Issues around confidentiality and privacy
Australian National Data Service (ANDS)
Sharing Health-y Data: Challenges and SolutionsThursday, 17 September 2015
Flinders University, Adelaide
Chris Radbone, Associate Director, SA NT DataLink
The Australian Government has provided financial support to SA NT DataLink through the National Collaborative Research Infrastructure Strategy (NCRIS).
Who is SA NT DataLink?
PHRNProgram
Office
Centre for Data Linkage
WA Data Linkage Branch
SA NT DataLink
Victorian Data
Linkages
NSW/ACT Centre for
Health Record Linkage
Sax Institute
Queensland Research
Linkage Group
Tasmanian Data Linkage
Unit
AIHW
SA NT DataLink
Population Health Research Network
The Australian Government has provided financial support to the PHRN and its members through the National Collaborative Research Infrastructure Strategy (NCRIS).
CRADLE
Birth RecordsStates/Territories
GP PaymentMBS Records
Commonwealth
Early Childhood &Education RecordsStates/Territories &
Non-Government
Family Tax BenefitCentreLink
PBS RecordsCommonwealth
Veterans’ Affairs/ Ageing
Commonwealth
Cause of Death Records
States/Territories
Mental Health Records
States/Territories
GRAVE
Public and Private Hospital Records
States/Territories & Non-Government
Public Housing Records
States/Territories
GP Medical Records
Non-Government
Cancer and other Health Condition
RegistriesStates/TerritoriesMotor Vehicle
Licensing & Crash Records
States/Territories
What is Administratively collected data?
ImmigrationRecords
Commonwealth
Legal jurisdictional responsibility
Commonwealth Governmenttrade, taxation, immigration, citizenship,
social security, industrial relations and foreign affairs
State/Territory Governmentspublic health, education, roads, public
land use, police, fire and ambulance services
Joint Responsibilityeducation, transport, health and law
enforcement
Data Linkage / Record Linkage In Australia
• Commenced in late 1960’s in Western Australia when Michael Hobbs returned from Oxford University. 1969 article by Fellegi and Sunter’s “A theory for Record Linkage”.
• Michael Hobbs collaborated with Fiona Stanley at the Telethon Institute for Child Health Research, University of Western Australia with active support from the WA Department of Health. In 1995 the WA Department of Health established the WA Data Linkage Unit.
• Notable early WA studies included the pioneering work on the birth defect from folate deficiency (hypothesis), and issues associated with low birth weight babies and pre-term deliveries, cerebral palsy, spina bifida research.
• Based on the demonstrated value from the Western Australian experience, the Commonwealth government funded the Population Health Research Network (PHRN) in 2009 to increase the research infrastructure and capacity to link health data from across Australia, through the National Collaborative Research Infrastructure Strategy (NCRIS) and also the Super Science Initiative – Education Investment fund (SSI-EIF).
https://www.youtube.com/watch?v=vLYGcbxrIPA
1.No one shall be subjected to arbitrary or unlawful interference with privacy, family, home or correspondence, nor to unlawful attacks on honour and reputation.
2.Everyone has the right to the protection of the law against such interference or attacks.
Australia is a signatory to Article 17 of the United Nations International Covenant on Civil and Political Rights, 1966
Privacy – Fundamental Human Right
9
Source: www.konoozi.com
Linking Data
• Data from different organisations (Government and Non-Government) is matched and linked in a secure environment.
• Any directly identifying personal information always remains ‘separate’ from the researchable data.
• No consistent terminology - often referred to as ‘data linkage,’ ‘record linkage’ or ‘data integration’.
• Can be large scale population based longitudinal data - originally collected for another purpose, but also includes integrating surveys/registries.
• Linkage may take place across data sets in a single domain (i.e. health) or across domains (i.e. health, education, social services, early childhood and justice.)
11
Benefits for SocietyProvides information and evidence to decision makers for informed choices to improve the health and wellbeing of the community.
Benefits for Society
12
Privacy Protected Linked Data benefits society health, social and economic research through:
•Efficient and economical – reuse of existing administratively collected data from government and non-government for informed decision making and research.
•Socially responsible – including information on people who are under-represented in conventional surveys, who are equally important for key policy decisions.
•The Bigger Picture – Administrative datasets cover the whole of Australia enabling a detailed picture of society, leading to greater understanding and better informed policy decisions and operational service delivery improvements.
