Safemerge v2 released

May 24th, 2013 by admin

May 2013 – Building on Sapior’s market lead in enabling ethical data sharing, a new version of the SafeMerge cloud-based de-identification service has been released.

Suitable for projects of multiple parties that must both contribute data and collect it, SafeMerge is the breach risk free way to go. Sapior takes care of all the security heavy lifting and so makes participating in data sharing projects simple and secure. Getting consistent pseudonyms across all contributors of data is now trivial.

As long as you can remember a browser password then all other encryption details are taken care of for you (no salts, hashes, phone calls or emails with linkage passwords!).

Because this technology has been reviewed by the NHS’ Ethics and Confidentiality Committee [ECC 5-04(b)/2011] you can be assured that all the hard questions have been asked and answered. SafeMerge is the most secure means to share health data that meets or exceeds all current NHS guidelines.

Unlike the NHS’s central HSCIC facility, no patient data is ever visible in transit between sender and receiver. With Sapior you can rest assured breach risks are under control without worrying about the liability issues of using HSCIC’s ‘central database’ approach.

You must have an up to date Java installed on your PC (for the encryption processing) and any delimited data is acceptable. Pricing is per download of de-identified linkable data.

Give it a go by visiting here, your first 2 downloads are free!

That old “need to balance privacy and sharing” chestnut

October 25th, 2012 by Rob Navarro

The Cameron government has re-opened the debate on how much of our patient data is accessible to others who are not directly caring for us. Dame Fiona Caldicott has been tasked with the review and was just quoted as having been influenced by the NHS’ Future Forum question “where does the balance between privacy and sharing lie?”.

Whilst many a conference and report on health data sharing has concluded with the same question, it is actually the case that we need not resort to such a desperate last measure. It would be a truly dismal world if for the health economy to grow a patient’s trust in their health data needs to suffer. This is clearly an idea of “last resort”.

The reader will be pleasantly surprised to learn that in fact there is no need to sip from that poisoned chalice.

It turns out such “last resort” thinking is a product of staring at shared database designs (e.g. safe havens, shared warehouse, trusted data linking services etc). Having picked this way to solve the problem one finds oneself marched quickly to the aforementioned iniquitous balance. (“Do patients or the health economy matter more?”)

If instead one asks the question “how can we find potential research subjects whilst preserving patient privacy?” (say) then the floor is opened to more palatable solutions. In this case the patient qualifying criteria are sent to GP computers whose GP’s can then choose whether to contact their matching patients or not. Patients always have rights of refusal.

Now imagine the poor soul who simply copies a system design from Banking and wants to build a database to find research subjects. This now needs to include everyone to ensure all rare characteristics are included (and some would argue to be unbiased). All UK patients! Lickety spit we are right back at the “balance question”.

That projects like the Research Capability Programme (now CPRD?) or Predictive Analytics for Commissioners (calling on new safe havens) hit the same “balance” question is not surprising. It also doesn’t mean the question needs answering either!

What is called for (and I respectfully call out to Dame Caldicott to take note) is focused attention on how individual projects can get just the data they need. Some guiding principles that always help simplify matters:

1) Supply the least information that answers the question (“zero knowledge” techniques included)
2) Ensure the least number of people have access to the data for the smallest period of time
3) Patients always get quibble-free opt outs
4) De-identify the data when extracting from its “home” base (part of 1. above)
5) Attempt to measure the illicit re-identification risk to patients of each project

This kind of scheme makes it easy to seek patient or physician consent that is meaningful because the purpose for collecting is singular and well understood (As are the names of staff accessing the data). Sometimes it also justifies opt-out if the re-identification risks are measurably low enough.

The future is bright, let’s not get bogged down in questions of “balance” when better paths exist that protect patients AND help grow the health economy.

Self service Pseudo service launched

March 29th, 2012 by Rob Navarro

March 2012 – Sapior has launched a self service way to de-identify or pseudonymise sensitive data via its cloud servers.

Responding to requests to keep costs low, Sapior has launched a new service for users with sensitive data to initiate the de-identification process themselves. Once the CSV file has been selected, it is encrypted and then uploaded to Sapior. Once the file has been pseudonymised and the fields formatted back into a usable form, the user is emailed and able to download. Costs are dependent on job complexity with 2 free jobs to help assess suitability. Java is required to use this service (see java.com).

