1 / 12

Pilot HRSS Pseudonymisation and Person Matching An Outline of the Approach Alan Barcroft

Pilot HRSS Pseudonymisation and Person Matching An Outline of the Approach Alan Barcroft. Pilot HRSS Background. Programme within the DH Research and Development Directorate and the NIHR Health Research Support Service (HRSS) Pilot HRSS operational since January 2011

burke-ashley
Download Presentation

Pilot HRSS Pseudonymisation and Person Matching An Outline of the Approach Alan Barcroft

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Pilot HRSS Pseudonymisationand Person MatchingAn Outline of the ApproachAlan Barcroft

  2. Pilot HRSS Background • Programme within the DH Research and Development Directorate and the NIHR • Health Research Support Service (HRSS) • Pilot HRSS operational since January 2011 • RCP and the Pilot Programme have worked closely with key stakeholders to promote acceptance/governance: • NIGB/ECC • NRES and the South East REC • ICO through Privacy Impact Assessment (PIA) • BMA

  3. Key Pseudonymisation Principles • “Honest Broker” that processes identifiable data • Both a Pseudonymisation Service • and a Person Identification Service • Separation of Identity and Clinical data • Both Inbound and Outbound • “Identifying Data” and “Payload” (DD ISO 25237:2008) • Internal allocation of “HRSS ID” pseudonym unique to the Service • HRSS ID is encrypted on the Clinical side • Processing is automated • No direct access to the data by recipients - by bespoke delivery only • Secondary Study Anonymisation / Pseudonymisation of HRSS ID by encryption • Different study outputs not intended for linkage cannot be unilaterally linked outside the Service

  4. Pilot HRSS Infrastructure Data Source I N B O U N D Outside World H R S S SFTP PI SFTP SFTP CI SFTP Landing Landing Landing Landing Person Information Clinical Information

  5. Pilot Data Sources • Hospital Episode Statistics • UK Renal Registry • ONS Death Registrations • SLaM • Thames Cancer Registry • CTSU ASCEND • NICOR: MINAP • NICOR: BCIS • MRIS • NHS CSP (Bowel) • PDS

  6. Global HRSS ID Internal to HRSS Meaningless without access to Index Decryption Keys All other ID attributes Matching characteristics Other ID attributes Stored against HRSS ID Master Patient Index Interim Study Patient Index Matching Processing Global HRSS Pseudonym Encrypted Global HRSS ID No route to IDs without key and access to Index Interim Solution Study Pseudonym Delays with PDS Matching confidence Large volume persistent data Uses existing IDs (e.g. HES ID, Epikey) IDs are Encrypted Obfuscated ID data (e.g. YoB) Clinical data Internal Pseudonymisation Patient Identifiers Server Clinical Information Server ISO 25237: “Identifying Data” ISO 25237: “Payload”

  7. Matching Characteristics • Automated Matching Characteristics • NHS Number • Date of Birth • Name • Postcode • Gender / Sex • Local Patient ID • Variety of matching criteria sets • Notional decreasing confidence • Assumes DBS is master (used operationally in the NHS for clinical records)

  8. Matching Criteria Sets • Exact Traced NHS Number • Exact NHS Number and Date of Birth • Exact NHS Number and Partial Date of Birth, with Partial Name and Gender Check • Local Patient Identifier and Partial Date of Birth, with Partial Name and Gender Check • Exact Name, Date of Birth and Postcode, with Initial and Gender Check • Exact Date of Birth and Postcode, with Gender Check

  9. Pilot HRSS Infrastructure Study Owner O U T B O U N D Outside World H R S S SFTP PI SFTP SFTP CI SFTP Landing Landing Landing Landing Person Information Clinical Information

  10. Pilot Study Owners • Phases I & II Pilot Study Owners • Kings College London • UK Renal Registry • CTSU ASCEND • NCIN / NHS CSP

  11. Group Pseudo- nym HRSS ID A Study’s Outputs:External Pseudonymisation Optional: Dependent on approvals ECC (S251), Patient Consent Group Pseudo- nym HRSS ID

  12. Any Questions?

More Related