Presentation is loading. Please wait.

Presentation is loading. Please wait.

Paul Burton University of Bristol, SSCM, DataSHIELD Research Program

Published byBenedict Jacobs Modified over 6 years ago

Similar presentations

Presentation on theme: "Paul Burton University of Bristol, SSCM, DataSHIELD Research Program"— Presentation transcript:

1 DataSHIELD: taking the analysis to the data not the data to the analysis
Paul Burton University of Bristol, SSCM, DataSHIELD Research Program McGill University, OICR, Maelstrom Research MRC Epidemiology Unit, Cambridge The Norwegian Institute of Public Health, Dept of Epidemiology Ecole Doctorale Pierre Louis de Sante Publique a Paris, St Malo October 26th, 2016

2 Microdata = individual level data = individual patient data (IPD)
Microdata are absolutely fundamental to contemporary science including biomedical, social, and public health science For someone wishing to analyse, interpret and draw conclusions from data they provide The only way to do certain analyses Enhanced efficiency in some circumstances Greater flexibility

3 Constraints and barriers to sharing and combining individual-level data (microdata)
Ethico-legal or other governance restrictions Maintaining control of intellectual property Physical size of data

4 Promoting effective ‘data security, privacy and trust’ in our data systems
A complex challenge involving science, technology, governance and other fundamental social issues including public health True transdisciplinary programs of work are essential Even the most complex and sophisticated of solutions will never promise a perfect solution with no risk of accidental or deliberate disclosure No single solution will ever solve all the problems DataSHIELD can provide one component of an integrated solution to a range of important challenges

5 The DataSHIELD approach
Take “analysis to data” ….. not “data to analysis” Leave the data to be analysed on local servers behind the firewalls where they usually reside The analysis centre co-ordinates parallelised analyses in all studies simultaneously Tie analyses together with non-disclosive information: Analytic processing - and options for disclosure control - located with the data

6 DataSHIELD: Data Aggregation Through Anonymous Summary-statistics from Harmonized Individual-levEL Databases Horizontal partitioning Different sources hold all variables but on different individuals Secure meta-analysis (IPD and Study-Level) Secure single-site analysis Vertical partitioning Different sources hold different variables on the same individuals Secure processing and analysis of linked data without bringing the data together

7 2009: The DataSHIELD challenge
Multi-site DataSHIELD horizontally partitioned data On garde les micro-donnee derriere le pare-feu a chaque etude. On ne permet que les statistiques sommaires sortir le pare-feu Les micro-donnee sont tres important pour recherche mais il sont quelquefois tres sensibles. Pouvons nous faire l’analyse de micro-donnee a les etudes chez leur, mais nous assurons qu’elles sont invisible et elles ne pouvent pas copier? Single site DataSHIELD All analysis commands are checked by the system and only genuine DataSHIELD commands are allowed to run on the individual level data at the studies  Tous les commandes (en “R”) sont interpretee par un analyseur syntaxique. On ne permet que les commandes speciales qui sont valides en DataSHIELD Data Computer DC Analysis Computer AC

8 2009: The DataSHIELD challenge
Multi-site DataSHIELD horizontally partitioned data Given that microdata are scientifically critical and yet potentially sensitive, can we ensure that the information driving analysis of the data at each centre only ever emerges from the firewall in non- disclosive form? Single site DataSHIELD All analysis commands are checked by the system and only genuine DataSHIELD commands are allowed to run on the individual level data at the studies  Data Computer DC Analysis Computer AC

9 The DataSHIELD solution
One step analyses: e.g. ds.table2D - request non-disclosive output from all sources Multi-step analyses: e.g. ds.lexis – set up and then request Iterative analyses: e.g. ds.glm - parallel processes linked together by non- identifying summary statistics – e.g. for glm = score vectors and information matrices Can be used as equivalent to full individual level analysis or to study level meta-analysis

10 DataSHIELD b.vector<-c(0,0,0,0) glm(cc~1+BMI+BMI.456+SNP,
family=binomial, start=b.vector, maxit=1) Analysis commands (1)

11 DataSHIELD Score vector Study 5 Score vector Study 5
[36, , , 149] Information Matrix Study 5 Score vector Study 5 Summary Statistics (1) Summary Statistics (1) Score vector Study 5 Information Matrix Study 5

12 Σ DataSHIELD Score vector Study 5 Score vector Study 5
[36, , , 149] Information Matrix Study 5 Score vector Study 5 Summary Statistics (1) Summary Statistics (1) Score vector Study 5 Information Matrix Study 5

13 DataSHIELD b.vector<- c(-0.322, 0.0223, 0.0391, 0.535)
Analysis commands (2) glm(cc~1+BMI+BMI.456+SNP, family=binomial, start=b.vector, maxit=1)

14 and so on .....

