Disclosure Control in Practice: issues and approaches Andy Sutherland Health and Social Care Information Centre.

Slides:

Advertisements

Similar presentations

The Statistics Act and Research Access to Data Paul J Jackson Legal Services ONS.

Advertisements

Release of Practice Level Prescribing Data Sue Faulding, Programme Manager, Prescribing and Primary Care Services.

Primary and secondary use of EHR: Enhancing clinical research Pharmaceutical Industry Perspectives Dr. Karin Heidenreich Senior Public Affairs Manager/Novartis.

Donald T. Simeon Caribbean Health Research Council

Confidentiality new guidance from the GMC. Statutory power to advise The Medical Act 1983 gives the GMC power to provide, in such manner as the Council.

THE FOLLOWING SLIDES EXPLAIN THE REQUIRED ELEMENTS THAT MUST BE INCLUDED FOR A HIPAA AUTHORIZATION TO BE VALID HIPAA Authorizations.

In a Virtual Data Centre Protecting Confidentiality COMPUTATIONAL INFORMATICS Christine O’Keefe, Mark Westcott, Adrien Ickowicz, Maree O’Sullivan, CSIRO.

Data-Sharing and Governance Consultation ANALYSIS OF RESPONSES.

Supporting & promoting Equality & Diversity through REF Dianne Berry, Chair REF E&D Advisory Panel Ellen Pugh, Senior Policy Officer ECU.

Statistical Disclosure Control Philip Johnston, Information Services Division, NHSNSS ScotPHO training course, 1 April 2011.

United Nations Expert Group Meeting on Revising the Principles and Recommendations for Population and Housing Censuses New York, 29 October – 1 November.

Developing Privacy and Security Standards Allen Briskin Allen Briskin

Protection of Personally Identifiable Information through Disclosure Avoidance Techniques Michael Hawes Statistical Privacy Advisor U.S. Department of.

Protecting information rights – advancing information policy Privacy law reform for APP entities (organisations)

The Nuffield Council on Bioethics Report : The collection, linking and use of data in biomedical research and health care: ethical issues. Martin Richards.

Patients Bill of Rights. What is a Patient’s Bill of Rights? A list of patients rights. It offers guidance and protection to patients by stating the responsibilities.

United Nations Economic Commission for Europe Statistical Division Applying the GSBPM to Business Register Management Steven Vale UNECE

SSRG annual workshop Balancing and Managing Risk 8th April 2008 Costing Children’s Services: Availability of Child Level Data Samantha Culley Centre for.

NSW Interagency Guidelines for Child Protection Intervention 2006 Briefing Information Session Child Protection Senior Officers Group.

Overview of 2002 CIPSEA: Methods to Protect Confidential Tabular Data Amrut Champaneri, Ph.D. U.S. Department of Transportation Bureau of Transportation.

Care.data: listening to you Robin Burgess Regional Head of Intelligence

Community Level Data Capture for MDSR Photo:

Intruder Testing: Demonstrating practical evidence of disclosure protection in 2011 UK Census Keith Spicer, Caroline Tudor and George Cornish 1 Joint UNECE/Eurostat.

Confidentiality Issues with “Small Cell” Data Michael C. Samuel, DrPH STD Control Branch California Department of Public Health 2008 National STD Prevention.

Code of Practice for Official Statistics Presented by Yasmin Cassimally with inputs from Aimee Cheung STATISTICS MAURITIUS 23 September 2013.

ADASS SPRING SEMINAR SECTOR LED IMPROVEMENT A new approach to excellence in Adult Social Care.

Disclosure Avoidance: An Overview Irene Wong ACCOLEDS/DLI Training December 8, 2003.

CES Task Force on Confidentiality and Microdata Tiina Luige UNECE Statistical Division Conference of European Statisticians UN Economic Commission for.

Transparency and Open Data: GSS Response Iain Bell HoP MoJ.

