You’ve decided to make the transition from papers to digital. Your sponsor is on board. You’ve organized your binder and folder structure templates. Now what? It’s time to configure access by setting up roles and permissions. Not sure where to start? Here’s a quick guide to managing your team digitally.
Wait, I never had to manage roles and permissions before, right?
Access control was straightforward in a paper world: Don’t want to provide access? Don’t let the person in the building. Lock up your binders.
Now many teams feel like access control is all over the place: Encrypted USBs, shared drives (some of which, like DropBox and Sharepoint, allow external access), and email. In this mix, you may find that access takes on different forms depending on the process used. For example:
- Your study team and PI have shared drive access, EHR access, and email correspondence.
- The regulatory monitor has physical binder access or an encrypted USB key.
- The source document monitor has physical patient binder access or temporary EHR access.
- Your sponsor corresponds via email.
Okay what’s different now? First, an Intro to User Roles and Permissions:
A purpose-built eBinder tool takes this hodgepodge of access and makes it uniform and controlled—for any and all combination of users and tasks. The most robust tools can handle these different types of Users, Roles, and Permissions to provide flexible yet secure access control of your team’s valuable content. Here’s what you should look for:
- Teams can link your Users across locations and across / within studies.Teams are accounts that allow Users to collaborate within one or multiple studies and sites. Teams include both Users and Binders.
- Roles can group Users with similar privileges. They are created to correlate with various job functions within your organization, such as a site coordinator or monitor.
- For example, the monitor may only require View and Download Permissions, or you may want to restrict him/her from seeing Documents that contain PII (Personally Identifiable Information, which includes PHI). By contrast, your site coordinator would need to be able to Upload, Sign, and Edit Documents.
- Users can be assigned to multiple Roles, and vice versa. For example, one person may monitor multiple sites. Each site would have a monitor Role that provides the monitor with access to their site’s Binder. This one monitor’s access can be granted and removed to various site Binders to correlate with monitoring visits.
- Permissions can determine what a Role can do. Those assigned a certain Role can perform certain actions in the system, such as viewing a Binder or electronically signing a specific Document.
Now you have the basics. What other questions should you ask when evaluating a tool’s access control capabilities?
1) How can I manage exactly what team members can view?
The notions of subjects, objects, and permissions and how they are related to each other are how these capabilities are delivered. Collectively, these components determine whether an individual is allowed access to specific study documents.
The basic concept is called Object Level Permissions (OLP), in which subjects are given privileges on objects, down to the document. Below is an example of elements in an object-based permissions framework:
2) How can I tell who can view my study documents? And how can we be certain that terminated employees or monitors who have finished their visit no longer have access to our study documents?
An eBinder tool with a flexible permissions approach lets you grant access rights and restrictions according to the functional responsibilities of your study personnel. Permissions for both Users and Roles may be added, removed, or edited at any time by Team Owners or Administrators. You can use the Permissions Overview for your eBinders to verify what your Team members do or do not have access to.
Help! I still don’t know where to start.
Upon request, our Customer Success Team can pre-program certain Role and/or Binder templates to help get you started. These templates can then be modified, duplicated, or used as-is to get your eBinders set up and provide your Users with access to them.
The Florence eBinder Suite™ was designed by security experts and research coordinators to eliminate redundant tasks, improve compliance, and allow concerns to be quickly identified and resolved. Sites and sponsors have immediate insight into the stories their binders tell from the comfort of their own desk. This ensures compliance without negative impacts to their relationships. The suite is HIPAA and 21 CFR 11 compliant and ready to support your team’s efforts towards streamlining study documentation. Contact us at firstname.lastname@example.org or request more information to learn more.