This document discusses data safe havens and how they could potentially be incorporated into the European Open Science Cloud (EOSC) to enable research using sensitive data. It describes how data safe havens provide a secure environment for working with medical, social, and other restricted data according to national information governance policies. The document then outlines the Caldicott framework for governing health data research in the UK, as well as specific examples like the Farr Institute and NHS Scotland's approach. It discusses how data linkage projects are currently conducted securely in Scotland's national safe haven. Finally, it raises challenges around harmonizing different countries' information governance policies and ensuring the right support services and standards are in place to enable this kind of research at a European level

1. www.eudat.eu
EUDAT receives funding from the European Union's Horizon 2020 programme - DG CONNECT e-Infrastructures. Contract No. 654065
Data safe havens:
a future EOSC service?
Rob Baxter
EPCC, University of Edinburgh

2. Data Safe Havens?
Provide a “safe environment” for research work on
“sensitive” data
medical data (e.g. patient records; MRI images)
social data (e.g. census; government; police)
Are subject to strong information governance policies
dictated at national level
Can such services be brought into EOSC?

3. UK IG: National Data Guardian
Provides overarching information governance framework
for research with health-related data
Three guiding principles:
1. Encourage sharing of information in the interests of
providing direct care to an individual
2. “No surprises” to citizens; they should have choice
about the use of their data
3. Dialogue with the public
Current NDG is Dame Fiona Caldicott
hence “Caldicott Guardians”

4. The Farr Institute
Publically funded UK-wide research collaboration
21 academic institutions and health partners
Committed to delivering high-quality, cutting-edge research
using ‘big data’ to advance the health and care of patients and
the public
subject (of course!) to Caldicott Guardian framework
(Interestingly, UK public tend to be more open to use of their data than
current ethics committees think!
see Aitken et al, BMC Medical Ethics, Nov 2016
http://dx.doi.org/10.1186/s12910-016-0153-x )

5. NHS Scotland & SHIP
In the UK, Scotland has been in forefront of medical
informatics for research
Scottish (Health) Informatics Partnership defined a
proportional, risk-based approach to IG
anticipating a lot of GDPR
incorporated into the Caldicott framework
the “Public Benefit & Privacy Panel”
with a big focus on data linkage

6. IG for data linkage projects: setup
A Researcher proposes a study using datasets A, B, C
The study is assessed by NHS Research Coordinators
(RCs), or escalated to full PBPP if contentious
(“Tier 1” → “Tier 2”)
If approved, RCs arrange preparation of datasets with
individual Data Controllers (DCs)…

7. LinkerDC: A
DC: C
DC: B
Indexer
1. Data Controllers DC send
datasets independently to
Indexer
2. Indexer replaces PII in each
dataset with index terms
unique to each dataset
3. Data Controllers send
“confidentialised” datasets
independently to Linker
4. Indexer sends Master Index
File to Linker
5. Linker connects
datasets A, B, C,
using Master
Index File &
presents to user in
secure workspace
in Safe Haven
6. User works on
“confidentialised
linked data”
through secure
access system

8. IG for data linkage projects: research
Trusted researchers work on confidentialised linked data
in Safe Haven
Any data transfers out of the Safe Haven are approved
and executed by the RCs
not the researchers!
this includes final study results & findings
Post-project, the whole workspace is torn down
(may be securely archived for later
reproducibility/validation)

9. Scottish National Safe Haven
Part of the Farr Institute Scotland infrastructure
Built, maintained and operated by EPCC at the University of
Edinburgh, under contract to NHS
Key features:
all access through separate system firewall
two-factor authentication for all users
locked-down virtual desktops for researchers
no cut-and-paste
no Internet access
authorised/pre-installed software only
all data transfers managed by NHS RCs via separate path
image data (NHS PACS system) imported via separate path

11. Challenges for EOSC
This kind of research is governed by national policies
are these compatible?
Relies heavily on specially trained staff (“safe people”),
both inside & outside the Safe Haven
especially the Research Coordinators
Safe Haven service itself may actually be the easiest part!

12. www.eudat.eu
EUDAT receives funding from the European Union's Horizon 2020 programme - DG CONNECT e-Infrastructures. Contract No. 654065
Parallel Session 4 Panel
Wed 24th
How should EOSC support research
with restricted data?
Moderator: Rob Baxter, EPCC
Rapporteur: Heli Autere, CSC

13. How should EOSC support research with
restricted data?
David Foster
Head of Data Privacy Protection, CERN
Petr Holub
IT/Data Protection Manager, BBMRI-ERIC
Francesca Iozzi
Senior Advisor, UNINETT Sigma2
Heiko Tjalsma
Policy/Legal Advisor, DANS
…and you, the audience!

14. How should EOSC support research with
restricted data?
1. What about information governance?
a) Harmonisation of national frameworks?
b) What can EOSC implementers do to influence?
2. Data sharing?
a) Do we have the right standards?
b) Are Codes of Conduct sufficient i.t.o. GDPR?
3. Needed services?
a) Is the Safe Haven approach feasible at scale?
b) Are there easier steps we can take?