NHS e-Lab Information Governance and Data Management
This content discusses the implementation of information governance and data management in NHS e-Lab, focusing on enforcing technology-driven safeguards, minimal data release, user control, and data storage within NHS Trust servers. It covers technical safeguards, access control measures, auditing procedures, and pseudonymisation within the EHR system. The process includes integrating primary and secondary care records, performing data queries, anonymization, access control, data extraction, and transformation procedures for secure data management.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.
E N D
Presentation Transcript
NHS e-Lab Nottingham, September 2010 John Ainsworth (john.ainsworth@manchester.ac.uk)
Our Approach Enforce information governance through technology wherever possible Designed for minimum data release Only release items that user Needs to know NHS is in control of data at all times; NHS can choose what to make available through the e- Lab Data is stored in a repository hosted on a server inside the NHS Trust
Information Governance Technical safeguards Access Control based on privileges Audit trails & monitoring Anonymisation and Inference control Operational Users sign up to terms and conditions of use; bound by employment contracts Auditing of users Standard Operating Procedures Governance Board + NRES Research Database Approval
NHS Trust EHR E-Lab Pseudonymised Data Repository Governance Users
2. Pseudonymisation Trust Systems Trust e-Lab Clinical Data Clinical Data Integrated EHR Pseudonymised Data Repository Non-clinical Data Non-clinical Data 1. Integration of primary and secondary care records
Trust e-Lab Psuedonymised Repository 3. Perform Data Query 4. Anonymisation and inference control 2. Access control module authorizes request User Data Store 5. Storage Access Control 1 .User logs on and submits query e-Lab Tools 6. Data analysis and visualization
Data Extraction Copies data from one database to another Performs transformations on data fields e.g. Postcode => LLSOA Postcode => Area Date = > year Date => year and quartile * => SHA-1 + user defined salt * => RSA public-private key encryption * => random 32-bit integer Plug-in architecture for transformers
Pseudonymisation Source Table Journal Source Column PatientID Transformation Destination Column Destination Table Journal SHA-1 hash with user defined SALT SHA-1 hash with user defined SALT - - - - - - - SHA-1 hash with user defined SALT SHA-1 hash with user defined SALT Map to LLSOA SHA-1 hash with user defined SALT SHA-1 hash with user defined SALT - Convert to quartile and year - Convert to quartile and year - - - TransformedPatientID NHSNo TransformedNHSNo Patients EntryDate Rubric ReadCode CodeValue CodeUnits Source UpdatedTime PatientID EntryDate Rubric ReadCode CodeValue CodeUnits Source UpdatedTime TransformedPatientID Patients NHSNo TransformedNHSNo Postcode GPCode LLSOA TransformedGPCode GPPracticeCode TransformedGPPracticeCode Sex DoB Sex QuartileOfBirth / YearOfBirth Deceased DateOfDeath Deceased QuartileOfDeath / YearOfDeath Height Weight EthnicOrigin Height Weight EthnicOrigin
