My name is Doctor Steve Pavis. I work for an organization called National Services Scotland, which is part of the health service in Scotland. I've worked there for the last 10 years and my role really is to provision data for researchers. Myself, and my team are located in the Farr Institute and there's 22 of us that are located here, and we work with researchers to help them understand health service data and some of the complexities, and to provision that for them to help them have the right data to answer the research questions. So, it's quite a complicated process. The data that we use has not been consented for research use and so because of that we have to be very careful about what we do. We must always make sure that the public are accepting of the use of their data. And because of that, there are some procedures that we go through to make sure that the research is being done is in the public interest. It's quite complicated with large datasets as I'm sure you'll be aware. So, the first thing that we do is we take off the obvious identifiers, so names, addresses, dates of birth, they're removed. Often that's not quite enough for people. So, if you're looking at somebody's health record, it might very well be that they have a unique health record, and should they be somebody like your neighbor, then it would be reasonably easy to identify them. If you knew something about them, and you had some other information you could perhaps identify the individual. So, we go a little bit further and we use things like Safe Havens and approved researches in order to control access to the data. So, Safe Haven is a place where data is stored, and the data can't travel from the Safe Haven. People can't take it out and we check the outputs from it are non-disclosive, and that they don't identify individuals. So, often people want records across people's life course, and whenever people come into contact with the health service, there's a record obviously. But they're held in different systems, they're not held in one system even though you might feel as a patient, that they should be, they aren't. So what we do is we start with the research question then we work out what datasets are required, where they're held, and then from there we bring together the minimum amount of data to answer that question. So, we try not to give additional data that's not required but we do try to give the correct data that people need. So, National Services Scotland has over 400 different datasets that it keeps there. But there's also records held within the health boards separately and within general practices as well. Okay. So, they're spread around. National Services Scotland has a lot of the main datasets. So, we can link those quite carefully, quite easily. But there are also, as I say data and health boards, we would have to go to the health boards and ask for permission. And, there's a committee called The Public Benefit and Privacy panel, and it's their role to assess whether research is in the public interest and to give that permission. That one committee covers all of the health boards in Scotland and National Services Scotland but it doesn't cover the general practitioners. So for them, we have to approach them individually in order to get the data. Most of the uses of data, at the moment, is statistical uses of data. Most people that come to us, they're Epidemiologist, they're Statisticians, they're doing that kind of use of data. We've seen far less use of data by computer scientists so far, and there's some coming along, there's some people that are interested in using imaging data. And so, we have a study on the go at the moment which is trying to look at different kinds of cancers that are involved in the lung, and trying to identify those through use of the images. So, and that's using more of a big data computer science approach rather than statistical approach, but traditionally it's statistics. So, there's really, really big challenges that are out there are that the data is not consented. So, that brings with it some challenges, you have to comply with the law. There are three parts of the law that we must comply with. There is the Common Law of Confidentiality, there's The Data Protection Act and then there's the remit of the institution that holds the data and what it's allowed to do or not to do. So the first thing is, you must comply with the law. The second thing is that we must also keep the public on board. It would be a disaster for the health service if people withdrew their data, we wouldn't be out to manage the health service, we wouldn't know how many doctors we needed, how many nurses we needed. So, that's the primary use of these data. So we have to sell it to the public that research is in their interests, and that's quite a trick. So, and then you got the technical challenges of where the data is and drawing them together. So, it's managing those tensions between the law, public acceptability, and what researchers want to do and getting an equitable balance for each of those constituents, that's the major challenges that we deal with. There have been some improvements, so when I first started each of the health board and NSS, all had their own processes for getting access to data. Now, we have a single public benefit and privacy panel for Scotland which is a great step for one application, and you have your permissions. But at the same time, we've also seen the rise of privacy lobby in England there have been some unfortunate episodes with care dot data where the public really were not happy with that use of data. They weren't informed correctly about how it was being used and the safeguards and that has lead to some more difficult situations in terms of using data. People being more risk averse and worrying more. So, we're making progress in some areas and other areas, it's more difficult. Technically, of course, things are advancing all the time, there's more and more data, we need bigger and bigger servers to service that, and so, there's a technical challenge as well. We've actually outsourced the technical side of it so Edinburgh Parallel Computing Centre has taking that on for us, so we work with the academics in that area to provide solutions to that. They are in a data processor role, so they can't do anything with the data that we don't give permission, so the health service remains the data controller. But in terms of how is it best to manage the data, or manipulate it and the services that are required, that's not the health service's strength, that's more of a University area, so we work in partnership around those areas. If a researcher wants to use data that comes from several different countries, there are different challenges. There are different legal systems in place which we need to deal with, although the Data Protection Act is an act in this country but it wasn't a directive, so it's interpreted differently in a different country. We currently have a project underway to look at, can we get a European Safe Haven working? Our intention is not to bring data together in one place but rather to let researchers have access to the data being held in the partner countries that are taking place. So, that of course then leads you to the situation in the data aren't held or recorded in the same way, and so you need to get into transposing data and making data more equivalent across the country, so we're working on it. It's more challenging once you step outside of Europe, at the moment, we don't have data going to the U.S., they have the Patriots Act over there and there are concerns about government access to data, in particularly sensitive data like health records, we wouldn't want see that happen, so at the moment, we aren't working with U.S. researchers. I think if I was going to change one thing to make it better it would be, better information to the public. The public need to know the ways in which their data are being used. And I believe, if they really understood some of the advances we can make in, particularly in healthcare, then they would sign up to that. At the moment, the information going to them isn't strong, and they worry, and they believe people will see their individual health records and they worry that insurance companies and banks, and things will see their health records, that isn't the case. As far as I'm concerned, it will never be the case, but they worry. And so, better information to public I think is the one thing that we could do that would really improve things.
