Health Market Inquiry

Similar documents
NHS RESEARCH PASSPORT POLICY AND PROCEDURE

ARKANSAS HEALTHCARE TRANSPARENCY INITIATIVE: DATA SUBMISSION GUIDE & ONBOARDING FREQUENTLY ASKED QUESTIONS

Access to Medical Records Policy

GUIDELINES FOR COMPLETING THE CATHSSETA 2016/17 WINDOW 2 DISCRETIONARY GRANTS APPLICATION FORM

Sample Privacy Impact Assessment Report Project: Outsourcing clinical audit to an external company in St. Anywhere s hospital

Dividends Tax (DT) Presenters Chris Grovè and Brett Kotze

Standard Operating Procedure for Effective, Rule-based and Transparent Implementation of Mukhyamantri Jankalyan (Shiksha Protsahan) Yojana

GP Practice Data Export and Sharing Agreement

PATIENT IDENTIFICATION POLICY

Improving outdoor PE and sport facilities. Primary Spaces Roles and Responsibilities Tender and Installation Process

VMware AirWatch Guide for the Apple Device Enrollment Program (DEP) Using Apple's DEP to automatically enroll new devices with AirWatch MDM

Early Help MASH Desk. Business Processes and Procedures. Version 7_7. Date 28/08/2015 [IL0: UNCLASSIFIED] 1

Teacher Guide to the Florida Department of Education Roster Verification Tool

SystmOne COMMUNITY OPERATIONAL GUIDELINES

System Performance Measures:

VMware AirWatch Guide for the Apple Device Enrollment Program (DEP) Using Apple's DEP to automatically enroll new devices with AirWatch MDM

Safeguarding Children and Safer Recruitment Policy

Institute of Chartered Accountants of Jamaica (ICAJ)

Academic Research Fund (AcRF) Tier 2 Research

Data Entry onto the National Immunoglobulin Database

Document Title: Research Database Application (ReDA) Document Number: 043

National Cervical Screening Programme Policies and Standards. Section 2: Providing National Cervical Screening Programme Register Services

Booking Elective Trauma Surgery for Inpatients

Care UK GP Trainee Introduction July 2015

An túdarás um Ard-Oideachas Higher Education Authority. A Data Plan for Equity of Access to Higher Education. Invitation to Tender

Document Title: Research Database Application (ReDA) Document Number: 043

Standard Operational Procedure New Patient Referral Procedure

: ` 2500/- (All)/Management/Law/Social Work for Arts/ Fine Arts / Commerce /Science : ` 2000/- (All)/Management/Law/Social Work

LifeBridge Health HIPAA Policy 4. Uses of Protected Health Information for Research

Registering your business name

Surgical Appliance Walk-in patients

Document Title: File Notes. Document Number: 024

South African Nursing Council (Established under the Nursing Act, 2005)

CLINICAL PROTOCOL FOR THE IDENTIFICATION OF SERVICE USERS

Licentiate programme grant for teachers and preschool

Document Title: Version Control of Study Documents. Document Number: 023

Guide to Assessment and Rating for Regulatory Authorities

CSE255 Introduction to Databases - Fall 2007 Semester Project Overview and Phase I

Evaluation and Licensing Division, Pharmaceutical and Food Safety Bureau, Ministry of Health, Labour and Welfare

User Requirements Specification. Family Health Assessment. For. Version v.10. Prepared by BSO. December FHA URS v 10 MC

Registrations 2017/18

Document Title: Site Selection and Initiation for RFL Sponsored Studies Document Number: 026

Access to Health Records Procedure

The Care Act - Independent Advocacy Policy Guidance

Document Title: Recruiting Process. Document Number: 011

Bristol, North Somerset and South Gloucestershire. Connecting Care. Data Sharing Agreement

Youth Advocacy Grant Data Collection and Reporting Frequently Asked Questions

DY3 PP1 Contracting Webinar. Mount Sinai PPS (DSRIP) August 2017

temporary & contractor essentials new zealand

Ceridian Federal COBRA Continuation Services. Frequently Asked Questions (FAQ) BlueCross and BlueShield of Florida

ACCESS TO HEALTH RECORDS POLICY & PROCEDURE

Research Governance Framework 2 nd Edition, Medicine for Human Use (Clinical Trial) Regulations 2004

