Updated 15 April 2019

Data Security

Due to data protection regulations, the data collected by the Registry must be anonymous, i.e. the patient must not be identifiable. To facilitate the data-entry process, however, it is advisable that patients can be recognized by the person entering the data. For this reason, the data entry software allows the operator in the centre to see the full name of the patient when entering the data, but generates a centre patient code to be transmitted to the central European database. Data is encrypted (i.e. not de-codable) when transmitted.

Data Storage and System Security 

  • The Registry database is protected according to the European Data Protection legislation, physically and technically, and backup is secured. There are strict rules for de-identification of data and user.
  • The name of the system used for secure storage of patient data is Host-Proof Storage: 
    To protect the privacy of the patient the patient identifying information (the real names or other identifiers) is separated from patient clinical data in the software. This separation is maintained throughout the system.
  • Patient identifying information consists of a single message per patient called the Patient Label. The Patient Labels are hashed (encrypted) and only the hash codes are stored. 
  • The Patient Label is linked to the patient in the browser only, and ONLY authorised users from a centre can decrypt the identifying information. It is not possible for either the Registry or the software company, who developed and maintains the data-collection software, to decrypt the identifying centre patient data. 
  • Identifying information is limited to the minimum required to safely identify the patient. Identifying information is linked to the patient data using the Centre Patient Code. 
  • All data is secured in transit using HTTPS level encryption. 
  • The Labels File is encrypted using an algorithm called "Corrected Block TEA". Only this algorithm is fast enough to decrypt the password file on every page load. 

The ECFSPR and the software company have done as much as is reasonably possible to develop a secure software to protect data – both during transmission and after it has reached the Registry’s database – and to ensure anonymity of patients. The ultimate level of security with regard to data protection and management of patient identifying data, is at centre level. Responsibility lies with the Centre Administrators and any users that have been authorised to use the data-collection software.