15 Σ DataSHIELD Final parameter estimates Updated parameters (4)
Coefficient Estimate Std Error Intercept BMI BMI.456 SNP 0.5517

16 Direct conventional analysis
Coefficients: Estimate Std. Error (Intercept) BMI BMI SNP DataSHIELD analysis Does it work?

17 DataSHIELD: current implementation for horizontally partitioned data
Server-side functions Client-side functions Individual level data never transmitted or seen by the statistician in charge, or by anybody outside the original centre in which they are stored. R Web services Data server Opal Finrisk Prevend 1958BC BioSHaRE web site Analysis client

18 Why DataSHIELD? DataSHIELD for multi-site horizontally partitioned data Secured IPD meta-analysis or study-level meta-analysis where different studies hold the same variables on different individuals Data remains behind firewall of study holding data and is invisible and unobtainable externally. Appropriate disclosure settings under control of data controller. ‘Local’ study data storage could be at a national repository Open-source freeware Vertical DataSHIELD for multi-site vertically partitioned data Ultra-secure analysis of very sensitive linked data where no source is prepared for its linked data to be held by any other sources or a trusted third party Securing the linkage process itself Non-linkage applications eg in ‘omics (GCTA, kinship relationship matrix) Single site DataSHIELD (a freeware-based data enclave) Post-publication “open access” to sensitive data “Open access” to simple descriptive stats from rigorously governanced studies Analytic access to sensitive (but not ultra-sensitive) linked data Analytic access to data collected by researchers in resource-poor regions

19 The core DataSHIELD Development Team

20 THANK YOU FOR LISTENING

21

22 Does it work? Conventional analysis DataSHIELD analyses Association of
Individual level meta-analysis Random effects study level meta-analysis Association of diabetes with BMI>30 in 9 HOP studies

23 DataSHIELD: current implementation for vertically partitioned (linked) data
Regression coefficients = XTY/ XTX XTX: Need to calculate Analysis Computer R Web services Data computer Opal NHS ALSPAC Education XAXA XAXB XAXC XBXB XBXC XCXC XB XAXB XA1 * XB1 + XA2 * XB2 XA3 * XB3 …… XA

24 DataSHIELD: current implementation for vertically partitioned (linked) data
plain.text.vector.A plain.text.vector.N encryption.matrix [,1] [,2] [,3] [1,] [2,] [3,] occluded.matrix.A [,1] [,2] [,3] [1,] [2,] [3,] [4,] [5,] [6,] [7,] IM5: Regression coefficients = XTY/ XTX Analysis Computer R Web services Opal NHS ALSPAC Education Data computer XTX: Need to calculate MB XAXA XAXB XAXC XBXB XBXC XCXC XB MA XTA MAXTAXBMB MA XA (MA)-1 MAXTAXBMB (MB)-1 = XAXB

25 DataSHIELD: current implementation for vertically partitioned (linked) data
Regression coefficients = XTY/ XTX XTX: Need to calculate Analysis Computer R Web services Data computer Opal NHS ALSPAC Education XAXA XAXB XAXC XBXB XBXC XCXC XB XAXB XA1 * XB1 + XA2 * XB2 XA3 * XB3 …… XA

26 DataSHIELD: current implementation for vertically partitioned (linked) data
plain.text.vector.A plain.text.vector.N encryption.matrix [,1] [,2] [,3] [1,] [2,] [3,] occluded.matrix.A [,1] [,2] [,3] [1,] [2,] [3,] [4,] [5,] [6,] [7,] IM5: Regression coefficients = XTY/ XTX XTX: Need to calculate Analysis Computer R Web services Data computer Opal NHS ALSPAC Education XAXA XAXB XAXC XBXB XBXC XCXC XB MB XAXB XA1 * XB1 + XA2 * XB2 XA3 * XB3 …… MA MC XA