College Capital Investment Fund (CCIF) Submissions Guidance

NHS ENGLAND INVITATION TO TENDER STAGE TWO ITT NHS GENOMIC MEDICINE CENTRE SELECTION - WAVE 1

Study Management PP STANDARD OPERATING PROCEDURE FOR Safeguarding Protected Health Information

Safeguarding Adults Reviews Protocol

REQUEST FOR PROPOSAL FOR SECURITY CAMERA INSTALLATION: Stones River Baptist Church. 361 Sam Ridley Parkway East. Smyrna, Tennessee 37167

Trial Management: Trial Master Files and Investigator Site Files

Standard Operating Procedures (SOP) Research and Development Office

All submissions must be sent to Consult Australia no later than 5pm Friday, 4 May 2018.

Financial Aid System. FAM Pell Payment Year-to-Date Reconciliation

PATIENT ONLINE SAFE ACCESS TO ONLINE RECORDS CASE STUDY HOW TO IMPLEMENT DETAILED CODED RECORD ACCESS

Guide to registration for children s social care services

Dr. Babasaheb Ambedkar Marathwada University, Aurangabad

A Privacy Impact Assessment for the Individual Health Identifier (IHI)

Request for Proposals. For RFP # 2011-OOC-KDA-00

ResearchOne. Database System Summary. Page 1 of 20

Compliance with Personal Health Information Protection Act

AFRICAN CLIMATE CHANGE LEADERSHIP PROGRAM (AFRICLIP) 2017 APPLICATION Form details

On: 23 January 2012 Review Date: January 2015 Distribution: Essential Reading for: Information for:

Applicant Kit. Your tool for a fast and easy application (QCHP) Qatar Council for Healthcare Practitioners

Guidelines for Preparing Research Grant Applications within egms: Conference and Meetings Support

Client Handbook. Foundation Establishment

Policy Summary. Policy Title: Policy and Procedure for Clinical Coding

Author: Kelvin Grabham, Associate Director of Performance & Information


Regulatory Incident Management Policy

RETRIEVAL AND CRITICAL HEALTH INFORMATION SYSTEM

MACA APPLICANT FUNDING: POLICY AND GUIDELINES

Report of the Information & Privacy Commissioner/Ontario. Review of Cancer Care Ontario:

Clinical Coding Policy

Helpful links. Contact us : Find out more at our website:

GM CORPORATE GIVING ONLINE SUBMISSION GUIDE

Outpatients Referrals and Waiting Lists <OP2 / OP3>

Patient Advice and Liaison Service (PALS) policy

Pacific Innovation Collaborative Functional Requirements

National Diabetes Audit Implementation Guidance

Database for online accreditation process in Directorate for Accreditation of Kosovo (DAK-MIS) Abstract

SOP-QA-28 V2. Approver: Prof Maggie Cruickshank, R&D Director Approver: Prof Steve Heys, Head of School

CP-IS Implementation Forum

Regional Growth Fund Frequently Asked Questions

Standard Operating Procedures

College-Industry Innovation Fund Stream 1. Guidelines for completing a Notice of Intent and proposal

RETRIEVAL AND CRITICAL HEALTH INFORMATION SYSTEM

Georgia Lottery Corporation ("GLC") PROPOSAL. PROPOSAL SIGNATURE AND CERTIFICATION (Authorized representative must sign and return with proposal)

Research Passport Application Form Version 3 01/09/2012

Document Number: 006. Version: 1. Date ratified: Name of originator/author: Heidi Saunders, Senior Portfolio Coordinator

User Guide for submitting a Disability Access Fund (DAF) application

SOUTH CAROLINA DEPARTMENT OF TRANSPORTATION Office of Public Transit. Grants Management System (GMS) User Guide

Guidance Notes Applying for registration online

Transcription:

Health Market Inquiry Standard Operating Procedure (SOP) for Data De- Identification Page 1 of 6

