet-based studies are conducted on clinical as well as treatment research. For these projects ClinWise-HealthCare has facilities for saving, in addition to the patient encryption data customarily used in clinical studies, other features related to patient identity, e.g. name, address, general practitioner, etc. Such data are recorded only if they are required for the study (e.g. for generation of letters to patients).
A number of measures are in place to assure protection of such sensitive data In ClinWise-HealthCare mechanisms are used to ensure that all data classified as sensitive may only be read and edited by authorized personnel of the respective hospital. This means that neither the study directors nor administrators of the IT system are able to view the data. In turn this means that in the event of password loss by all staff of a hospital, the confidential data cannot be regenerated. Patients may then be identified only by means of their specific study patient code.
Data confidentiality must be viewed at different levels.
1. Saving data
1.1 IT System
Data are saved in a relational database on a server in a certified computer centre belonging to Deutsche Telekom. Access to the hardware is given only to authorized persons and this is recorded. Replaced hardware (e.g. hard drives) is deleted or destroyed and discarded as per the pertinent regulations. The server has a 99.6 per month availability guarantee. Only trained personnel belonging to the firm StatConsult may access the operating system. These are responsible, depending on the respective task, for maintenance and servicing of the operating system, database and corresponding ClinWise application. The server is protected by means of hard- and software-based firewall systems. Qualified administrators ensure that the system is continually monitored and updated.
1.2 Sensitive data
When designing a study, data classified as sensitive are marked as such. None of the data thus marked are saved in clear text in the project database. By means of Private/Public Key encryption algorithms (in compliance with the requirements of the German Federal Office for Information Security - BSI), it is ensured that only authorized personnel of the respective hospital have access to these data.
1.3 Other data
All other study data are saved in the database using a relational schema. These data can be exported by authorized persons at any time for the purpose of analysis (hospital administrator: individual hospitals, study administrator: entire pool).
2. Data transport
Access to the web application is granted by means of a secure internet connection (HTTPS) based on a verified certificate of verification.
3. Organisational measures
Access to the study is granted after entering Login, password and selecting a hospital. The centres as well as the centre administrators are created by the study administrator. The centre administrator must change his/her password after logging on. Next, a key is automatically generated for this centre and is saved, in an encrypted form together with the study administrator’s password, in the database. Only the centre administrator is able to create other users for this hospital.