📊
Data Governance Playbook
  • Health data governance: a playbook for non-technical leaders
    • Why data governance is important in healthcare
    • Who is this playbook for?
    • How to use this playbook
    • Other related resources
  • Index
  • Play one: Implementing data governance in healthcare
    • The value of data governance for data-informed healthcare projects
    • How to implement a data governance framework for a healthcare organisation or project
      • 1. Data assets
      • 2. People
      • 3. Policies and processes
      • 4. Standards and technologies
    • Resources relating to this play
  • Play two: Understanding and mapping health data ecosystems
    • Data ecosystems in healthcare
    • Data governance and trustworthy data ecosystems
    • Mapping the data ecosystem
      • Use case 1: Mapping the ecosystem of a Covid-19 symptom tracker in the UK
      • Use case 2: Identifying current stakeholders to reduce snakebite mortality and morbidity in India
    • Resources related to this play
  • Play three: Roles and responsibilities in health data governance
    • Roles involved in health data governance
      • Senior data leader
      • Health system leader
      • Policy leader
      • Health project partner
      • Governmental body
      • Senior executive leader
    • How to enlist support from stakeholders
    • Resources relating to this play
  • Play four: Making data interoperable
    • What is interoperability and how is it relevant to healthcare?
    • Standards for data and interoperability
    • Existing standards for data
    • Data adaptors
    • When to use an adaptor
    • Resources relating to this play
  • Play five: Demonstrating the value of health data governance: case studies
    • Primary care data use: MedMij platform
    • Using research data: INSIGHT Health Data Research Hub
    • Using healthcare data for other purposes: Infectious Diseases Data Observatory
  • Play six: Emerging uses of data and technology in the health sector
    • Emerging uses of health data
    • Emerging technologies to support health data management
    • Resources relating to this play
  • Play seven: Assessing the legal, regulatory and policy context for sharing health data
    • Data protection laws and policies
    • Intellectual property
    • Other regulations and laws impacting use of health data
    • Socio-cultural norms
    • Resources relating to this play
  • Play eight: Managing risks when handling personal data
    • Managing personal data responsibly and ethically in healthcare projects
    • What is personal data?
    • Data protection regulations
    • Recognising personal data in healthcare projects
    • Impacts from use of healthcare data
    • Minimising risk - practical approaches
    • Appendix: Risks from personal data exposure and how harms can be mitigated
  • Play nine: How to set up successful data sharing partnerships
    • Understanding how data sharing occurs in the health sector
    • A step-by-step guide to setting up successful data sharing partnerships
      • Step 1. Understand the purpose of sharing data, and with whom
      • Step 2. Define the principles that will guide how data is shared
      • Step 3. Build and maintain relationships with your data sharing partners
    • Appendix: International frameworks for data sharing principles
    • Resources relating to this play
  • Play ten: Sharing health data: data agreements and technologies
    • Common types of data sharing agreements
    • How to choose the best method of sharing data
      • Step 1: Decide how widely you need or want to share data
      • Step 2: Decide on the type of agreement required for sharing data
      • Step 3. Consider how technology can facilitate data sharing and access
    • Appendix: Choosing technology to support data sharing and access
    • Resources relating to this play
  • Play eleven: Cross-border data sharing
    • What is cross-border data sharing?
    • Current trends and global discussions on cross-border data sharing
    • Overcoming challenges with cross-border data sharing
  • How to support trustworthy data sharing: Checklist
  • Slides to communicate the benefits of data governance to key health stakeholders
Powered by GitBook
On this page
  • When to choose a data sharing agreement
  • What to include in a data sharing agreement
  • When to choose a data licence

Was this helpful?

  1. Play ten: Sharing health data: data agreements and technologies
  2. How to choose the best method of sharing data

Step 2: Decide on the type of agreement required for sharing data

There are different types of agreements for different data sharing scenarios.

