Creating a safe haven for health data

Author: Donald Scobbie
Posted: 6 Jul 2016 | 14:36

Safe havens allow data from electronic records to be used to support research when it is not practicable to obtain individual patient consent while protecting patient identity and privacy. EPCC is now the operator of the new NHS National Services Scotland (NSS) national safe haven in collaboration with the Farr Institute of Health Informatics Research which provides the infrastructure. 

Enabling researcher access to sensitive data sources is a complex process. Data providers manage their risk by making data supply dependent on research projects meeting specific information governance, data stewardship and system security requirements, in some cases through audited assessment. These system requirements place a very substantial burden on individual research projects and in some cases these requirements alone can make projects unviable.

However, the whole supplier risk-management process can be streamlined, and in some cases eliminated entirely, if research projects use an appropriately accredited safe haven facility to broker access to the data. 

Safe havens act as secure virtual data rooms in which the data suppliers deposit data for the research projects to access it. The practice of providing researcher access to NHS patient and health data has been pioneered in the UK through governance initiatives such as the Scottish Health Informatics Programme (SHIP). 

NSS safe haven 

The new NHS National Services Scotland (NSS) national safe haven service implementation work started in September 2015 with the live service rolled out during December and January 2016. Now fully operational the safe haven is both physical and remote. It offers a secure file transfer and submission service for data providers and a range of access methods and analytics platforms and tools for researchers. 

The standard service offered to research projects is secure remote browser-based access to a locked-down virtual desktop MS Windows system with MS Excel, SPSS, Stata, SAS and R. 

Development and operation of the new NSS safe haven presented new challenges for EPCC, although the safe haven model is mature and relatively well understood, with expertise in it readily found in the HPC community. This project therefore prompted the development of new capability within EPCC, bringing security management and secure data stewardship as new core skills to the system development team.

Implementing and operating the extensive supporting infrastructure (including enterprise products for the virtual desktop infrastructure) for the new safe haven has been the key to delivery of the service and evolution of the new security environment.

Information governance 

The information governance and security regime of the safe haven has now reached the standard where NHS national data sets and Department of Work and Pensions (DWP) data can be hosted by the service and the next goal is to host the NSS national image archive for research purposes. Information governance in a safe haven environment is very much the primary concern and HPC a secondary one. 

EPCC is working closely with NSS and the Farr Institute to extend and enhance the new safe haven service beyond its current basic compute capability to provide traditional HPC services within the safe haven. A higher powered compute cluster and petabyte-scale storage services are being developed alongside the safe haven. The intention is to provide a more capable, secure analytic environment for health research that continues to meet the data stewardship and sharing security needs of data providers such as the NHS and DWP. These services will be rolled out later this year. 


Donald Scobbie, EPCC

Image: iStock

This post has also been published on our Medium account.

Blog Archive