StudyTeam
Care AccessStudyTeam is designed to strengthen privacy compliance with data protection built from the ground up.
In developing StudyTeam, OneStudyTeam has incorporated data protection into the software from the ground up. StudyTeam has integrated appropriate technical and organizational safeguards to ensure compliance with data protection principles such as data minimization, accountability, integrity, and confidentiality. The software is also abundantly flexible to ensure that data controllers, such as clinical trial sites, are truly in control over what data goes into the software, where it is transferred, and for how long it is retained.
Moreover, StudyTeam features hard-coded protections against human error. StudyTeam locks—without possibility of override—data fields known or likely to contain identifying patient information, thus prohibiting those fields from being replicated outside of the site’s particular instance of StudyTeam. Built-in protections like these allow sites to eliminate their risk of inadvertent disclosure of sensitive patient information.
Sites have a broad range of options in determining what data to enter into StudyTeam. StudyTeam can even be configured such that no identifying patient information is entered at all. However, most sites find it useful to enter at least some patient identifying data. StudyTeam for Sites can store patient data. StudyTeam also stores information about a site’s authorized users.
Ethics Committees and IRBs can vary in their approaches and for that reason, each site is best positioned to determine whether or not formal review of StudyTeam is required.
In our experience, the overwhelming majority of sites worldwide determine that they do not need to submit StudyTeam for EC/IRB review. This is because StudyTeam is not a patient-facing software. Rather, it is used by sites to support their internal operations. In the rare event that a site decides to seek EC/IRB review of StudyTeam, OneStudyTeam supports that process.
OneStudyTeam does not typically receive DSARs from patients, and in the event such a request were to come directly toOneStudyTeam, OneStudyTeam does not communicate directly with patients. In such a case, OneStudyTeam will forward a patient’s data request to the site to allow the site to instruct OneStudyTeam on how to proceed. If OneStudyTeam is instructed by a site to modify or delete patient data, OneStudyTeam will provide confirmation to the site when the request has been fulfilled. The site may then contact the individual to confirm the modification/deletion in accordance with the site’s internal communication practices.
OneStudyTeam has established robust technical and organizational measures (TOMs) appropriate to the nature of the data and processing activity. Our TOMs include appropriate policies defining data classification, encryption, data retention, and incident response. For more information, please contact our Security team.
In order to provide the flexibility for sites, as data controllers, to direct the retention of their data, StudyTeam does not impose a pre-determined retention period for site data.
OneStudyTeam will follow each site’s instructions with respect to the processing and deletion of its data (unless such instructions would be prohibited by applicable law, interfere with OneStudyTeam’s legal obligations, or are subject to a legal exemption).
OneStudyTeam requires all third-party vendors, tools, and service providers to undergo a privacy assessment and a data security assessment prior to contract signature. These assessments form a central part of OneStudyTeam’s vendor qualification process and allow OneStudyTeam’s Data Protection Officer and Security Officer visibility and an opportunity to ensure that each third party meets legal requirements and OneStudyTeam’s own robust standards. Third parties are routinely required to execute data protection agreements, data transfer agreements, and contractual data security terms as part of the contracting process.
As the data controller, each site follows its established notice and consent practices when doing any patient-facing work. OneStudyTeam supports these practices but recognizes that each site has its own procedures and may be subject to unique requirements. Notice and consent are frequently discussed during the site engagement process and Reify is responsive to each particular site's needs and instructions on this topic.
Communications directly with patients, including notification of subprocessing and obtaining consent, are managed by sites in accordance with their internal information handling practices. While OneStudyTeam does not control a site’s policies and practices with respect to patient consent and notice provision, OneStudyTeam does partner with, and provide support to, sites to ensure that regulatory requirements are met.
