Agenda Problem Existing Approaches The e-Lab Is DRM the solution?

Slides:



Advertisements
Similar presentations
The Role of the IRB An Institutional Review Board (IRB) is a review committee established to help protect the rights and welfare of human research subjects.
Advertisements

NIGB International Data Sharing Conference Oxford Tuesday 21 st September 2010 National Information Governance Board Alan Doyle - Director Karen Thomson.
NIGB Legal requirements for use of personal data in research OnCore UK / NRES Training workshop Ethical Principles relating to consent for use of samples.
Sustainability Implementing Sustainable Practices for Productivity Enhancement for Productivity Enhancement Presented by Ryte Byte, Inc.
A Plan for a Sustainable Community Behavioral Health Information Network Western States Health-e Connection Summit & Trade Show September 10, 2013.
Ethics and Governance of Clinical Information. Ethics, Confidentialty and Consent Ethical approach Trust Joint Act of Publication Forum for Governance.
Information Governance Peter McKenzie Information Governance Manager NHS Tayside
Using Data for Programs:
1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.
HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
CIPFA North West Audit, Risk and Governance Professional Development Group Warrington, November 2014 Health & Social Care Workshop.
Choice lifestyle & Responsibility Service user involvement and policy development Responsibility contracts.
EUropean Best Information through Regional Outcomes in Diabetes Privacy and Disease Registries Technical Aspects Peter Beck JOANNEUM RESEARCH, Austria.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Developing a Records & Information Retention & Disposition Program:
Applied Cryptography for Network Security
Chapter 16 Security. 2 Chapter 16 - Objectives u The scope of database security. u Why database security is a serious concern for an organization. u The.
Integration, cooperation and partnerships
ELECTRONIC MEDICAL RECORDS By Group 5 members: Kinal Patel David A. Ronca Tolulope Oke.
NHS e-Lab Nottingham, September 2010 John Ainsworth
Improving the Health and Wellbeing of People with Learning Disabilities: An Evidence-Based Commissioning Guide for Clinical Commissioning Groups Dr Matt.
Adam Wilcox, PhD Associate Professor of Biomedical Informatics.
Internal Auditing and Outsourcing
Security and DICOM Lawrence Tarbox, Ph.D. Chair, DICOM Working Group 14 Siemens Corporate Research.
Safeguarding Adults at Risk in the new commissioning landscape Stephan Brusch Professional Safeguarding Adult Advisor.
Software Configuration Management (SCM)
NHS Greater Glasgow & Clyde Local Data Sharing Partnership Case Study “ Data Sharing Enabled by Clinical Portal Technologies” George Lynch Information.
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
Working Together to Advance Terminology Tooling Presentation to OHT Board, Birmingham Jennifer Zelmer & Karen Gibson.
A Paradigm Shift for Sharing Health Information: the Health and Prevention Promotion Initiative (HAPPI) William A. Yasnoff, MD, PhD, FACMI Managing Partner,
Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard.
Future Use of Stored Samples & Data and the NIH Policy on GWAS and dbGaP NIAID/DAIDS Dione Washington, M.S. -- ProPEP Sudha Srinivasan, Ph.D.-- TRP Tanisha.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
OHT 11.1 © Marketing Insights Limited 2004 Chapter 9 Analysis and Design EC Security.
The New Public Health System
Best Practices: Financial Resource Management February 2011.
Privacy, Quality and Electronic Health Information Royal New Zealand College of GPs Quality Forum 14 February 2009 Sebastian Morgan-Lynch
SPIRE Project Scottish Primary Care Information Resource SCIMP Conference 2013.
Patient Data Security and Privacy Lecture # 7 PHCL 498 Amar Hijazi, Majed Alameel, Mona AlMehaid.
Introduction to the Summary Care Record (SCR)
Langbaurgh Social Enterprise – A Case Study Ian Reeve Managing Director.
GEOG3025 Confidentiality and social implications.
1 Data use, data sharing and information governance Geraint Lewis Chief Data Officer, NHS England Mark Golledge Programme Manager in.
Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill Chapter 6 The Privacy and Security of Electronic Health Information.
Name Position Organisation Date. What is data integration? Dataset A Dataset B Integrated dataset Education data + EMPLOYMENT data = understanding education.
Whose Responsibility is it? Karen Korb TELUS Health Solutions November 24, 2009 Privacy and Confidentiality in the EHR:
FGM – THE ENHANCED DATASET DR EMMA TUKMACHI LEAD GP FOR SAFEGUARDING CHILDREN IN TOWER HAMLETS.
Governance and Commissioning Natalie White DCSF Consultant
Mine Altunay July 30, 2007 Security and Privacy in OSG.
Configuration Management and Change Control Change is inevitable! So it has to be planned for and managed.
Data Governance 101. Agenda  Purpose  Presentation (Elijah J. Bell) Data Governance Data Policy Security Privacy Contracts  FERPA—The Law  Q & A.
Access to data for local authority public health AGW Public Health Network Training Event: Public Health Data, Information and Intelligence 11 th November.
National Programme for Information Technology The Secondary Uses Service Jeremy Thorp Director of Business Requirements Technology Office.
Formal agreement between the CCG, City Council, Salford Royal and Greater Manchester West –Pooled health & social care budget and financial risk share.
Improving Lives In Our Communities Records Management CQC Inspection Alan Ferguson: Records Manager & Quality Facilitator Records Management CQC Briefing.
IT Summit November 4th, 2009 Presented by: IT Internal Audit Team Leroy Amos Sue Ann Lipinski Suzanne Lopez Janice Shelton.
Protecting your Managed Services Practice: Are you at Risk?
Quality Issues in Health and Social Care Maria O’Connell – Acting Team Manager, Social Care Direct & Jane Wilson – Designated Nurse for Safeguarding Adults,
National Statistics - access and disclosure issues for Vital Events data Allan Baker Office for National Statistics.
Health Information Exchange: Alaska’s Health Pipeline Alaska Bar Association Health Law Section February 2, 2012 Carolyn Heyman-Layne.
Audit Trail LIS 4776 Advanced Health Informatics Week 14
Washington State Hospital Association
Health Information Exchange: Alaska’s Health Pipeline
Medical Imaging Data Access and Sharing Meeting
Frimley Health and Care Integrated Care System
Database Design Hacettepe University
The Health Insurance Portability and Accountability Act
THE 13TH NATIONAL HIPAA SUMMIT HEALTH INFORMATION PRIVACY & SECURITY IN SHARED HEALTH RECORD SYSTEMS SEPTEMBER 26, 2006 Paul T. Smith, Esq. Partner,
Managing Private and Public Views of DDI Metadata Repositories
Presentation transcript:

