Legal aspects of Wordpress ELNs
56 views
Skip to first unread message
B. Lachele Foley
Aug 30, 2013, 3:30:18 PM8/30/13
to wordpress-fo...@googlegroups.com
Our group likes using Wordpress for ELNs. So do others. But, repeatedly, concerns are voiced regarding 21 CFR part 11 compliance. There are a few other standards, but that one is cited most often. Briefly, these are standards designed to ensure that electronic laboratory notebooks can be used as a legal document in a manner similar to traditional paper notebooks. Here's the Wikipedia on 21 CFR 11: http://en.wikipedia.org/wiki/Title_21_CFR_Part_11
I've chatted with a few folks, and it's probably possible. It seems that some combination of, e.g., database transaction registers, PGP signatures, md5 sums or other hashes, and hard-to-alter records of these could take care of most of it. But, I haven't had a conversation with anyone who can say whether such things would hold up legally.
Another issue regards security (patenting, maintaining security of proprietary data). For that, perhaps a private site with an encrypted database would do. But, again, I don't really know.
Does anyone here know of attempts to do that for WP ELNs?
:-) Lachele
B. Lachele Foley
Aug 31, 2013, 12:13:38 PM8/31/13
to wordpress-fo...@googlegroups.com
One place to start might be something like TimeCert. Quoting a post from 2008,
"I would expect it to be extremely simple to create a WordPress plugin to do this automatically, if someone is up to the challenge."
http://stakeventures.com/articles/2008/07/17/relaunching-timecert-a-trusted-third-party-time-stamping-service
http://stakeventures.com/articles/2008/07/17/relaunching-timecert-a-trusted-third-party-time-stamping-service
It does appear to be easy enough, and I don't know PHP or Python. :-)
David Koppstein
Oct 10, 2013, 3:15:09 PM10/10/13
to wordpress-fo...@googlegroups.com
A few thoughts:
1) I like the general idea behind timecert quite a lot, although it seems like it's just run by one guy so it's unclear to me how long those records will be in existence. I feel like this is something that universities could do for their researchers.
2) I think timestamping of data in this way is fundamentally linked to version control. For example, if your electronic lab notebook is a git repository, then you can just give a hash of each commit to some third party which they can timestamp (this is the whole idea behind http://stakeventures.com/articles/2009/08/31/integrating-timecert-with-github -- genius!). If you ever need to prove that your data matches the timestamped hash, all you need to do is revert the git repository to that commit and prove that it has the same hash that you gave them originally.
With a WordPress instance, however, it seems like there are a lot of moving parts that would make this difficult. In order to have this same functionality, you'd need be able to
a) Hash the entire WordPress instance every time you make a change
b) Have the ability to revert the entire WordPress instance to that hash
a) seems not straightforward but doable, but b) seems really difficult. It just seems to me that having a mutable CMS is fundamentally at odds with version control; at the very minimum, I think there's no good way to version the database.
Then again, I'm no developer, and would love it if someone proved me wrong. I eventually gave up hope that a CMS could be tracked in this way, and now keep my lab notebook/data under version control in a directory, which is not nearly as user-friendly ;-)
-David
1) I like the general idea behind timecert quite a lot, although it seems like it's just run by one guy so it's unclear to me how long those records will be in existence. I feel like this is something that universities could do for their researchers.
2) I think timestamping of data in this way is fundamentally linked to version control. For example, if your electronic lab notebook is a git repository, then you can just give a hash of each commit to some third party which they can timestamp (this is the whole idea behind http://stakeventures.com/articles/2009/08/31/integrating-timecert-with-github -- genius!). If you ever need to prove that your data matches the timestamped hash, all you need to do is revert the git repository to that commit and prove that it has the same hash that you gave them originally.
With a WordPress instance, however, it seems like there are a lot of moving parts that would make this difficult. In order to have this same functionality, you'd need be able to
a) Hash the entire WordPress instance every time you make a change
b) Have the ability to revert the entire WordPress instance to that hash
a) seems not straightforward but doable, but b) seems really difficult. It just seems to me that having a mutable CMS is fundamentally at odds with version control; at the very minimum, I think there's no good way to version the database.
Then again, I'm no developer, and would love it if someone proved me wrong. I eventually gave up hope that a CMS could be tracked in this way, and now keep my lab notebook/data under version control in a directory, which is not nearly as user-friendly ;-)
-David
Reply all
Reply to author
Forward
0 new messages