EGovernment Ireland’s eGovernment Strategy Enda Holland, Department of Public Expenditure and Reform.

Calculating Quality Reporting Service – an introduction Chris Brown CQRS Design, Build and Test Project Manager 05 September 2012.

Research and the Mental Capacity Act 2005 The Act applies to England & Wales only David Stanley Professor of Social Care, Northumbria University Chair,

Census/NeSS Roadshows March 2003 Better Information Initiatives.

GEOG3025 Confidentiality and social implications.

Results The final report was presented to NICE and published by NICE and WHO. See

Joint UNECE / Eurostat meeting on Population and Housing Censuses 7-9 July 2010, Geneva Disseminating Census information to maximise use and value Keith.

Statistical data confidentiality and micro data in Albania

Copyright 2010, The World Bank Group. All Rights Reserved. Principles, criteria and methods Part 2 Quality management Produced in Collaboration between.

Access to data for local authority public health AGW Public Health Network Training Event: Public Health Data, Information and Intelligence 11 th November.

Creating Open Data whilst maintaining confidentiality Philip Lowthian, Caroline Tudor Office for National Statistics 1.

PHE Local Intelligence Contribution David Meechan, Director for Knowledge & Intelligence (East Midlands), Public Health England.

The Review of the Dissemination of Health Statistics Carole Abrahams Office for National Statistics.

Registration and monitoring compliance Michele Golden Compliance Manager 2 November 2010.

Key Knowledge Confidentiality Year 4 Medical Ethics and Law Thread Course The Ethox Centre, University of Oxford.

Information Governance Jo Wall South East Public Health Intelligence Analyst Training Day 2, Session 5 11 th February 2016.

Understanding Privacy An Overview of our Responsibilities.

National Statistics - access and disclosure issues for Vital Events data Allan Baker Office for National Statistics.

The London Health Observatory: monitoring health and health care in the capital, supporting practitioners and informing decision-makers Disclosure control.

NHS Maternity Statistics. Birth vs Delivery Definitions A delivery episode relates to the mother. It is the episode in which she delivers her baby/ babies.

Wisconsin Department of Health Services Purchase of Services Contract Guide Julie Anstett and Lucinda Champion Friday, May 6, 2016 Wisconsin Department.

Health & Social Care Information Centre SEPHIG: 12 th September, 2012.

How HSUG can contribute to the development of Official Health Statistics – Andy Sutherland.

Understanding Privacy An Overview of our Responsibilities.

Students’ Unions 2011 Data Protection and Students’ Unions Mairead O’Reilly 19 July 2011.

Data access for public health, the current position, next steps and implications of Caldicott 1 Presented by Andy Sutherland.

Patient Consent for Blood Transfusion

Community Level Data Capture for MDSR

GDPR Overview Gydeline – October 2017

APP entities (organisations)

Center Specific Outcomes Reporting

Dissemination Workshop for African countries on the Implementation of International Recommendations for Distributive Trade Statistics May 2008,

GDPR Overview Gydeline – October 2017

New Data Protection Legislation

G.D.P.R General Data Protection Regulations

The National Working Group

Proposed ISQC 1 (Revised)

care.data: listening to you

Quality, efficiency and productivity: a challenge for official statistics EFTA/CROSTAT/EUROSTAT Strategic Management Seminar, Split, November 2007.

Disclosure Avoidance: An Overview

COICOP 2018 Implementation

Presentation transcript:

Disclosure Control in Practice: issues and approaches Andy Sutherland Health and Social Care Information Centre

Outline Background – transparency, open data, confidentiality, Code of Practice and other requirements Basics of disclosure control Approaches used Issues Reflections

Background Transparency, open data Publish in as much detail as possible Make machine readable Allow and encourage re-use Confidentiality Data Protection Act, Common Law requirements etc.

