ERBITUX project
česky | english

Technology

Electronic case report forms (eCRF)




Clinical data are entered via electronic forms instead of classic (paper) ones, thus facilitating data trasfer and communication among the involved centres.

more about eCRF...

Introduction

The database system was originally based on a modified version of TrialDB system[1-3]. The on-line system is newly customized for the collection of specific clinical data of the Erbitux project. The system is actually designed as a robust base for data collection in clinical trials and/or clinical registries. The on-line application is widely accessible via a standard internet browser.

IBA further supports the SW background of the project through an original analytic tool, called COBRA (Comprehensive Data Browser). COBRA is able to communicate the database of the project and returns standard statistical reporting or user-specific analytic outcomes, all in forms of final tables and figures. COBRA works both in locally installed and internet version.

The key elements of the system involve tools for:

  • user-friendly definition and creation of forms used in data collection,
  • administration of user accounts and access rights,
  • processes for data export and import,
  • creation of validation rules and reports,
  • monitoring of the system.

The main advantages of this system involve a centralized administration, an uniform appearance of forms for data collection in all registries and an easy development of new, extended functions.

Basic characteristics of the system

  • The system is very user-friendly: all data are entered via web forms which are analogical to paper collection (classical CRF).
  • The data can be entered into the registry from any computer connected to internet and equipped with the browser MS Internet Explorer 5.5 or higher (it must support the encrypted communication with a 128-bit SSL protocol).
  • No additional software needs to be installed on the client's computer.
  • Only authorized persons have access to the registry, using their login and password.
  • The data in the registry are anonymized, i.e. the patients' records are kept under codes (ID) which do not allow to identify the person. In this way, the system meets the valid rules on the protection of personal data.
  • All data transfer is encrypted to prevent a potential abuse during the transfer.
  • All submitted data are collected in a central computer - server, where they are safely stored in a database, administered in the ORACLE 9i system.
  • The data can be exported for authorized users as a local database for further processing.
  • The user can print the filled forms or save them on a local computer in the MS Excel format.

Applied technology

Thin client - internet browser:

  • Internet Explorer 5.5 or higher
  • Data collection, viewing, editing etc.
  • Analytical functions
  • Client scripts facilitating data entry

Web server (application server):

  • Microsoft Windows 2003 Server
  • Microsoft IIS
  • Web application
  • Server-side scripts
  • ASP Language

Database server:

  • SUSE Linux Enterprise Server
  • Oracle database
  • Central data repository
  • Definition and design of forms for data collection
  • Definition and administration of user accounts and rights
  • Validation rules

Data security

A special attention is paid to data security within the registry. The authorized users of the registry can access the system only after submitting a valid username and password. One of the key functions in the administration of user accounts is the system of user rights. The users can be assigned various levels of authorization so that they have access to selected functions or parts of the system. Apart from this, the system performs an automatic log-out after a predefined period of the user's inactivity. This function is aimed to prevent a misuse of an abandoned computer if the user forgets to log out.

An encryption protocol is used for data transfer between the user and central database to prevent tapping the communication between the client and server (for example, tapping user login and password). For this reason, any communication between the client and server is realized via the secure protocol HTTPS, using the SSL (Secure Socket Layer) encryption.

In order to provide a maximum data security, other measures are required from the users, involving mainly the security of the user's network and the server itself. These measures include firewalls (separating both database and application servers from internet), regular monitoring of the system, monitoring changes in configuration, physical protection of the server room etc.

Other measures are accepted to prevent potential data loss or damage in the case of unexpected events which are not related to information technology. These measures involve fire-stop system, air-conditioned server rooms etc.

Both system configuration and data stored within it are subject to a regular backup. Therefore, even in the case of system breakdown, both system functionality and data can be restored immediately.

References

  1. Nadkarni PM, Brandt C, Frawley S, et al. (1998) Managing attribute--value clinical trials data using the ACT/DB client-server database system. J Am Med Inform Assoc 5(2), 139-151.
  2. Nadkarni PM, Brandt CM, Marenco L (2000) WebEAV: automatic metadata-driven generation of web interfaces to entity-attribute-value databases. J Am Med Inform Assoc 7(4), 343-356.
  3. Nadkarni PM, Marenco L (2001) Easing the transition between attribute-value databases and conventional databases for scientific data. Proc AMIA Symp, 483-487.