1 / 14

Secure EHR Data Repository Governance System

Our approach enforces information governance through technology, releasing only necessary data with NHS in control at all times. The system ensures access control, audit trails, and anonymization to protect user privacy and data integrity.

wood
Download Presentation

Secure EHR Data Repository Governance System

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. NHS e-Lab Nottingham, September 2010 John Ainsworth (john.ainsworth@manchester.ac.uk)

  2. Our Approach • Enforce information governance through technology wherever possible • Designed for minimum data release • Only release items that user “Needs to know” • NHS is in control of data at all times; NHS can choose what to make available through the e-Lab • Data is stored in a repository hosted on a server inside the NHS Trust

  3. Information Governance • Technical safeguards • Access Control based on privileges • Audit trails & monitoring • Anonymisation and Inference control • Operational • Users sign up to terms and conditions of use; bound by employment contracts • Auditing of users • Standard Operating Procedures • Governance Board + NRES Research Database Approval

  4. NHS Trust EHR E-Lab Pseudonymised Data Repository Governance Users

  5. 2. Pseudonymisation Trust Systems Trust e-Lab Clinical Data Clinical Data Integrated EHR Pseudonymised Data Repository Non-clinical Data Non-clinical Data 1. Integration of primary and secondary care records

  6. Trust e-Lab Psuedonymised Repository 3. Perform Data Query 4. Anonymisation and inference control 2. Access control module authorizes request User Data Store 5. Storage 1 .User logs on and submits query Access Control e-Lab Tools 6. Data analysis and visualization

  7. Data Extraction • Copies data from one database to another • Performs transformations on data fields e.g. • Postcode => LLSOA • Postcode => Area • Date = > year • Date => year and quartile • * => SHA-1 + user defined salt • * => RSA public-private key encryption • * => random 32-bit integer • Plug-in architecture for transformers

  8. Pseudonymisation

  9. Data Extraction

  10. Data Extraction

  11. Data Extraction

More Related