Disease & Treatment Registry Thru The Web,

The Way Forward

www.crc.gov.my

Dr. Lim Teck Onn Ms Lim Jie Ying

Clinical Research Centre, Hospital Kuala Lumpur

Ministry Of HealthMalaysia

Content• CRC and Disease Registers

• Traditional operation vs web-based operation

• Pros and Cons

• Minimizing security risk of Web based operation (Ms Lim Jie Ying)

We do 4 types of clinical research

1. Clinical Trials.

2. Clinical Registers /Epidemiological and

Health outcomes research

3. Clinical Economics Research

4. Evidence based medicine

Disease Registers in CRC1. National Renal Registry

2. National Cancer Registry

3. National Cataract Surgery Registry

4. National Neonatal Registry

5. National Mental Health Registry

6. National HIV/AIDS Treatment Registry

7. National Transplant Registry

8. In the pipeline: CKD (GN/SLE), CVD (Stroke,

AMI, Angioplasty) Rheumatic (RA)

Purpose of Disease Registry1. Quantify disease burden (morbidity and mortality) and its

geographic and temporal trends. 2. Early warning of rapid increase in disease incidence eg in

infectious disease.3. Identify sub-groups most at risk of disease.4. Identify potential risk factors of disease.5. Evaluate treatment programme / Clinical audit6. Evaluate control and prevention programme.7. Facilitate research, eg disease aetiology, Rx effectiveness,

outcomes research, prognosis

Epidemiological vs Treatment Register

Uses of Registry data

1. Disease epidemiology

2. Treatment availability & accessibility

3. Outcomes research

4. Technology assessment

5. Clinical economics

6. Clinical audit7. Support clinical trial/ clinical research

Data capture and reporting A core function of a Disease Registry

Data

Reporting

Data Processing

SDP

Traditional Operation vs Web-based Operation

CRCCRC

USERSUSERS

Report only

No prim. data

SITESITE

CRCCRC

USERSUSERS

EDC

Real time analysis &

report

Return processed

data

Online data

access

Internet Internet

Internet

Internet

SITESITE

Report data

(paper)No data return

Process comparison

Traditional operation Web ApplicationSite reports data in the form of CRF to CRC

Site reports data electronically via electronic data capture

CRC does not return data to site unless requested by site

Data processed are returned electronically

CRC provides annual report to user Real time analysis and availability of reports

No data accessible by user Online data access of data by user

Pros and Cons (1)Traditional operation Web Application

High cost of transmission of paper CRF to CRC by SDP

No cost of transmission of paper CRF to CRC by SDP

Incurs cost of printing CRF (continuous)

Incurs cost of developing the web application (one-off)

Data only available annually when report is out

Instantaneous availability of latest data for online review at all time

Data entry personnel at CRC keys in data based on paper CRF received

Electronic (remote) data capture, data entry by SDP personnel

Lower short term cost of client server application development, high cost of infrastructure planning

High short term cost of web application development, infrastructure planning

Report only analysable annually (based on clean data)

Real time analysis of report (based on uncleaned data)

Pros and Cons (2)Traditional operation Web Application

Authorised researcher has to send in request to CRC to gain access to data, time consuming

Ease of access to data for purpose of research by authorised researcher

Less security risk – enclosed system within CRC network

High security risk – physical security, data security, user access security, etc

SDP has to send in request to CRC to review own centre’s data, time consuming

SDP may verify own centre’s data easily

Data entry personnel are trained to do data entry in similar manner

Disparate way of entering data among SDPs

High efficiency Efficiency – unknown until its operational

Pros and Cons (3)

Traditional operation Web Application

Incurs cost of employment of data entry personnel at CRC

Does not incur cost of employment of data entry personnel at CRC

Authorised user (CRC’s registry manager, data entry personnel) may only run the application within CRC’s entity

Authorised user may run the application anywhere with Internet access at all time

Software has to be installed at the workstations for data entry

No installation of software is required

We think the pros outweigh the cons.

But what about the security risk?

Ms Lim Jie Ying

Risks (1)

Trad Web

Authentication – – someone may impose as the owner of the web site and direct user to non-appropriate web site

– someone who knows the user name and password of a user may easily gain access to the system

Risks (2)

Trad Web

Access control– Non authorised user may view, edit, add or delete data that he/she is not authorised to

–When user left the application idle and leaves the PC, someone else who happened to pass by may easily access the application if it is not locked

Risks (3)

Trad Web

Data without protection– Unauthorised people who gained access to the entire database may have access to all data

– Packet ‘Sniffing’ by non-authorised people

Unable to identify what alterations has been made, who made it, when was it made

Risks (4)

Trad Web

Physical insecurity – Anyone who gain access to the data storage area has access to data

External source of damage– Hackers

– Disgruntled users

Risks (5)

Trad Web

Virus attack

Disaster– Flood

– Fire

– Theft

– Power break down

Technological Mechanisms to Counter Security Risk

• Authentication

• Access control

• Encryption

• Audit trail

• Physical security

• Control of external communication links and access

• System backup and disaster recovery

Authentication (1)

• Authentication is a process of verifying the identity of an entity that is the source of a request or response for information in a computing environment

• Categories: – Web Application owner authentication– User authentication

Authentication (2)

• Web application owner authentication– VeriSign’s Server ID apply state of the art SSL

(Secure Sockets Layer) technology to conduct an authenticated, strongly encrypted online transaction.

