Alethium Trial Platform: GDPR, HIPAA and SOC 2 Compliance

Compliance Overview

The Alethium Trial Platform is built to meet the rigorous standards of GDPR, HIPAA, and SOC2 compliance. By prioritizing data security, privacy, and operational integrity, Alethium ensures the protection of sensitive data and the reliability of clinical trial operations.

GDPR Compliance

The Alethium Trial Platform adheres to the General Data Protection Regulation (GDPR) to ensure the highest levels of privacy and security for data collected, processed, and stored during clinical trials.

Principles Relating to Processing of Personal Data (Article 5)

Alethium processes data under these principles:

  • Lawfulness, Fairness, and Transparency: Data is processed for specific, legitimate purposes.
  • Purpose Limitation: Data is collected solely for study-related activities as required by the sponsor.
  • Data Minimization: Only the minimum necessary data is collected.
  • Integrity and Confidentiality: Data is protected with advanced encryption and access controls.

Lawfulness of Processing (Article 6)

Personal data is processed to fulfill contractual obligations with study sponsors. Participant consent is managed by the study investigator and retained on the ATP system.

Privacy by Design and Default (Article 25)

Alethium integrates privacy into the design of its platform:

  • Secure Development Practices: Ensuring privacy controls are embedded in all workflows.
  • Access Controls: Adopting the principle of least privilege to limit access to sensitive data.
  • Automated Data Anonymization: Adding an extra layer of protection for participant privacy.

Data Subject Rights (Articles 15-23)

Alethium supports the following GDPR rights:

  • Access and portability of personal data.
  • Correction of inaccuracies.
  • Documented procedures to handle subject requests in collaboration with sponsors.

Data Retention Policy (Articles 5, 13, 16, 17, 21, 30)

  • Anonymized study data will be retained and delivered to sponsors upon trial completion.
  • Study data will be securely deleted 6 months post-trial unless the sponsor requires extended retention.
  • Any extension of retention must be formally documented and approved.

Data Breach Management (Articles 33-34)

Alethium’s breach protocol includes:

  • 72-Hour Notification: Reporting breaches to supervisory authorities when required.
  • 48-Hour Notification: Informing sponsors of breaches impacting their data.

HIPAA Compliance

The Alethium Trial Platform adheres to the Health Insurance Portability and Accountability Act (HIPAA) to ensure the security of Protected Health Information (PHI).

Administrative Safeguards

  • Access Management: Role-based access controls limit PHI access to authorized personnel.
  • Training Programs: Employees receive periodic security training, ensuring HIPAA awareness.
  • Risk Analysis: Ongoing evaluations of system vulnerabilities.

Technical Safeguards

  • Encryption: All PHI is encrypted during transmission and storage.
  • Audit Controls: Logs are maintained to monitor PHI access and system usage.

Incident Response

Alethium has a comprehensive plan to address and resolve incidents promptly, minimizing risks to PHI.


SOC2 Compliance

The Alethium Trial Platform complies with the Trust Services Criteria (TSC) of SOC2, with a focus on Security, Availability, and Confidentiality.

Security: Safeguarding Against Unauthorized Access

  • Role-Based Access Control: Ensures only authorized users access sensitive data.
  • Encryption: Protects data during transmission and at rest.
  • Monitoring and Logging: Tracks system activity in real-time for early detection of anomalies.

Availability: Ensuring System Reliability

  • Disaster Recovery: Comprehensive plans ensure continuity during disruptions.
  • Proactive Monitoring: Real-time monitoring identifies potential risks before they escalate.
  • Incident Resolution: Clear protocols ensure timely resolution of service interruptions.

Confidentiality: Protecting Sensitive Data

  • End-to-End Encryption: Data is encrypted from the moment of collection to secure storage.
  • Data Retention and Disposal: Data is retained only as required and securely deleted afterward.
  • Data Masking: Sensitive data is anonymized to protect participant privacy further.

Auditability and Continuous Validation

  • SOC2 Type II Audits: Annual audits validate the operational effectiveness of controls.
  • Comprehensive Logs: Detailed activity logs provide an auditable trail for full transparency.

Platform Features Supporting Compliance

  • Per-Patient Encryption: Unique encryption keys for each participant ensure secure and inaccessible data upon key deletion.
  • Data Anonymization: Enhanced privacy protection through anonymization capabilities.
  • Role-Based Permissions: Limits access to sensitive data based on user roles in the clinical trial.
  • End-to-End Encryption: Safeguards data during transfer and storage.
  • Incident Management: Structured procedures ensure swift resolution and reporting of breaches.


Continuous Improvement

Alethium is committed to ongoing investment in compliance and security enhancements:

  • Integration of advanced threat detection systems.
  • Continuous refinement of encryption and access control protocols.
  • Regular external audits to validate the effectiveness of implemented controls.

Experience how the Alethium Trial Platform protects sensitive data, ensures compliance, and streamlines clinical trial operations.

Schedule a Demo Today

How can we help with your study?

The Alethium eClinical Platform removes the time, cost, and risk from large, complex, multinational clinical trials. Tell us about your needs and a member of our team will connect with you soon.