Data security encompasses the measures and controls that protect your clinical research data from unauthorized access, modification, or loss.Documentation Index
Fetch the complete documentation index at: https://docs.carelane.io/llms.txt
Use this file to discover all available pages before exploring further.
Data Protection Measures
Encryption
| Type | Implementation |
|---|---|
| In Transit | TLS 1.2+ for all connections |
| At Rest | AES-256 encryption for stored data |
| Database | Encrypted database storage |
| Backups | Encrypted backup storage |
Access Controls
| Control | Purpose |
|---|---|
| Authentication | Verify user identity |
| Authorization | Control resource access |
| Role-Based Access | Permission by role |
| Session Management | Secure session handling |
Authentication
Login Security
| Feature | Description |
|---|---|
| Password Requirements | Strong password policies |
| SSO Support | Google, Microsoft integration |
| Session Timeout | Automatic logout after inactivity |
Multi-Factor Authentication
When available:- Additional verification step via an authenticator app (TOTP)
- Backup recovery codes generated at enrolment — store these safely; each code works once and lets you sign in if you lose access to your authenticator
- Reduces unauthorised-access risk
If you enabled MFA before backup codes were introduced, re-enrol from your user profile to generate a recovery code.
Data Storage
Cloud Infrastructure
Carelane uses enterprise cloud services:| Aspect | Implementation |
|---|---|
| Provider | Enterprise-grade cloud |
| Regions | Configurable data residency |
| Redundancy | Multiple availability zones |
| Backups | Regular automated backups |
Data Isolation
| Level | Isolation |
|---|---|
| Organization | Separate data contexts |
| Study | Study-specific access |
| PHI | Special handling for sensitive data |
PHI Handling
Protected Health Information receives special treatment:| Measure | Purpose |
|---|---|
| Access Logging | Track all PHI access |
| Minimisation | Collect only needed PHI |
| Encryption | Additional encryption for PHI |
| Access Control | Strict role requirements |
Reduced PHI Requests by Default
The participant enrolment form now requests fewer PHI fields by default. Essential fields (such as pseudonym and the study-configured status) remain pre-populated; optional PHI fields — for example subject name, medical record number, full date of birth, or subject initials — must be explicitly enabled per study. This supports data-minimisation requirements and reduces the compliance footprint of new studies.Data Integrity
Measures to ensure data integrity:| Measure | How It Works |
|---|---|
| Audit Trails | Complete change history |
| Version Control | Track all modifications |
| Validation | Prevent invalid data |
| Checksums | Detect data corruption |
Incident Response
If a security incident occurs:Your Role in Data Security
| Action | Importance |
|---|---|
| Strong Passwords | First line of defense |
| Don’t Share Credentials | Maintain accountability |
| Report Concerns | Early detection |
| Follow Policies | Consistent protection |
Best Practices
Secure Your Account
Secure Your Account
Use strong, unique passwords. Enable MFA if available.
Limit PHI Collection
Limit PHI Collection
Only enable PHI fields you actually need.
Secure Exports
Secure Exports
Protect exported files appropriately.
Report Issues
Report Issues
Report any security concerns immediately.
Related
Access Control
Managing access permissions.
Audit Trails
Activity logging.