Transcript Content
Disease & Treatment Registry Thru The Web, The Way Forward Dr. Lim Teck Onn Ms Lim Jie Ying Clinical Research Centre, Hospital Kuala Lumpur Ministry Of Health Malaysia www.crc.gov.my Content • CRC and Disease Registers • Traditional operation vs web-based operation • Pros and Cons • Minimizing security risk of Web based operation (Ms Lim Jie Ying) We do 4 types of clinical research 1. Clinical Trials. 2. Clinical Registers /Epidemiological and Health outcomes research 3. Clinical Economics Research 4. Evidence based medicine Disease Registers in CRC 1. National Renal Registry 2. National Cancer Registry 3. National Cataract Surgery Registry 4. National Neonatal Registry 5. National Mental Health Registry 6. National HIV/AIDS Treatment Registry 7. National Transplant Registry 8. In the pipeline: CKD (GN/SLE), CVD (Stroke, AMI, Angioplasty) Rheumatic (RA) Purpose of Disease Registry 1. Quantify disease burden (morbidity and mortality) and its geographic and temporal trends. 2. Early warning of rapid increase in disease incidence eg in infectious disease. 3. Identify sub-groups most at risk of disease. 4. Identify potential risk factors of disease. 5. Evaluate treatment programme / Clinical audit 6. Evaluate control and prevention programme. 7. Facilitate research, eg disease aetiology, Rx effectiveness, outcomes research, prognosis Epidemiological vs Treatment Register Uses of Registry data 1. 2. 3. 4. 5. 6. 7. Disease epidemiology Treatment availability & accessibility Outcomes research Technology assessment Clinical economics Clinical audit Support clinical trial/ clinical research Data capture and reporting A core function of a Disease Registry Traditional Operation vs Web-based Operation SITE Report data (paper) SDP No data return SITE Internet EDC Return processed data Data Processing CRC Report only No prim. data USERS CRC Real time analysis & Data report Reporting Internet USERS Online data access Process comparison Traditional operation Web Application Site reports data in the form of CRF Site reports data electronically via to CRC electronic data capture CRC does not return data to site unless requested by site Data processed are returned electronically CRC provides annual report to user Real time analysis and availability of reports No data accessible by user Online data access of data by user Pros and Cons (1) Traditional operation Web Application High cost of transmission of paper CRF to CRC by SDP No cost of transmission of paper CRF to CRC by SDP Incurs cost of printing CRF (continuous) Incurs cost of developing the web application (one-off) Data only available annually when report is out Instantaneous availability of latest data for online review at all time Data entry personnel at CRC keys in data based on paper CRF received Electronic (remote) data capture, data entry by SDP personnel Lower short term cost of client server application development, high cost of infrastructure planning High short term cost of web application development, infrastructure planning Report only analysable annually (based on clean data) Real time analysis of report (based on uncleaned data) Pros and Cons (2) Traditional operation Web Application Authorised researcher has to send in Ease of access to data for purpose of request to CRC to gain access to data, research by authorised researcher time consuming Less security risk – enclosed system within CRC network High security risk – physical security, data security, user access security, etc SDP has to send in request to CRC to review own centre’s data, time consuming SDP may verify own centre’s data easily Data entry personnel are trained to do Disparate way of entering data among data entry in similar manner SDPs High efficiency Efficiency – unknown until its operational Pros and Cons (3) Traditional operation Incurs cost of employment of data entry personnel at CRC Web Application Does not incur cost of employment of data entry personnel at CRC Authorised user (CRC’s registry Authorised user may run the manager, data entry personnel) may application anywhere with Internet only run the application within CRC’s access at all time entity Software has to be installed at the workstations for data entry No installation of software is required We think the pros outweigh the cons. But what about the security risk? Ms Lim Jie Ying Risks (1) Trad Web Authentication – – someone may impose as the owner of the web site and direct user to non-appropriate web site – someone who knows the user name and password of a user may easily gain access to the system Risks (2) Trad Web Access control – Non authorised user may view, edit, add or delete data that he/she is not authorised to –When user left the application idle and leaves the PC, someone else who happened to pass by may easily access the application if it is not locked Risks (3) Trad Web Data without protection – Unauthorised people who gained access to the entire database may have access to all data – Packet ‘Sniffing’ by nonauthorised people Unable to identify what alterations has been made, who made it, when was it made Risks (4) Trad Web Physical insecurity – Anyone who gain access to the data storage area has access to data External source of damage – Hackers – Disgruntled users Risks (5) Virus attack Trad Web Disaster – Flood – Fire – Theft – Power break down Technological Mechanisms to Counter Security Risk • • • • • • Authentication Access