EP1228434A1 - Procede et systeme de capture electronique de donnees - Google Patents

Procede et systeme de capture electronique de donnees

Info

Publication number
EP1228434A1
EP1228434A1 EP00965551A EP00965551A EP1228434A1 EP 1228434 A1 EP1228434 A1 EP 1228434A1 EP 00965551 A EP00965551 A EP 00965551A EP 00965551 A EP00965551 A EP 00965551A EP 1228434 A1 EP1228434 A1 EP 1228434A1
Authority
EP
European Patent Office
Prior art keywords
data
computer
remote user
site
packets
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP00965551A
Other languages
German (de)
English (en)
Inventor
Samuel W. Hume
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CB Technologies Inc
Original Assignee
CB Technologies Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CB Technologies Inc filed Critical CB Technologies Inc
Publication of EP1228434A1 publication Critical patent/EP1228434A1/fr
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16HHEALTHCARE INFORMATICS, i.e. INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR THE HANDLING OR PROCESSING OF MEDICAL OR HEALTHCARE DATA
    • G16H10/00ICT specially adapted for the handling or processing of patient-related medical or healthcare data
    • G16H10/20ICT specially adapted for the handling or processing of patient-related medical or healthcare data for electronic clinical trials or questionnaires
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16HHEALTHCARE INFORMATICS, i.e. INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR THE HANDLING OR PROCESSING OF MEDICAL OR HEALTHCARE DATA
    • G16H10/00ICT specially adapted for the handling or processing of patient-related medical or healthcare data
    • G16H10/60ICT specially adapted for the handling or processing of patient-related medical or healthcare data for patient-specific data, e.g. for electronic patient records
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16HHEALTHCARE INFORMATICS, i.e. INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR THE HANDLING OR PROCESSING OF MEDICAL OR HEALTHCARE DATA
    • G16H40/00ICT specially adapted for the management or administration of healthcare resources or facilities; ICT specially adapted for the management or operation of medical equipment or devices
    • G16H40/60ICT specially adapted for the management or administration of healthcare resources or facilities; ICT specially adapted for the management or operation of medical equipment or devices for the operation of medical equipment or devices
    • G16H40/67ICT specially adapted for the management or administration of healthcare resources or facilities; ICT specially adapted for the management or operation of medical equipment or devices for the operation of medical equipment or devices for remote operation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2101Auditing as a secondary aspect
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16HHEALTHCARE INFORMATICS, i.e. INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR THE HANDLING OR PROCESSING OF MEDICAL OR HEALTHCARE DATA
    • G16H50/00ICT specially adapted for medical diagnosis, medical simulation or medical data mining; ICT specially adapted for detecting, monitoring or modelling epidemics or pandemics
    • G16H50/20ICT specially adapted for medical diagnosis, medical simulation or medical data mining; ICT specially adapted for detecting, monitoring or modelling epidemics or pandemics for computer-aided diagnosis, e.g. based on medical expert systems