1. PURPOSE & SCOPE The purpose of this Standard Operating Procedure (SOP) is to outline the preparatory and procedural steps to be followed in the de-identification of personal identifiers in respect of data submitted to the Health Market Inquiry (HMI), by stakeholders. The aim of the SOP is to advise stakeholders of the data collection process to ensure cooperation with the HMI. This document should be read with, and applied in accordance with, the DE- IDENTIFICATION OF PERSONAL DATA document published by the HMI on 1 June 2015 as well as related HMI policies. Parties who wish to consult the HMI with specific issues relating to this document may contact the Inquiry Director. 2. DATA DE-IDENTIFICATION PREPARATION STEPS 2.1. The format of the data required by the HMI will vary from stakeholder to stakeholder. Stakeholders are urged to kindly contact the HMI for the applicable Data File Specification Document (DFS). 2.2. The de-identification of data refers to the de-identification of address information, as well as personal identifiers such as name, surname, date of birth, identity numbers or any other data fields which could potentially be used to identify individuals. 2.3. All stakeholders will use the same de-identification algorithm for both address data de-identification and personal identifiers de-identification to ensure consistency in the HMI de-identification process. 2.4. Please read the attached flow diagrams in conjunction with the following steps (contained in this SOP) in preparation of the de-identification process. (Appendix A illustrates the end-to-end data process. Appendix B provides detail of the de-identification process). 2.5. The data to be de-identified may either be submitted in full to the HMI, or separated into three parts for preparation; address data tables, personal identifier tables, and the claims/billing data tables. 2.6. Where stakeholders require the HMI to perform de-identification on their entire data sets, the HMI will proceed by completing the protocol as set out in Step 4 of this SOP. 2.7. In instances where the data is separated by the stakeholder for de-identification, the following steps must be followed: 2.7.1. Address data must be supplied to the HMI in order for the HMI to de-identify it. The HMI will then return the address data together with Enumerator Area Codes (EA Codes) to the stakeholder. The stakeholder will insert the appropriate reference codes as per the DFS, remove the identified address data, and submit the de-identified address data table to the HMI. In this regard case the HMI may engage with the stakeholder to clarify address data issues, should any exist. 2.7.2. Personal Identifiers can either be de-identified by the stakeholder directly on the HMI de-identification server, whereby the stakeholder will split the Output file from the Input file and add applicable reference codes to the Output file as per DFS. This Output file will be submitted to the HMI. The HMI will provide stakeholders with individual usernames, passwords and a server address to proceed with this step. 2.7.3. In instances where the stakeholder elects to de-identify personal identifiers at the designated premises of the HMI service provider, the protocol in Step 4 of this SOP will be followed. 2.7.4. Claims/billing data is to be supplied to the HMI containing applicable reference codes, as per DFS. 2.7.5. It is the responsibility of the stakeholder to ensure that referential integrity is maintained within all datasets as per DFS. 2.8. Should the stakeholder be aware of potential data issues, concerns or inconsistencies that might occur in the datasets, then the stakeholder is required to furnish the HMI with written details regarding such issues, concerns or inconsistencies, as well as possible resolutions for these matters during data submission. 3. OUTCOME OF THE DATA PREPARATION STEPS 3.1. Stakeholders requiring an explanation of the de-identification process may engage directly with the HMI. 3.2. Should a stakeholder require data encryption during the de-identification process, it may do so by employing the HMI s encryption algorithm. In such case: Page 2 of 6

