Updated 16 February 2011

Data Security

Hereunder we report data security information on the data-entry software.

Due to data protection regulations, the data stored in the server of the registry must be anonymous (i.e. the patient must not be identifiable). However, to facilitate the data-entry process, it is advisable that patients are easily recognizable to the person entering the data. For this reason, the data entry software allows the operator in the centre to see the full name of the patient when entering the data, but generates a patient code to be transmitted to the central database. Moreover, data are encrypted (i.e. not de-codable) when transmitted.

Details of the data security system.

1) The list of names and matching patient codes is stored only in your local computer. This list is encrypted and protected by your username and password to make it impossible to read in case of illegal intrusion. We recommend you to install the software on a hospital computer where daily backups are performed, firewalls and virus protection software are present. If you install it on a personal computer (provided this is allowed by your national data protection legislation), make sure to perform daily backups and to satisfactorily protect your PC.

2) Clinical data are stored at your local PC, but are accessible only after entering username and password. It is therefore essential that you protect your password and change it regularly.

3) Only the patient code and the centre code will be transmitted along with the demographic and clinical data to the central data base in Milano. This means that if your list of matching codes and full names is lost, it will be hard to retrieve the data identification.

4) The registry data-base is protected according to EU Data Protection legislation, both physically and technically, and backup is secured.

These specifications should be adequate for your application to your local data protection agencies. Please contact us if you need further information.