•Providing a Trustworthy source of data to support policy makers, research and evaluation – enabling approved access and use of publically funded data collections for public good purposes.
•Supports Data Repositories – enables the establishment of ‘Business Intelligence System for Government and the Community’
Factors to consider when Protecting Privacy
13
Trusted party - required to ensure all information that can directly identify a person, household, business or ethnic / indigenous community is removed from the data before the researcher access it.
Integrity – an independent panel reviews and approves all research proposals, along with each of the Data Custodian’s approval for the use of their data.
Timeliness– an issue raised is the time take for approval, integration and release. Solution is to establish Repositories ready to hold and check the data prior to approved release.
All researchers and data analysts are trained in data safety and lawful use of data.Secure – secure environments for researchers accessing linked data, with research outputs reviewed to ensure privacy is always protected. Data Custodians given pre-release copy of the published research outcomes 28 days in advance to all review for privacy disclosure risk, as well as the integrity of the research findings. Secure Remote Access – use of a Secure Remote Access Laboratory facility to enable analysts and researchers to securely access the ‘approved’ data from ‘any’ location. For example the use SURE, compared to ‘physically accessed data labs’.
High level principles for statistical data integration across
Australian Government
Principle 1Responsible agencies should treat data as a strategic resource and design and manage administrative data to support their wider statistical research use.
– This is an aspirational principle, designed to support Agencies treat Data as an Asset and make better use of existing and new data sets.
Principle 2Agencies responsible for source data used in statistical data integration remain individually accountable for their security and confidentiality.
– To ensure Data Custodians control the use of personal or other sensitive data for ‘statistical versus operational’ integration purposes. Refer Principle 5.
Principle 3A responsible ‘integrating authority’ will be nominated for each data integration proposal.
– Agencies may choose between a small number of integrating authorities which are approved as trusted entities to conform with specified governance arrangements
– Single organisation ultimately accountable for the project – Ensure appropriate governance is in place for
An open approval process Documentation of the proposal Impact on privacy Risks have been assessed, managed and mitigated Expected costs and benefits Outputs are controlled throughout their lifecycle
High level principles for statistical data integration across
Australian Government
Principle 4Statistical integration should only occur when it provides significant overall benefit to public.
– This principle is consistent with the public interest test under the Commonwealth Privacy Act.
Principle 5Statistical data integration must be used for statistical and research purposes only.
– Other data integration activities e.g. compliance monitoring, are covered by other mechanisms, policies and legislation.
High level principles for statistical data integration across
Australian Government
Principle 6Policies and procedures used in data integration must minimise any potential impact on privacy and confidentiality.
– e.g. risks of direct and indirect identification should be carefully managed, taking account of the potential increase in identifiability when datasets are combined.
Principle 7Statistical data integration will be conducted in an open and accountable way.
– The principle seeks to ensure transparency in the nature and coverage of statistical integration projects.
High level principles for statistical data integration across
Australian Government
Why is Privacy Protection of Data Linked Important?
• Data linkage is an invaluable tool for enabling policy analysis, program evaluation and research made possible through cheaper ICT easing the cost of recruitment and provision of population wide records.
• Enables smaller targeted populations, study cohorts (eg consenting studies) to be evaluated and enhanced by comparing and integrating data.
• Is cost-effective relative to other data collection mechanisms, and enables studies to be done that could not otherwise be performed. Allows for variety of research methodologies including case matching and case control.
• Evaluating rare or small cohorts, registries or limited numbers of results is more feasible, given the ability to draw upon multiple years of records.
• Capability to analyse decades of data from very large datasets, compared to smaller survey cohorts, provides a picture of the entire population.
• Australian Linkage methodologies address the ‘Lack of unique identifier’ for each member in society; unlike the countries of Scandinavia and the USA.
