The HDPBC Data Access Framework describes the data access requirements to access multi-organizational healthcare data through the Health Data Platform BC.
On this page
HDPBC Data Access Framework
The HDPBC Data Access Framework is based upon existing legislation and a conceptual framework that was endorsed in 2018; this conceptual framework outlined the use of the International Five Safes Privacy and Security Framework (the Five Safes) in combination with three approval paths. The HDPBC Data Access Framework is intended to bring consistency to data access process and enhance transparency with the aim to enable safe and faster access to data to support research and analysis.
A Data Access Working Group, comprising representatives from all Health Authorities and BC Ministry of Health, defined and established the data access standards for HDPBC. The work group focused on the data access categories and recommended criteria to satisfy a defined approval path.
Three Approval Paths
The application of the Five Safes in relation to the three approval paths form the basis of the HDPBC Data Access Framework. Every data request is processed according to one of the approval paths.
The Pre-Approved path requires all the criteria to be met for all 5 categories (People, Project, Data, Setting, and Output).
The Delegated and Council Review approval paths are applicable when one or more of the categories are NOT met, in which case additional assessment and consultation is required.
The Five Safes Criteria
This section presents the Five Safes categories defined for HDPBC Data Access Framework. Each incoming data access request is assessed according to these criteria:
The category of “people” represents the person responsible for the project and their role relevant for the request. It is possible to have multiple roles assigned to one single person, therefore, it is important to clarify the role of the person who is making the request.
| People Category | Definition |
|---|---|
| HA or MoH employees (Employee) |
Person as per the FOIPPA definition of employee which includes – contracted service provider, medical practitioners, students and volunteers. |
|
Academic Researchers (Researcher) |
Person who has an academic affiliation with a Canadian post-secondary institution. |
| Other |
Person who is not an Employee or Researcher; any person not meeting the definitions above. |
Some additional requirements may also be required from people accessing the HDPBC system. These additional requirements could for example, confirm achievement of specific data related skills and trainings before accessing data.
The category of projects contains definitions around which kinds of data analysis activities could be performed within HDPBC. Safe Projects relies on the premise that trusted and verified organizations will initiate safe projects.
| Sub-Category | Definition |
|---|---|
| Organization |
Project contributes to filling the HA/MoH’s mandated work and has been approved by designated person in the organization. Approval means confirmation that the person is an Employee and means the proposed work is of priority interest to the organization. |
| Publicly Funded Research |
Project has been REB approved from a recognized ethics board and is only receiving public funding. |
| Other |
Project not supported by organization; project without REB approval; and/or project not meeting the definitions listed above. |
NOTE: Health authorities as well as the Ministry of Health will have to establish an internal process to approve projects, as the organization is the only party that can verify that the data project is needed within the organization and that the persons using the data are recognized members of the organization.
Data are defined as the data that will be available in an approved HDPBC setting. The data provided in the setting will be de-identified following a process and standards approved by the HDPBC Operations Committee. The Data Contributor determines what data is eligible for pre-approval and any access requirements for not pre-approved data.
| Sub-Category | Definition |
|---|---|
| Pre-Approved Data |
As identified by the Data Contributor. Generally, this data would be:
|
| Not Pre-Approved Data |
As defined by Data Contributor, data that is not eligible for pre-approval. Data Contributor would identify the data access requirements. |
This category refers to the environment in which the Data will be provided to the data consumer. The data consumers will conduct their research/analysis within this environment.
| Sub-Category | Definition |
|---|---|
| HDPBC Secure Environment (SE) |
HDPBC environment meets a set of defined security standards, including:
|
| Other Authorized |
These environments are not governed under HDPBC and have demonstrated that they meet the HDPBC requirements. |
| Not Authorized |
These environments are not governed under HDPBC and have not demonstrated that they meet the HDPBC requirements. |
Output describes the result of any research or analysis produced in the safe setting that will be leave the authorized secure setting. Category output describes which identification grades can be requested for information leaving the system.
All output is subject to human review to ensure it matches what has been approved for release.
| Sub-Category | Definition |
|---|---|
| Non-Data |
Output which is considered as “non-data”, describes all types of output which do not directly quote, or use analyzed data. Such as policies, methods, scripts, metadata, or any other non-data related paper. |
| Data |
|
| Statistical Products |
Statistical products are, generally, information dissemination products that describe, estimate, forecast, or analyze the characteristics of groups, customarily without identifying the persons, organizations, or individual data observations that comprise such groups. |