Code of Practice Principle 5, practice 1 “Ensure that official statistics do not reveal the identity of an individual, or any private information relating to them, taking into account other relevant sources of information.” Principle 5, practice 4 “Ensure that arrangements for confidentiality are sufficient to protect the privacy of individual information, but not so restrictive as to limit unduly the practical utility of official statistics.” National Statistician’s Guidance

Other Guidance ONS work on health control-of-health-statistics/index.html Scottish Government guidance ossary Various consultations ongoing anonymisation-code-of-practice aspx DH v ICO [abortion statistics case] anonymisedstatistics.htm

User comment “…Basically ONS and IC only care about disclosure control and don't give a toss as to whether data are any use to users.”

Why disclosure control is needed? Basic revision class! Number of A+E consultants by hospital, March 2012 TrustTotal Ashfield4 Beetown1 Corstone5

Why disclosure control is needed? Basic revision class! Number of A+E consultants by hospital and ethnicity, March 2012 TrustTotalWhiteBlackOther Ashfield4211 Beetown1010 Corstone5230

HSCIC process and approaches 150 publications per year Other releases Ad-hoc queries Data access or analysis systems Standard risk assessment process “Small Numbers Panel” assesses complex cases

Small Numbers Panel Head of Profession for Statistics (Chair) Head of Information Governance Programme Manager, Information Services statistical, legal and business/user input.

Issues (1) Understanding of scope Distinguishing cases where disclosure control is needed (“I don’t want inadvertently to release identifiable information”) from those where different legal approaches are needed (“I know this is identifiable but I need to do it anyway”).

Issues (2) Seeing the wider context Proposal to publish practice-level prescribing data Legality Level of granularity and frequency of publication Feasibility Costs, benefits and risks Perverse outcomes

Issues (3) – Maternity tables Enhanced, easier for users to interpret Overview of main delivery types Easy to compare (in one table) Available as automated reports to provider level - Server?siteID=1937&categoryID= Server?siteID=1937&categoryID=1815 Unexpected consequences More suppression due to tables within tables ‘Unknown’ values were used for secondary suppression, these are used to calculate rates; now try to avoid using for secondary suppression.

Method of delivery ( ) Unable to aggregate to SHA level Unable to aggregate delivery types (e.g. Spontaneous), therefore cannot calculate rates

Method of delivery ( ) Able to used aggregated data (SHA level) Able to use aggregated data (Delivery types), therefore can calculate rates Unable to calculate rates as lots of ‘Unknowns’ are suppressed Rate = Spontaneous / (Total – Unknown)

Suppression Example Table D: Method of delivery – example ( ) Primary suppression All values equal to 5 or less (excluding unknowns)

Suppression Example Table D: Method of delivery – example ( ) Secondary suppression All values corresponding to primary suppressed values Row and column, effectively four tables ‘Other’ suppressed, therefore also ‘Unknown’ – unable to calculate the rate

Suppression Example Table D: Method of delivery – example ( ) Suppression Similar primary and secondary suppression values ‘Other’ no longer suppressed as not disclosive Therefore ‘Unknown’ not suppressed, can calculate rate

Issues (4) Blanket protocols Can be difficult to adapt in light of changing environment, and act as a brake on wider release Often need to suppress as a whole rather than just where disclosure is an issue Often needed as individual manual suppression can be time consuming

Issues (5) Implications of providing “systems” and machine readable files, rather than just reports Allows potentially disclosive cross classifications to be produced Standard primary and secondary suppression approach breaks down Record swapping (cf census) is a possibility For our less critical applications prefer a combination of primary suppression and rounding

Issues (5) Understanding the data and risks Clinical Audits Classic disclosure control problem with sensitive data overlaid by incomplete (but improving) data collection. Risk management approach likely to change in time, and may become more difficult when data is better!

Reflections No approach is infallible – it is a matter of assessing risk Important to consider user needs This is one (important) component of the release process Don’t assume more information will be more helpful! Blanket protocols should allow some “flex” “Jigsaw identification” remains a worry

Final word Our approaches and their outcomes are on our website. Feel free to inspect and comment.