Example of Privacy AgreementsUse & transfer of NT Data: Northern Territory Information Act
University SA (SA NT DataLink): Commonwealth Privacy Act 1988
SA NT DataLink Protocols: Privacy Committee of South Australia NT Information (Privacy) Commissioner
Dataset Level: (i) Data Transfer Agreement (MOU/Deed)(ii) Schedule 2(iii) Linkage Unit Staff Deed of Confidentiality
Project specific: (1.) Data Custodian(s) approval(2.) Human Research Ethics Committee
approval(3.) Researcher Deed of Confidentiality
• Outlines behaviours and expectation on organisations and individuals conducting research
• Including responsibilities of Data Custodians providing data and those receiving, storing and using data
• Positioned under Privacy Act (Cth)1998
Ethical Conduct in Human Research- National Statement
Source: National Health & Medical Research Council (NHMRC) & Australian Research Council (ARC)
Is this Data Linkage Legal?
21
Consideration of existing legislation is ‘always’ required:
1. Is there Legislation covering the particular data collection activity and its use?
2. Have participant’s Consent been sought; restrictive, permissive or specific?
3. Is there a role for ethical approval; refer Section 95 Privacy Act 1988
Commonwealth ‘Public Interest Certificate’ process for approving data access / use
Does the Community have a role and responsibility in the access and use of data?Who is the Community and how best can you engage?
How do you demonstrate Trust, effective Privacy protecting measures and ongoing community engagement?
Useful Best Practice Community and Consumer Engagement includes:•‘SA NT DataLink - ‘Community and Consumer Conversations’ • Telethon Institute / UWA - ‘Citizen Jury’ , ‘Green Book’ by A McKenzie & B Hanley•The Menzies Institute for Health Research – ‘Indigenous Community engagement’
Integrity: Importance of Metadata and Data Quality
Data Quality – fitness for purpose
Quality of Linkage – for Researcher’s benefit in publishing papers
Quality of Linked Data – working with Data Custodians
Metadata – to explain utility of the data Responding to the demand from Researchers and Analysts for information on researchable variables
Use of online Metadata tools ie ANDS, METeOR
Currency and completeness – SA NT DataLink Data Quality Statements
Social Contract Demonstrating benefit to society
23
Agreement on the release, sharing and use of health, social and economic service data for public good research and analysisSocial contract includes: •Transparency and reporting of outcomes from the use of the community’s data•Engagement with the Community through-out the life course of a data activity•Plain language summary and community input into the ethical review•Seek Community support for establishing persistent and enduring datasets – build & use many times versus create & destroy
How is Privacy Protected?
The Separation Principle
Challenge of facilitating access to the data...
Cost in terms of governance, approval & complianceIncreased competing work priorities & demand on Custodian’s scare resourcesTimeliness of Data Custodian approval and then the actual data extractionKnowledge transfer from ageing (retiring) workforcedata related activities - often seen non core workDemonstrating Public Benefit to the CommunityDeveloping a ‘Social Contract’ between consumers / community, data custodians and the researchers.Privacy Protected Open Data: Whole of Government and Community perspective for a ‘Business Intelligence System for Government and Non-Government’
26
Source: www.drmattroach.com
Summary: Key Challenges and Opportunities
Maintaining Trust and the Separation Principle
Key and critical role of Consent Discussion with the Privacy Commissioners from across Australian
Evolution of the record linkage (data linkage / data integration)
Establishment of de-identified data repositories ie Manitoba, Ontario Institute for Clinical Evaluation Science (ICES), Scotland, Wales, WA Department of Health and SA NT DataLink ‘Custodian Controlled data repository’ to maintain separation and security
Secure Access - online or physical access to de-identified linked data through SA NT DataLink’s Data Integration Unit, SURE, or SURE-Like.
Consideration of Legalisation similar to Ontario and Manitoba ie legislation to support Data Custodians releasing Personal: Medical and other sensitive data.