27 DataSHIELD: current implementation for vertically partitioned (linked) data
plain.text.vector.A plain.text.vector.N encryption.matrix [,1] [,2] [,3] [1,] [2,] [3,] occluded.matrix.A [,1] [,2] [,3] [1,] [2,] [3,] [4,] [5,] [6,] [7,] IM5: Regression coefficients = XTY/ XTX Analysis Computer R Web services Opal NHS ALSPAC Education Data computer XTX: Need to calculate MB XAXA XAXB XAXC XBXB XBXC XCXC XB MA XTA MAXTAXBMB MA XA (MA)-1 MAXTAXBMB (MB)-1 = XAXB

28 From Preface: “Our view has always been that [security] is a heavily context-dependent process and only by considering the data and its environment as a total system (which we call the data situation), can one come to a well informed decision about whether and what [approach] is needed.”

29 How does matrix-based encryption work?
> plain.text.vector.L [1] > plain.text.vector.N [1] > sum(plain.text.vector.L*plain.text.matrix.N) [1] 3 >t(matrix(plain.text.vector.L))%*%matrix(plain.text.vector.N) [,1] [1,] 3

30 How does matrix-based encryption work?
> occluded.matrix.L > plain.text.vector.L [,1] [,2] [,3] [1] [1,] [2,] [3,] [4,] [5,] [6,] [7,] > e.mat.L [,1] [,2] [,3] [1,] [2,] [3,] > e.mat.L%*%occluded.matrix.L [,1] [,2] [,3] [,4] [,5] [,6] [,7] [1,] [2,] [3,]

31 How does matrix-based encryption work?
> e.mat.L%*%occluded.matrix.L [,1] [,2] [,3] [,4] [,5] [,6] [,7] [1,] [2,] [3,] > plain.text.vector.N [1] > e.mat.L%*%occluded.matrix.L%*% plain.text.matrix.N [,1] [1,] [2,] [3,] > inv.e.mat.L%*%e.mat.L%*%occluded.matrix.L%*% plain.text.matrix.N [1,] [2,] [3,] > sum(plain.text.vector.L*plain.text.matrix.N) [1] 3

32 Why do we need to occlude the original plain text vector?
> plain.text.vector.L [1] > e.mat.1 [,1] [1,] > e.mat.1%*%t(matrix(plain.text.vector.L)) [,1] [,2] [,3] [,4] [,5] [,6][,7] [1,] >e.mat.1%*%t(matrix(plain.text.vector.L))%*%plain.text.matrix.N [1,] >(1/e.mat.1)*e.mat.1%*%t(matrix(plain.text.vector.L))%*%plain.text.matrix.N [1,] 3

Download ppt "Paul Burton University of Bristol, SSCM, DataSHIELD Research Program"

Similar presentations

Alternative Approaches to Data Dissemination and Data Sharing Jerome Reiter Duke University

Alternative Approaches to Data Dissemination and Data Sharing Jerome Reiter Duke University
April 2010 MRC Data Sharing Policy Peter Dukes Policy Lead – Data Sharing & Preservation.

April 2010 MRC Data Sharing Policy Peter Dukes Policy Lead – Data Sharing & Preservation.
The methodology used for the 2001 SARs Special Uniques Analysis Mark Elliot Anna Manning Confidentiality And Privacy Group (www.capri.man.ac.uk) University.

The methodology used for the 2001 SARs Special Uniques Analysis Mark Elliot Anna Manning Confidentiality And Privacy Group ( University.
The Multiple Regression Model.

The Multiple Regression Model.
In a Virtual Data Centre Protecting Confidentiality COMPUTATIONAL INFORMATICS Christine O’Keefe, Mark Westcott, Adrien Ickowicz, Maree O’Sullivan, CSIRO.

In a Virtual Data Centre Protecting Confidentiality COMPUTATIONAL INFORMATICS Christine O’Keefe, Mark Westcott, Adrien Ickowicz, Maree O’Sullivan, CSIRO.
Session 2. Applied Regression -- Prof. Juran2 Outline for Session 2 More Simple Regression –Bottom Part of the Output Hypothesis Testing –Significance.

