Blog
About

25
views
0
recommends
+1 Recommend
0 collections
    0
    shares
      • Record: found
      • Abstract: found
      • Article: found
      Is Open Access

      How Strong are Passwords Used to Protect Personal Health Information in Clinical Trials?

      , BEng PhD , 1 , 2 , , BA BEd MA 1 , , BA(Hons) 1

      (Reviewer), (Reviewer), (Reviewer)

      Journal of Medical Internet Research

      Gunther Eysenbach

      Privacy, security, passwords

      Read this article at

      Bookmark
          There is no author summary for this article yet. Authors can add summaries to their articles on ScienceOpen to make them more accessible to a non-specialist audience.

          Abstract

          Background

          Findings and statements about how securely personal health information is managed in clinical research are mixed.

          Objective

          The objective of our study was to evaluate the security of practices used to transfer and share sensitive files in clinical trials.

          Methods

          Two studies were performed. First, 15 password-protected files that were transmitted by email during regulated Canadian clinical trials were obtained. Commercial password recovery tools were used on these files to try to crack their passwords. Second, interviews with 20 study coordinators were conducted to understand file-sharing practices in clinical trials for files containing personal health information.

          Results

          We were able to crack the passwords for 93% of the files (14/15). Among these, 13 files contained thousands of records with sensitive health information on trial participants. The passwords tended to be relatively weak, using common names of locations, animals, car brands, and obvious numeric sequences. Patient information is commonly shared by email in the context of query resolution. Files containing personal health information are shared by email and, by posting them on shared drives with common passwords, to facilitate collaboration.

          Conclusion

          If files containing sensitive patient information must be transferred by email, mechanisms to encrypt them and to ensure that password strength is high are necessary. More sophisticated collaboration tools are required to allow file sharing without password sharing. We provide recommendations to implement these practices.

          Related collections

          Most cited references 71

          • Record: found
          • Abstract: found
          • Article: not found

          The price of innovation: new estimates of drug development costs.

          The research and development costs of 68 randomly selected new drugs were obtained from a survey of 10 pharmaceutical firms. These data were used to estimate the average pre-tax cost of new drug development. The costs of compounds abandoned during testing were linked to the costs of compounds that obtained marketing approval. The estimated average out-of-pocket cost per new drug is 403 million US dollars (2000 dollars). Capitalizing out-of-pocket costs to the point of marketing approval at a real discount rate of 11% yields a total pre-approval cost estimate of 802 million US dollars (2000 dollars). When compared to the results of an earlier study with a similar methodology, total capitalized costs were shown to have increased at an annual rate of 7.4% above general price inflation. Copyright 2003 Elsevier Science B.V.
            Bookmark
            • Record: found
            • Abstract: found
            • Article: found
            Is Open Access

            The Use of Electronic Data Capture Tools in Clinical Trials: Web-Survey of 259 Canadian Trials

            Background Electronic data capture (EDC) tools provide automated support for data collection, reporting, query resolution, randomization, and validation, among other features, for clinical trials. There is a trend toward greater adoption of EDC tools in clinical trials, but there is also uncertainty about how many trials are actually using this technology in practice. A systematic review of EDC adoption surveys conducted up to 2007 concluded that only 20% of trials are using EDC systems, but previous surveys had weaknesses. Objectives Our primary objective was to estimate the proportion of phase II/III/IV Canadian clinical trials that used an EDC system in 2006 and 2007. The secondary objectives were to investigate the factors that can have an impact on adoption and to develop a scale to assess the extent of sophistication of EDC systems. Methods We conducted a Web survey to estimate the proportion of trials that were using an EDC system. The survey was sent to the Canadian site coordinators for 331 trials. We also developed and validated a scale using Guttman scaling to assess the extent of sophistication of EDC systems. Trials using EDC were compared by the level of sophistication of their systems. Results We had a 78.2% response rate (259/331) for the survey. It is estimated that 41% (95% CI 37.5%-44%) of clinical trials were using an EDC system. Trials funded by academic institutions, government, and foundations were less likely to use an EDC system compared to those sponsored by industry. Also, larger trials tended to be more likely to adopt EDC. The EDC sophistication scale had six levels and a coefficient of reproducibility of 0.901 (P< .001) and a coefficient of scalability of 0.79. There was no difference in sophistication based on the funding source, but pediatric trials were likely to use a more sophisticated EDC system. Conclusion The adoption of EDC systems in clinical trials in Canada is higher than the literature indicated: a large proportion of clinical trials in Canada use some form of automated data capture system. To inform future adoption, research should gather stronger evidence on the costs and benefits of using different EDC systems.
              Bookmark
              • Record: found
              • Abstract: not found
              • Article: not found

              FDA

              (2009)
                Bookmark

                Author and article information

                Contributors
                Journal
                J Med Internet Res
                JMIR
                Journal of Medical Internet Research
                Gunther Eysenbach (Centre for Global eHealth Innovation, Toronto, Canada )
                1438-8871
                Jan-Mar 2011
                11 February 2011
                : 13
                : 1
                Affiliations
                2simpleDepartment of Pediatrics simpleFaculty of Medicine simpleUniversity Of Ottawa Ottawa, ONCanada
                1simpleChildren's Hospital of Eastern Ontario Research Institute Ottawa, ONCanada
                Article
                v13i1e18
                10.2196/jmir.1335
                3221339
                21317106
                ©Khaled El Emam, Katherine Moreau, Elizabeth Jonker. Originally published in the Journal of Medical Internet Research (http://www.jmir.org), 11.02.2011.

                This is an open-access article distributed under the terms of the Creative Commons Attribution License ( http://creativecommons.org/licenses/by/2.0/), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work, first published in the Journal of Medical Internet Research, is properly cited. The complete bibliographic information, a link to the original publication on http://www.jmir.org/, as well as this copyright and license information must be included.

                Categories
                Original Paper

                Medicine

                passwords, privacy, security

                Comments

                Comment on this article