Home Investigator Information Contact Us
Privacy Logo

Data Privacy and Security Controls

INTRODUCTION The Breast Implant Follow-Up Study (BIFS) project is a long-term study of breast implants. The study currently collects data using a hybrid method of paper case report forms (CRFs – available to study subjects only) and electronic CRFs (available to study subjects and to clinical sites). The data from these CRFs are captured via a secure Internet data collection system which is accessible using https security encryption technology.

This section will provide an overview of both the security measures in place to protect the clinical data from inappropriate access and the measures in place to ensure that the underlying data collection system has been validated to satisfy the requirements of 21 CFR Part11 standards. These measures include 1) the validation of the BIFS application implemented for the BIFS program; 2) the security controls in the environment in which the application is installed and operates; 3) the procedural controls in place for study data. Together, these controls satisfy the requirements of all applicable federal regulations concerning participant data, including 21 CFR Part 11 and HIPAA.

BIFS APPLICATION VALIDATION The BIFS application undergoes a rigorous validation. The development and validation lifecycle for the application involves three stages: development, testing, and maintenance. The entire process is described in standard operating procedures related to software development and validation and in methodology-specific documents that describe the procedures followed and deliverables produced.

Maintenance Changes to the production application, including defect fixes, modifications to existing features, and the addition of new features, are performed according to standard change control procedures.

BIFS SECURITY CONTROLS The BIFS application is designed to securely maintain confidential participant data in accordance with industry standards and security best practices. In order to provide comprehensive protection for BIFS data, security controls are applied both in the application and in the infrastructure that hosts the application.

BIFS PROCEDURAL CONTROLS The BIFS application is used and maintained according to a set of strict procedural controls designed to protect participant data. These controls include those related to participant enrollment and user support. The following sections provide a brief overview of each type of controls.

Participant Enrollment Every study participant signs an informed consent form when enrolling in the study. The form outlines the requirements of the study and describes in detail how participants are identified in the study data and how participant confidentiality is protected. The authorization text in the signature block of the form reads as follows: “I voluntarily agree to participate in the Rare Adverse Events Study. I have read this Informed Consent document and understand all study information contained within. I have discussed any questions I might have with my physician. Furthermore, I grant permission to Allergan to obtain my medical information from any health care provider” (italics original).

User Support User support is performed according to strictly controlled procedures documented in standard operation procedures, internal procedural documents, and study-specific documentation. These documents include procedures for confirming participant identity prior to providing support and for making updates to participant data when requested. Support activities are logged internally, and database changes are captured as part of the standard audit trail for the database.