The self-service pseudo is built upon the Sapior zero-breach-risk eTTP platform. As such Sapior manages all the user salts/keys and is never able to view a single byte of unencrypted data and is therefore unable to breach the privacy of that data. This means there is no need to enter into a data sharing agreement (under the DPA’98) prior to using the service.

Unlike competitive offerings Sapior’s cloud service manages all secret salts and keys. The user is never expected to manage keys in order to get secure or linkable data. Data de-identified with the same account will be linkable across different data sets. Take comfort that Sapior’s research and development prevents you from falling into the most serious security traps and improve your productivity with our unparalleled ease of use.

Your search for a secure data de-identification and linking service is over! Try it today by clicking here.

Sapior presents at Primary Health Info 2011

April 5th, 2011 by admin

05 April 2011 – Robert Navarro outlined a worry free way to share health data for commissioning or risk stratification.

The concept of a Trusted Third Party has been extended to address the privacy and legal concerns with exporting patient identifiable data from a health provider’s system, whilst still allowing for that data to be linked with other provider’s data.

The goal is to allow clinicians and commissioners to safely unlock the potential within a patient’s treatment profile that is naturally fragmented across specialist health providers (to the highest standards of information governance and lowest breach risks possible).

See Primary Health Info 2011 for conference details.

Primary care data users optimistic despite breaches: NHS Alliance Mind the Gap quiz results released

June 28th, 2010 by admin

27 October 2008 – At a time when reports of data breaches are regular occurrences and surveys on working practices point to an NHS data protection time bomb, NHS Alliance delegates ranked their organisations highly on upholding the Confidentiality policy with regard to using patient data for secondary purposes.

Sapior asked delegates at the recent NHS Alliance 2008 conference to score their organisations’ enforcement of the Confidentiality policy in terms of using de-identified patient data for commissioning, performance management, clinical audit and other secondary purposes.

Most respondents scored their organisations very well with over a quarter scoring 5 out of a possible 6. 36% of organisations scored in the middle of the spectrum (3 or 4 out of 6).

However, remarks from respondents indicated that many, including those in key management roles, were simply guessing on their organisations data privacy practices. “We must be here (5 of 6) because data privacy is important,” said one non-exec director.

Not surprisingly, there were also mixed responses from within organisations. One Chief Executive scored the PCT at an impressive 5 out of 6, whilst a Finance Manager from the same PCT scored it at 2, saying “Don’t tell my CE. We have a lot to do in this area.”

Whilst not an accurate measurement tool, the goal of the quiz was to encourage delegates to give mindspace to the high profile issue of data privacy and security. In particular, to the ongoing practice of using identifiable patient data for secondary purposes which conflicts with Confidentiality policy.

About the quiz

Respondents were asked to consider six areas where patient data is used for secondary purposes. (See below) Organisations were given credit for each secondary use area the respondent believed it was using de-identified patient data. For example, if an organisation was using any de-identified data for commissioning work and public health, the respondent could claim a score of 2 out of 6.

Clearly, scoring for the Mind the Gap quiz is very generous and not an accurate measurement. For example, an organisation using a single set of de-identified data for clinical audit would receive full credit for that area even if it was also using many identifiable data sets for other clinical audit work.

Notably, not a single delegate responded that it was “Not my responsibility”. Several were comfortable with guessing on their responses, although 15% said they didn’t know for sure whether de-identified data was being used or not.

Areas of Secondary use:

  • Checking quality of care (e.g. clinical audit)
  • Managing NHS spending (e.g. PbR, PBC, QMAS)
  • Managing health service (e.g. commissioning)
  • Investigating healthcare concerns/complaints
  • Protecting public health
  • Supporting research
Breakdown of Scoring
# of secondary use areas using de-identified patient data # of respondents Percentage*
Don’t know 6 15%
1 1 3%
2 3 8%
3 7 18%
4 7 18%
5 10 26%
6 5 13%
Mean score: 3.5
Median score: 4

*Total percentage greater than 100 due to rounding.

Latest From Blog

Oct 25

The Cameron government has re-opened the debate on how much of ou ... Read...

Aug 27

I've heard many times through many media the need for "balance" i ... Read...

Latest News

Safemerge v2 released

May 2013 - Building on Sapior's market lead in e ... Read...

Self service Pseudo service launched

March 2012 - Sapior has launched a self service ... Read...