Dealing with extra sensitive data in the Medical Learning Environment (MLE)

Most FMS sites run by the unit contain and maintain personal data that needs to be kept private. Techniques such as securely certified websites and authentication/authorisation portals are usually sufficient in keeping this data safe.

The Challenge

With the introduction of the new year 4 in the MBBS curriculum and the move to more blended learning, a higher degree of sensitive data was required to be stored on the Medical Learning Environment (VLE for MBBS). Year 4 students are now asked to keep electronic records of patients and interactions as part of the Advanced Clinical Experience module. This data contained personal contact details such as address, telephone and email of patients the students would follow on the clinical journey, and let them reflect upon this experience throughout year 4.

So before the start of Year 4, in the summer of 2020, we investigated and implemented an enhanced way of storing this patient information in the MLE.

The Solutions

First we investigated how the data was stored in the backend database. Most information is stored in databases as unencrypted data due to the lack of sensitive nature of the data.

This new data required something else. It was decided that parts of the data that could contain personal patient information should be encrypted, both in transit and at rest.

For parts of the ACE model (the data structure we use for the ACE section of MLE) we replaced the open text fields with this new encrypted field. This now meant that when data was entered and saved, before it was added to the database, the system would replace the open text with a encrypted data set using a secure key. To read the data again it would need the use of the decrypt method, that only the MLE could do by using the secure key.

The second part we investigated was to detach any personal patient information from the student’s reflections. Once the student had completed the recording of the patient’s details, the direct link in the website was removed and generic patient information used from that point onwards to identify the individual records. This kept the sensitive information separate from the day to day recording of patient interactions.

The students also uploaded consent forms signed by patients who agreed to take part in the ACE module. Final versions of consent forms highlighted that these would also contained sensitive information.

After further investigation the development team included these static files in the encryption methods used to support ACE. In order to allow students to verify the uploaded consent forms, the MLE allows a short window before encryption and archiving of consent forms takes place. Once this process completes the consent forms are no longer accessible via the website (MLE) and recovery if required is performed by a limited number of staff in FMS TEL.

These methods used may be a little extreme for the day to day data stored on most FMS sites, but the investigations and lessons learned from the ACE data has provided us with options for other sites in the future.

If you are interested in this topic and wish to learn more, please contact:

Dan Plummer, Learning Technologies Developer, dan.plummer@newcastle.ac.uk

John Moss, Technology Enhanced Learning Manager, john.moss@newcastle.ac.uk

New Zoom Features Released

Some new Zoom features have been pushed today, a few of which have some clear benefits for users in FMS.

Share Multiple Programs at Once allows you to share more than one window with your audience, without having to share the entire desktop. This will be particularly useful if you need to go between a PowerPoint and a webpage, or another piece of software. You can now do this without worrying about accidentally having your emails pop up! The windows are arranged on the participants’ screens exactly as you have them arranged on your desktop, allowing you to rearrange/overlap or change their relative sizes. The image broadcast will update as you do this. To start sharing multiple programs, select the screenshare of one window as usual, then hold Ctrl and click on any additional programs you’d like to include. When you’re ready, click ‘share’.

Suspend Participant Activity acts as a sort of emergency brake in case of serious disruptions. You can disable all microphones, screen sharing and videos at once to stop any disruptive behaviour and give yourself time to remove the unwanted user without the pressure of ongoing interruptions.

Click ‘security’ and then ‘suspend participant activities’ to halt participant input.

To update your Zoom client, click on your profile picture/initials in the top right of the main Zoom window and then click ‘check for updates’. Follow the prompts to complete the update.

The full list of changes can be seen in detail on the Zoom website.

The FMS Community has more detailed walkthroughs relating to security settings and managing disruptions in Zoom, including downloadable guides.