Definitions

  • the present invention is directed to electronic data collection. More particularly, the present invention is directed to a hybrid system and method of electronic data capture in which data is entered from a remote site and it is processed and transmitted to a central site for further utilization of the data.
  • an Internet address/world wide web page provides a collection site for data to be entered into a central database.
  • the database is located behind a web server and can be accessed by a multitude of users in order to submit information (data).
  • these Internet-based data collection systems do not allow users to enter data off-line such that Internet performance, e.g., connection speed, connection reliability, etc., becomes a variable in the ability to enter data and a slow connection speed can significantly hinder the entry and processing of the data.
  • these Internet-based systems transmit to the central database data forms facilitating entry of data to be collected along with the data itself, which creates larger pieces of data to transfer and makes transmission further subject to Internet or other network connection limitations. Such limitations may include a slow response time in entering the data while data is being transmitted.
  • Such Internet-based systems use secure sockets layer (SSL) as a security measure, not the other security devices used in Internet communication. Further, communications with such systems may not be real-time, the response time is directly correlated with connection speed such that low -bandwidth and/or wireless networks may not be used, they are not able to work off-line, and they may not be fault tolerant. In addition, the completeness and acceptability of the data is only judged once the data filters through to the web server such that unnecessary, unuseful data is transmitted.
  • SSL secure sockets layer
  • the present invention comprises a method, system, and computer-readable medium proceeding in real-time for collecting and processing electronic data.
  • the method, system, and computer-readable medium comprise entering data at a remote user site, comparing the data to preselected characteristics for each specific type of data to determine acceptability of the data, transmitting an acknowledgement of the acceptability of the data, storing the data at the remote user site, converting the data into packets, transmitting the data in the form of data packets to a central site system, and storing the transmitted data at the central site system.
  • the method comprises using the transmission control protocol/internet protocol, hypertext transfer protocol tunneling using port 80, to transmit the data packets from the remote user site to the central site system with a computer network connection.
  • each data packet is encrypted before each data packet is transmitted and the central site system decrypts the data packets after the packets are transmitted; the central site system identifies the data for grouping with the corresponding fields.
  • the data stored at the remote user site is synchronized with the data stored at the central site system.
  • the remote user site detects if a network connection is present and continuously attempts to establish a network connection.
  • data at the central site system is transmitted to remote monitors who evaluate the data by applying comments to the data or locking the data.
  • the system comprises software adapted to use the transmission control protocol/internet protocol, hypertext transfer protocol tunneling using port 80, to transmit the data packets from the remote user site to the central site system with a computer network connection.
  • the software is adapted to encrypt each data packet before each data packet is transmitted, decrypt the data packets after the packets are transmitted, and identify the data for grouping with the corresponding fields.
  • the software is adapted to compare data stored at the remote user site with the corresponding data stored at the central site system to synchronize the data.
  • the software is adapted to detect if a network connection is present and continuously attempt to establish a network connection.
  • the software is adapted to transmit data at the central site system to remote monitors who evaluate the data by applying comments to the data or locking the data.
  • the computer-readable medium comprises using the transmission control protocol/internet protocol, hypertext transfer protocol tunneling using port 80, to transmit the data packets from the remote user site to the central site system with a computer network connection.
  • each data packet is encrypted before each data packet is transmitted and the central site system decrypts the data packets after the packets are transmitted; the central site system identifies the data for grouping with the corresponding fields.
  • the data stored at the remote user site is synchronized with the data stored at the central site system.
  • the remote user site detects if a network connection is present and continuously attempts to establish a network connection.
  • data at the central site system is transmitted to remote monitors who evaluate the data by applying comments to the data or locking the data.
  • the present invention comprises a method (also applicable to a system and computer-readable medium of the present invention) for synchronizing electronic data at a remote user site with data at a central site system comprising comparing data entered into and stored at a remote user site with data transmitted to and stored at a central site system by transmitting data between the remote user site and the central site system via a network connection.
  • the data is transmitted using a transmission control protocol/internet protocol.
  • the remote user site continuously attempts to form a network connection to transmit the data.
  • FIG. 1 is a schematic illustration of the data collection and processing method and system according to an embodiment of the present invention.
  • FIG. 2 is a schematic illustration of the data collection and processing method and system according to an embodiment of the present invention including a remote user, central site system, and a monitor. Detailed Description of the Invention
  • the present invention comprises a method, system, and computer-readable medium for collecting and processing electronic data entered into a computer at a remote user site.
  • remote user site is a client site or remote node exchanging data with a central server used by one or more remote users.
  • the method, system, and computer-readable medium enable a remote user to be in communication with a central site system and to enter data with a computer at a remote user site.
  • a central site system is a central computer server component which manages the various remote site connections and authenticates the connecting sites.
  • the remote user site by definition, does not necessarily have a continuous connection with the central site system.
  • the data is evaluated according to preselected (known) characteristics of the type of data being entered at the remote user site and, if the content of the data is acceptable for the type of data being entered, it then may be stored at the remote user computer. If the data is not acceptable, the remote user is notified and is allowed to reenter data corresponding to the data field(s) deemed unacceptable.
  • the data can then be transmitted to the central site system in the form of data packets where the data can be further processed.
  • the transmission of data proceeds in real-time while the user enters further data.
  • real-time is no more than one second response time for data entry and notification functions of the system. In fact, because the data is packaged and then transmitted, the transmission should not impact the computer performance in processing the entered data significantly, if at all. If a network connection cannot be established or is intermittent, the system allows for the entry of data at the remote user site; and the data is evaluated for acceptability and stored at the remote user site with no data being transmitted to the central site system.
