Information lies at the heart of Aridhia’s business and, second to our staff, it is our most important asset. Our reputation is based on how we handle information and are seen to do so by our clients.
Aridhia Informatics Ltd. operates under a range of UK and European Laws, associated codes of practice and international standards. Taken together these provide us with a robust governance framework for information management. Not only does Aridhia work with anonymised data, but we also have a range of privacy enhancing technologies, physical security measures, data agreements, contracts of employment, Standard Operating Procedures and audit measures in place.
Aridhia’s infrastructure is housed in a tier three Data Centre. This Data Centre meets the full requirements for managing and storing sensitive personal data and security measures are regularly reviewed and audited.
Aridhia are fully committed to ‘Privacy by Design’, whereby privacy compliance is designed into those systems holding information from the outset, rather than a bolt-on at a later date. The result is that security and privacy become essential components of the core functionality being delivered.
We have detailed arrangements with each of our clients who are data owners which clearly describe our approach to protecting patient identifiable data and the way we will operate to achieve this.
Privacy Enhancing Technologies
Aridhia uses anonymisation methods at more than one point in the process when making data available for analytics purposes within our AnalytiXagility platform. Data sent from clinical datasets into research datasets within the platform are always split in a way that maximises data confidentiality. Researchers can only access key datasets via the use of robust, industry standard security systems. This ensures we always know where, when and by whom data is used.
Contracts of Employment
All Aridhia employees have employment contracts which require them to abide by the highest standards of confidentiality and security. They are also required to confirm on an ongoing basis that they understand their responsibilities in relation to the safe information handling.
The data scientists within our enablement team have “approved researcher status” following completion of the “Scottish Health Informatics Programme (SHIP)” information governance course, which provides additional training in data governance. This training enables the team to demonstrate to clients a higher level of knowledge and understanding of the purposes and key concepts regarding the secondary use of health data (from identifiable to anonymised data).
These employees also complete the Medical Research Council (MRC) Research Data and Confidentiality course. This e-learning course explores the concepts of confidentiality and data protection and aims to provide users with a framework and tools to interpret the requirements for research with confidence.
Those employees handling personal data on behalf of NHS clients are also provided with a copy of the NHS England and NHSScotland Codes of Confidentiality.
Standard Operating Procedures (SOPs)
Aridhia has a comprehensive set of Standard Operating Procedures (SOPs) which mandate how each stage in the process of making data available for both clinical and research use must be undertaken. SOPs are reviewed on a regular basis and compliance is mandatory and continuously monitored.
Information should be captured once, at the point of care. This ensures high levels of data quality and reduces the burden of information collection on health services. Confidentiality, security and clinical safety are paramount when using clinical information systems. Organisations such International Standards Organisation (ISO), the World Health Organisation and Governments across the globe provide standards in each of these areas.
Our preference wherever possible is to use international technical, data and information standards rather than national and local ones. We believe that using international standards facilitates greater interoperability, allow information to flow more freely and enable data to be created once and use multiple times.