Measures Cloud-R RD
1. Privacy by Design approach
Cloud-R has focused on data protection since the initial design of the Cloud-R RD platform, putting in place appropriate technical and organizational measures to ensure that, by default, only the personal data necessary for each specific purpose will be processed. These measures are aimed at effectively implementing the data protection principles and integrating the necessary guarantees into the processing, in order to meet the requirements of EU Regulation 2016/679 (GDPR) and protect data subjects’ rights.
2. Data security
Data security, as a critical factor for the application, is a major component in the foundation of the technical solution. Security aspects are addressed using a role-based access control, internal signature through hash of data stored in the database itself. For each data entered into the system, a SHA-256 hash is generated, allowing to verify the integrity and resistance to tampering of the registry data. The only way to change data is through application processes and Business Logic. The adopted technical solution guarantees:
- A role-based data access control: only users accounts with a defined set of roles and permissions can access and / or modify a record;
- Local data hash: Data in the database cannot be tampered with. The only way to modify data is through application processes and Business Logic
2.1. Patient data storage site
Data is stored in cloud-based servers managed by Cloud-R, on certified Google IaaS infrastructure (see Paragraph 2). The data and resources relating to these servers are segregated in geographical areas defined and guaranteed by Google.
2.2. Patient Data
All patient data are organized in separate logical and physical structures (Dataset / Monitor) linked by anonymous ID, a unique numerical identifier that is generated by the system when entering a new patient record. The underlying algorithm is independent from the patient’s personal data. The data is encrypted in AT-REST mode with AES-256-CBD algorithm with different crypt keys for each registry. Within the system it is possible to configure records that do not simultaneously contain patient identification data and clinical data. The visibility of records is exclusively governed by the access policies linked to each user’s profile.
3. Access control
Access to the registry takes place in encrypted mode using SSL protocol with two-factor authentication: username and password + OTP code (One Time Password) for each single connection that is sent to the authorized user's verified mobile phone. Each access is tracked and stored in an unchangeable manner.
The system provides for specific profiling for each individual role that guarantees correct access to data in compliance with the rules defined for each Registry. Furthermore, the system permanently tracks every change in the authorization profile and every access, generating alerts and allowing to monitor improper access attempts at any time (Audit Trail).