  • the system continuously attempts to establish or restore a network connection and can store the information and corresponding notification of the failure of a data transmission even in the event of a power failure. If the connection is not able to be established, such as after several failed attempts to connect, the system will work off-line and data entered at the remote user site is placed on a diskette which may be sent to the central site system by non-electronic means. Further, the system is fault-tolerant such that errors occurring in the system, e.g., failure to connect with the central site system, do not prevent a remote user from entering or altering data.
  • the computer-readable medium i.e., software, used with the system and method of the present invention is a browser-based system having a communications component that functions from the central site system and remote user sites.
  • the computer-readable medium of the present invention may comprise a conventional commercial browser product, such as Internet Explorer (a product of Microsoft Corp.), modified to limit its browsing capabilities to the data collection and processing system of the present invention, i.e., not for general Internet access, and provide the necessary communications architecture, including reception, processing, and transmission of data. In fact, the communications system is decoupled from the browsing system.
  • the computer-readable medium is on the central site system and the remote user site computers.
  • the system receives data entered into a computer at a remote user site 2 using software 6 which is adapted to receive data entered by a user, process the data, and communicate with a central site system via a computer network 4.
  • the remote user must log onto the system with a form of identification, such as a user identification (userid) and a password which can be changed periodically for added security.
  • a form of identification such as a user identification (userid) and a password which can be changed periodically for added security.
  • the security features of the present invention limit system access to authorized users only. In addition to the userid and password required for access to the system, access to features within the system is limited based on a user's specific rights. Access rights are determined by the role(s) to which a user is assigned.
  • Administrators of the system can create a role, assign rights to the role, and add individual users to each group.
  • access rights are correlated with the particular system features to which a group will be given access.
  • remote monitors as described in more detail below
  • site coordinators may have the rights to add and/or edit data at the site while monitors typically do not have this right.
  • the access control features include:
  • administrators can create as many roles as necessary and can assign any variety of rights to the given roles; (5) administrators can add, remove, and/or modify users and roles centrally (at the central site system) or at the remote user site;
  • administrators can disable individual user accounts, or remove rights at the role level
  • administrators can set a date after which all editing privileges are removed from all users, regardless of role, to enable remote monitors to expeditiously work toward database lockdown while controlling changes at the site;
  • (10) administrators may also set a maximum allowable number of failed logon attempts, i.e., if the user exceeds this number of attempts, the system is locked from all logons until the administrator resets the system; (11) using an operating system (OS) that is securable, i.e., a 32-bit Windows operating system, such as Windows 95, Windows 98, Windows NT 4.0, or Windows 2000 Professional (products of Microsoft Corp.), to add an extra layer of security to the application at the site;
  • OS operating system
  • the system transmits non-contextual data, i.e., the data packets contain data without references to their inherent meaning; (14) unlike traditional, thin-client Web systems, the data is not transmitted within the HTML CRF form;
  • the meta data maintained within the system contains the keys to interpreting the data packets such that, because there are not direct links to patient information, a patient's privacy in maintained.
  • data from only one site would be exposed. If all attempts to limit access to the system are violated, the cracked site only exposes its own data.
  • remote user sites do not have access to the entire central site system database (the central site system database is not on-line) and, therefore, one remote user site cannot compromise the entire study database.
  • the characteristics of the data entered are compared to known, i.e., preselected, characteristics (or rules) 8 for a specific type of data to be collected, e.g., the results of pharmaceutical clinical trials, to determine if the data is acceptable for the specific type of data.
  • the user at the remote user site 2 is then notified of the acceptability or lack of acceptability from a message 12 or other display transmitted at the remote user site 2. For example, if a user reporting the results of a clinical trial on a human subject reports the body temperature of that subject to be 80°F that data will be deemed unacceptable as non- credible for a living individual.
  • the preselected characteristic is human body temperature and 80°F falls outside of the acceptable range. The user will be notified of the non-acceptance of the value and will be allowed to change that value. The new value entered will then be judged for acceptability.
  • the entered data is stored at the remote user site using a storage device 10, such as a computer hard drive.
  • the data is then converted into data packets 14, comprising data elements and separators, of various sizes to facilitate transmission of the data to the central site system 16 over a computer network 4, such as by a connection to the Internet 4.
  • the data is mostly transmitted from the remote user site 2 to the central site system 16 without transfer of the forms which facilitate entry of such data.
  • forms are transmitted between the remote user site and the central site system when they are updated.
  • no meta data is included within the data packets such that data can only be recognized by users of the system; the system that receives the data can then recognize and group the data with the proper fields. This allows for the formation and transmission of smaller packets of data thus enabling compatibility of the present invention with multiple types of network connections of varying bandwidths and connection speeds.
  • the size of the data packets is 64,000 bytes or less to allow efficient transfer of the data over a computer network.
  • a network may be the Internet, a local area network, a wide area network, an intranet, a dial up connection, a virtual private network, or any combination of these network architectures.
  • the connection may be provided through a dedicated network line, such as a Tl or ISDN line, or a dial-up connection, and the network may be a wireless network.
  • dial-up connections are established via a remote access server through a local Internet service provider (ISP).
  • ISP Internet service provider
  • the scripts available from the ISP may be used to establish dial-up connectivity worldwide and the system is compatible with different international telecommunications environments.
  • the data packets are encrypted with a digital signature, such as a 128-bit secured hash algorithm or other compatible encryption technique.
  • the algorithm is set up such that the hash total is generated using information in the data packet and additional private information known only to the site and central site system such that it cannot be decrypted with information only in the data packet.
  • Other types of data encryption algorithms include, without limitation, RC -4/40-bit, DES/56 bit, and Triple DES/168-bit (112-bit effective).
  • the encryption scheme used with each of these algorithms is private key encryption, such as PGP (Pretty Good Privacy), with each remote user site and the central site system being the only ones with enough information to decrypt the data.
