StudyTeam is designed to strengthen privacy compliance with data protection built from the ground up.
The system is very intuitive and user-friendly. The fact that we can use patient names in a safe and protected way really helps our workflow. Sharing updates automatically with the sponsor team is wonderful! The more trials use StudyTeam, the better for us.
The interesting thing about [StudyTeam] is that the site buy-in is completely separate from [the Sponsor]. … We just get what we need without getting any personally identifying information. I learned so much about it when we went through [the Sponsor’s] European data privacy assessment, and [StudyTeam] is a super tight system. It keeps everything really organized, keeps us from getting personally identifiable information accidentally like we sometimes do from paper logs.
This is much easier than paper! I actually think because they can enter personally identifiable information into StudyTeam, it lets them manage better. It is better for privacy than completing paper logs and giving them to the sponsor with potential errors of personally identifiable information included.
I really do like Study Team. It is truly a study coordinator/recruitment nurse’s dream to keep everything in one place. And I absolutely love the feature of being able to send recruitment updates directly to the sponsor and Study Team does the work of de-identifying protected health information.
StudyTeam's features such as patient timeline and demographic information space are very useful because I was [previously] entering this information on paper. StudyTeam keeps [our site’s information] in [the] same place and secure.
StudyTeam is very user-friendly and we do not have to worry about the Sponsor seeing any PII.
In developing StudyTeam, Reify has incorporated data protection into the software from the ground up. StudyTeam has integrated appropriate technical and organizational safeguards to ensure compliance with data protection principles such as data minimization, accountability, integrity, and confidentiality. The software is also abundantly flexible to ensure that data controllers, such as clinical trial sites, are truly in control over what data goes into the software, where it is transferred, and for how long it is retained.
Moreover, StudyTeam features hard-coded protections against human error. StudyTeam locks—without possibility of override—data fields known or likely to contain identifying patient information, thus prohibiting those fields from being replicated outside of the site’s particular instance of StudyTeam. Built-in protections like these allow sites to eliminate their risk of inadvertent disclosure of sensitive patient information.
Sites have a broad range of options in determining what data to enter into StudyTeam. StudyTeam can even be configured such that no identifying patient information is entered at all. However, most sites find it useful to enter at least some patient identifying data. StudyTeam for Sites can store patient data. StudyTeam also stores information about a site’s authorized users.
Ethics Committees and IRBs can vary in their approaches and for that reason, each site is best positioned to determine whether or not formal review of StudyTeam is required.
In our experience, the overwhelming majority of sites worldwide determine that they do not need to submit StudyTeam for EC/IRB review. This is because StudyTeam is not a patient-facing software. Rather, it is used by sites to support their internal operations. In the rare event that a site decides to seek EC/IRB review of StudyTeam, Reify supports that process.
Reify Health does not typically receive DSARs from patients, and in the event such a request were to come directly to Reify, Reify does not communicate directly with patients. In such a case, Reify will forward a patient’s data request to the site to allow the site to instruct Reify on how to proceed. If Reify is instructed by a site to modify or delete patient data, Reify will provide confirmation to the site when the request has been fulfilled. The site may then contact the individual to confirm the modification/deletion in accordance with the site’s internal communication practices.
Reify has established robust technical and organizational measures (TOMs) appropriate to the nature of the data and processing activity. Our TOMs include appropriate policies defining data classification, encryption, data retention, and incident response. For more information, please contact our Security team.
In order to provide the flexibility for sites, as data controllers, to direct the retention of their data, StudyTeam does not impose a pre-determined retention period for site data.
Reify will follow each site’s instructions with respect to the processing and deletion of its data (unless such instructions would be prohibited by applicable law, interfere with Reify’s legal obligations, or are subject to a legal exemption).
Reify requires all third-party vendors, tools, and service providers to undergo a privacy assessment and a data security assessment prior to contract signature. These assessments form a central part of Reify’s vendor qualification process and allow Reify’s Data Protection Officer and Security Officer visibility and an opportunity to ensure that each third party meets legal requirements and Reify’s own robust standards. Third parties are routinely required to execute data protection agreements, data transfer agreements, and contractual data security terms as part of the contracting process.
As the data controller, each site follows its established notice and consent practices when doing any patient-facing work. Reify supports these practices but recognizes that each site has its own procedures and may be subject to unique requirements. Notice and consent are frequently discussed during the site engagement process and Reify is responsive to each particular site's needs and instructions on this topic.
Communications directly with patients, including notification of subprocessing and obtaining consent, are managed by sites in accordance with their internal information handling practices. While Reify does not control a site’s policies and practices with respect to patient consent and notice provision, Reify does partner with, and provide support to, sites to ensure that regulatory requirements are met.
Although sponsors using StudyTeam for Sponsors (a separate software) find it useful to have participating sites use StudyTeam, StudyTeam for Sites is a standalone software for sites’ own use and is trial- and sponsor-agnostic. Sites sign Reify's Terms of Service directly, allowing each site to use StudyTeam for additional trials (or connect to other sponsors) at the site's option.
StudyTeam is recommended—but never required—for a site to share pre-screening and enrollment reports with a sponsor.
Reify engages with sites individually to discuss whether StudyTeam would be a good fit for that particular site. This allows Reify to discuss data protection and other requirements at the site level, accommodating a site’s unique needs and concerns.