Secure Anonymised Information Linkage (SAIL)

Data Sharing Agreement

Between

Secure Anonymised Information Linkage (SAIL)

And

“DATA PROVIDER”

1.Introduction

SAIL is an initiative developed by Swansea University MedicalSchool and it receives core funding from Health and Care Research Wales (HCRW) of the Welsh Government. The main aim of SAIL is to realise the potential of electronically held, person based, routinelycollected, anonymised information. SAIL works collaboratively with researchers, service professionals and industry to conduct and support research and to improve service delivery.

Many organisations provide an anonymised version of the datasets to the SAIL databank. There are many benefits to be gained from the secure re-use of routinely-collected data, and providing data to SAIL represents an investment for the future, because the increasing collections of data can be used to conduct health-related longitudinal research and evaluations. Data providers are able to use the secure SAIL environment to access their data in conjunction with other SAIL datasets to add breadth to the existing knowledge base.

The objective of this Agreement is to set out the framework that SAIL and Swansea University agree in respect of the supply of information from [……..] name of data provider and the processing of that information in the Secure Anonymised Information Linkage Databank (SAIL)

2.Purpose of the agreement

Partner organisation details

This agreement is between the above named organisation and SAIL to facilitate the provision of data from […….]name of data provider to SAIL for the following purpose:

The dataprovided are required to link into the SAIL (Secure Anonymised Information Linkage) Databank for research purposes. The data are required to form a better picture of the health, lifestyles and circumstances of people in Wales, that is, for the benefit of the public.

3.Scope

For the purposes of this agreement the following information will be shared.

Insert list of datasetsto be providedand basis – core, restricted, project specific?

Datasets held within SAIL are classified as either ‘core’ or ‘restricted’ according to the nature of the data they contain. If a request is made to access a restricted dataset the data provider shall be consulted prior to any Information Governance Review Panel (IGRP) decision on access being taken. Core datasets shall be approved for access via the standard SAIL IGRP process. SAIL reserves the right to deny access to restricted datasets at its discretion.

Appendix 1 to this Agreement details the data fields and transportation methods used to pass data between the partner organisations for each of the data flows detailed below for the period specified under clause [….] of appendix 1.

[…detail the data flow….]

The data supplied shall be used by SAIL for appropriate purposes only. These purposes are to assist with and inform research process and projects which are duly approved by the independent IGRP. The data provided may be used alone or in association with other datasets and information already contained within the SAIL Databankor which may be introduced to the SAIL Databank during the time that data from [……]name of data provideris within SAIL. The data will not be used for any other purposes than those specified unless the data provider expressly states otherwise.The processing and outcomes of the research shall be managed in accordance with existing SAIL policies and procedures including, but not exclusively, the following:

[Detail the SAIL policies that are relevant]

[…..data provider name…] shall collect and hold the data sets that it shall provide to SAIL in accordance with its standard operating procedure and makes no warranty as to the accuracy of its information. It shall however act with reasonable skill and care when collating the information and shall notify SAIL as soon as possible if any inaccuracies become apparent within the data set that could cause research results to become compromised.

4.Process

All data received and held by SAIL are securely anonymised and further measures such as encryption and masking are employedso that individuals cannot be identified. The commonly recognised individual identifiers in the dataset are removed and replaced with a unique, non-identifiable data item, an Anonymous Linking Field (ALF), so that data linkage can take place at the individual record level without SAIL having access to any identifiable information. This is accomplished through a reliable pseudonymisation service at NHS Wales Informatics Service (NWIS), which then provides anonymised datasets to a secure anonymised data repository at SAIL via robust data transfer mechanisms. The data processes that have been implemented retain the facility to link the data, from the various data-providing organisations (DPOs), at the anonymised individual record level so that they are useful for research studies and service development initiatives, without compromising individual privacy.

Data acquisition and management are overseen by the SAIL Data Management Committee in accordance with the SAIL Data Management Policy.

Data entering SAIL arecompletely anonymised and no organisation holds the identifiable dataset except the original data provider. Furthermore, neither SAIL nor NWIS is able to reidentify data due to double encryption of the ALF. Therefore the provisions of the Data Protection Act 1998 are non-applicable in accordance with the Information Commissioner’s ‘Anonymisation Managing Data Protection Risk Code of Practice’.

5.Consent

Personal and sensitive personal data as defined under the Data Protection Act 1998 (DPA) are not held in SAIL and its purpose limitation rules do not apply. All data are de-identified, and thus individual consent is not required[1]. The standard operating model of SAIL is to provide data access to bone fide researchers within the SAIL Gateway: a safe haven. Research outputs are scrutinised before they can be exported from the system, and row-level data are not released unless all the relevant regulatory and governance approvals, including informed consent if required, have been obtained.

