Data safe havens: A future EOSC service?
•Download as PPTX, PDF•
0 likes•90 views
This document discusses data safe havens and how they could potentially be incorporated into the European Open Science Cloud (EOSC) to enable research using sensitive data. It describes how data safe havens provide a secure environment for working with medical, social, and other restricted data according to national information governance policies. The document then outlines the Caldicott framework for governing health data research in the UK, as well as specific examples like the Farr Institute and NHS Scotland's approach. It discusses how data linkage projects are currently conducted securely in Scotland's national safe haven. Finally, it raises challenges around harmonizing different countries' information governance policies and ensuring the right support services and standards are in place to enable this kind of research at a European level
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Data safe havens: A future EOSC service?
Similar to Data safe havens: A future EOSC service? (20)
More from EUDAT
More from EUDAT (20)
Recently uploaded
Recently uploaded (20)
Data safe havens: A future EOSC service?
- 1. www.eudat.eu EUDAT receives funding from the European Union's Horizon 2020 programme - DG CONNECT e-Infrastructures. Contract No. 654065 Data safe havens: a future EOSC service? Rob Baxter EPCC, University of Edinburgh
- 2. Data Safe Havens? Provide a “safe environment” for research work on “sensitive” data medical data (e.g. patient records; MRI images) social data (e.g. census; government; police) Are subject to strong information governance policies dictated at national level Can such services be brought into EOSC?
- 3. UK IG: National Data Guardian Provides overarching information governance framework for research with health-related data Three guiding principles: 1. Encourage sharing of information in the interests of providing direct care to an individual 2. “No surprises” to citizens; they should have choice about the use of their data 3. Dialogue with the public Current NDG is Dame Fiona Caldicott hence “Caldicott Guardians”
- 4. The Farr Institute Publically funded UK-wide research collaboration 21 academic institutions and health partners Committed to delivering high-quality, cutting-edge research using ‘big data’ to advance the health and care of patients and the public subject (of course!) to Caldicott Guardian framework (Interestingly, UK public tend to be more open to use of their data than current ethics committees think! see Aitken et al, BMC Medical Ethics, Nov 2016 http://dx.doi.org/10.1186/s12910-016-0153-x )
- 5. NHS Scotland & SHIP In the UK, Scotland has been in forefront of medical informatics for research Scottish (Health) Informatics Partnership defined a proportional, risk-based approach to IG anticipating a lot of GDPR incorporated into the Caldicott framework the “Public Benefit & Privacy Panel” with a big focus on data linkage
- 6. IG for data linkage projects: setup A Researcher proposes a study using datasets A, B, C The study is assessed by NHS Research Coordinators (RCs), or escalated to full PBPP if contentious (“Tier 1” → “Tier 2”) If approved, RCs arrange preparation of datasets with individual Data Controllers (DCs)…
- 7. LinkerDC: A DC: C DC: B Indexer 1. Data Controllers DC send datasets independently to Indexer 2. Indexer replaces PII in each dataset with index terms unique to each dataset 3. Data Controllers send “confidentialised” datasets independently to Linker 4. Indexer sends Master Index File to Linker 5. Linker connects datasets A, B, C, using Master Index File & presents to user in secure workspace in Safe Haven 6. User works on “confidentialised linked data” through secure access system
- 8. IG for data linkage projects: research Trusted researchers work on confidentialised linked data in Safe Haven Any data transfers out of the Safe Haven are approved and executed by the RCs not the researchers! this includes final study results & findings Post-project, the whole workspace is torn down (may be securely archived for later reproducibility/validation)
- 9. Scottish National Safe Haven Part of the Farr Institute Scotland infrastructure Built, maintained and operated by EPCC at the University of Edinburgh, under contract to NHS Key features: all access through separate system firewall two-factor authentication for all users locked-down virtual desktops for researchers no cut-and-paste no Internet access authorised/pre-installed software only all data transfers managed by NHS RCs via separate path image data (NHS PACS system) imported via separate path
- 11. Challenges for EOSC This kind of research is governed by national policies are these compatible? Relies heavily on specially trained staff (“safe people”), both inside & outside the Safe Haven especially the Research Coordinators Safe Haven service itself may actually be the easiest part!
- 12. www.eudat.eu EUDAT receives funding from the European Union's Horizon 2020 programme - DG CONNECT e-Infrastructures. Contract No. 654065 Parallel Session 4 Panel Wed 24th How should EOSC support research with restricted data? Moderator: Rob Baxter, EPCC Rapporteur: Heli Autere, CSC
- 13. How should EOSC support research with restricted data? David Foster Head of Data Privacy Protection, CERN Petr Holub IT/Data Protection Manager, BBMRI-ERIC Francesca Iozzi Senior Advisor, UNINETT Sigma2 Heiko Tjalsma Policy/Legal Advisor, DANS …and you, the audience!
- 14. How should EOSC support research with restricted data? 1. What about information governance? a) Harmonisation of national frameworks? b) What can EOSC implementers do to influence? 2. Data sharing? a) Do we have the right standards? b) Are Codes of Conduct sufficient i.t.o. GDPR? 3. Needed services? a) Is the Safe Haven approach feasible at scale? b) Are there easier steps we can take?