Security for platform users and data contributors


The HDPBC Data Access Framework outlines the requirements to access linked, multi-organizational health data through the HDPBC. The Framework is based upon existing provincial legislation and the internal Five Safes Privacy and Security Framework (known as the Five Safes).

Security and the HDPBC Data Access Request Process

Each incoming data access request is assessed according to the Five Safes criteria.  Depending on how the criteria are met, the data access request will be routed to the correct approval path. This may include a review by one or more data councils who have a mandate governing provincial health data in BC.  Once approved, users are required to use multi-factor authentication to access the HDPBC secure environment.

The 5 Safes
                               The Five Safes

People: “People” represents the person(s) responsible for the project.

Setting: This category refers to the environment in which the data will be provided to the data consumer. The HDPBC Desktop is the primary setting for HDPBC analysis and meets a set of defined security standards, including a STRA and PIA accepted by all involved parties. 

Output: “Output” describes the result of any research or analysis produced in the safe setting that will leave the authorized secure setting. All output is subject to human review to ensure it matches what has been approved for release.

Data: “Data”is defined as the data accessible using the HDP Desktop. The data provided in the setting will be de-identified following a process and standards approved by the HDP Operations Committee.   

For user data imports, two layers of encryption will be used for secure data transfer into the Desktop.

Project: This category contains definitions around which kinds of data analysis activities could be performed within HDPBC. Safe Projects relies on the premise that trusted and verified organizations will initiate safe projects that meet HDPBC criteria.