5.1 Types of Data Managed
5.2 Anonymization and Pseudonymization
5.3 Categories of Access to Information
5.4 Protection of Sensitive Data
The management of personal data in Discourse is designed to comply with the fundamental principles of the GDPR and the specific needs of a collaborative environment for clinical trials. Clear limits are set on what data can be shared and how it should be handled to ensure privacy and security, aligning with the strategy of preventing the use of identifiable patient data.
5.1 Types of Data Managed
Discourse is focused on scientific collaboration and data analysis but is not a repository for identifiable patient information. The types of data managed on the platform include:
-
Data Derived from Clinical Samples :
- FLIM-FRET analysis results.
- Medical study results, biomarker metrics, and aggregated data used in research.
- Images and graphics related to medical analysis (e.g., phasor plots, FLIM-FRET images).
-
Pseudonymized Keys :
- Identifiers generated to facilitate communication among clinical trial participants.
- These keys are strictly pseudonymous, and the platform does not store any correspondence linking them to real personal data.
-
Research Content :
- Comments, observations, and findings related to techniques and analytical processes.
- Data shared among collaborators, both internal and external.
These types of data comply with the principle of minimization, avoiding the presence of directly identifiable information.
5.2 Anonymization and Pseudonymization
The platform allows the use of pseudonymized keys as a reference within the clinical trial, but strict restrictions are in place:
- Prohibition of Traceable Keys :
- Pseudonymized keys do not have any correspondence stored within Discourse and cannot be used to identify a patient.
- Content Verification :
- Moderators and automated detection systems review posts to ensure they do not contain personal identifiers.
- Recommendation of Anonymization :
- Whenever possible, the publication of fully anonymized data is encouraged to eliminate any additional risk.
5.3 Categories of Access to Information
Discourse’s organization ensures controlled and specific access:
- Segmented User Groups :
- Clinical trial participants (researchers, technicians, and analysts) are grouped by their functions to limit access to relevant categories.
- Administrators :
- Full control over platform configuration, including roles, permissions, and activity audits.
- Moderators :
- Management of user-published content, with the ability to review and approve sensitive posts before publication.
- End Users :
- Restricted access to specific categories based on their roles, such as researchers, physicians, or external collaborators.
- Private Categories :
- Technical and collaborative information is managed in secure spaces accessible only to authorized users.
- Moderation Review :
- Approval workflows are implemented to ensure that only content compliant with privacy policies is visible.
These measures ensure that users only access necessary information, minimizing risks.
5.4 Protection of Sensitive Data
Discourse is designed to facilitate analysis and collaboration without compromising data security:
-
Prohibition of Identifiable Data :
- It is explicitly forbidden to share names, addresses, identification numbers, or any other patient-related data.
-
Encrypted Communication :
- All data traffic between users is encrypted, ensuring the security of shared information.
-
Regular Audits :
- All interactions and changes on the platform are logged to ensure regulatory compliance.
-
Automated Detection Filters :
- Tools identify posts that may contain sensitive information, sending them for review before publication.
-
Secure Deletion Policies :
- Information that is no longer relevant is automatically deleted based on established policies, ensuring unnecessary data is not retained.