Blogs & News
Ensuring Control of Data with Data Use Conditions in the Aridhia DRE
Data use conditions are the rules and restrictions that apply to the use of health and clinical data for research or improvement purposes. They are designed to protect the privacy, security and rights of data subjects, as well as to ensure the quality, validity and ethical standards of data-driven health technologies.
Data use conditions are usually specified in data use agreements (DUAs), which are contracts between data providers and data users that outline the terms and conditions of data access, use, storage, sharing and disposal. Typically, these documents take the form of a PDF documenting binding legal restrictions on the use of data. In many cases, a record of ‘acceptance’ must be available – normally taking the form of a digital signature from the principal investigator and all members of a project team who intend to interact with the data.
Data Use Agreements
One example of a framework for creating and using DUAs is the Global Alliance for Genomics and Health (GA4GH) Data Use Ontology (DUO). This is a standardised vocabulary for describing data use conditions, such as the type of research, the consent status, the data source, the geographical location and the duration of use. The DUO can be used to annotate datasets with machine-readable tags that indicate the applicable data use conditions, as well as to match datasets with compatible requests from researchers. The Aridhia DRE customisable catalogue can be configured to capture these data use condition codes, providing insight to the user as to the restrictions they can expect to have placed on them when working with that data. FAIR Data Services has introduced the concept of a ‘conditons’ framework, allowing the data owner to restrict dataset transfers only to workspaces that meet particular conditions: For example, named projects or workspaces that have specifically indicated that they will only be used for non-commercial purposes. This framework of conditions will be expanded on throughout 2024.
Another example of a tool for standardising data use agreements is the Health Data Research (HDR) Data Access Agreement (DAA) template. This is a document that provides guidance and best practice for drafting DUAs for health data research in the UK. The template covers topics such as the purpose and scope of data use, the roles and responsibilities of data providers and users, the data security and governance arrangements, the reporting and publication requirements, and the dispute resolution mechanisms.
The HDR DAA Template
Aridhia DRE Workspaces has recently released a workspace ‘restrictions’ feature. This allows administrators to place data use conditions and restrictions on users of a workspace when data is made available to them. Restrictions can take the form of formatted markdown text or a document (.doc or .pdf) formalising the restrictions, in a format such as that defined in the HDR DAA template. When restrictions are applied, users can no longer enter a workspace and work with data until they have ‘accepted’ the restrictions. Acceptance takes the form of a click to accept, however crucially, this acceptance is audited. Administrators have access to workspace audits, and this can be used to demonstrate that a user has accepted conditions outlined in the document. The audited acceptance is recorded per user and contains the details of the restriction. This audit can be used as a digital record of acceptance. When a user accepts all restrictions, only then are they able to enter the workspace and work with the data.
Demonstration
The videos below show examples of restrictions being applied to a workspace by the administrator and then accepted by a user.
This video demonstrates an administrator applying a document containing data use conditions to the workspace. Once this has been applied, the workspace is ‘locked’. No user can enter that workspace until they have agreed to the conditions.
A user cannot enter a locked workspace until restrictions are reviewed and agreed to. This video demonstrates a user reviewing the restrictions, downloading the document of conditions and agreeing to them before being able to access the workspace. The application and acceptance of restrictions on a workspace are audited.
By using the Aridhia DRE, data owners can be confident that their data is used in a safe and secure manner that complies with the relevant laws, regulations, and ethical principles.