  • the nature of the data packets i.e., no meta data contained within them, also enhances security in that they contain information that is out of context to non-users of the present system, although identifiable by the present system.
  • This encryption makes the data packets more secure than with use of SSL because, unlike with SSL, the data is encrypted before leaving the application (program).
  • the system encrypts all data stored on the local hard drive of the remote user site.
  • the encrypted data packets are transmitted from the remote user site 2 to the central site system 16 via a transmission control protocol/internet protocol 18, such as hypertext transfer protocol tunneling using port 80 without opening another port.
  • a transmission control protocol/internet protocol such as hypertext transfer protocol tunneling using port 80 without opening another port.
  • Alternative ports may be used as long as they are compatible with the present system.
  • This type of protocol allows the data packets to be transmitted ensuring the integrity and authenticity of the data.
  • conventional Internet security measures such as firewalls, routers, packet filters, and proxy servers, and very little or no configuration change for these measures would be necessary.
  • the system may be configured to have multiple communications variations, i.e., from a user's regular office or from an additional site if the user is traveling.
  • third party transmission mechanisms such as pcAnywhere or Xcellenet, can be used with the system.
  • the system capability is greater than it would appear with the hardware coupled to the system, e.g., it can handle over 1,000 concurrent users with hardware generally used for small
  • the user at the remote user site is then notified of the status of the data transmission.
  • This 2-way communication is accomplished using TCP sockets and the WinSock application.
  • the notification does not significantly interfere with the performance of the data entry being performed. In fact, the system has a consistent response time of one second or less.
  • the computer-readable medium attempts to authenticate packets transmitted from the remote user site 2. Data packets are filtered out if they are not authenticated for one of the following reasons:
  • the digital signature in the packet cannot be properly re-generated.
  • the SHA-1 hash algorithm (with encryption) is used to generate the digital signature. If any bit in the packet is altered, the digital signature will not match.
  • Information used to generate the digital signature is added by the receiving system (this information is not included in the transmitted packet). This information is generated by the system based on the remote user site that transmitted the data. If the site was spoofed, the data added to the packet and the algorithm used to manipulate this data will result in a digital signature that will not match.
  • the remote user site employs the same mechanisms for filtering packets sent from the central site system to the remote user site.
  • the system of the present invention also features many capabilities to limit access to information transmitted over the network.
  • Network security features include:
  • administrators can limit traffic to and from the remote user, i.e., client, system to specified IP addresses; (5) the system does not maintain, or cache, connections to a remote user site once the data packets are transmitted and, thus, it is not possible for attackers to maintain a "hacker's bridge" into another system; (6) because it does not support other protocols, such as SMTP, the system is not susceptible to e-mail viruses and worms;
  • the system transmits data packets, and does not transmit executables, it is not susceptible to traditional virus attacks (in the sense that it will not download or communicate viruses);
  • the system's multi-tiered authentication mechanism makes it very difficult to spoof. Those packets that are spoofed fail at least one level of authentication and are filtered. From a network security standpoint, IP spoofing is difficult to defend against, however, spoofed data will get filtered, prior to making it into the database; (9) DOS and especially DDOS attacks are difficult to defend against. There are network security measures that can be initiated to limit the effectiveness of such attacks. Fortunately, the remote users are minimally effected by DOS/DDOS attacks, since they operate with consistent performance regardless of the server's ability to process the information. Furthermore, even if the server is taken off-line, the sites can continue their work uninterrupted; and
  • the central site system is able to decrypt the data packets using technology compatible with the encryption technique used.
  • the data packets are identified 20 based on their content and the fields which they contain.
  • the software at the central site system recognizes such fields and can place the data in the proper organization based on the field information.
  • the data is stored at the central site system in a server hard drive 22 or other compatible data storage device. It can also be encrypted before being stored at the central site system.
  • the data stored at the remote user site is compared to the data stored at the central site system to synchronize the data.
  • the synchronization can be carried out continuously during a data entry session or at distinct times, such as at the start of or end of a session. If the data is detected to be unsynchronized at the remote user site and the central system site, data can be prepared for retransmission and retransmitted from the remote user site to the central site system and then rechecked for synchronization.
  • FIG. 2 Another feature of the present invention, as depicted in FIG. 2, is that the data at the central site system can be transmitted to other users having a network connection to the central site system. These users, i.e., remote monitors 28, can review the data for compliance with proper standards according to the type of data that is being entered for a specific purpose.
  • the central site system converts the data to be sent to a remote monitor site 22 into data packets, in a process substantially similar to that used in preparing for transmission of the data from the remote user site to the central site system.
  • the data packets are then encrypted according to the methods described above and transmitted to the remote monitor site.
  • the data packets are received and decrypted by the remote monitor sites with remote monitors being notified of the status of transmission.
  • the data from the data packets is then organized into data related to certain fields and forms based on relevant fields in the data packets 24. Such fields and forms are recognized at the remote monitor site.
  • the organized data is stored at the remote monitor site in a computer hard drive 26 or other compatible data storage device.
  • the data is substantively evaluated by the remote monitors.
  • the remote monitors can provide feedback by applying comments to the data or, if the data is suitable for submission, further follow up experimentation, or any other purpose related to the use of the data, the data can be locked by the remote monitors such that no further changes to such data can be made.
  • the data is altered, i.e., by comment or locking, it is converted into data packets and encrypted, both of which are as described above with respect to transmission of data between the remote user site and the central site system.
  • the encrypted data packets are then transmitted to the central site system, the status of which is provided to the remote user site.
  • the altered data is decrypted, organized, and stored at the central site system where such data can be accessed by other remote monitors or the remote user(s) who initially entered the data. Further, the central site system keeps a log of all transmission activity going to and from the central site system.
