All registered users (both participants and clients) must double opt-in to confirm their email addresses
Passwords for all users require minimum length of 8 and disallow commonly used password
Passwords are salted and one-way hashed with a known strong algorithm
Access by clients to participant information (PHI and contact) is granted on a per trial-location basis
Client access rights are confirmed by proven ownership of an email address published on clinicaltrials.gov or confirmed via a trusted contact
Website is custom built and closed source. No platforms/frameworks (ie. Wordpress) are used to avoid known attack vectors
Website built entirely by a small team of senior, well known, local programmers and overseen by senior software engineer
Staff access to production server and admin functions is limited and granted on a need-to-know basis
All data processing and storage is on-server (ie. no cloud computer or storage)
PHI is only released to confirmed trial intake personnel upon participant's informed consent and digital signature
Participant, client, and staff access are logged
Staff access is protected against session hijacking
User contact information and PHI stored in separate records
General Server Security
Servers are locked in a restricted access "caged" area of the colocation facility, with CCTV monitoring in place on all access paths.
Only network services that are required for public operations are activated on the server. A standard firewall profile is enabled that only allows access to the specific open services that are intended to be available.
Best-of-Breed Network service daemons are chosen for these roles based on past experience, and with historic reference to their stability and reputation with regards to security vulnerabilities and the rapid patching thereof.
System and services are maintained by a senior level Linux System Administrator, and software vulnerabilities or stability issues that directly relate to operations are patched as soon as it is feasible to do so.
Only two trusted individuals have "root" level credential access to the server. Our upstream providers which do have physical access to the server first require verbal authorisation [and credentials] to login and access the machine. The facility security, network and power is monitored 24x7 from a remote central NOC.
Remote access to the server is safeguarded by SSH2, which is a fully encrypted protocol.
Colocation facility is in a secure high-rise location and enforces biometric and card key access.
Database Security
The database service has a master "root" level user which is not used for access and management by any scripts on the server; only the trusted individuals have and use this password for maintenance and administration purposes.
No remote database users are configured. If remote access were to be required, it is provisioned via an SSH tunnel of the MySQL protocol.
Backup Security
Backups of data or application code are maintained on company controlled servers within the same secure environment used for the primary servers. Offsite emergency recovery backups are fully encrypted over the wire and maintained on company controlled hardware with access limited to the two primary trusted individuals.
Data Disposal Policy
In the event that server or storage hardware will be disposed of, or reused in any other fashion, all data will first be scrubbed from the device(s) permanently using wipe tools that approach military grade data destruction standards. In the event that storage media is damaged and unable to carry out wipe procedures, the media will be subjected to physical destruction to thwart potential recovery by unknown entities.