Data Privacy and Security

The EDC will be accessed by site research staff online. Access to the EDC user facing components is restricted to authorized users and permissions within the system are granted as needed per user account through groups and roles. All data are submitted and received over encrypted channels where sensitive data values are individually encrypted prior to submission and storage and decrypted only for use by the EDC’s user facing components.

Trial data are stored on cloud servers controlled by XXX, deployed with industry standard security (Firewall, private network access to the database, drive encryption, field-level database encryption, etc). With this approach, sensitive information is rendered unusable, unreadable, or indecipherable to unauthorized individuals for “data in use” (e.g. data being analyzed by statisticians), “data in motion” (e.g. data being transferred between data entry and storage points) and “data at rest” (e.g. data in storage in the database).

Backup and disaster recovery includes 4-hourly data archiving, encrypted archives stored in multiple locations, daily server snapshots, active system error detection, notification and reporting, and frequent mock restorations.

Physical documents, such as participant consents, will be stored in locked cabinets at secure locations.