  • the accountability of the system of the present invention insures that all system actions are tracked and available for review. Due to the regulatory requirements placed on an electronic data capture (EDC) system for clinical trials and possible requirement for other applications involving data capture, the system includes a complete audit trail of all data captured by the system, and all actions performed on the system. Users with appropriate system rights may view and even print the audit trail. Nevertheless, it is not possible to alter or edit the audit trail. All data edits and changes are captured by the existing audit trail. Additional audit trail features include:
  • the system maintains a full record of every data transmission packet created, the records included in the packet, the transmission status, when the packet was created, when the packet was transmitted, and how many times the packet was retransmitted.
  • Each packet is assigned a sequential ID. Gaps in the sequence indicate missing packets. Thus, the system should account for every packet;
  • every data packet received is logged and stored in a file as part of the overall audit trail; (4) the system tracks every action selected by the users. For example, every time a user edits a form or saves the edits, the request for the action is saved in a log;
  • the system includes very rudimentary intrusion detection capabilities. These features can be complemented by a network level intrusion detection system, including system access logs; (11) the system uses reconciliation mechanisms to actively assert that data synchronization is correct and complete; and
  • the system employs redundant synchronization engines to ensure that the clinical data at the site is properly replicated at the central site system.
  • the accuracy of the system allows for verification of the integrity of the data.
  • the system's hybrid architecture uses the following mechanisms to verify the accuracy and integrity of the data that is transmitted from a remote user site to the central site system and back out to other remote user sites:
  • the integrity of the data transmitted to the central site system can be verified using encryption/decryption with the private key, a digital signature, regenerating the hash total, and a cyclical redundancy check (CRC). If any of the checks listed below fail, then the packet is considered corrupt and is filtered out;
  • the system uses other data structure tests that ensure the packet is well- formed. If the packet has not been formatted according to the internal rules for transmitting the data, then the source of the packet is considered dubious;
  • the system uses data redundancy to provide a reconciliation mechanism.
  • Reconciliation is a key component of ongoing system auditing and maintenance.
  • the system's database compare utilities enable administrators to compare local data stores at a site with data maintained in the central site system. These data reconciliation reports provide additional data integrity verification; and
  • Meta data including data types and field size, is used to insure that the data transmitted matches what is expected based on the study design.
  • the following describes the system architecture showing the relationships between the system components and the system and its environment, and an abstract data model.
  • the diagrams presented in the proposed solution are intended to depict the system at a high-level. That is, the diagrams show the major system components, but do not depict every function or system feature. Their purpose is to communicate the overall architecture of the system, while each of the subsystems can be implemented using well known techniques in the art.
  • Introduction to the Proposed Solution is intended to depict the system at a high-level. That is, the diagrams show the major system components, but do not depict every function or system feature. Their purpose is to communicate the overall architecture of the system, while each of the subsystems can be implemented using well known techniques in the art.
  • the system will be constructed using a suite of components that comprise most of the system's primary functionality. Much of the functionality created in these components will be directed by parameters stored in local data stores. Data Capture Component Process Descriptions
  • the rdeBrowser component is the container object for the system. It contains the other components that comprise the system. This component provides a framework that houses and provides access to the rest of the system.
  • the Security Manager The security manager component is used to verify a user's access to the system in addition to dictating what rights that user has regarding system resources. In addition, the security manager provides a user interface that enables administrators to add users to the system and assign a user to a group. Administrators can also assign rights to each of the groups supported by the system.
  • Document Manager The document manager controls all data flowing into and out of the forms within the Browser. It also creates the dynamic portions of the document and sets document attributes. This component is used to save and retrieve the clinical data entered into the forms.
  • Data Manager The data manager will generate and store data about the clinical data and the processes that support it. For example, the data manager will track when backups/recoveries are performed as well when the system transmits data. Furthermore, the data manager generates tracking IDs and CRCs to ensure that transmitted data arrives correctly at the central site system (CSS).
  • CCS central site system
  • the error manager will log all system errors, report serious errors to the help desk, provide a descriptive message for the user, and inform the system as to what action must be taken (i.e., continue, shut the system down, exit current routine). Also, the error manager will shut down the system when severe errors occur. The error manager is used by all other system components.
  • Configuration Manager The configuration manager component manages system upgrades and establishes the choices for the configurable components of the system. The configuration manager uses configuration rules to establish certain system behavior.
  • the reporting system will enable users to view and print a variety of standard and custom reports. These reports will show information regarding site data as well as site administrative information.
  • Validation Manager The validation manager will use validation rules stored in the validation database to evaluate form data. The validation manager is called from the document manager when the user attempts to save clinical data.
  • Help System The help system provides context-sensitive help to users. This help information is presented to the users when they press FI or click on the help button.
  • the help information includes system images used to instruct users on how to use the system.
  • One embodiment of the computer-readable medium of the present invention i.e., the MetaTrial program, allows for the following functions/features: Data Objects
  • INVESTIGATOR SITE INFORMATION b) Investigator staff information c) Support of partial date d) Support of different field level security
  • Index Page showing the CRF page status :
  • the transmission system must support a wide variety of message types.
  • the flexibility of the transmission mechanism will facilitate evolving messaging requirements and message types as yet unknown.
  • the system must be capable of transmitting data to the CSS in a timely, reliable fashion. Furthermore, the system must provide adequate information to verify that the transmissions have been sent and correctly received.
  • the CSS must send a receipt for each transmission received from a site.
  • the site uses this information to verify that the transmission was received from the
  • the system must be able to generate a transmission disk with production data in case the phone line or modem is not available. 7.1.6 The system must provide the site and monitor feedback showing that the data was received by the CSS.
  • the system defines transmissions to include any data or information sent from a site to the CSS or to a monitor. Examples of data transmitted from the site to the CSS include:
