We are currently working on the forum. For the short-term, all forum content will be in read-only format. We apologize for the interruption and look forward to collaborating with you shortly. All the best in your research!
deleted, but still in audit-log?
Comments
This may not be the best solution but it is possible to, in addition to
clearing the data, to reassign the "subject" then to the study-level where
(presumably) those users do not have access to the patient record?
On Mon, Aug 24, 2015 at 2:49 PM, toskrip
wrote:
> The problem is that if patient explicitly ask for data deletion it cannot
> be possible for anybody to track back what data was associated with patient
> (as identifiable subject). If this is still tracked in audit log, this also
> means that there is a user role that is allowed to access this information
> and theoretically can reconstruct the the original data from the log itself.
>
> If we receive such request for data removal (very very rare occasion) we
> have to deal with it. One way to solve this is replace PersonID of that
> subject with randomly generated value and this way completely anonymise the
> study subject = data protection regulations are not applying for anonymous
> data. (But this needs to be done on database level because any change in
> patient ID within OC will be again audited).
>
> As you see it is not so much about the data deletion itself, but about the
> association of patient data with patient identity. That is why wee need to
> cut the ID that links to data to patient identity (which in our setups is
> always PersonID).
>
> Tomas
>
> --
> To manage your email notifications, please visit:
> https://www.openclinica.com/forums#/profile/preferences
>
> Reply to this email directly or follow the link below to check it out:
> https://forums.openclinica.com/discussion/comment/17257#Comment_17257
>
>
- completely remove the data from database (including audit log records)
- or anonymise the subject (replace IDs without auditing this procedure)
T
Mihai