DATA SECURITY

Information on data security

 

The IMIGASTRIC system is designed in compliance with the most stringent regulations regarding privacy. In particular, the following points are emphasizez:

  • Imigastric does not store any of the identification data of patients, such as: first name, last name, place of birth, date of birth, etc.;
  • It is impossible to identify the patients surveyed in the system;
  • It is impossible to associate clinical data with the identity of the patient;
  • Each patient is uniquely identified by an automatically generated coded sequence;
  • To minimize the possibility of error, it is possible to associate the MRN specifically assigned by the Institutes with the patient identifier;
  • To minimize the possibility of error and simplify the search for and selection of a patient, the following discretionary instrument has been devised:
  • If the first name, last name and date of birth are entered into the corresponding fields in the form while entering a patient into the registry, the system, using the hash functions, calculates a unique code and stores it in the database; the calculation procedure is not reversible and therefore does not allow for a backwards “reconstruction” of the data entered to produce said code;
  • First name, last name and date of birth can, in this case, be re-entered into the patient search form and the patient can be identified with certainty by way of comparing the newly calculated code with the code stored in the database; the mechanism is similar to that used to manage encrypted user passwords;
  • The personal data entered into the form at the point of creation of the patient file in the database is shown on the screen at the end of an entry (so the operator can take note of the association between the patient and the identifier assigned by the system), and then sent via email to the operators at that specific center; this data is then deleted without being temporarily or permanently stored;
  • The data entered at the various centers may only be used for statistics and research;
  • All user passwords are encrypted and stored in the system;
  • A digital certificate will be associated with the production site to ensure the confidentiality of any communication between the placement of clients at the centers and our application server.