control Encryption Audit trail Physical security Control of external communication links and access • System backup and disaster recovery Authentication (1) • Authentication is a process of verifying the identity of an entity that is the source of a request or response for information in a computing environment • Categories: – Web Application owner authentication – User authentication Authentication (2) • Web application owner authentication – VeriSign’s Server ID apply state of the art SSL (Secure Sockets Layer) technology to conduct an authenticated, strongly encrypted online transaction. – VeriSign ensures: • the web site belongs to NRR and not an impostor’s • Message privacy - information cannot be viewed if it is intercepted by unauthorized parties. Authentication (3) • User authentication is based on two criteria: – Something that user know • User ID and Password – user is required to change password every 3 months and the password cannot be reused within 3 cycles. – Something that user have • Mobile phone authentication Authentication (4) • Mobile phone authentication – Eg. Mobile phone authentication. After user logs in using UserID and password, server sends an SMS containing additional password to user’s mobile phone. User then types in the additional password before gaining access to system Mobile Phone Authentication Access control • Only authorized users, for authorized purposes, can gain access to a system • Authorised users are grouped into Access Control List • User’s rights are assigned based on role • User session management – when user left the application idle for more than 15 minutes, the application will be logged off automatically Encryption • • • Definition: convert ordinary language into code so as to be unintelligible to unauthorized parties. Field encryption for PHI (Personal Health Information) such as Name, IC within SQL database Data transmission and synchronisation encrypted Data Centre Internet asdadadada5gsdafAsdjkn2543550nasdafasjfl5kjhfasfl5345l23 asdlkjldkjasjdalkdjladjl34435347593757asdkas6324sadadaad VPN 128-bit connection DTRU Audit trail • Audit trail on – Information access – to allow identification of unauthorised access to system / network – data manipulation when users create, modify or delete records • Tracks the following Who made the change User ID and name When was change made date and time What change was made value change (previous to current value) Why was change made reason, eg. data entry, data edit Physical and Environmental Security 1 • Physical security entails appropriate controls to prevent unauthorised people from gaining access so that they cannot tamper with or derive information from the equipment • Access to data centre is limited to authorised personnel only. Access to data centre will only be granted if the person is in the authorised list, identification information is presented and password is correct. Staffs within data centre are authenticated using biometrics technology. • Access to DTRU office is secured by access card system and each personnel has limitation of accessible area/room • Workstation will be logged off if left idle for 5 minute. • Web application will be logged off if left idle for 15 minutes Physical and Environmental Security 2 • Access card system, Fire and alarm system, data storage space Physical and Environmental Security 3 Web Application Infrastructure Layout Control of external Communication Links and Access (1) • Firewall - acts as a sentry (guard) that filters out ‘insecure’ traffic from the Internet to ensure the security of an internal network in DTRU. • Intrusion Detection System (IDS) built into firewall to detect and block suspicious activities. • Segmented network - User workstations are physically and logically separated from the servers. Thus, compromised workstations can be isolated from the servers and thus minimising damage. Control of external Communication Links and Access (2) • Antivirus – TrendMicro Antivirus Installed on all workstations and servers – Daily virus signature update – Real-time scan and cannot be disabled. • Patch Management – Automatically download, deploy and install latest approved patches to all servers and workstations without any user interaction. – Ensure that latest patches are applied to operating systems. System Backup and Disaster Recovery • Backup – Daily, weekly and monthly backup of data to tapes. – Weekly and monthly backup tapes stored offsite to ensure business continuity if anything happens. – Automatic schedule of backup conducted at night using Veritas Backup software. 7- Day backup Tape Loader • Disaster Recovery – Data may be recovered from backup tapes. Security consultant works with CRC team to prepare Business Continuity Plan Procedure. Organizational Practice • Security and confidentiality policies – Prepared by CIS team of CRC with joint effort of Security Consultant – Each CRC staff has to sign Non Disclosure Agreement • Information security officers (ISO) – To enforce policies – To ensure staffs abide by the policies – Responsibilities include but not limited to: Personnel security, IT security, Physical & environmental Security, Information Processing Practices, Business Continuity Management • Education and training programs – Awareness training program on information security for all CRC personnel is held every month. – Ongoing emphasis • Sanction – Sanction for breaches of confidentiality Thank You