Data Protection

Designed an enterprise-wide data protection solution that drove measurable risk reduction and CAPA closure in a regulated clinical environment.

Project Details

Project Name

Subject Confidentiality Training Program

Tools Used

Articulate Storyline 360 · LMS (SCORM 2004 3rd Edition) · Excel (data analysis & pivot tables)

Skills Applied

Learning Needs Analysis · Root Cause Analysis · Compliance Training Design · Assessment Design · Scenario-Based Learning · Data Analysis · Stakeholder Interviews · CAPA Support

Project Overview

This project focused on improving enterprise-wide handling of subject data and Personally Identifiable Information (PII) within a highly regulated clinical environment. Prior to this initiative, there was no comprehensive training program addressing subject confidentiality—only a basic Read & Acknowledge activity tied to a standard operating procedure (SOP).As part of a broader Corrective and Preventive Action (CAPA) effort, I designed and delivered a three-part, scalable learning solution for a global audience of 30,000+ learners, combining awareness, application, and assessment to drive measurable behavior change.

My Role

Led end-to-end learning strategy, analysis, and design for an enterprise-wide compliance initiative
Conducted data analysis across three QA systems to identify trends, risks, and root causes
Partnered with Legal, Quality, Clinical Operations, and executive sponsors to align remediation strategy
Designed and built a multi-part Storyline 360 solution, including a large-scale, randomized assessment
Defined evaluation approach and analyzed post-training outcomes to support CAPA closure

Business Challenge

The organization was experiencing frequent and repeat data security/privacy breaches, including minor, major, and critical quality events related to subject confidentiality. These events were captured across multiple quality systems and spanned regions, vendors, and functional areas.

Key challenges included:

No enterprise-wide training addressing real-world data handling scenarios
Limited insight into why breaches were occurring or recurring
Ineffective post-event remediation that failed to prevent repeat incidents
A live CAPA requiring defensible evidence of corrective action and impact

The business needed a solution that went beyond policy acknowledgment and demonstrably reduced risk.

Strategic Solution

I began with a three-month discovery and analysis phase to identify both knowledge and behavior gaps:

Reviewed all CAPA documentation and remediation requirements
Analyzed 18 months of clinical quality events across three QA systems, identifying patterns by event severity, source, and data type
Conducted cross-functional stakeholder interviews (Legal, Quality Assurance, Pharmacovigilance, Clinical Operations, Business Optimization)
Used Lean Six Sigma root cause analysis tools to understand why breaches were occurring and why existing controls were ineffective

Based on these findings, I proposed and designed a multi-pronged remediation strategy, anchored by a three-part course built in Storyline 360:

Short animated video to establish context and reinforce risk awareness
Interactive SOP review with required download for daily reference
Comprehensive, scenario-based assessment using real-world data breach examples

The assessment was a critical component. It included:

Multiple randomized question banks to support retakes and reduce answer-sharing
Graphics-heavy questions reflecting real patient records and documentation
Diverse interaction types (hotspot, drag-and-drop, scenario-based, multiple choice)
Targeted feedback for both correct and incorrect responses
LMS-level response tracking to support remediation and CAPA reporting

In parallel, I supported the rollout with:

Structured manager follow-up for repeated failed attempts
Coaching recommendations for post-event remediation
Executive-sponsored communication to address regional findings and reduce resistance

Course Walk-through

In order to protect the confidentiality of the original project, I have elected to provide a screenshot walk-through of the course, which includes all of the intro and wrap-up slides as well as a selection of the question types.

As noted above, the assessment draws from three different question pools, allowing randomization for multiple attempts. The course is designed to reinforce desired behavior—that is, a learner downloads the SOP and works through challenging questions as they would be expected to when faced with situations at work.

Title Screen

About Screen

End Slide

Title Screen

1/13

Before & After

Before the Intervention

Subject confidentiality training was limited to a policy acknowledgment activity
Learners lacked exposure to realistic, role-based data handling scenarios
Privacy breaches recurred across regions and functional areas
Post-event remediation efforts were inconsistent and ineffective

After the Intervention

Learners demonstrated improved ability to identify and respond to real-world data privacy risks
Minor quality events decreased and major/critical events were eliminated within 90 days
Post-training data supported successful CAPA closure
A repeatable framework for remediation and follow-up was established

Results & Impact

83%

Net Promoter Score
from post-course learner surveys

68%

Reduction in minor quality events at 90 days post-training

100%

Elimination of major and critical quality events at 90 days post-training

CAPA

- Results formally reported

- Successful removal based on demonstrated effectiveness

The program delivered clear, measurable outcomes tied directly to CAPA objectives.

This project demonstrated how targeted learning design—grounded in data analysis, stakeholder insight, and realistic assessment—can drive meaningful risk reduction at scale.