The Clinical Research Unit (CRU) utilizes a standardized and repeatable policy-driven approach to manage your research data through its lifecycle within our organization. The Data Lifecycle Management (DLM) strategy summarizes the specific data management practices that ensure appropriate handling of data at all stages of the project.
Our approach ensures a secure, semi-automated, and client-friendly data management infrastructure. We can service your needs along the full continuum of data management, including intake, project staging, data collection, data management, provisioning and data analysis. Our services extend all the way through data archival and dissemination, and leverage policies and best practices from the academic domain and beyond.
Data lifecycle management through stages
1) Project Intake
The CRU hosts the leading EDC platform, REDCap. This gives researchers a range of choices and capabilities when building tools dedicated to data capture, databases, and custom data management. We also offer custom software that can be tailored to the needs and workflows of a specific project. In order to determine which services, platform, software bundles or data management support will best suit a client’s needs, we use a stratified and structured intake service. Using this decision model and through consultations with the client, we are able to determine the best approach to building and managing the client’s database.
During the intake process, we assess and define:
- Trial type and phase
- Study design
- Health Canada applications and REB or ethics verification
- Ethical or legal obligations
- Length and timeline of the study
- Number of case report forms (CRFs)
- Number of sites involved
- Number of end users and participants
- Data edit specifications
- Visit maps
- Intellectual property
- Protocols and workflows
- Source of the data
- File formats required
- International roll-out or data access
- Custom or 3rd party data linkage
- Data reporting and export requests
- Data monitoring needs
- Randomization needs
- Required analytics and needs for methodology support
- Platform selection
- Version control
- Data back-up plans or requirements
- Required training
- Data purging requirements
We will work with you to understand your data collection needs, and assess the parameters and controls needed to manage your research data. We will then establish an agreement with you to provide clarity and assurance.
Key considerations include:
- The end date of data collection, and expected total volume of data to be collected and stored
- How and where the collected data will be stored and backed up
- Privacy, confidentiality and intellectual property requirements
- Whether ethics approval has been acquired for the project, and whether data collection/storage is tied to the ethics approval end date with a possibility of renewal
- Data access considerations, including who has access to the data during the active data collection process, designated data custodians of the project, and contingency plans in case the study team changes
- How exported data is to be transferred to the client for analytics, data archival, or data purging
2) Data Setup & Collection
Once a data collection platform has been agreed upon and the intake process has been completed, we will work in collaboration with the client to design and build the project and data management application services according to their standards and requirements. This process can look different across the various platforms; however, we adhere to quality assurance and testing policies in order to guarantee functional and effective data collection and management.
To safeguard the data collection process, study data system access will only be granted to users who have been centrally (and where necessary clinically) approved as having completed study systems training, are in possession of all appropriate and valid credentials and certifications, and who have a study role that merits each specific access type. Users will be granted individual accounts with permissions designed to grant access only to functions and data that supports their study role. In addition, user access password complexity rules, expiries and other data security features are systematically used to ensure suitable data accessibility and data security.
3) Data Storing & Handling
The CRU uses a variety of data storage services, including perimeter networks and double screened subnetworks, and logical and physical separation of data and application access. In order to determine the best storage location for a client’s data, we classify the data according to the University of Calgary’s security policies and data classification levels. Based on this classification, we will consult with the client to create an active data storage plan.
Our active data storage plans are policy driven and include the following considerations:
- Where requested, cloud computing platforms or managed research compute services can be leveraged or embedded in data pipelines.
- If data is highly confidential (e.g., participant or patient identifiable), greater precautions are taken, and an agreement will be established with the client to ensure that a secured data storage and computing platform is used.
- Sensitive data can be VPN disclosed and platform access is regularly scanned for leaks and holes.
- Data access and access permission is administratively managed, logged, trailed, and often automatically revoked upon inactivity. This process is policy driven.
- Requests for changes to data elements and variables in any project follows a rigorous process of clarification of implication of the changes to the investigator, written confirmation and authorization by the principal investigator or project owner, and tracking of any changes.
- Upgrades to data management platforms are compliance and ethics approved. The CRU separates development, user acceptance, and production data with separated authorization and authentication.
We can also help support the client in establishing the most suitable strategies for data ownership, permissions, and sharing. The designated data custodian/principal investigator will be able to control and permit access and use of all data. Restrictions can be enforced to ensure security when interacting with and sharing the project data, whether the latter is raw, processed, or derived. We can also help to create a plan to share the data with the client’s collaborators (internal/external) and team members, in a manner that always prioritizes security and data protection.
4) Data Analysis
If requested, the CRU can provide the following additional support for clinical trials and observational studies:
- Consultation with clients about their research project to help create statistical analysis plans and documentation for funding applications.
- Statistical analysis for health research projects.
- Professional writing of the methods and results sections of manuscripts.
- Assessment and implementation of a large variety of randomization strategies for Randomized Controlled Trials (RCTs) across a variety of platforms.
- Sample size calculations, managing and shaping your analysis plan, data cleaning and preparation, and final analyses.
- By leveraging UCIT tools, we have the capacity to perform large-scale analytics projects from administrative, EMR, sensor data, and more. Whether it concerns public data or subject and person sensitive information, the academic infrastructure used for transporting, analyzing, storing, and disseminating your data have been architected and approved to handle data at all levels of confidentiality. When analyses are performed on high performance nodes and hosted instances within the university’s computation network, data stays on the premises and never travels beyond the security perimeters. Data and generated (meta) data gets wiped after specific project purposes have been fulfilled.
5) Data Backup & Archive
We apply industry standard data backups and redundancy. Data backups can be specified and completed according to the client’s needs. This includes how and when the backups are performed, and where the backups are stored. Periodic backups can be executed at the client’s preference, whether full, differential or incremental, and restrictions can be put in place to control who has access to this data.
Once the data sets or databases have been locked and frozen, and the final (Clinical) Study Report has been signed, the study data is considered archived. From this point, we will proceed according to the client’s request to archive study data for a limited period of time. Long-term storage is the responsibility of the client.
We recommend that clients create a self-managed long-term data storage plan and extended data archival plan. We will work with the client to ensure the data archival plan is appropriate in terms of file formats, indexing, timely retrieval, and re-usability.
6) Project Close-out & Data Purging
Project close-out procedures will be performed prior to database locking in order to verify the integrity and completion of the database. These procedures involve a series of controlled checks including, but not limited to, checking that all CRFs have been entered, manual reviews have been completed, the project data are consistent with specifications in the project dictionary, and other processes. At project completion, we provide your data in a formal sign off, according to Standard Operating Procedures for the CRU. If requested, project data will be snapshotted and encrypted for up to one year after project closure.
Data purging will be conducted according to current established best practices and in agreement with governance and compliance requirements arranged with the client during Intake (Stage 1). Data purging consists of deleting every copy of the data item from the client’s platform, swiping archives, overwriting or destroying storage location and sweeping audit trails. The purging process is done in accordance with CRU and academic policies and regulations to ensure all data is properly removed, and all traces of the client’s data are completely deleted from our servers.