Security/Privacy
To protect your privacy, EZ-Log has several special features that ensure the security of the data you enter and prevent unauthorized access.
SECURITY OVERVIEW
Identification and Authentication
Only someone with the appropriate credentials can gain access to your electronic diary data. The EZ-Log application and patient data are protected by a unique, dual-level username and password combination, one for the EZ-Log application (or other functions of the handheld device), and the other for the EZ-Log patient data. Even if someone somehow managed to figure out the password protection scheme, patient privacy is assured because the EZ-Log application contains no demographic data. Only patient ID numbers, assigned by the clinic during the enrollment process, are displayed on the EZ-Log handheld computer and the EZ-Log Web Application.
Encryption
All data transmitted to and from the EZ-Log server is encrypted using industry leading technologies (currently, the EZ-Log application uses 448 bit 16 pass blowfish encryption). The data are unreadable and useless if intercepted. When accessing data or viewing reports through the Internet application, EZ-Log uses a 128 bit Secure Socket Layer (SSL) technology to encrypt data for transmission to the EZ-Log server.
Other Security Features
Session Inactivity Timeout
The EZ-Log Web Application has a session inactivity timeout feature that automatically logs a user out if no operations have been performed for a pre-set amount of time. The timeout default is 15 minutes.
Concurrent Login Protection
The EZ-Log Web Application will only allow a particular user account to be logged in at a single location. For example, if ClinicUser1 logs in and ClinicUser2 attempts to use the same credentials to login at a different computer, ClinicUser1 will be notified that they are being logged out by another user, helping to protect against unauthorized use of login credentials.
Browser Auto-Logout
If a user closes the browser window, the EZ-Log application will instantly log that user out. This protects against unauthorized users accessing data on an unattended computer.
Audit Trails
All data modifications are logged to provide an audit trail. This trail of information can help identify and correct any accidental or inaccurate changes to the data.
PRIVACY OVERVIEW
Ownership and Use of Data
The infusion data collected and stored in the EZ-Log database is owned in the same manner as patient hand written infusion data. As such, the data can only be used as agreed upon by the patient and healthcare professionals. The system's sponsor, Bayer HealthCare, has no access to the data, and the database administrators (Arrowhead Electronic Healthcare) are strictly forbidden by contract and law to share any patient identifiable data with Bayer HealthCare.
Roles
EZ-Log Web Application users are assigned to clearly defined permission groups, or roles, when first created. The patient, clinic user, administrator, and pharmacy roles are designed to limit access to certain areas and functionality of the web application to only the appropriate type of user.
|