  • the CSS must be capable of transmitting system upgrades to each site.
  • system upgrades include:
  • the system must enable the sites to verify transmissions received from the CSS.
  • the system must be capable of transmitting data in the background while the user is entering data.
  • the system must also be capable of transmitting data in batch mode, while no one is logged into the system. The user or the system may schedule these batch transmissions.
  • the system must permit users to override the transmission mechanism.
  • the system must prompt the user why he/she elected not to transmit data.
  • the system must be capable of compressing transmission files.
  • 7.1.16 The system must support a number of different transmission protocols.
  • the system must support a variety of file transfer protocols.
  • the system must encode transmission files in a pre-specified file format.
  • the file type must identify the data in the file.
  • Each transmission file must contain header information.
  • the file header must include the following:
  • the system must provide a mechanism for sending test transmissions to the CSS. It is essential that the administrators be able to test the system at the site, especially the transmission system.
  • the system must enable monitors and administrators to remotely query a remote user site's system. That is, the CSS must be able to send a message that contains a query to be executed at the site. The remote user site must execute the query and return the results to the CSS in a response message. Remote events such as these must be logged at the remote user site.
  • the system must be able to remotely initiate backups and schedule transmissions. That is, monitors and administrators must be able to use a message to initiate an internal backup or to schedule a transmission.
  • the system must be able to send sites an executable that the system run. That is, administrators must be able to send a message that contains a small program with instructions of how and when to execute the program.
  • the system at the remote user site must be capable of running the program at the appropriate time and under the appropriate conditions.
  • 7.1.25 The system must enable monitors to review data that does not pass validation. If the monitor decides that the data is acceptable, they must initiate a message that is sent to the remote user site to turn off the not valid data indicators. That is, the data must not remain flagged as exceptional if the monitor has approved the value.
  • the system must enable inter-site communication. That is, the system must allow users at one remote user site to communicate with users at other remote user sites.
  • the system will report any transmissions not acknowledged after a threshold (measured in days) has been exceeded.
  • the system must notify the monitor each time one of his/her sites transmits to the CSS.
  • Each transmission file must include a tracking (sequence) number.
  • the system maintains all transmission files on the system. That is, transmission files are not removed by the system, but are maintained for data redundancy purposes. 7.2.6 The system must periodically transmit data stored in the Transmission Manager to the CSS to ensure that the two systems are synchronized.
  • the system must record whether or not a transmission was sent after each data entry session. If a user overrides the transmission, the system must record an explanation or reason for the override.
  • the system must track the status of each transmission.
  • the system must provide a report that lists all transmissions that were not successful or that have not been acknowledged.
  • the transmission tracking report must be available to the data entry users so that they may verify their data transmissions.
  • the transmission tracking report must be sent to the CSS so that the CSS can compare the report to what has been received by the CSS.
  • the system must be capable of recreating a transmission batch file.
  • the system must provide a mechanism for browsing the contents of a transmission file.
  • the system must provide a mechanism for searching the particular text strings within a set of transmission files.
  • the system must maintain a ranking of transmission data by importance. The system must send the current data at the highest priority. Audit trail information, information about the state of the system, and data warehouse information are all of secondary importance.
  • the system must utilize dynamic priorities for its messages. That is, the priority of messages will change according to various factors. One such factor is age.
  • the system must support an aging algorithm that increases the priority of messages that are not transmitted after a certain threshold.
  • the priority system must cause the system to force a large transmission at logon if the remote user site's data has aged beyond a specified threshold.
  • the priority assignments must be configurable. That is, there may be the need to alter the priority of transmissions at a site or sites due to specific study initiatives.
  • Monitors must be provided with a mechanism to support remote data queries. These queries request clarification or changes to data that does not pass the validation rules. Queries generated at the monitor's office must be transmitted to the site.
  • Monitor queries must also be logged in the CSS. That is, the CSS must also maintain and audit trail of monitor queries.
  • the system must enable the monitor to initiate a lock from his/her office. That is, the monitor must be able to lock reviewed data remotely.
  • the remote user site must have the option of rejecting a lock (assuming its because they have more data to enter or edits to make).
  • a lock must prevent a CRF from being edited. 7.4.6 The monitor must have to ability to unlock data that has been locked.
  • Monitors must be able to unlock data remotely or locally.
  • Locking granularity includes: 7.4.8.1 CRF
  • the system must provide a visual cue to tell the site staff and monitors that the data has been reviewed.
  • the system must maintain a log of all electronic support transactions. That is, the system must maintain an audit trail of all electronic help desk transactions.
  • the electronic help desk support form must enable users to capture screen images to send to the help desk.
  • the system must provide the ability to update the help system remotely to include new information learned from the help desk.
  • the electronic technical support system must enable the help desk to periodically send users a FAQ.
  • the electronic help desk feature must CC the monitor on all requests for assistance and help desk responses.
  • the system must include a tracking number in the help desk responses.
  • the system must enable sites to send e-mail.
  • the system will provide pre-built address book that cannot be modified by the users at the site.
  • the computer-readable medium allows the generation of study parameters, including, but not limited to, forms, data elements, and rules.
  • the computer-readable medium allows for customization of views of study information, such as, in the case of pharmaceutical clinical trials, study related documents, study management reports, clinical data management reports, drill downs to individual case report forms (CRFs), industry news, study scheduling, etc.
  • the computer- readable medium for example, in the case of pharmaceutical clinical trials, enables interactive voice response system (IVRS) capabilities for patient randomization, inventory management, and patient diaries.
  • IVRS interactive voice response system
  • Load communication configuration a. Load type of connection (dial-up, LAN, none, etc.) b. Load version id c. Load encryption id d. Load remote access site (RAS) phone book entry
  • IPC socket gets message from browser
  • Event fires indicating a scheduled data transmission (occurs first after a connect message is received from the site) a.
  • For each site with data waiting for transmission i.
  • Re-generate the data transmission packet vi. Transmit the message