Agenda Problem Existing Approaches The e-Lab Is DRM the solution?

Climate Change

Problem Potentially identifiable data required for effective research Individuals have a right to confidentiality and privacy Potentially identifiable data should not be: –Redistributed Release under defined conditions –Linked to other data Risk of deductive disclosure Potentially identifiable data should be: –Stored securely –Destroyed after use

Potentially Identifiable Information Individual records even if they do not include variables, such as names, full postcodes, and dates of birth which would make them obviously identifiable; Tabular data, based on small geographic areas, with cell counts of fewer than five cases/events (or where counts of less than five can be inferred by simple arithmetic) – hereafter referred to as “sparse cells” Tabular data containing cells that have underlying population denominators of less than approximately 1,000 –Source UKACR

Existing approaches Locked rooms, locked down machines –Used by many national statistical services Does not scale

Existing approaches Policy –User bound by terms and conditions or contract of employment or professional governance bodies

UKACR Policy the intended use(s) of the data should be stated clearly the use(s) of the data should be justified and the data should not be used for any other purpose(s) the data should not be passed on to other third parties or released into the public domain the data should be kept securely for the period of time that can be justified by the stated purpose, and then destroyed no attempt should be made to identify information pertaining to particular individuals or to contact individuals no attempt should be made to link the data to other data sets, unless agreed with the data providers

Existing approaches Policy –User bound by terms and conditions or contract of employment or professional governance bodies Policing –Doesn’t scale

North West e-Health Joint Project: SRFT, SPCT, UoM Founded on UoM/ Salford NHS experience and expertise Based on the establishment of an e-Lab federation: “that will allow the partners to pool and develop their expertise and resources, acting together for mutual benefit and for the benefit of other stakeholders and clients” NWDA core-funding Potential for self-sustaining entity

What is an e-Lab...an information system bringing together data, analytical methods and people for timely, high-quality decision-making

Information Governance Designed for minimal disclosure Only release items that user “Needs to know” Only release items that user “Has the right to know” Determined by the “e-Lab Governance Board”

Information Governance Technical safeguards –Audit trails & monitoring –Anonymisation and Inference control Operational procedures –Users sign up to terms and conditions of use; bound by employment contracts –Spot checks Governance Board + NREC Research Database Approval

NHS Trust E-Lab Data Store Governance Users EHR

Clinical Data Non-clinical Data Clinical Data Integrated EHR E-Lab Repository Non-clinical Data 2. Pseudonymisation, classification and integration 1. Integration of primary and secondary care records Trust Systems Trust e-Lab

User Data Store 4. Anonymisation and inference control 8. Storage 9. Data analysis and visualization Access Control e-Lab Tools 1.User logs on and submits query 2. Access control module authorizes request 3. Perform Data Query E-Lab Repository Trust e-Lab

NHS NHS Trust E-Lab Data Store Governance Users EHR NHS Trust E-Lab Data Store Governance Users EHR NHS Trust E-Lab Data Store Governance Users EHR NWeH Broker NWeH Users Federated E-Lab Governance

Broker User Data Store 5. Per request keyed pseudonymisation 6. Data integration 7. Anonymisation and inference control 8. Storage 9. Data analysis and visualization NHS Trust e-Lab NWeH – e-Lab Federation NHS Trust e-Lab E-Lab Repository E-Lab Repository Access Control e-Lab Tools 1.User logs on and submits query 2. Access control module authorizes request 3. Broker performs distributed query; generate pseudonym keys 5. Per request keyed pseudonymisation

Data Users e-Lab Broker e-Labs Secondary Pseudonymised Data Flows Pseudonymised Data Flows

DRM Solution? DRM used to prevent re-distribution DRM used to prevent modification DRM used to prevent linking to other data

DRM problems Not fail safe? Better than just stopping the “casual attacker”? Perception is easy to crack or by-pass

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.