© 2024 IQVIA - All Rights Reserved

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 9 Next »

Introduction

Under the General Data Protection Regulation (GDPR) articles 17 and 19, volunteers with contact details in ClinSpark have the right to request that their personal data be deleted. Historically these requests have been handled through support tickets raised via service desk, where an engineering team member would need to get involved.

Starting in ClinSpark version 22.3, a new feature is available on Volunteer records allows customers the ability to address these GDPR requests without the reliance of Foundry Health. This article explains how the feature works, some implications for use, and outcomes of the action.

Scope

This is applicable to customers using ClinSpark version 22.3 or greater. This feature change can be referenced in the Release Notes via development ticket CLINSPARK-3199.

Customers on prior versions should reach out via service desk to discuss GDPR related requests for removal of volunteer data.

Summary

The ‘Privacy Remove’ action allows a qualified user to permanently alter volunteer data and prevent access to volunteer attributes through the user interface.

The action impacts volunteer attributes and future access to that volunteer record; data is not removed from audit tables in the database. The action does not impact study data that may have been already been imported from the volunteer record.

When initiated, ClinSpark will provide a warning message to users and confirm intent, as the action is not reversible. Once confirmed, ClinSpark modifies the volunteer date of birth, name, and sex to obfuscate prior values. Additionally, it archives the volunteer and prevents access to areas showing basic demographic details, health, correspondence, notes, files, recruitment, study participation history, and audits.

These changes will be immediate and visible anywhere that volunteer record is referenced. For example, if referencing demographics for a study participant in the Study > Subjects component, the volunteer details will present with updated messaging instead of date of birth, sex, and initials.

Details about the impact this action has to current study participants is explained later in this article.

Given that the action is non-reversible, it could have significant impact on operational workflows and potentially patient safety if used improperly. To help mitigate these risks, a specific role action enabling use and warning dialogues have been implemented to ensure the actions are taken appropriately.

Role Action

Users must have the ‘Volunteers Manage Privacy Remove’ role action assigned to an active role on their account in order to access the functionality.

A brief description of this role action can also be viewed within the ‘Role Action Overview’ modal.

Action Menu Item

With role action coverage, qualified users will be able to access the ‘Privacy Remove’ action menu item for a given volunteer record.

Warning and Confirmation

When initiated, ClinSpark will first provide a warning message and confirm intent. The warning message will inform users that the action is not reversible.

Once a user confirms they want to proceed with the action, they will be presented with the Electronic Signature modal.

Users must complete the electronic signature workflow and provide a reason for change to successfully complete the ‘privacy remove’ action.

This completes the action and brings users back to the volunteer record with an updated message alerting to the change.

Updated Attributes

The action will update several volunteer attributes.

  1. Volunteer name will be replaced with a message stating ‘removed for privacy reasons’. This messaging will be visible throughout all areas of ClinSpark that reference the volunteer name.

  2. Volunteer photo is removed.

  3. Volunteer date of birth value will be changed to the date of the removal.

  4. Volunteer sex will be set to female.

  5. All contact, health basic, reproduction, race, ethnicity, nationality, language, contact source, and employment statuses will be removed.

All volunteers that have gone through ‘Privacy Remove’ action will be placed into an Archived state. They can be located in advanced searches, but otherwise are subject to the same logic as archived volunteers across the application.

Accessing ‘privacy removed’ volunteers

Volunteers that have gone through the Privacy Removed workflow no longer show up in standard Volunteer search workflows, as they’re treated like archived volunteers.

Users can still perform a basic search on the immutable volunteer ID and view the record in results listings.

Within a given volunteer, users will no longer have a UI path to access basic details, health data, correspondence, notes, files, current/past study participation (including recruitment identification, appointments, cohort assignments, study forms, and lab data), or audits. These navigational areas and features are no longer accessible on the volunteer profile.

Audits

There is no action menu item for users to access audit history for privacy removed volunteers. Instead, access to audits can be gained (if necessary) using the immutable ID of the volunteer and a specific URL path.

For example, if a privacy removed volunteer ID was 1, this would be the URL path to audits:

customer.clinspark.com/secure/volunteers/manage/audits/1

Within audit views, users can review the comment captured on the Electronic Signature modal stored as the Reason for Change. This is visible in the audit history with a type of ‘Privacy Remove’.

