23.12.2019
Imagine your workflow in Excel, but GDPR compliant and tailored for clinical researchers, and it’s free to use.
We built Sensivo together with researchers at Karolinska Institutet to provide them with a fast, secure and collaborative alternative to Excel.
Today I will show you why it’s important to protect your study participants’ sensitive personal data and how the solution we’ve built can help you work more efficiently.
What is in the article:
Why GDPR matters and how to make your workflow compliant
Collaborating safely on sensitive personal data
How to save time managing your data
A few easy steps to simplify your workflow
Taking the next step
Clinical researchers regularly work with sensitive personal data (e.g data relating to study participants’ health and genetics), and therefore have to adhere to GDPR. Breaches of GDPR can result in costly fines and loss of trust from patients participating in clinical studies.
There are good guides to help you become GDPR compliant. When working with sensitive personal data you need to pay attention to security and respecting the wishes of the data subjects. Some things to consider are:
Privacy by design, i.e use pseudonyms and store data securely
Only give access to data to the persons who need it
Provide the possibility to delete data on subjects request
Provide the subjects with information about how his/her data is being used
Excel offers a fast and intuitive spreadsheet interface and is commonly used by clinical researchers to store and handle sensitive personal data. However, it’s nearly impossible to control who has access to the data, what changes were made by whom, and to fulfillvarious specific GDPR requirements.
Lets me show you how to convert your Excel file into a GDPR compliant database in two simple steps
To convert your Excel sheet into a Sensivo database you’ll need to make a few adjustments.
The first tab in your Excel sheet should contain personal information about the data subjects, such as name, personal identity number, phone number and address. This information will be stored separately and encrypted, and can only be accessed by users with special permission.
The rest of the tabs should contain the clinical research data. As you might have noticed we require you to allocate the first four rows for metadata: Title, Units, Description and Verification rule, which we talk more about in a bit.
Data uploading
Once you have prepared your Excel sheet just upload it to Sensivo and our system will do the rest.
Sensivo meets all GDPR requirements to handle sensitive personal data in terms of security, encryption, access control and traceability. However, in order to become fully GDPR compliant a Data Processing Agreement (DPA) must be signed between Sensivo (the processor) and your organization (the controller). More on that in section 5.
Access control
GDPR requires the data controller (your organization) to limit access to personal data to users who need it for a clear purpose. For example, when someone stops working in a project that person should no longer have access to the personal data within that project. This is virtually impossible to control when sharing personal data in Excel files over email or usb drives. Through a cloud-based approach Sensivo keeps all data in one place, which helps you to control access.
Security
You probably know about Multi-factor authentication. When you use your banking application it usually requires a one-time authorization code (OTAC) in addition to the password. The OTAC can be found in the SMS or separate applications such as Google Authenticator.
Sensivo supports Multi-factor authentication, but why is it important?
Let’s assume that the majority of people use the same password for different applications because it’s easy to memorize. Even if the person has a strong password, it could be leaked from a third-party application such as Linkedin hack in 2012.
In case you have disabled Multi-factor authentication and passwords that have been leaked from different services you will put your data at risk.
By having something that is hard to get access by hackers (such as personal phones, strong passwords for different services) you will significantly increase the security level of the data access.
But even if a hacker gets access to your account, he/she could corrupt the data and ask for monetary compensation. This is why Sensivo has 30-days automatic backups, that allow you to restore the data.
In addition, Sensivo always encrypts the personal information for each subject in the system.
User management
Sensivo’s user management system gives you full control over data access. Let’s take a look at the different user roles and how to add new collaborators with different types of access.
The predefined user roles are ‘Read only’, ‘Edit’, ‘Data subject’ and ‘Admin’
Let’s add three users to see how the different user roles work
All users will get the same view, but they will have different levels of access to the data, as summarized in the table below.
Users with ‘Admin’ or ‘Subject data’ access can view the personal information of a subject, and unlock the data to make changes and add or remove new parameters and subjects. Users with ‘Edit’ access can make changes to research data but not view data subjects’ personal information.
