Most FMS sites run by the unit contain and maintain personal data that needs to be kept private. Techniques such as securely certified websites and authentication/authorisation portals are usually sufficient in keeping this data safe.
With the introduction of the new year 4 in the MBBS curriculum and the move to more blended learning, a higher degree of sensitive data was required to be stored on the Medical Learning Environment (VLE for MBBS). Year 4 students are now asked to keep electronic records of patients and interactions as part of the Advanced Clinical Experience module. This data contained personal contact details such as address, telephone and email of patients the students would follow on the clinical journey, and let them reflect upon this experience throughout year 4.
So before the start of Year 4, in the summer of 2020, we investigated and implemented an enhanced way of storing this patient information in the MLE.
First we investigated how the data was stored in the backend database. Most information is stored in databases as unencrypted data due to the lack of sensitive nature of the data.
This new data required something else. It was decided that parts of the data that could contain personal patient information should be encrypted, both in transit and at rest.
For parts of the ACE model (the data structure we use for the ACE section of MLE) we replaced the open text fields with this new encrypted field. This now meant that when data was entered and saved, before it was added to the database, the system would replace the open text with a encrypted data set using a secure key. To read the data again it would need the use of the decrypt method, that only the MLE could do by using the secure key.
The second part we investigated was to detach any personal patient information from the student’s reflections. Once the student had completed the recording of the patient’s details, the direct link in the website was removed and generic patient information used from that point onwards to identify the individual records. This kept the sensitive information separate from the day to day recording of patient interactions.
The students also uploaded consent forms signed by patients who agreed to take part in the ACE module. Final versions of consent forms highlighted that these would also contained sensitive information.
After further investigation the development team included these static files in the encryption methods used to support ACE. In order to allow students to verify the uploaded consent forms, the MLE allows a short window before encryption and archiving of consent forms takes place. Once this process completes the consent forms are no longer accessible via the website (MLE) and recovery if required is performed by a limited number of staff in FMS TEL.
These methods used may be a little extreme for the day to day data stored on most FMS sites, but the investigations and lessons learned from the ACE data has provided us with options for other sites in the future.
If you are interested in this topic and wish to learn more, please contact:
Dan Plummer, Learning Technologies Developer, firstname.lastname@example.org
John Moss, Technology Enhanced Learning Manager, email@example.com