AnalytiXagility, de-identification and the anonymisation decision-making framework

September 15, 2016 | Julian

A key issue for clinical research efforts is the need to increase data sharing in order to develop and exchange new ideas, methodologies and approaches in order to improve human health. However, the need to protect patient privacy has long been seen as a barrier to effective and efficient secondary use of data.

Launched earlier this year, the UKAN Anonymisation Decision-making Framework is a valuable resource for those with the need to anonymise data in order to reuse it for research purposes. The framework provides easy to digest advice on how to responsibly, securely and robustly anonymise sensitive datasets. Developed in association with members of the UKAN core network including the Open Data Institute, ICO, NHS Information Centre and Office for National Statistics, Wellcome Trust and a number of leading universities, the framework is a well-considered, industry wide solution to the tensions that exist between by the availability of information and personal privacy.

De-identification of data is a key concern to our clients, which led to the development of a dedicated de-identification service in collaboration with research organisations and NHS customers, so the framework is a welcome development which validates the approach that we have taken.

The framework is a ‘total system approach’ that consists of the following 10 components:

  1. Describe your data situation
  2. Understand your legal responsibilities
  3. Know your data
  4. Understand the use case
  5. Meet your ethical obligations
  6. Identify the processes you will need to assess disclosure risk
  7. Identify the disclosure control processes that are relevant to your data situation
  8. Identify who your stakeholders are and plan how you will communicate
  9. Plan what happens next once you have shared or released the data
  10. Plan what you will do if things go wrong

The framework supports users in understanding the correct level of anonymisation to apply for the specific situation. This quote demonstrates the importance of this stage of the process:

“Good technique is important but without a full understanding of the context, the application of complex disclosure control techniques can be a little like installing sophisticated flood defences in the Atacama desert or, at the other end of the scale, not realising that building a house on the edge of a cliff is just a bad idea regardless of how well designed it is.”

We developed our De-identification Service to support the disclosure control process (point 7 of the key components above) and enables safe sharing of data by providing easy to use tooling for performing repeatable pseudonymisation and anonymisation. The service is fully configurable, ensuring that data controllers, custodians, and owners can anonymise healthcare datasets and allow research data to be linked in a manner that is relevant to their specific data situation. Mappings between sensitive identifiers and pseudonymous identifiers are securely stored, thus supporting data linkage and subsequent data analysis.

The De-identification Service can be managed at source, on in-house systems, and a number of our clients use the service as a first step in their research process.

UKAN’s framework document suggest that it be used as a companion piece to the ICO’s code of practice – used alongside Aridhia’s De-identification Service, those with the need to anonymise datasets can do so with ease and confidence.


 

julian

Julian joined Aridhia as a developer in 2011 with an existing background in in healthcare focused software development and a BEng Computing. He has worked on some of the company’s biggest projects and now functions as the Technical Manager, driving the development of ground-breaking new capabilities including containers for clinical genomics and our De-identification Service.

Leave a Reply

Your email address will not be published. Required fields are marked *