Health-RI wiki v4.0 -> consultatie (open tot 03-12-2024)
Storyline: Grant access to data
- Health-RI
DATE: 13-11-2024 STATUS: FOR REVIEW
This storyline describes the process of a data holder to make the data available to the data user after an approved request.
With central analysis, the requested data is made available by the data holder to
a secure processing environment or
on a secure Data exchange platform for use by one or more secure processing environments. This platform may be managed by a data broker.
With federated analysis, the requested data is made available on the data holder's federated data station.
Comments
The process description assumes one data set and one data provider. In practice, multiple data sets from one or more data providers can also be combined. In that case, each data provider involved goes through the process steps for each dataset offered.
If multiple datasets from multiple data providers are combined, the role of the data broker becomes more important. This still needs to be further elaborated.
Precondition
The data user has submitted a request for access to data and this request has been approved
The necessary contracts have been signed
The environment on which the data must be made available is known.
Trigger
The data request service instructs the data provider to make the requested data available in the desired secure processing environment.
Process model
The secure processing environment supplier installs and configures the desired secure processing environment as requested by the data user in his request.
The data provider compiles the requested dataset in a minimized form.
The data provider consults the terms of use service to suppress data in the dataset for which appropriate consent is lacking (if necessary)
The data provider carries out (if necessary) a pseudonymization (by means of the generic pseudonymization service) on the requested dataset.
The data provider makes the data available for use through a secure processing environment (for the duration of the research as agreed in the data request or as determined by law).
The central analysis processing environment gives the data user authorization to access the secure processing environment.
The data provider reports to the localization service which data has been made available for the research
The data provider notifies the data request service that the desired dataset has been made available, so that the status of the request can be updated.
If necessary, data from different sources can be linked before being offered in the secure processing environment of the data user.
The data provider archives the data set in order to repeat the data release at a later time.
Postcondition
The requested data is available to the data user in the requested secure processing environment.
The data user is authorized to access the requested secure processing environment.
The issuance of the data is registered with the data access request.
The requested data has been imported into the secure processing environment from the data exchange platform
