1.3 Technical Specifications

1.3.1 Data collection

Registry data will be hosted in Socrates (V 3.5.8.3.10116, Ortholink Pty Ltd, Aus).

Patient information and demographics data entry will be performed by:

1. manual entry via user interface (Socrates) which is accessed through the terminal server
2. software import function using modified exports from practice management software (Genie).

Patient reported outcomes data entry will be performed by:

1. using the web-score function, including emails and tablet
2. manual entry via user interface (Socrates), which is accessed through the terminal server

Manual data entry:

The most basic method of populating the registry with patient information, demographics, surgery records and patient reported outcomes data. Data is entered in the relevant sections of the Socrates user interface.

Software import:

Patient information and demographics can be populated/updated in bulk using the Socrates import function. The data is exported from practice management software (Genie) and modified to ensure that correct patients are listed in the proper format. It is then imported into Socrates and checked upon completion to ensure a successful import.

Webscores:

This feature enables automatic entry of patient reported outcomes data upon them filling out the survey electronically from their e-mail or on a tablet at the clinic.

1.3.2 Registry hosting and backup

The Postgres database is hosted on a windows 2012R2 terminal server (physical virtualisation Host) on premise at customer's private rooms.

Server infrastructure is backed up daily with standby replication on the hour.

1.3.3 Fire protection of registry data

The server is sitting on a File Server Rack (FSR) in an internal file room in the building. The building has hospital spec fire suppression system.

1.3.4 Server and Software maintenance

The server operating system and relevant software updates are in line with software version life cycles, done through a central portal controlled and managed by WorldMark Corporate Consulting (WCC) following industry best practice.

1.3.5 Server replacement cycle

Replacement cycle are in line with product lifecycle strategy determined by the business. Hardware resources are replaced every 3-4 years based on individual assessment

1.3.6 Risk management and security

The server is only accessible externally through a VPN (SSL using Ciscto Anyconnect Secure Mobile client). The VPN and firewalls are managed by WCC.

1.3.7 User management

User access is managed at different levels:

• VPN endpoint from Cisco account database (set by WCC).
• Windows login from Microsoft Windows Active Directory Services (set by WCC)
• Local PostGres and Socrates user authentication at application level (set by registry custodians: EBMA)

1.3.8 Confidentiality and privacy

Registry data is kept electronically on a secure server. It is the practice’s responsibility to ensure security of this server is maintained to minimise the rise of data breaches.

The transfer of identifiable data will be through password protected files on a physical hard drive or through a VPN secured remote desktop connection to a secure and HIPAA compliant cloud environment (Google Drive). The transfer will be done by the registry custodians for ongoing quality assurance of the registry as well as case by case projects.

Re-identifiable data may be shared forwards and backwards between the registry and the public and private hospital contacts that are in collaboration with the participating surgeons. This transfer will be done through the practice's remote server.

De-identified data may be provided to medical students/registrars involved in research projects with Geelong Orthopaedics. This transfer will be done through the practice's remote server or the custodians cloud environment.

1.3.9 Data storage and record retention

Paper and electronic records will be kept indefinitely. Paper records will be kept in locked rooms in a secure building (private practice rooms). Electronic records will be stored on secure servers behind multiple levels of credential required layers mentioned in section 1.3.7.

1.3.10 Data linkage

Identifiable data will be kept indefinitely in order to link patient records to patient information from other sources (e.g., hospital records). Follow-up for survival, re-operation, etc. may be necessary on patients who are well past completion of the study. For example, long-term survival of orthopaedic procedures reported in the literature range from a minimum of 10 years post-surgery.