Although sponsors using StudyTeam for Sponsors (a separate software) find it useful to have participating sites use StudyTeam, StudyTeam for Sites is a standalone software for sites’ own use and is trial- and sponsor-agnostic. Sites sign OneStudyTeam's Terms of Service directly, allowing each site to use StudyTeam for additional trials (or connect to other sponsors) at the site's option.
StudyTeam is recommended—but never required—for a site to share pre-screening and enrollment reports with a sponsor.
OneStudyTeam engages with sites individually to discuss whether StudyTeam would be a good fit for that particular site. This allows OneStudyTeam to discuss data protection and other requirements at the site level, accommodating a site’s unique needs and concerns.
Sites have a broad range of options in determining what data to enter into StudyTeam. StudyTeam can even be configured such that no identifying patient information is entered at all. However, most sites find it useful to enter at least some patient identifying data. StudyTeam for Sites can store patient data. StudyTeam also stores information about a site’s authorized users.
Ethics Committees and IRBs can vary in their approaches and for that reason, each site is best positioned to determine whether or not formal review of StudyTeam is required.
In our experience, the overwhelming majority of sites worldwide determine that they do not need to submit StudyTeam for EC/IRB review. This is because StudyTeam is not a patient-facing software. Rather, it is used by sites to support their internal operations. In the rare event that a site decides to seek EC/IRB review of StudyTeam, Reify supports that process.
Reify Health does not typically receive DSARs from patients, and in the event such a request were to come directly to Reify, Reify does not communicate directly with patients. In such a case, Reify will forward a patient’s data request to the site to allow the site to instruct Reify on how to proceed. If Reify is instructed by a site to modify or delete patient data, Reify will provide confirmation to the site when the request has been fulfilled. The site may then contact the individual to confirm the modification/deletion in accordance with the site’s internal communication practices.
Reify has established robust technical and organizational measures (TOMs) appropriate to the nature of the data and processing activity. Our TOMs include appropriate policies defining data classification, encryption, data retention, and incident response. For more information, please contact our Security team.
In order to provide the flexibility for sites, as data controllers, to direct the retention of their data, StudyTeam does not impose a pre-determined retention period for site data.
Reify will follow each site’s instructions with respect to the processing and deletion of its data (unless such instructions would be prohibited by applicable law, interfere with Reify’s legal obligations, or are subject to a legal exemption).
Reify requires all third-party vendors, tools, and service providers to undergo a privacy assessment and a data security assessment prior to contract signature. These assessments form a central part of Reify’s vendor qualification process and allow Reify’s Data Protection Officer and Security Officer visibility and an opportunity to ensure that each third party meets legal requirements and Reify’s own robust standards. Third parties are routinely required to execute data protection agreements, data transfer agreements, and contractual data security terms as part of the contracting process.
As the data controller, each site follows its established notice and consent practices when doing any patient-facing work. Reify supports these practices but recognizes that each site has its own procedures and may be subject to unique requirements. Notice and consent are frequently discussed during the site engagement process and Reify is responsive to each particular site's needs and instructions on this topic.
Communications directly with patients, including notification of subprocessing and obtaining consent, are managed by sites in accordance with their internal information handling practices. While Reify does not control a site’s policies and practices with respect to patient consent and notice provision, Reify does partner with, and provide support to, sites to ensure that regulatory requirements are met.
Although sponsors using StudyTeam for Sponsors (a separate software) find it useful to have participating sites use StudyTeam, StudyTeam for Sites is a standalone software for sites’ own use and is trial- and sponsor-agnostic. Sites sign Reify's Terms of Service directly, allowing each site to use StudyTeam for additional trials (or connect to other sponsors) at the site's option.
StudyTeam is recommended—but never required—for a site to share pre-screening and enrollment reports with a sponsor.
Reify engages with sites individually to discuss whether StudyTeam would be a good fit for that particular site. This allows Reify to discuss data protection and other requirements at the site level, accommodating a site’s unique needs and concerns.
Get OneStudyTeam news and clinical trial enrollment insights delivered directly to your inbox.
