A conversation with eDRIS: Part 1

by | Feb 18, 2021

The Electronic Data Research and Innovation Service (eDRIS) is a small team within Public Health Scotland set up to facilitate access to administrative data for research. Sometime back in the beginning of 2020, I was invited along to talk to eDRIS about eCRUSADers at one of their Development Days. My main hope from the talk was to introduce eDRIS to the eCRUSADers platform and work out if we could come up with any ideas for improving the journey that researchers and eDRIS go through together, when applying to use and using administrative records in Scotland.

Based on the Researcher Experience posts on eCRUSADers at the time (and to this day), as well as personal and published evidence, a common theme is the lengthy wait for data access. As researchers (especially ECRs who are often on temporary research contracts), it is vital that we make the best use of the time from initial contact with eDRIS, right up until data access and beyond. To do this, we need to make sure that our interactions with eDRIS are productive and efficient for both parties. My belief is that if we are to identify any areas where this journey can be improved, both parties need to understand more about one-another’s work and roles in the process.

So, on the back of my presentation to eDRIS, we chatted about the prospect of beginning to create this understanding, by putting together a couple of blog posts in conversation with eDRIS.

In this first post, I am incredibly grateful to have Jules, one of eDRIS’s Research Coordinators (RC), to describe what a typical day looks like. Jules talks through his morning and afternoon, giving us an idea of some of the daily tasks he is involved in and providing an insight into the emails and requests he receives throughout the day.

For me (as a researcher who has worked with a number of RCs on different projects), this insight was very useful and as I read about Jules’s day I had lots of further questions to ask. Jules has kindly offered to answer those questions and these will be posted in Part 2- so stay tuned!

But first off, let’s hear from Jules on his account of a day in the life of an RC. Not quite sure what an RC’s role is? Have a quick read here.

A day in the life of a Research Coordinator

For statistical disclosure control purposes (SDC), the names used here are fictional but the events described are based loosely on real incidents.

Morning

Check for new emails, only 10 from last night, great, not bad for my 25 projects! Ok, first job, do we have any SDCs… Yes, two researchers on different projects have output requests, which one first? I think I’ll do Helen’s first, she usually has done a good job of explaining the outputs and making sure there are no disclosure risks. On top of that, she only has health data, so only one data controller requirements to worry about, result! So, lets log in to the safe haven…. now, what is my password? Oh yes, the access path has changed, I need a new password. Oh well, let’s get that password reset first, that might take up to an hour and means I can’t do the other SDC.

Ok, what’s next in the Inbox. Ahh, a ‘quick question’ from James, this should be easy. Nope, he wants to add a Census variable, so…let’s check the existing permissions… Just as well, the Health and Social Care Public Benefit and Privacy Panel (HSC PBPP) and Statistics Public Benefit and Privacy Panel (SPBPP) end date is in two weeks! So, I need to ask James to submit an amendment to add the new Census variable, as well as extend the study date, so that means an amendment to SPBPP and HSC PBPP, and maybe get him to contact the National Records of Scotland (NRS) data access team to discuss if it’s possible first? Yes, that would be best. So, I’ll just email James…

Ping!

Uh-oh email from HR, my own information governance (IG) training needs refreshed, perfect timing! That reminds me, does anyone on James application need their own IG training refreshed…. yep, James and two others are about to expire. Let’s see what the data controllers accept as valid IG training… So, Census accept Safe Researcher Training (SRT) as valid for five years, but HSC PBPP have this as three years… so it’s about to expire as far as HSC PBPP are concerned… I may just ask them to do the online Medical Research Council course (MRC), as that’s quicker, and we worry about the SRT in two years’ time… So, lets email James.

“Dear James, thank you for your request to add a Census variable. The first thing to do would be to discuss feasibility with NRS, I have added their contact details below. Let me know if you need any help with your approach to them. I also noticed that your project permissions are due to expire, and some of your colleagues named on the form have IG training that is also about to expire, but only as far as HSC PBPP are concerned. Each of these changes needs to be recorded in the permissions, so we need to submit amendments to both SPBPP and HSC PBPP for: adding a new variable, extending the study duration and updating IG training. I think the best way to do this is to submit amendments to the PBPP panels for the end date and updated training, then, after you have got the go-ahead from NRS to add the new variable, we can process another amendment to add the variable, as this will take longer. Please let me know if that makes sense?”

Ping!

“Dear Jules, I can’t access the safe haven, please can you help? Thanks, Bob”

Now, is the safe haven down? Nope… So where is the issue for Bob, he didn’t say…

“Dear Bob, sorry you are having problems accessing the safe haven. Please can you let me know at which stage you are having the problem? If you can access the safe haven page, are you receiving the 2FA PIN? If not…”

Ping!

“Dear Jules, please ignore my last email, I wasn’t on the VPN, my mistake! I am in now. While I am here, please can you release the tables in my study area? These are quite urgent, and I need them today.
Thanks,
Bob”

Ok, delete my email draft. Now, do I have my own password yet… Nope. Ok Bob will have to wait, next email. Now, John wants to know where we are with his data sharing agreement. Which project is that? Oh yes, here it is, so… the data sharing agreement was sent back to the Shire Commissioners for signing three weeks ago, good question, where is that? Nothing from them…. so, lets send an email chasing it

“Dear Phyllis, Hope you are well. We have had a researcher chasing…”

Ping! 

