BioGrid Australia hosts and manages the CART-WHEEL database on behalf of the Principal Investigator of the CART-WHEEL project, Dr Clare Scott. The CART-WHEEL database is on a secure server within the BioGrid Australia secure ICT network hosted by Melbourne Health. This secure server can only be accessed by authorised BioGrid Australia administrative staff to enable management and maintenance of the server and CART-WHEEL database.
Only authorised researchers with approval from an accredited Human Research Ethics Committee for their research study are permitted to access coded (i.e. with personal identifying information removed) data from CART-WHEEL. Participant identifiers are stored separately from clinical information within BioGrid Australia and are inaccessible to researchers; researchers can only access coded data through BioGrid Australia.
BioGrid Australia is highly committed to protecting the security of data it hosts and manages and the privacy and confidentiality of participants to whom the data pertains. Significant efforts have been made to minimise the risk of a breach of data security. State of the art techniques are used to encrypt and transmit data when accessed for research. BioGrid Australia has implemented systems and processes to ensure the privacy and confidentiality of participant data within its research platform. This covers regular monitoring and management of all systems such as monitoring access including unsuccessful attempts to access the BioGrid Australia network and applying relevant security patches across the BioGrid Australia ICT network.
CART-WHEEL data within the BioGrid secure ICT network is only made available for authorised researchers to access if the following is in place:
- CART-WHEEL participant must provide consent for their data to be stored in the CART-WHEEL Database and used in a re-identifiable (coded) way;
- Researchers must agree to the BioGrid Australia Terms and Conditions of Access to Data, which requires that they do not provide the data to unauthorised researchers and that they may use the data only for ethically approved projects; and
- Researchers must obtain approval from an accredited Human Research Ethics Committee for their research project that wishes to access data from the CART-WHEEL database.
BioGrid Australia uses a proven Information Security Risk Management framework (ISRM framework) that fully complies with, and in some areas, exceeds the requirements specified in the international standard, ISO 27005. BioGrid Australia has regular independent security audits conducted and has documented and manages the residual risks identified.
External audits assess BioGrid Australia for its compliance to policy and examines practices in remote access, network, side channels and virtual private networks.
In addition, the external audit assesses and reports on the practices BioGrid Australia has in place for monitoring and reporting the state of the ICT security.
BioGrid Australia has implemented several security systems and processes to protect data against misuse, loss and unauthorised access. Security measures include:
- Source databases are held on a secure server and a copy of the source data is stored on a separate, secure Research Repository server. BioGrid accesses the copy of the data to protect the source data against loss or corruption via BioGrid Australia. Authorised researchers access coded (i.e. with personal identifying information removed) data from the secure Research Repository server which stores a copy of the source data.
- All data connections and transfers within the BioGrid Australia infrastructure are performed over secure network connections, preventing unauthorised data access.
- Participant identifiers are stored separately from clinical information and are inaccessible to researchers through BioGrid Australia. Researchers can only access coded data (i.e. with personal identifying information removed) through BioGrid Australia.
- Data can only be accessed through BioGrid Australia using BioGrid-supplied authentication details. These login details are only provided to authorised researchers after ethical approval has been granted and they have agreed to the BioGrid Australia Terms and Conditions.
Data security of the CART-WHEEL database is of the utmost importance to BioGrid Australia. Should you have any further queries regarding the security of data within the CART-WHEEL database or how BioGrid Australia manages authorised access to to the CART-WHEEL database, please contact us.