System Specification

Syreon possesses exceptional expertise in the design, functionality and security of EDC systems in accordance with Title 21, Food and Drugs, Part 11 and the FDA Guidance Document on the use of Computers in Clinical Trials. The procedure for delineating data elements for EDC systems mirrors that employed for paper-based systems. Forms are developed using Microsoft Active Server Pages (ASP), with the complex processing taking place in COM objects hosted under Microsoft Transaction Server (MTS) and connecting to Oracle and SQLServer databases. The use of ASP allows for rapid development of dynamic web pages, while the use of COM and MTS helps to ensure the integrity of the data and the scalability of the application. The system uses only the standard web protocols, HTTP and HTTPS, and can therefore be used by anyone with access to the web. If the user is behind a firewall, no extra ports need be opened.

Security and Confidentiality

All persons provided with access privileges to a study web site and EDC system must sign a Verification of Password and Web Site Security form prior to the release of the password. This form confirms that the user understands the password is their legally binding signature for the purpose of the study, and delineates data access rights (for example, entry, review or sign off) for each individual. This form must be signed and faxed to Syreon, where it is maintained for auditing purposes, and a copy must be filed at the site. No data resides on the client computers, which are used only for connecting via the Internet. All data access and review is performed via the secure web site, which is linked to the central database server. Data is transmitted using Secure Socket Layer (SSL 3.0) technology with high level (128-bit) encryption, technologies which are now widely used in the medical and financial sectors for transmitting high security data over the Internet. SSL has been developed to prevent outside parties from intercepting and deciphering the Internet traffic and data content. eCRFs, once completed, are automatically encrypted using SSL technology by the user's browser prior to submission and are decrypted into a useable format on receipt by the server. The entire process of encryption and decryption occurs automatically, with no discernible impact on the user.

Functionality and audit
Each eCRF has a direct link to the data entry instructions ("CCGs" or case report form completion guidelines) for each form, which appear on screen in a pop-up box which can be adjusted in size and location and viewed simultaneously with the actual form.

Each data element collected has a predefined format for entry, including numeric, alphanumeric, and scroll down or check box selection for answers. Each question is programmed with automatic on-line entry checks for completeness, logic and accuracy. The checks are described in the study Validation Document (DVD) and, like the forms themselves, are designed in accordance with the requirements of the study protocol. Any changes made to data on electronic forms are tracked in an audit trail that can be easily accessed by monitors and or/site personnel as required.

ClinStream™ eCRFs enable on-line data correction by a simple edit button that displays the fields and allows modification or deletion of specific elements. The reason for change or deletion is required and recorded with each change. Syreon does not support deletion of a complete data form, however. This is accomplished using a separate on-line form. The Clinical Database Administrator for the study can then delete the page with the appropriate notation in the Clintrial™ database for audit purposes.