Enabling responsible open research through public engagement, data protection, and training
Most research funders encourage data to be shared publicly and many find the European Commission’s maxim ‘as open as possible, as closed as necessary’ a helpful guide, but translating this into practice can be difficult. In this post Emily Griffiths, information governance manager at Greater Manchester Connected Health City, talks us through how they have balanced being open and accountable to patients with handling highly sensitive data.
Open research can mean many things. Depending on the topic, researchers can be responsibly open to varying degrees. Human health research in particular needs careful consideration if it is to be open and protect confidentiality. Similar caution has also been called for with administrative data and archaeological data.
I work for the health innovation program Connected Health Cities where we are open with the public about how we use patient data and what our projects are using data for. This transparency in communications and the design of health research has involved multi-day focus groups where the public listen to evidence in depth and judge how researchers can responsibly use health data. These Citizens’ Juries have been used to inform how projects keep data confidential. We have used this information to design a secure computing environment for Connected Health Cities researchers and others to store and analyse data. The Citizens’ Juries contributed to a design brief for us to build infrastructure that is worthy of the trust of the public, our funders, and those sharing data with our researchers.
To maintain this trust, the raw data can never be made open. Data analysed by Connected Health Cities researchers need to be kept confidential. This is because they are derived from people’s private medical records, contain details of health services that could be misleading taken out of context, or could be combined with other information to identify someone. A commonly cited example is information about a celebrity’s spell in hospital, but just as important in law are the data protection rights of normal people, and perhaps even more so the rights of vulnerable people who could be more severely impacted by a data breach.
For most Connected Health Cities projects the data do not on their own explicitly identify someone and their health condition. It is still vital that the data are only used for an approved and limited purpose that is of public benefit. This requires checks so that the data are only accessed by approved members of a research project and that additional data are not available to be combined with the dataset, for example browsing the web to find where people in the dataset live or when they were born. We also collaborate with various other secure research facilities in the UK to develop best practice to enable secure access to research data. As a Secure Data Group comprising other leading centres, like the UK Data Service’s Secure Lab, we work to ensure confidentiality from research data in various ways, notably training and disclosure control.
Our training for researchers aims to give an appreciation of their legal and ethical responsibilities in accessing individual-level data on confidential topics. It is a day spent away from work to focus on the attitudes and behaviours suitable for a community being trusted with detailed information about patients and organisations. The training course was developed by the Office for National Statistics and equips researchers with techniques that they can apply to their analytical outputs. Researchers learn strategies for producing visualisations and written results derived from the data that have minimal risk of disclosing any confidential details. This includes avoiding small numbers, exact information about where or who was sampled, or commercially sensitive details.
We also do disclosure control. This is an extra step before any research outputs, like graphs, tables, written results or analytical scripts, can be removed from the secure environment. Two trained individuals independent of the research project review the files requested for release. This extra approval step is to double check that the outputs do not reveal anything confidential. More information on this process can be found in the Administrative Data Research Network’s guide to statistical disclosure control.
This training and additional statistical disclosure control checks help us maximise the safety of results that are made open. On the one hand we meet the need for transparency about the research that is being done with public data and being largely resourced by public or charitable funds. On the other hand we protect the sensitive raw data. This way we balance open research and privacy concerns.
If you are interested in taking the Office for National Statistics Safe Researcher Training please get in touch with Emily Griffiths
