SHIP releases results from Safe Haven

Release of the result set

Following statistical disclosure control all datasets will be encrypted by the Data Analyst, prior to being transferred to researchers.

When a dataset is released it will be emailed (encrypted) to the researcher. If it is too large to be emailed it will be placed on the access-controlled FTP server under the researcher’s appropriate project folder. Only encrypted data will be placed there and only the researcher will be able to access the data using their encryption key.

a) If using PGP encryption software, this will be installed on the researchers’ laptop/PC by the researcher or an appropriate IT system administrator. As part of this installation, the researcher will create a public and a private key which will be unique to the researcher. They will provide the Data Analyst with their public key which will be used by the Data Analyst to encrypt the dataset. The researcher will decrypt the dataset using their private key.

b) If using WinZip software, WinZip 256-bit Advanced Encryption Standard (AES) encryption with a one-time password, will be used to transfer data and can be unencrypted by the data recipient using WinZip version 9 or newer. The password will be provided by the HIC Data Analyst, by telephone, directly to the data recipient.

c) If the researcher is an NHS employee, the NHS secure file transfer (SFT) service can be used. This service is provided by NHS Connecting for Health to allow members of the NHS to securely exchange data. All files sent via this utility are held encrypted (with a one-time file password) on a database for a maximum of 3 days, after which they are purged. Only the recipient can access the encrypted file placed there by the Data Analyst and have to logon to the secure site with their login & pin code (issued at time of registration). The file password will be provided by the Data Analyst by telephone, directly to the data recipient.

Return to top of page

Statistical disclosure control (SDC)

The aim of statistical disclosure control (SDC) is to prevent someone who is reading research outputs from finding out confidential information.  The SHIP Safe Haven is responsible for undertaking SDC prior to release of analytical outputs to researchers.  This will be done by appropriately trained employees of the Safe Haven.  Once the output is deemed safe it will be sent to the researcher electronically.

The level of disclosure control required will vary between studies. It is the responsibility of the data controllers for the contributory datasets and the Caldicott Guardians to decide upon the appropriate level of disclosure control at the beginning of the project before the datasets are linked and access is provided to the researcher.

Return to top of page

Archiving the dataset

The Safe Haven will provide an archiving service for all linked datasets so that researchers can return to the dataset for an agreed specified period of time following the initial analysis. While an extension to the time may be easily arranged, the analysis must still be covered by the original research application. If not then another application must be submitted.

Return to top of page

Reversing the anonymisation process

There are occasions where it will be necessary to reverse the anonymisation process and go back to the original source of the data. For example:

  • Over the course of a study additional data is sometimes required to help achieve the outcomes of the study, potentially from a wider data source. Individuals would need to be identified to be able to request this additional data
  • To validate research findings, e.g.  from information in the patient's file
  • To identify individuals who may, for their own benefit, be in need of further tests or treatment. This action would only be initiated by the opinion of a qualified clinician collaborating with the study
  • Where there are actual or potential issues of patient safety

When reversal becomes necessary, permission must be sought from the data controller and the Caldicott Guardian of the NHS Board of the patient’s residence. This permission must specify which individuals can have access to any identifiable data (e.g. a patient’s GP, or the researcher who will be viewing patient files).

Once this approval has been obtained, it must be logged onto the project management system.

Return to top of page

Return to route-map