Users with ‘Read only’ access can view research data but not make changes or view subjects’ personal information.
Data traceability
All changes made to a Sensivo database are traced in an activity log, which provides an overview for the administrator and helps to detect mistakes or manipulation of data.
The activity log is also available on a cell basis, which allows you to see the history for that specific cell
Once your project is in place it’s time to get to work. Sensivo has kept the workflow from Excel to allow you to quickly read, input and change data in a spreadsheet format. Let’s take a look at different ways to add data to a project
Copy/Paste
The quickest way to input data is to copy and paste (e.g from Excel). Just make sure that the subjects’ are aligned.
Smart import
With the ‘Smart import’ feature the data will be aligned for you automatically. Just upload the Excel file where the first tab contains the new parameters. The data can belong to existing or new subjects
Sensivo will automatically match the columns/subjects and visually show you how the imported data will be placed.
Electronic case report form (eCRF)
The electronic case report format (eCRF) is commonly used in clinical trial software and focuses on one subject at a time. By clicking on a pseudonym you’ll reach the eCRF format in Sensivo, where you can quickly get an overview of that specific subject’s data and find a specific parameter across all tabs. The eCRF view is also used to access a subject’s personal information
In the bottom of the ‘Personal information’ tab you’ll find a ‘Right to be forgotten’ button. By clicking that all personal information on that subject will be deleted from the system. This unlinks the research data from the specific subject, which allows you to meet GDPR requirements at the same time as the integrity of the research database is kept intact.
Data verification We all make mistakes. To find these mistakes and allow users to correct them we added a ‘Verification’ function, which will highlight potential outliers and missing values.
Let me show you how it works. First you set the validation rule in the column settings (right click on a header > Edit column)
For age we want all values lower than 0 or higher than 150 to be highlighted as outliers during verification.
Now when you know how to import, add and securely share data with collaborators, let’s take a look at how you can manage your database and export data for statistical analysis.
Data filtering
Using ‘Filters’ is a convenient way to find the exact subset of data that you’re looking for. For complex datasets multiple filters can be set spanning over different tabs.
Search
The ‘Search’ feature can save you a lot of time finding the parameter or subject you’re looking for in a large dataset.
Custom view
To customize the view the ‘Assign’ feature can be used to sort out only the parameters that you are assigned to.
Finding the subject behind the pseudonym?
In some situations, you might have to find a specific data subject, e.g. someone who wants to exercise their rights according to GDPR. This can be tricky in a database built on pseudonyms. We, therefore, added a feature that lets users with special access search for personal information such as name, national identity number, phone number, etc.
Export data
Finally, to analyze your data in the statistical software of your choice we’ve made it easy to export data from Sensivo. Just click the ‘Export’ button to export either the full dataset or just the parameters/subject that you have selected.
We’ve taken several measures to increase security when exporting data. First, all personal information is removed from exported files. Furthermore, exported files are encrypted and all exports are saved in the activity log.
Before you start transferring sensitive personal data to Sensivo make sure that there is a Data Processing Agreement (DPA) in place. Contact us for a template, or use one from your own organization.
Sensivo is created and maintained by the Swedish company Cline Technology AB, and uses the Swedish company Safespring as a server provider, with all servers located in Sweden. Sensivo is trusted by some of the biggest medical universities and university hospitals in Sweden. Contact us if you’re interested in the technical details on how we maintain GDPR compliance and keep your data safe and backed up.
Sensivo is free to use and you could start in just a few moments. If you have higher demands we also offer a premium plan. We understand that cloud solutions do not fit everyone, this is why we are also offering on-premise solutions. Contact us for more information.
We created Sensivo to do one thing — be the best solution available for clinical researchers to handle sensitive personal data. Hopefully, this article has convinced you that by switching to Sensivo it’s possible to keep the simple and efficient workflow from Excel, and at the same time add smart features and GDPR compliance.
Sensivo keeps your data safe and collaborative, and the smart built-in features save you time and minimize the risk of mistakes.
Best of all, it’s free to use. Contact us today to get started.