Session 2. Applied Regression -- Prof. Juran2 Outline for Session 2 More Simple Regression –Bottom Part of the Output Hypothesis Testing –Significance.
Physical Design CS 543 – Data Warehousing. CS 543 - Data Warehousing (Sp 2007-2008) - Asim LUMS2 Physical Design Steps 1. Develop standards 2.

Physical Design CS 543 – Data Warehousing. CS Data Warehousing (Sp ) - Asim LUMS2 Physical Design Steps 1. Develop standards 2.
United Nations Economic Commission for Europe Statistical Division Applying the GSBPM to Business Register Management Steven Vale UNECE

United Nations Economic Commission for Europe Statistical Division Applying the GSBPM to Business Register Management Steven Vale UNECE
Software Requirements Engineering CSE 305 Lecture-2.

Software Requirements Engineering CSE 305 Lecture-2.
Development of metadata in the National Statistical Institute of Spain Work Session on Statistical Metadata Genève, 6-8 May-2013 Ana Isabel Sánchez-Luengo.

Development of metadata in the National Statistical Institute of Spain Work Session on Statistical Metadata Genève, 6-8 May-2013 Ana Isabel Sánchez-Luengo.
Tunis International Centre for Environmental Technologies Small Seminar on Networking Technology Information Centers UNFCCC secretariat offices Bonn, Germany.

Tunis International Centre for Environmental Technologies Small Seminar on Networking Technology Information Centers UNFCCC secretariat offices Bonn, Germany.
JSM, Boston, August 8, 2014 Privacy, Big Data and The Public Good: Statistical Framework Stefan Bender (IAB)

JSM, Boston, August 8, 2014 Privacy, Big Data and The Public Good: Statistical Framework Stefan Bender (IAB)
© 2001 Business & Information Systems 2/e1 Chapter 8 Personal Productivity and Problem Solving.

© 2001 Business & Information Systems 2/e1 Chapter 8 Personal Productivity and Problem Solving.
Metadata driven application for data processing – from local toward global solution Rudi Seljak Statistical Office of the Republic of Slovenia.

Metadata driven application for data processing – from local toward global solution Rudi Seljak Statistical Office of the Republic of Slovenia.
Slide 12.1 Chapter 12 Implementation. Slide 12.2 Learning outcomes Produce a plan to minimize the risks involved with the launch phase of an e-business.

Slide 12.1 Chapter 12 Implementation. Slide 12.2 Learning outcomes Produce a plan to minimize the risks involved with the launch phase of an e-business.
United Nations Economic Commission for Europe Statistical Division Mapping Data Production Processes to the GSBPM Steven Vale UNECE

United Nations Economic Commission for Europe Statistical Division Mapping Data Production Processes to the GSBPM Steven Vale UNECE
Electronic data collection System in CSB of Latvia By Karlis Zeila, Vice President, CSB of Latvia IT DG meeting, October 24-25 2005, Eurostat.

Electronic data collection System in CSB of Latvia By Karlis Zeila, Vice President, CSB of Latvia IT DG meeting, October , Eurostat.
The DataSHIELD Legal Analysis Template Susan Wallace, University Of Leicester, Leicester, UK Jennifer Harris, Norwegian Institute of Public Health, Oslo,

The DataSHIELD Legal Analysis Template Susan Wallace, University Of Leicester, Leicester, UK Jennifer Harris, Norwegian Institute of Public Health, Oslo,
Gillian Raab, Chris Dibben, & Paul Burton UNECE-Eurostat Work Session on Statistical Data Confidentiality, Helsinki, 2015 Running an analysis of combined.

Gillian Raab, Chris Dibben, & Paul Burton UNECE-Eurostat Work Session on Statistical Data Confidentiality, Helsinki, 2015 Running an analysis of combined.
Chapter 22: Building Multiple Regression Models Generalization of univariate linear regression models. One unit of data with a value of dependent variable.

Chapter 22: Building Multiple Regression Models Generalization of univariate linear regression models. One unit of data with a value of dependent variable.

Similar presentations

Ads by Google