Landscapes

  • Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Public Health (AREA)
  • Primary Health Care (AREA)
  • Medical Informatics (AREA)
  • Epidemiology (AREA)
  • Theoretical Computer Science (AREA)
  • Biomedical Technology (AREA)
  • Computer Hardware Design (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Bioethics (AREA)
  • Databases & Information Systems (AREA)
  • Business, Economics & Management (AREA)
  • General Business, Economics & Management (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

L'invention porte sur un procédé, un système et un support lisible par ordinateur de recueil et de traitement reliant un ou plusieurs sites (2) distants d'utilisateurs entrant, traitant et transmettant des données dans un système de site central (16) recevant et traitant les données émises via une connexion à un réseau d'ordinateurs. En outre le système central de site (16) est relié à un ou plusieurs écrans distants (22) en vue d'évaluer et éventuellement de modifier les données. Le procédé, le système et le support lisible par ordinateur permettent d'entrer et de traiter des données si la liaison avec le réseau ne peut être établie et d'entrer en continu et en temps réel des données sur le site (2) de l'utilisateur distant sans pratiquement affecter les performances.
EP00965551A 1999-10-01 2000-10-02 Procede et systeme de capture electronique de donnees Withdrawn EP1228434A1 (fr)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US15735799P 1999-10-01 1999-10-01
US157357P 1999-10-01
PCT/US2000/027020 WO2001025938A1 (fr) 1999-10-01 2000-10-02 Procede et systeme de capture electronique de donnees