6.Legislative Context

The Parties shall comply with their respective obligations under the Data Protection Act 1998 and all other related information law provisions where applicable, including the common law duty of confidence and the Human Rights Act 1998, together with any applicable regulations and codes of practice. Neither Party will do anything that causes the other Party to fail to comply with its obligations under the DPA and nothing in this Agreement shall be deemed to prevent any Party from taking the steps it reasonably deems to be necessary to comply with the Act.

It is the responsibility of each Party to ensure that their data sharing transactions are undertaken legally and fairly and that they comply with their own legal dutiesand the legislation detailed above.

7.Roles and Responsibilities

It is the responsibility of each party sharing information and accessing and using the information that has been shared to take appropriate decisions, then hold the information securely, in accordance with the standards set out in this agreement. Further that information shall only be used for research or statistical purposes and is not to be disseminated or published in any way that may reveal private or confidential information relating to identifiable individuals.

Only appropriate and properly authorised persons will have access to the information specified in this Agreement via recognised SAIL IGRP processes and procedures.

The data provider agrees to the following terms and conditions of sharing data with SAIL:

1. The data provider agrees to identify all routinely collected data sources owned by the data provider that have the potential to enrich the SAIL Databank.
2. The data controllers of each Party will work together to define the data items, contents and structure, that will be included in the data extract to be used within the SAIL system, the process will include full support from the SAIL team members.
3. The data specification will be authorised by the data provider’s data guardian.
4. All data extracts will be managedvia SAIL processes with guidance to the data provider from the SAIL technical team]. An initial one-off all-system historical extract will be performed, followed by establishment of data flows to take further update extracts at regular intervals in agreement with the data provider.
5. All proposals to use SAIL data are subject to review by an independent Information Governance Review Panel.
6. Certain datasets are deemed to be particularly sensitive and or difficult and are provided to SAIL on the understanding that joint agreement is reached for each analysis which utilises these data. This includes agreement of the suitability of the research topic, meaning and interpretation of the data and publication methods.
7. SAIL will ensure that all copies and backups of the information are managed securely and subject to the same standards as systems holding the live information with access restricted to approved individuals. The restrictions on access to data do not apply in a situation in which we are legally obliged to disclose the information by law (for example the Freedom of Information Act 2000) or by an order of a court or tribunal
8. SAIL will take all reasonable steps to ensure the confidentiality and security of the information that is provided to it by the Data Provider.

9. Loss and Unauthorised Release

In the event of any loss or unauthorised release of information covered by this Agreement the other party shall be informed by the party causing the loss or release as soon as possible and no later than 24 hours after the event. Any loss or unauthorised release will need to be investigated jointly by both parties. Existing organisational incident reporting and investigation processes will be utilised.

10. Subject Access Requests and Requests for Information under the Freedom of Information Act 2000

Each party shall report to the other if it becomes aware that a request for information has been made under either the DPA or FOI. Although the data held within SAIL does not constitute personal information the parties shall cooperate to respond in a timely and appropriate manner to the request however the final decision on release rests with SAIL in respect of a request addressed to it.

8. Retention

The data will be held on the SAIL Databank for research purposes until such time that either

1. the data are no longer required for research purposes; or
2. the Data Provider requires SAIL to remove the data from the Databank.

9. Monitoring and Review

The Parties agree that the agreement will be reviewed annually, with the first

review in <insert month and year>, unless substantive revisions are required before this time.

SAIL will notify the Data Custodian/Caldicott Guardian each time a new dataset is to be transferred, so the Data Providing Organisation is aware of all activities under the active agreements.

10. Breaches

Breaches of security, confidentiality and other violations of this agreement must be reported in line with each partner organisation’s incident reporting procedure. In addition the Information Governance lead from the respective partner organisation must be informed of any such breaches.

11. Signatories

By signing this agreement, all signatories accept responsibility for its execution and agree to ensure that staff are trained so that requests for information and the process of sharing itself are sufficient to meet the purpose of this agreement.

Signed on behalf of Data Provider

Signature ______

Name printed in Full ______

Designation* ______

Date ______

* For NHS organisations the Data Custodian is the Caldicott Guardian

Signed on behalf of SAIL

Signature ______

Name printed in Full ______

Designation ______

Date ______

Please return the signed agreement to the SAIL Team

Mrs Cynthia McNerney

Information Governance Manager

SAIL Databank

Data Science Building (Second Floor)

Swansea University Medical School

Singleton Park

Swansea

SA2 8PP





SAIL Data Sharing Agreement - Version 2.0 (October 2017)Page 1