1 / 23

Agenda

Agenda. Problem Existing Approaches The e-Lab Is DRM the solution?. Climate Change. Problem. Potentially identifiable data required for effective research Individuals have a right to confidentiality and privacy Potentially identifiable data should not be: Redistributed

josef
Download Presentation

Agenda

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Agenda • Problem • Existing Approaches • The e-Lab • Is DRM the solution?

  2. Climate Change

  3. Problem • Potentially identifiable data required for effective research • Individuals have a right to confidentiality and privacy • Potentially identifiable data should not be: • Redistributed • Release under defined conditions • Linked to other data • Risk of deductive disclosure • Potentially identifiable data should be: • Stored securely • Destroyed after use

  4. Potentially Identifiable Information • Individual records even if they do not include variables, such as names, full postcodes, and dates of birth which would make them obviously identifiable; • Tabular data, based on small geographic areas, with cell counts of fewer than five cases/events (or where counts of less than five can be inferred by simple arithmetic) – hereafter referred to as “sparse cells” • Tabular data containing cells that have underlying population denominators of less than approximately 1,000 • Source UKACR

  5. Existing approaches • Locked rooms, locked down machines • Used by many national statistical services • Does not scale

  6. Existing approaches • Policy • User bound by terms and conditions or contract of employment or professional governance bodies

  7. UKACR Policy • the intended use(s) of the data should be stated clearly • the use(s) of the data should be justified and the data should not be used for any other purpose(s) • the data should not be passed on to other third parties or released into the public domain • the data should be kept securely for the period of time that can be justified by the stated purpose, and then destroyed • no attempt should be made to identify information pertaining to particular individuals or to contact individuals • no attempt should be made to link the data to other data sets, unless agreed with the data providers

  8. Existing approaches • Policy • User bound by terms and conditions or contract of employment or professional governance bodies • Policing • Doesn’t scale

  9. North West e-Health • Joint Project: SRFT, SPCT, UoMFounded on UoM/ Salford NHS experience and expertise • Based on the establishment of an e-Lab federation: “that will allow the partners to pool and develop their expertise and resources, acting together for mutual benefit and for the benefit of other stakeholders and clients” • NWDA core-funding • Potential for self-sustaining entity

  10. What is an e-Lab ...an information system bringing together data, analytical methods and people for timely, high-quality decision-making

  11. Information Governance • Designed for minimal disclosure • Only release items that user “Needs to know” • Only release items that user “Has the right to know” • Determined by the “e-Lab Governance Board”

  12. Information Governance • Technical safeguards • Audit trails & monitoring • Anonymisation and Inference control • Operational procedures • Users sign up to terms and conditions of use; bound by employment contracts • Spot checks • Governance Board + NREC Research Database Approval

  13. NHS Trust EHR E-Lab Data Store Governance Users

  14. 2. Pseudonymisation, classification and integration Trust Systems Trust e-Lab Clinical Data Clinical Data Integrated EHR E-Lab Repository Non-clinical Data Non-clinical Data 1. Integration of primary and secondary care records

  15. Trust e-Lab E-Lab Repository 3. Perform Data Query 4. Anonymisation and inference control 2. Access control module authorizes request User Data Store 8. Storage 1 .User logs on and submits query Access Control e-Lab Tools 9. Data analysis and visualization

  16. NHS Trust EHR NHS Trust EHR E-Lab Data Store E-Lab Governance Data Store Users Governance Users NHS NHS Trust EHR E-Lab Data Store Governance Users NWeH Broker NWeH Federated E-Lab Governance Users

  17. NHS Trust e-Lab NWeH – e-Lab Federation NHS Trust e-Lab E-Lab Repository E-Lab Repository 5. Per request keyed pseudonymisation 5. Per request keyed pseudonymisation 6. Data integration Broker 3. Broker performs distributed query; generate pseudonym keys 7. Anonymisation and inference control 2. Access control module authorizes request User Data Store 8. Storage 1 .User logs on and submits query Access Control 9. Data analysis and visualization e-Lab Tools

  18. e-Labs Pseudonymised Data Flows e-Lab Broker Secondary Pseudonymised Data Flows Data Users

  19. DRM Solution? • DRM used to prevent re-distribution • DRM used to prevent modification • DRM used to prevent linking to other data

  20. DRM problems • Not fail safe? • Better than just stopping the “casual attacker”? • Perception is easy to crack or by-pass

More Related