Challenge of re-identification by Analyst Custodian and Ethical approved methodology becomes legal under
Section 95 Privacy Act 1988 noting tight scope ‘Medical Research’
Layered accessLinks to CHI / NHS records
Prescription records
£12B£12B
Population 5MPopulation 5M
Single health care providerSingle health care provider
14 Territorial Boards 14 Territorial Boards
38 Hospitals, 1020 General Practices 38 Hospitals, 1020 General Practices
High rates of morbidity of common complex High rates of morbidity of common complex diseasedisease
Collaboration Collaboration – Aberdeen, Edinburgh, Dundee, – Aberdeen, Edinburgh, Dundee, Glasgow, St AndrewsGlasgow, St AndrewsUnique patient identifier Unique patient identifier
Scottish Case Study - International Best Practice
Community Health Number
Date of BirthDate of Birth SexSex CheckCheck
07 10 64 07 10 64 0202 55 00
• a strong science infrastructure with vibrant PhD and post doctorate communities
• Systematic Collaboration with a tripartite mission and significant infrastructure investment
• a commitment to linking information from medical and non-medical sources using electronic patient records to support better
treatment, safety and research• a new pathway for the regulation and governance of health
research• collaborative arrangements with the biotechnology
pharmaceutical and medical devices industries• positioning Scotland as a single research site
Key ingredients for change
Key Delivery UnitsNHS Research
Scotland
Clinical Research Facilities
‘Safe Havens’Health informatics
research
Project managementQuality & Facilitation
Tissue acquisition service
Biorepositories
Research imaging platform
Linking Data
GPGP HospitalHospital
Eye VanEye Van
PharmacyPharmacy
Lab DataLab Data CHICHI
InvestigationsInvestigationsScreeningScreening
AHPsAHPs
- the key to seamless care
NRS W
NRS NE
NRS SE
NRS E
Bio-Repository networkStrategic national collections• Rheumatoid arthritis• Renal cancer• Type 1 diabetes• Generation Scotland/ SHHSNational/ local planned collections• Generic consent• Strategy driven• Future focus
Bespoke collections• Specific consent• Project based• Investigator ‘owned’
Infrastructure development• Inventory management system• Patient record linkage• Enhanced storage capacity• Facilitated rapid access
Pathology archive
~300,000 consented for genomic studies
Reducing Regulatory BurdenSingle sign off across Scotland
NRS W
NRS NE
NRS SE
NRS E
NRS CC
Regional working – 4 hubs- ethics
- R&D management
NRS Permissions CC - Approvals
- Costing- Contracting
- Reciprocity with NIHR CSP
Targets- Ethics approval in 30 days (Scottish average)
- R&D 95% approved in 30days
Universities umbrella agreement of single contracting
NRS Permissions Co-ordinating Centre Performance
Time to permission for all Scottish sites
CommercialNon-commercial
Table 1 Time (working days) to approval for multi-site studies
Notes :Time to permission is the number of working days elapsed between the receipt of a ‘full document set’ by the Permissions
Centre and management approval by all Scottish sites. It includes the time taken for generic review of principal governance issues by the lead review site (once for Scotland) and for local review of resource availability.
NRS Permissions Co-ordinating Centre Performance
NHSScotland Surgical Mortality
Possible legislative options
Possible Legislation to facilitate increased access & use:
Ontario’s Personal Health Information Protection Act 1994 (PHIP Act)
Manitoba’s Personal Health Information Act 1997.
Personally Controlled eHealth Record (PCEHR) across all sectors (Health, Education
Australia Wide Personal Identifier across all sectors (Health, Education, Justice, Immigration and Community Services domains) to enable and ‘control’ timely and efficient Linkage and Record Matching
ReferencesPopulation Health Research Network www.phrn.org.au
National Data Linkage Infrastructure: including Online Application process
National Health and Medical Research Council (NHMRC) Guidelines under Section 95 Privacy Act 1988
https://www.nhmrc.gov.au/guidelines-publications/pr1
Anne McKenzie and Bec Hanley ‘Consumer and Community Participation in Health and Medical Research – a practical guide for health and medical research organisations’, UWA/Telethon Institute for Child Health Research, October 2007
Secure Unified Research Environment (SURE) www.sure.org.au
National remote access secure data analysis platform
International Data Linkage Network www.ipdln.org/
Statistical Data Integration involving Commonwealth Data
www.nss.gov.au/nss/home.nsf/pages/Data+Integration+Landing+Page?OpenDocument
Peter Christen 'Data Matching - Concepts and Techniques for Records Linkage, Entity Resolution, and Duplicate Detection' , Springer, 2012
SA NT DataLink – ‘For Researchers’ section of the website www.santdatalink.org.au
SA NT DataLink Access and Pricing Policy
https://www.santdatalink.org.au/files/PDF_Files/AccessPricingPolicy_20131206.pdf
Chris RadboneSA NT DataLink, Associate Director
(08) 8302 2777 [email protected]
Client Services:[email protected]: (08) 8302 1604 Darwin: (08) 8985 8011
www.santdatalink.org.au
Top Related