Recruitment Impact

Privacy Removed volunteers are subject to the same logic as archived volunteers. Their visibility in search queries is suppressed, unless using specific advanced search logic. Additionally, they cannot be added to new calendar appointments or cohort assignments.

However, they will still exist in workflows where the volunteer may have been previously identified for recruitment in a study, present on a calendar appointment, or added to an existing cohort assignment. In these instances, their visibility in those areas of ClinSpark will indicate that the volunteer has gone through privacy removal. Prior contact details will be removed, so they cannot participate in future correspondence.

Study Conduct Impact

Throughout the context of a study there will be reference links between the subject record and volunteer record. Given that, it’s helpful to understand the impact of privacy remove actions depending on how a subject may be progressing through a study.

Cohort Assignments

Privacy removed volunteers cannot be added to new cohort assignments or activated on existing cohort assignments. A warning message will inform users of the privacy removed state.

If privacy remove occurs after cohort activation, most study data collection activities can still take place against that subject record. Privacy removed volunteer present on a cohort assignment can also still complete an assignment swap, or, synchronization with an versioned activity plan.

Volunteer Integration Forms

Studies commonly rely on Volunteer Integration forms with the purpose of pulling in data from volunteer records to study forms. The most common are demographics, concomitant medications, and substance use.

If a privacy removal occurs, any existing study forms that previously pulled details from the volunteer record will remain as-is. However, use of these forms after a removal has occurred may not yield expected results.

Demographic forms will no longer pull in valid demographic data from the volunteer record, as DOB and other values are obfuscated.

Concomitant Medications and Substance Use forms may still attempt to reference historical data from the volunteer record on import. However, it is not guaranteed that imported values will be accurate, given that there is no area within privacy removed volunteer records to manage Substance Use, Medications, and Medical Conditions.

Over-Volunteering

Privacy removed volunteers can no longer participate in over-volunteer workflows in the Subject component that rely on the VCT integration. This is because the VCT workflow requires a check against demographic details to verify the volunteer, which will no longer be available.

eConsent

Using eConsent features, users can review and approve inbound requests across studies that would come by way of Medidata. However without demographic data, automatic matches to existing volunteers/subjects will no longer occur. Additionally, users cannot generate or rely on unique 2d barcodes for automatic matching against volunteers that are privacy removed.

Users will still be able to manually match volunteers to eConsent requests, despite the lack of automatic matching.

Labels

Item and Subject labels that rely on the reference of volunteer data (via merge tags) will properly display obfuscated values on printed labels. Volunteer data is correctly transferred to new printed labels to show *** or ‘removed’ messaging accordingly.

Dashboards and Reports

Dashboard components that reference volunteer data will consider privacy removed volunteers the same as ‘archived’ volunteers. Similarly, existing reporting logic that accounts for archived volunteers will treat ‘privacy removed’ volunteers the same way. Reports that reference obfuscated or removed volunteer data will consider that in outputs that contain those values.

Customers that encounter issues with privacy removed volunteers and dashboard/reporting outputs should reach out via service desk.

Volunteer Monitoring Data

For environments configured to support volunteer monitoring device workflows, monitoring sources can still be accessed on privacy removed volunteers for support purposes. This can be done using the immutable ID of the volunteer and a specific URL path.

For example, if a privacy removed volunteer ID was 1, this would be the URL path to monitoring devices would be:

customer.clinspark.com/secure/volunteers/monitoring/manage/list/1

Limitations

Historical Study Information

Once a participant is ‘Privacy Removed’ users do not have the ability to review historical study participation data - information from study forms and lab results - via the volunteer record. Specifically, this means the Studies tab on a given volunteer profile, and subsequently the Study Data and Lab Data areas.

These may be important functions to certain users to access to review for various workflows. Access to this historical study data is typically done directly from the volunteer record, and not the Study > Data and Study > Lab Data components.

Access to Privacy Removed Data via a Read Replica Database

After the privacy removal process has been performed, audit records aren't affected, nor are any free text fields (e.g. communications).

This information is not accessible through the user interface, but it's available in the database if a customer chooses to access audits via custom queries in the Read Replica.

  • No labels

Exported and Printed Copies Are Uncontrolled