Data security within the registry is of key importance, and a special attention must be paid to this issue. Data of the project are stored in a database system which was originally based on a modified version of TrialDB system[1-3]. This on-line system has undergone changes in layout and structure, which has made data entry even more comfortable, while security measures have been maintained at the same level as before.
The system has been designed as a robust base for collection of large amount of data in clinical trials and/or clinical registries, is fully customized to the structure of the project. The on-line application is accessible to users via the internet browser. The security of individual records within the registry is guaranteed via de-identified data collection. Each patient's identity is replaced with a number (ID) which does not allow any backward identification of that person. The unequivocal identification of patient is only known to the attending physician or to an authorized health care professional.
The main advantages of this system involve centralized administration, uniform appearance of forms for data collection in all registries and easy development of new, extending functions.
Authorized users can only access the system after entering a valid username and password. The system of user rights is one of key functions in the administration of user accounts. Users can be assigned various levels of authorization so that they have access to selected functions or parts of the system. Apart from this, an automatic log-out is done after a predefined period of user's inactivity. This function is aimed to prevent a misuse of an unoccupied computer if the user forgets to log out.
An encryption protocol is used for data transfer between the user and central database to prevent tapping the communication between the client and server (for example, tapping user login and password). For this reason, any communication between the client and server is realized via the secure protocol HTTPS, using the SSL (Secure Socket Layer) encryption.
In order to provide a maximum data security, other security measures are taken by the provider (IBA), involving mainly the security of provider’s network and the server itself. These measures include firewalls (separating both database and application servers from internet), regular monitoring of the system, monitoring changes in configuration, physical protection of the server room etc.
Additional measures have been taken to prevent potential data loss or damage in case of unexpected events, which are not directly related to information technology. These measures involve fire-stop system, air-conditioned server rooms etc.
Both system configuration and data stored within it are subject to a regular backup. Therefore, even in case of system breakdown, the entire system including the data can be promptly restored.