11. Health Informatics Centre
dundee.ac.uk/hic
Demography
GRO ECHO
There was a
22% overall
reduction in all
cause mortality
with β blocker
use
Prescribing TARDIS
Biochemistry
MicrobiologyHaematology
Case Study # 1 - β blockers:
Their Effect in Managing Chronic Obstructive Pulmonary Disease (COPD)
Setting Tayside, Scotland (2001–2010)
Population 5977 patients aged >50 years
with a diagnosis of COPD.
BMJ. 2011; 342: d2549. 10.1136/bmj.d2549 P.M Short, S.I.W Lipworth, D.H.J Elder, S. Schembri, B.J. Lipworth.
12. Health Informatics Centre
dundee.ac.uk/hic
Hospital
admissions
GRO
More than 400 lives are being lost each year
because breast cancer patients fail to take
the full course of the drug Tamoxifen due to
"intolerable" side-effects
Prescribing
Br J Cancer. 2008 December 2; 99(11): 1763–1768. 10.1038/sj.bjc.6604758 McCowan, J Shearer, P T Donnan, J A Dewar, M Crilly, A M Thompson and T P Fahey
Researcher Supplied
Cohort
Cancer patients from a
Ninewells clinic
Case Study #2: Tamoxifen adherence:
Relationship to Mortality in Women with Breast Cancer
13. Health Informatics Centre
dundee.ac.uk/hic
Research Data Management Platform (RDMP)
‘Optimizing and Augmenting the Research Data Supply Chain`
Labs
SMR01
Prescribing
Raw Data Data Import Databases Custom Extractions & Export Formats
RDMP
Labs
SMR01
Prescribing
Raw Data Data Import Structured
Database
Extraction + Export
DataLoad
Engine
Research
Data Warehouse
Validate
Clean
Catalogue
QualityChecks
Project X
Data Marts
Validate
Clean
Catalogue
QualityChecks
Project Y
Data Marts
Validate
Clean
Catalogue
QualityChecks
DataExtraction
Engine
14. Health Informatics Centre
dundee.ac.uk/hic
Data
Set 1
Data
Set 6
Data
Set 2
Data
Set 3
Data
Set 4
Data
Set 5
Data Set 1
Pseudo-CHI
Data Set 2
Pseudo-CHI
Data Set 6
Pseudo-CHI
Data Set 3
Pseudo-CHI
Data Set 4
Pseudo-CHI
Data Set 5
Pseudo-CHI
CHI and All
Identifiable
Data
Data Set 1
Project -CHI
Data Set 4
Project -CHI
NHS Network University Network
Data Repository Function of Safe Haven Analytic Platform of Safe Haven
Virtual
Environment –
no data leaves
15. Health Informatics Centre
dundee.ac.uk/hic
• Extraction takes minutes
• Data released is standardised – the same regardless of Data Analyst that
completes the work
• A history is recorded of all changes to data over time
• Data released now will be in the same format as in 5 years from now
• Metadata has been added
• Methods for transforming and validations have been added across all data
sets
• Tools to manage and explore the data are available to Data Management
team and researchers
• Audit and Logging all automated
• Major work towards integration of image and genomic data
19. Health Informatics Centre
dundee.ac.uk/hic
• There are many types of ISO
Certification.
• We have 27001:2013 – Certificate
Number: 2016/2269
• ISO 27001:2013 is a specification for an
information security management
system (ISMS). An ISMS is a framework of
policies and procedures that includes all
legal, physical and technical controls
involved in an organisation's information
risk management processes.
What is ISO27001?
20. Health Informatics Centre
dundee.ac.uk/hic
Why ISO27001 certification?
• Independent set of standards – so rather than constantly having to
think what documents and processes we should have in place and
reinventing the wheel, ISO gives us this!
• Gives confidence to other organisations we work with e.g. NHS, main
University.
• Reduces other documentation requirements for governance, as we
can just reference ISO documentation.
• Improves the working practices of HIC. This has been particularly the
case with our hardware infrastructure.
• Key towards Scottish Government Safe Haven Accreditation.
21. Health Informatics Centre
dundee.ac.uk/hic
Scottish Government Safe Haven Accreditation
• 27001 standard controls PLUS some
additional ones specific to Safe Havens.
• Reviewed by Scottish Government
eHealth.
• Documentation Required:
• Risk Assessment Doc
• Mapping of Controls
23. Health Informatics Centre
dundee.ac.uk/hic
Scope
“The provision of data to researchers via safe haven environment, secure
patient recruitment, data collection using software tools, data entry, the
development and operation of web based applications and all assets
underpinning the provision of those services from the locations of HIC premises
at Ninewells Hospital and data centres within the University of Dundee
Campus”
25. Health Informatics Centre
dundee.ac.uk/hic
ISO Controls – Made up of HIC specific ones
and University/NHS general controls
University of Dundee Security
Policies
University of Dundee HR Policies and
Procedures (and NHS where
appropriate as we have honorary
contracts)
HIC HR
Procedures/Training/Policies
HIC Security Policies
A7: Human Resource SecurityA5: Information Security Policies
A6: Organisation of
Information security
University of Dundee Security
Policies
HIC Security Policies,
SOPS, Procedures, Work
Instructions and Service
Descriptions
26. Health Informatics Centre
dundee.ac.uk/hic
Document Types and Review
Static & Formally Approved:
HIC Exec & HIC Information Governance Committee
• Policies
• Standard Operating Procedures (SOPs)
• Risk Management Doc
• Information Security Management System (ISMS)
Manual
• Business Continuity Plan
Just HIC Exec
• Procedures
Working Documents (technical):
Relevant Technical Manager
• Service Descriptions
• Work Instructions
• Asset and Responsibility Matrix
• Disaster Recovery Plans
• Infrastructure Diagrams
27. Health Informatics Centre
dundee.ac.uk/hic
Structure of Docs in Box Become aware of an
improvement of our
current procedure
Take a copy of Procedure from “Live” folder and move to
“Under Development”.
Draft change using tracked changes.
Ask Technical Manager to review.
Technical Manager moves the doc they have approved to
“Awaiting Approval Folder” and asks for it to be included in
HIC Exec Meeting Agenda for review.
If approved at HIC Exec either formally approved or sent to
HIC Information Governance Committee for additional
formal approval (if document type requires)
Approved doc is moved to
“Live” folder by HIC Admin
Procedure Changes
28. Health Informatics Centre
dundee.ac.uk/hic
Infrastructure comprised UoD, HIC & NHS
University of Dundee Network NHS Network
HIC Managed Hardware
HIC Managed Hypervisor Cluster
HIC Managed Operating Systems
HIC Managed Applications
UoD Hardware
UoD Hypervisor
UoD OS
UoD Applications
HIC and UoD use identical platform technology and share locations
Hardware & responsibility for management varies depending on specificity
University of Dundee Data Centres NHS Locations
29. Health Informatics Centre
dundee.ac.uk/hic
Timelines
• Help from University’s Information Security Officer (Graham McKay)
to get us up to the required standard.
• Passed our Stage 1 audit of our documentation in June 2015.
• Passed our Stage 2 audit of our systems (do we do what we say we do
in our documentation) in Jan 2016.
• Passed second Stage 2 audit July 2016
• Now have full audits every 6 months for the next 3 years!
30. Health Informatics Centre
dundee.ac.uk/hic
Phil Appleby
Jim Galloway
Chris Hall
Duncan HeatherEmily Jefferson
Claire JonesGordon
McAllister
Keith MilburnLeandro Tramma
Donald
Scobbie
Thomas Nind Guney Hanedan
Graham
McKay
Many thanks to the people that did all the work!