Publications (1)

Publication Number Publication Date
EP1228434A1 true EP1228434A1 (fr) 2002-08-07

Family

ID=22563376

Family Applications (1)

Application Number Title Priority Date Filing Date
EP00965551A Withdrawn EP1228434A1 (fr) 1999-10-01 2000-10-02 Procede et systeme de capture electronique de donnees

Country Status (3)

Country Link
EP (1) EP1228434A1 (fr)
AU (1) AU7625200A (fr)
WO (1) WO2001025938A1 (fr)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120123218A1 (en) * 2010-11-16 2012-05-17 JPWaVe BV Methods and means for clinical investigations
US9996601B2 (en) 2013-11-14 2018-06-12 Empire Technology Development Llc Data synchronization
WO2021195099A1 (fr) * 2020-03-23 2021-09-30 Signant Health Global Llc Système et procédé d'étude de site préalable virtuelle immuable

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5675507A (en) * 1995-04-28 1997-10-07 Bobo, Ii; Charles R. Message storage and delivery system
US5742905A (en) * 1994-09-19 1998-04-21 Bell Communications Research, Inc. Personal communications internetworking
US5647002A (en) * 1995-09-01 1997-07-08 Lucent Technologies Inc. Synchronization of mailboxes of different types
US5826023A (en) * 1996-06-03 1998-10-20 International Business Machines Corporation Communications tunneling
US5822526A (en) * 1996-06-03 1998-10-13 Microsoft Corporation System and method for maintaining and administering email address names in a network
US5790790A (en) * 1996-10-24 1998-08-04 Tumbleweed Software Corporation Electronic document delivery system in which notification of said electronic document is sent to a recipient thereof
US5848415A (en) * 1996-12-18 1998-12-08 Unisys Corporation Selective multiple protocol transport and dynamic format conversion in a multi-user network
US6067561A (en) * 1997-02-07 2000-05-23 Hughes Electronics Corporation Electronic mail notification system and method within a hybrid network that transmits notifications via a continuous, high-speed channel
US5983550A (en) * 1998-08-31 1999-11-16 B & E Enterprises, Inc. Method and apparatus for gun bore cleaning

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO0125938A1 *

Also Published As

Publication number Publication date
WO2001025938A9 (fr) 2002-10-03
WO2001025938A1 (fr) 2001-04-12
AU7625200A (en) 2001-05-10

Similar Documents

Publication Publication Date Title
US11777712B2 (en) Information management in a database
US7577689B1 (en) Method and system to archive data
US7657509B2 (en) System to manage and store backup and recovery meta data
US6292900B1 (en) Multilevel security attribute passing methods, apparatuses, and computer program products in a stream
US7565532B2 (en) Secure file system server architecture and methods
TW201814511A (zh) 加密使用者資料傳輸及儲存(nuts)
US20070198789A1 (en) System to capture, transmit and persist backup and recovery meta data
US20100058054A1 (en) Mssan
US20080307488A1 (en) Systems And Methods For Enterprise Security With Collaborative Peer To Peer Architecture
US7733844B2 (en) Packet filtering apparatus, packet filtering method, and computer program product
CN111209262B (zh) 一种基于区块链的大规模分布式安全存储系统
EP1955159A2 (fr) Collecte, structuration et traitement de journaux
US20060143301A1 (en) Systems and methods for establishing and validating secure network sessions
US20030208694A1 (en) Network security system and method
CN112019330B (zh) 一种基于联盟链的内网安全审计数据的存储方法及系统
CN112100663B (zh) 一种医院档案室用档案管理系统
CN111506661B (zh) 一种内容访问管理方法、装置和存储介质
Ishibashi et al. Generating labeled training datasets towards unified network intrusion detection systems
WO2001025938A1 (fr) Procede et systeme de capture electronique de donnees
US11489852B2 (en) Method for protecting a private computer network
CN114911795A (zh) 医疗数据处理方法及应用
Buchholz Pervasive binding of labels to system processes
Wiederhold Future of security and privacy in medical information
CN115100008A (zh) 一种基于区块链的卫生信息交互审计平台及审计方法
Pangalos Development of an Internet Security Policy for health care establishments

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20020430

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE

AX Request for extension of the european patent

Free format text: AL;LT;LV;MK;RO;SI

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20031101