3.2.1. The HMI will provide stakeholders with individual usernames, passwords and a server address to proceed with this action. 3.2.2. The Stakeholder will create a unique key for the data encryption process. 3.2.3. Output de-identified data files will be encrypted using the encryption process and encryption key. 3.2.4. The HMI will receive the encryption key from the stakeholder representative once encryption of data files is completed. 4. DATA DE-IDENTIFICATION PROTOCOL The de-identification protocol (Step 4) applies to the all three de-identification options: (1) de-identification by the designated HMI service provider; (2) self-service via the secure HMI server connection or; (3) on-site at the HMI service provider s premises. 4.1. The stakeholder and the HMI will use the Sign-off Document to record all steps followed in the deidentification process for record purposes. 4.2. De-identification takes place at the agreed time and place and utilises the HMI s de-identification server. The de-identification server contains the following applications and data: a) batch geo-coder, b) hashing application for personal de-identification purposes, c) geo-address de-id application, d) encryption application, e) data validation tool, f) MD5 Checksum Tool, g) census data and h) South African National address dictionary. 4.3. The status of the de-identification server must be checked to ensure that it is in an appropriate condition before loading of data commences. 4.4. The HMI loads the provided datasets to compare against the Data Quality Management Protocol (DQMP) and verifies adherence to the provided measurements. If the data quality checks fail, the data issues will be discussed with the HMI, and the stakeholder may thereafter be required to address any relevant data concerns and to re-submit the data. 4.5. After the stakeholder and HMI are satisfied with the data quality of the input file, the MD5 Checksum Tool is used to measure the INPUT file and the results are recorded on the Sign-Off Document. 4.6. The geo-coding step transforms the address data to the required GPS coordinates. 4.7. INPUT row lines and OUTPUT row lines are validated to ensure all records were processed. 4.8. The geo-address de-identification application transforms the GPS coordinates into an EA Code. 4.9. INPUT row lines and OUTPUT row lines are validated to ensure all records were processed during the address de-identification process. 4.10. The personal identifier data tables are de-identified by means of the JOAAT Soft Hashing algorithm. The OUTPUT file from this process includes the INPUT personal identifiers, as well as the OUTPUT deidentifiers. 4.11. The stakeholder and HMI validate that the line and header totals are consistent between the OUTPUT file and the original INPUT data file. 4.12. The HMI will conduct spot checks according to the DQMP on the INPUT/OUTPUT data file to ensure that correct de-identification has been achieved. 4.13. The INPUT data and the OUTPUT data are separated and the Stakeholder retains the INPUT data only. 4.14. The OUTPUT file is measured by the MD5 Checksum tool and the checksum is recorded on the Sign-Off Document. 4.15. The HMI receives the data files on the transfer file medium as supplied and marked by the stakeholder. 4.16. Both parties sign-off the received data file and transfer file medium. 4.17. All data created during the process is treated in accordance with the File Management Protocol. 4.18. The HMI finalises the Sign-Off Document. 4.19. The HMI receives the de-identified data and processes the receipt and data. 4.20. The HMI receives the de-identified data which processes and manages it as set out in Appendix A. 5. POST DATA QUERIES ON DE-IDENTIFIED DATA 5.1. The HMI will inform the Stakeholder if there are any queries relating to the submitted de-identified data. Page 3 of 6

5.2. If the stakeholder needs to relate its INPUT data to the OUTPUT data that is being queried; the stakeholder must arrange with the HMI for a data de-identification process. 5.3. This data de-identification process is performed in terms of this Sign-off Document. 5.4. The original Sign-off Document is used as control tool for the de-identification process to ensure all original recorded quality measurements correlate with new measurements taken during this process. 5.5. The HMI confirms that the provided INPUT data files are the same INPUT files as used in the original de-identification process. This is done by comparing file checksums with the MD5 Checksum tool against original measurements in the original Sign-Off Document. 5.6. OUTPUT files are generated from the INPUT files according to the same protocol as in Step 4 of this document. 5.7. The Stakeholder uses the INPUT and OUTPUT data files to clarify HMI queries. 5.8. All data created during the process is treated in accordance with the File Management Protocol. 5.9. The original Sign-Off Document is updated to record this process. END OF DOCUMENT Page 4 of 6

APPENDIX A HMI DATA MANAGEMENT PROCESS FLOW Page 5 of 6

APPENDIX B DE-IDENTIFICATION PROCESS FLOW HMI request to submit data according to Data File Specification(DFS) Stakeholders can encrypt data in this process by means of the HMI encryption site with an AES256 algorithm and secret key. No Issue with submitting personal information to the HMI? Yes Claims data to be submitted immediately as it doesn t contain any personal information Stakeholder seperates data according to the file specification into three parts Claims Data with reference codes (3) Address Data table Personal Identifier Data File Submit data to the HMI Upload address data without reference codes to secure FTP site Self-Service How to de-id? With Assistance No Data loaded onto secure FTP site FTP loaded data Data file sizes to large to upload? Yes Arrange with HMI for delivery/ collection of data on File Transfer medium Received Data Loaded Address data Address clean-up and deidentification by HMI team Address data + Enumerator Codes Via secure connection on HMI De-ID Server Read Input Data into De-id tool on de-id server Stakeholder visits HMI designated service provider facility Input File and De- Id Output file Data Organised and checked Yes De-ID completed? Stakeholder download address data from FTP Site Input data with Personal identifiers (4) De-identification process including separating input and output data No De-ID address data (1) Stakeholder strips the EA code and combine with reference code according to the file specification De-ID address data (1) Separate Input file and Output file Input data with Personal identifiers (4) Add reference numbers according file specification to Output data Seal Input Data De-ID personal data (2) Stakeholder store Input data file for future reference Claims Data (3) De-ID personal data (2) DBS Systems Page 6 of 6

2024 © careersdocbox.com Privacy Policy | Terms of Service | Feedback