“…the data sharing agreement for 1234-5678. We returned to you for review and signature three weeks ago, please can you let me know when you will be able to get to it? Thanks, Jules”

Ok, lets email John

“Hi John, apologies for the delay, we sent to the Shire Commissioners three weeks ago for signing…”

Ping!

” and I have contacted them to ask for an update, I will let you know as soon as I hear from them. Thanks, Jules”

Ok, where was I? No safe haven access, so no SDCs for now… so, lets check the task list… Next job is an amendment to add a researcher to Siobhan’s HSC PBPP. So this is 1.5, great, under the proportionate governance rules issued by HSC-PBPP I can process these myself.
Lunch!

Afternoon

Ok, let’s get back to it…

Ping!

An email from HSC PBPP to researcher:

“Dear Prof. Urquhart,
The HSC PBPP panel have reviewed your application and have some further questions for you before your application can be properly considered. Please provide responses below the listed queries, and return to us within two weeks:
1) Please provide a clear data flow diagram
2) Please provide a Data Privacy Impact Assessment or evidence that one is not needed. Your data protection officer should be able to offer advice.
3) Please provide evidence of public involvement in the research design
4) Please ensure your lay proposal is clearer to those with no experience of research
5) Please ensure anyone named in 1.1 to 1.5 of the PBPP form have valid IG training, there is a list in the ‘Guidance for Applicants’ available from the PBPP website.
…”

Ah this is a shame, but at least chimes with the advice I gave to the Prof. that the panel would likely pick up on these issues if we didn’t address them before submitting the application. With tight funding cycle deadlines I can sympathise with the desire to get something submitted very quickly, sadly this often creates more work, now where’s that template response… send, done.

Now, has my new Safe Haven password turned up? Nope. Ok, next

“Dear Jules,
In order to avoid SDC, please can I share my safe haven screen with my collaborators? I would only need to do this using Zoom, and with a small number of colleagues, so nothing would leave the safe haven.
Thanks,
Gary”

Oh dear…

“Dear Gary,
Please do not do this!
Sharing the safe haven screen is not allowed in any circumstances, whether screen shots, screen sharing or in person. As a reminder, these terms are detailed in the user agreement you signed and are also on the statements you accept every time you log in to the safe haven. Any outputs from the safe haven must be assessed for disclosure, please complete the request form to help speed these assessments up.
Let me know if you have any questions.
Thanks,
Jules”

Ping!

“Dear Jules,
I submitted a draft PBPP to you a few weeks ago. I know the data flow is missing, but this is because I don’t yet know what data I need. I was hoping you could just submit it anyway, to get the ball rolling.
Thanks,
Rachael”

Ok… where’s that template…

“Dear XXXX,
Please note I have not submitted your incomplete PBPP; if I had, the panel would have returned to us asking where the missing sections were. It saves time if the required sections are completed, as indicated in the ‘Guidance for applicants’ available from the PBPP website. I believe I have already provided the minimum recommended changes for the PBPP to be able to consider your application.
In this case, if the panel do not know what confidential data you are asking for, they cannot assess the risks to the privacy of the individuals in the datasets, as they don’t know which individuals you are asking for data on.
Please let me know if you have any further questions.
Thanks,
Jules”

Ok, last thing, do I have my password?.. Yes!!! Now let’s finally look at Bobs urgent SDC then Helen’s.

Ping!

“Dear Safe Haven user,
We have experienced some network issues which means we need to shut down the Safe Haven for the rest of today. The Safe Haven will be unavailable from 1530 today until 1000 tomorrow morning. Please save any work and log off.
We apologise for any inconvenience caused by this unexpected outage.
Regards,
The Safe Haven.”

What time is it??? 1528….

“Dear Bob,
Unfortunately, the Safe Haven has experienced an unexpected error and I am unable to look at your SDC request today.
Please also note that, as you have Census data, we need NRS to carry out checks and clear the outputs before we can check and release. I know you asked for the outputs today, I am afraid this is not possible; however, we will aim to have the outputs checked within our three-day turnaround target.

Apologies for the delays,
Thanks,
Jules”

I’m going home…oh wait, I am home. (Please note we have flexible working, not all staff finish at 3:30 pm)

The role of an eDRIS Research Coordinator

The two main researcher-facing roles are RCs and Analysts.

The RC role is primarily project management. RCs are assigned a number of projects that they are then responsible for. The essence of the role is to enable access to administrative datasets for researchers, where that access is granted in line with confidentiality laws (e.g. GDPR, Data Protection Act). The RC is there to provide a service to researchers to enable high quality research. In practical terms, this requires the RC to make sure they are aware of current procedures (rather than knowing the jurisprudence around the common law of confidentiality!), so we can provide researchers with the best approach to meeting each data controller’s requirements within a legal framework. There are often multiple data controllers (even within a single organisation) and each data controller has their own requirements (this is why we sometimes ask researchers to provide the same information in slightly different ways). The sheer number of datasets, each with the quirks of their respective data controllers, requires a great breadth of knowledge of the administrative data landscape. As well as projects where data are provided as part of the service, there are numerous projects where the applicants need permissions only, to do all sorts of things, ranging from setting up clinical trials to changing the way health audits are carried out.

The Analyst role is distinct from the RC role and is primarily tasked with creating the extracts for the researchers, although there are often discussions with analysts at early stages to determine feasibility of the requests. The eDRIS analysts have in-depth knowledge of many of the common health data sets, so are a good source of information, for both researchers and eDRIS RCs.
For statistical disclosure control purposes (SDC), the names used here are fictional but the events described are based loosely on real incidents.