EDC Network Security Basics

Project managers considering EDC deployment for a clinical trial might well worry about security. A network security breach can make frightening headlines. Although no system can be made completely impervious to intrusion, some key decisions can help you move forward with confidence.

Trial data inevitably winds up in the data managers computer system, so all trials share certain risks. A crashed hard drive, a corrupt employee, or a faulty program can damage your central data regardless of how it was collected at the front end. This article focuses on mitigating security risks in front-end systems, and on capitalizing upon ways that careful EDC implementation can provide better data security than conventional methods.

Here are a few terms and concepts from the world of computer security. Information security rests largely on three factors: confidentiality, integrity, and availability.

Confidentiality requires keeping data accessible to only those authorized to use it in only authorized ways. Preventing competitors or saboteurs from accessing confidential data is the most obvious aspect of this, but clinical trials often need additional layers of confidentialitysuch as internally securing information that might compromise a double-blind study.

Integrity requires ensuring that your data is authentic and complete. Risks to integrity range from typographical errors to hardware failures to paid saboteurs.

Availability. Your computing systems and the data they handle must be available to those who need them.

The pursuit of these three goals goes far beyond guarding against professional hackers. In fact, the confidentiality, integrity, and availability of your data is far more often impaired by mundane threats. Natural disaster, hardware failure, computer viruses, power outages, and simple human error are often larger risks than the skilled intruders who inspire such fear. Accordingly, a good security plan focuses first on such everyday items as spare equipment, rigorous backups, off-site storage of backup media, regular reviews of phyiscal security, routine antivirus updates, and redundant network connections. These steps are the foundation upon which one builds the fortress of security. Only when such measures are in place is there any point to considering costly anti-intrusion measures.

Atop the foundation, securitys ground floor consists of regular maintenance and system updates. Most attacks exploit software errors to gain illicit access to a system. A system that has been updated to correct known errors is largely safe from these attacks.

Because no useful system can be made completely impervious to attack, anti-intrusion measures generally anticipate the most likely threats and invest as much in each area as is cost-effective. Between regulatory requirements, privacy laws, and the demands of the increasingly fast-paced clinical trials climate, trial managers should take security concerns very seriously. Because all security is relative, managers need to set priorities rather than expect absolute certainty.

To defend against professional intruders, some economic analysis comes further into play. The idea is to figure out the rough cost of the financial loss an intruder could imposeor the financial return an intruder might gain. Then make intrusion more costly than that. Most of the analysis involved is fairly straightforward, and there are well-established ways to increase the cost of attack.

Added risks of EDC. The principal added risk of any EDC project is the flow of trial data across a large network. The network may be the global Internet, the corporate network of a large pharmaceutical company or contract research organization, or the public telephone network. Any large network increases the risk that data could be monitored, or that an unauthorized party might be able to stage an attack from elsewhere on the network.

Another risk to any system on a public network (such as the Internet) is that it may be more vulnerable to a denial of service (DoS) attack than its private-network counterparts. Some DoS attacks exploit system weaknesses to crash servers, but these are a very small risk for an organization that maintains its systems well. Other DoS attacks simply overload networks and servers with massive numbers of requestsa less preventable but far less common attack.

Robust technologies
Fortunately, we now live in an age of robust encryption and authentication technologies. Todays cryptosystems, properly implemented, can keep trial data transmissions private from any known attack. Todays authentication systems can ensure a users identity with great certainty; and digital signature technology can verify the integrity of a document and the identity of its creator.

How EDC can improve security. A well-implemented EDC system can provide some security benefits difficult to achieve by traditional means, particularly in the area of integrity. For example, digital signatures on electronically submitted forms can ensure the identity of a forms submitter more securely than entry from paper forms. Digital signatures can likewise ensure that records are unchanged from when they were entered. Standard commercial-grade web security can secure traffic against monitoring of trial data while it is being transmitted.

Any EDC vendor whose tools are placed directly in the hands of subjects will tell you that data passed directly from the subject to the central collection site provides obvious advantages to integrity of data. Each item transcribed by trial staff carries with it the possibility of typographical error, so protocols that require considerable detailed data create an added incentive to consider these kinds of tools.

Some advanced database systems can perform real-time backups even as data is being submitted. While this kind of redundancy is costly, real-time backups to write-once media may be worth the investment for trials with particularly great data integrity needs.

Above all, trial data stored on a computer system can be backed up, stored in multiple places for safety, and audited in its electronic form. If only clinical data is stored on the system, it may be necessary to check paper forms to verify the integrity of a piece of data, but an all-electronic system can store signatures, countersignatures, audit histories, and other pertinent facts about the clinical data. Paper forms can be destroyed by time, disaster, or clerical error, but anything stored electronically can be made much more durable.

Not all EDC programs provide all these benefits. In fact, I know of none that performs all these functions today, but every technique discussed here is well within reach of todays technology. Any crypto-enabled integrity feature not now offered is surely on the horizon.

Making the move
Sponsors considering a move to EDC can take several steps to make the best decisions.

• Involve your technology staff from the very earliest stages. Even if you have no in-house security expert, one or two hands-on technology implementers should be included at every step in your EDC evaluation.
• Bring in an outside security consultant to help in specifying your requirements and priorities, and to help your team evaluate the security of specific EDC products. A professional outside perspective is always a good double-check, and sometimes an outsider can offer uniquely powerful suggestions for simplifying systems or streamlining work processes.
• Consider a number of EDC products. Many are out there, with widely varying features and security characteristics. Tying yourself to a single vendor without a clear idea of how its products will fit into your business environment can be a costly mistake.

Evaluating EDC systems and vendors is an extensive process beyond the scope of this article. For evaluating the security of each system, however, here are a few points to consider.

• Find out what operating systems and database platforms each product supports.
• A product that runs on multiple server platforms is likely to be more carefully engineered, and a multiplatform product can free you to make other technical decisions independently.
• In general, its a good idea to deploy more of what you already have. If your data center is full of Sun servers, for example, your team will be most able to support additional similar systems.
• All things being equal, Windows is somewhat harder to secure than other platforms, but dont let this factor stop you from choosing what your staff is most able to support.

Keep it simple
Network protocols should generally be common and simple rather than special-purpose and proprietary. It is easier to find technologists who can support common protocols properlyand because simple network protocols are less prone to bugs, they offer greater security.

Encryption protocols (including authentication and digital signature protocols) should generally be common and newer, but the important point here is that any encryption protocol is only as strong as the way it is used. Careful analysis of how crypto technologies are used is more important than which technologies.

Finally, consider each product in light of your security foundations. An EDC system that fits into your existing data backup operation and works over your existing network connections may offer a cost advantage over one that requires special solutions in those areas. If your disaster recovery plan calls for maintaining spare equipment off-site, hardware costs may be a bigger factor than is obvious. Remember from the start that your new EDC system will not operate in a vacuum.

The security issues involved in connecting your trial data to a larger world may seem daunting, but you can address each piece of the challenge by gathering the right professionals and evaluating carefully before moving forward. The task is not small, but anyone running multicenter trials can surely justify the investmentand the benefits for some smaller operations are still compelling.