This first blog in the series from BBK Founding Principal Joan F. Bachenheimer discusses the system’s security features.
Two rambunctious boys in the back seat. Long car ride. Every ten minutes, “Are we there yet?” Three more hours to Niagara Falls. Hope there is a place to jump. “Let them out of their seatbelts,” I think. “They can play fight then and work off some steam. Or, blessed moment, maybe they will lie down and go to sleep.” Like the proverbial angel / devil debate, I run through the scenarios. “What if we stop short and they get hurt? What if they don’t quiet down? What if? What if?” I take two Advil® and leave their seatbelts on. Safety and precaution reign... for now. Convenience will tempt again, to be sure.
“Are we there yet?” It’s not just an adult / child construct. It is a daily question for the masses as we redefine convenience in the techno era. “When Your Data Wanders To Places You’ve Never Been,” a Sunday, April 28, 2013 commentary in The New York Times by Natasha Singer, reveals the uneven road your personal data travels and all the stops made on the way that compromise your confidentiality. What the article does not discuss is how convenience plays a role in the willingness of the individual to divulge personal information in the first place – and often to sources unfamiliar or even unknown to this person.
But answering a question on the web to get a promo code is only one of the ways we struggle with the security / convenience debate. The global clinical research community is predicated on data collection and now that data is within, and sometimes, above the cloud. The need to share data globally, in an elegant and convenient matter, means that we are inherently taking risks with information. Now mind you, these are calculated risks for sure. BBK Worldwide has created painstaking code that ensures that data retrieved from multiple sources is accurately represented within our TrialCentralNetSM (TCN) infrastructure.For instance:
- All TCN application servers reside behind a secure firewall. Access to all database servers requires an additional level of authentication.
- Role-based security ensures that only users with the correct privileges have access to specific information.
- Site users verify their security question when navigating to patient-identifiable information.
- Information is propagated on a 256-bit secure sockets layer (SSL).
- A random, system-generated protected password requires the user to change it to a strong password upon initial login.
- System automatically logs the user out after predetermined time of session inactivity.
- A user that has been inactive for more than 90 days is automatically deactivated and will require reactivation with sponsor approval.
- All user activity is logged as a “TCN digital footprint” with sponsor approval required and time stamped for all users.
- Document approvals are logged within the system to ensure that only sponsor and EC-approved information is shared with sites and patients.
- All TCN servers are housed in an offsite data center with 24-7 security and up-time.
But, for the sake of one less click, the war may be lost. I understand that time-consuming processes plague our industry, but the system can’t do its job if the people who use the system are unwilling to abide by the very security features the system has so painfully worked to create.
Yes, sponsors must approve all documents within TCN. More specifically, the clinical team member tasked with this responsibility using their unique user name and password, not this person’s assistant, must mark the approvals. Yes, data must be provided in a consistent format to ensure accuracy within data tables, and yes, site addresses must be validated by the CRO before distribution occurs as addresses are often provided incorrectly, and that is a reality. We are not digging ditches loaded down with heavy artillery. We are asking for another click of a button -- a click that signifies security over immediacy. What’s most ironic is that in the long run, convenience isn’t even compromised. The very action taken to comply with the system also offers a host of rewards including accurate reports that allow for real-time analyses of the enrollment landscape for each trial, in each country, at any moment in time.
As web-based designers and programmers, we have taken an unwritten oath to make life as convenient as possible for the end user. But, we can’t do our job without the buy-in of the entire study community. There are redundancies within all the web-based applications used to administer a trial but, there are also unique benefits that each of these systems provide. TCN has nothing to do with FDA submissions. On the other hand, EDC data cannot provide sophisticated marketing analyses that combine Google analytics with online screener data and ultimately, enrollment-tracking confidentially provided via a patient’s enrollment code.
In a way, we are all in one car together just trying to "get there." In the final analysis, sometimes it just takes the other parent to say, “If you don’t quiet down, no hamburgers and French fries at the next exit.”
Have thoughts to share on system security? We’d love to hear them – please be sure to comment below.Connect with Joan on LinkedIn to stay tuned to this and other BBK Blog series!