– VeriSign ensures:

• the web site belongs to NRR and not an impostor’s

• Message privacy - information cannot be viewed if it is intercepted by unauthorized parties.

Authentication (3)

• User authentication is based on two criteria:

– Something that user know• User ID and Password – user is required to change

password every 3 months and the password cannot be reused within 3 cycles.

– Something that user have• Mobile phone authentication

Authentication (4)

• Mobile phone authentication– Eg. Mobile phone authentication. After user logs

in using UserID and password, server sends an SMS containing additional password to user’s mobile phone. User then types in the additional password before gaining access to system

Mobile Phone Authentication

Access control

• Only authorized users, for authorized purposes, can gain access to a system

• Authorised users are grouped into Access Control List

• User’s rights are assigned based on role

• User session management – when user left the application idle for more than 15 minutes, the application will be logged off automatically

Encryption• Definition: convert ordinary language into code so as to be

unintelligible to unauthorized parties.

• Field encryption for PHI (Personal Health Information) such as Name, IC within SQL database

• Data transmission and synchronisation encrypted

Data CentreData Centre DTRUDTRU Internet

VPN 128-bit connection

asdadadada5gsdafAsdjkn2543550nasdafasjfl5kjhfasfl5345l23

asdlkjldkjasjdalkdjladjl34435347593757asdkas6324sadadaad

Audit trail• Audit trail on

– Information access – to allow identification of unauthorised access to system / network

– data manipulation when users create, modify or delete records

• Tracks the followingWho made the change User ID and name

When was change made date and time

What change was made value change (previous to current value)

Why was change made reason, eg. data entry, data edit

Physical and Environmental Security 1

• Physical security entails appropriate controls to prevent unauthorised people from gaining access so that they cannot tamper with or derive information from the equipment

• Access to data centre is limited to authorised personnel only. Access to data centre will only be granted if the person is in the authorised list, identification information is presented and password is correct. Staffs within data centre are authenticated using biometrics technology.

• Access to DTRU office is secured by access card system and each personnel has limitation of accessible area/room

• Workstation will be logged off if left idle for 5 minute.• Web application will be logged off if left idle for 15 minutes

Physical and Environmental Security 2

• Access card system, Fire and alarm system, data storage space

Web Application Infrastructure Layout

Physical and Environmental Security 3

Control of external Communication Links and Access (1)

• Firewall - acts as a sentry (guard) that filters out ‘insecure’ traffic from the Internet to ensure the security of an internal network in DTRU.

• Intrusion Detection System (IDS) - built into firewall to detect and block suspicious activities.

• Segmented network - User workstations are physically and logically separated from the servers. Thus, compromised workstations can be isolated from the servers and thus minimising damage.

• Antivirus– TrendMicro Antivirus Installed on all

workstations and servers– Daily virus signature update– Real-time scan and cannot be disabled.

• Patch Management– Automatically download, deploy and

install latest approved patches to all servers and workstations without any user interaction.

– Ensure that latest patches are applied to operating systems.

Control of external Communication Links and Access (2)

System Backup and Disaster Recovery

• Backup– Daily, weekly and monthly backup of

data to tapes. – Weekly and monthly backup tapes

stored offsite to ensure business continuity if anything happens.

– Automatic schedule of backup conducted at night using Veritas Backup software.

7- Day backup Tape Loader

• Disaster Recovery – Data may be recovered from backup tapes. Security consultant works with CRC team to prepare Business Continuity Plan Procedure.

Organizational Practice • Security and confidentiality policies

– Prepared by CIS team of CRC with joint effort of Security Consultant

– Each CRC staff has to sign Non Disclosure Agreement• Information security officers (ISO)

– To enforce policies– To ensure staffs abide by the policies– Responsibilities include but not limited to: Personnel security, IT

security, Physical & environmental Security, Information Processing Practices, Business Continuity Management

• Education and training programs– Awareness training program on information security for all CRC

personnel is held every month. – Ongoing emphasis

• Sanction– Sanction for breaches of confidentiality

Thank YouThank You