Best practice in data protection for DCTs
MRN has taken great strides to ensure that our data capabilities surpass the stringent requirements of our industry and as such are now ISO27001 and ISO9001 certified. This dedication to information security sets MRN apart and shines a spotlight the level of quality that we have always taken pride in for our clients and our patients. Ensuring data quality means that patient data and clinical trial data is secured and provides the source of the truth for our customers, allowing them to have the facts and figures to enable them to make the right decisions in how their trials are running and how they can ensure patient quality does not deteriorate.
Information is the most important currency to any business in the modern, highly tech driven world, and as a currency we should treat it with the utmost respect to avoid it being stolen, forged or devalued just like the money in your pocket.
The technical side
In technical terms, information is data, and data must follow the three principles of information security: Confidentiality, Integrity and Availability.
Confidentiality is the most important aspect of data when it comes to the Healthcare and Life Science industry. Providing assurances that any company will treat information as securely, ethically and with only appropriate access is critical, especially when dealing with patient and pharmaceutical data. MRN takes a proactive approach to confidentially; we secure and segregate data at source and redact information as required by our processes. All of this is backed up by our encryption at rest and in transit for all data to industry standards of AES 256bit encryption, Multi Factor authentication as a standard and pre-expired complex password for users.
Integrity of data ensures that its accurate both in capture and in storage. Tampering with data must be prevented at all points and any change must be logged. This leads on to the backup of data, authorized changes must be reflected in the backups. There are 5 principles that Data Integrity must follow:
- Attributable (Who created or changed the data)
- Legible (Data must be readable)
- Contemporaneous (recorded in a timely manner)
- Original (collected directly at source)
- Accurate (consistent, complete data captured)
MRN has made great strides in data integrity assurance, with eSource solutions capturing data in an electronic format at source, to new back-office systems ensuring data is validated and attributable with consistent backups.
The Availability of data has to be apportioned correctly dependent upon the data classification, the data source, the usage of the data and the time of use. Accessibility and inaccessibility to data has to be monitored and can have a huge adverse impact to any business if it is incorrectly applied. MRN has ensured that all data is classified and made available appropriately based upon the needs of the individual user and the specific use case.
You wouldn’t leave your wallet or purse unattended, let your bank open the door to your account or have your mortgage company add charges without clearing it with you. We should take the same care with our data.
Author: Phillip Winters
Executive Director Information Technology