Encryption
COINS has a 2 step process when encrypting participant data. First the data is run through a AES 256 bit cipher and it is then encoded in base64 prior to being saved within the database. Data over public networks is encrypted by using HTTPS (TCP 443).
PII access
Only two COINS tools provide access to PII (personal identifying information), MICIS and Payments*. Site administrators can provide specific permission to MICIS to allow a user to access this information. If a user does not have access to MICIS in the system, they are not able to access any PII.
*Participants can access their own PII via the Participant Portal.
PII access log
COINS logs every time a user accesses individual PII in the system. We also log when a user exports PII with tools that export all of the PII for a study (Contacts export, Trackers and study specific data dumps).
URSI coded data
All research data is associated with the Unique Research Subject Identifier (URSI) number. COINS does not allow the URSI number to be presented on the same page as PII and also does not allow the URSI number to be exported with PII.
Unlink PII
At study closure investigators have the option to "unlink" the research data from PII. Unlinking data means that the investigator and any user that has access to the study data will no longer have access to the PII for participants in that study.
Comments