Storyline: Data delivery

Owned by Health-RI
Aug 23, 2024
3 min read

DATE: 29-01-2024 STATUS: Under development

 

This storyline describes the process of a data holder to make the data available to the data user after an approved request.

With central analysis, the requested data is entered by the data holder

  • in a safe processing environment or

  • on a secure data exchange platform for use by one or more secure processing environments. This platform may be managed by a data broker.

With federated analysis, the requested data is made available on the data holder's federated data station.

Comments

  • We now use the concept of data release for this process. It would be better to use the term 'making data available', because the ecosystem prefers to keep data at the source. We still use the term data release to avoid confusion with the 'making data available' storyline.

  • The process description assumes one data set and one data provider. In practice, multiple data sets from one or more data providers can also be combined. In that case, each data provider involved goes through the process steps for each dataset offered.

Precondition

  • The data user has submitted a request for access to data and this request has been approved

  • The necessary contracts have been signed

  • The environment where the data must be made available is known.

Trigger

  1. The data request service instructs the data provider to make the requested data available in the desired secure processing environment.

Process model

  1. The secure processing environment supplier installs and configures the desired secure processing environment as requested by the data user in his request.

  2. The data provider compiles the requested dataset in a minimized form.

  3. The data provider consults the terms of use service to suppress data in the dataset for which appropriate consent is lacking (if necessary)

  4. The data provider carries out (if necessary) a pseudonymization (by means of the generic pseudonymization service) on the requested dataset.

  5. The data provider makes the data available for use through a secure processing environment (for the duration of the research as agreed in the data request or as determined by law).

  6. The central analysis processing environment gives the data user authorization to access the secure processing environment.

  7. The data provider reports to the localization service which data has been made available for the research

  8. The data provider notifies the data request service that the desired dataset has been made available, so that the status of the request can be updated.

  9. The data provider archives the data set in order to repeat the data release at a later time.

Postcondition

  • The requested data is available to the data user in the requested secure processing environment.

  • The data user is authorized to access the requested secure processing environment.

  • The dataset has been archived.

  • The issuance of the data is registered with the application.

image-20240423-141225.png
Process diagram “Data delivery” (draft)