When to choose a data sharing agreement

In the health sector, there are some common scenarios in which setting up a data sharing agreement is required:

  1. When sharing sensitive or personal data. When data is sensitive or can identify individuals, a data sharing agreement can ensure people or communities are protected from harmful impacts through specific clauses that set out requirements for how the data can be accessed, used, shared and deleted. See Box 1 for an example of sharing data in this way.

  2. When sharing data for research. Researchers often access, use and share data from a variety of public and private sources via secure platforms, for example electronic health records databases. See Box 2 for an example of sharing data in this way.

  3. When sharing data with alliances or professional networks. A data sharing agreement can help members to be clear on their rights and limitations to accessing, using and sharing data. For example, primary care providers often work together in a network or alliance model to provide continuity of care for individuals. See Box 3 for an example of sharing data in this way.

What to include in a data sharing agreement

A data sharing agreement should be clear about what, when and how data will be supplied, what it can be used for, and who is responsible for maintaining it.

Contracts can be drawn up each time, or be adapted from a template.

A data sharing agreement should include:

  • The context – the reasons for sharing data and the parties involved.

  • The data – a description of the data itself.

  • Sharing – how the data is going to be shared between different parties, where the data can be accessed or transferred, identification of any potential cross-border issues that could affect access (such as geographic location) where the data will be stored, which party is responsible for hosting the data, and the duration the data will be shared for.

  • Use – what the data can be used for.

  • Derived data – who has rights to products that might be produced that incorporate data that has been shared.

  • Personal data – specific clauses that set out how personal data will be stored, transferred and any limitations in use of personal data. Any clauses should be compliant with the relevant data protection legislation.

Box 1: Sharing personal or sensitive data

Vodafone Ghana, Flowminder and Office of National Statistics

Vodafone Ghana agreed to share data on movements of local populations, gathered from mobile phones, in order to allow non-profit organisation Flowminder to analyse and map data for the Ghana Statistics Service.

Originally, a non-binding agreement was planned by the parties involved, but the national data privacy regulator requested that a formal agreement be put in place to address risks and avoid harmful impacts. This case study describes the conditions and clauses that made up the agreement and the health impact that has been generated from sharing data. As this was the first of its kind for this type of data, it took 13 months for all parties to formalise the agreement.

Key terms of the agreement include how to anonymise the data, the specific uses of data permitted, and clauses to confirm that all parties will delete any copies of the data they make at the completion of the project.

Box 2: Sharing data for research

Denmark's research service platform and ongoing data use agreement

The Danish Health Data Authority, a government agency, oversees the availability of healthcare data for research purposes. Research institutions can enter into an ongoing agreement and request access to personal healthcare data, one task at a time, for analysis.

In these cases, research institutions are granted log in to a secure software platform that enables them to analyse data for their research. The data is pseudonymised and remains on the software platform to prevent risks of re-identification or use beyond the terms agreed by patients when sharing their data. Under Denmark's data privacy regulations, health data may be used for secondary use research purposes.

The data sharing agreement specifies that research institutions must be based in Denmark and meet regulatory and ethical requirements. In addition to the ongoing agreement, an individual application for each research use case must be submitted.

Box 3: Sharing data with alliances or professional networks

Penistone Locality Primary Care Network

This data sharing agreement covers all members of the Penistone primary care network in the UK.

It includes clauses that establish how data can be shared for delivery of primary care for patients who may be accessing multiple providers during their healthcare journey. It outlines the conditions where aggregated data may be used, sets out the regulatory context under which data sharing may occur, and stipulates the duration that shared data can be held by each member of the network, and the processes for reporting security incidents.

When to choose a data licence

When data is non-sensitive or there is no risk of identifying individuals (for example aggregated data about the health of a population), the data may be suitable for sharing more widely, or even publishing online. In this scenario, a data licence can help users to understand their rights to access, use and share data in the form of standard conditions. See Box 4 for an example of sharing data in this way.

An open licence is one that places very few restrictions on what anyone can do with the content or data that is being licensed. You can choose to make your content or data available under one of three levels of licence:

  • A public domain licence which has no restrictions (technically, you waive your rights to the content or data).

  • An attribution licence that says that reusers must give attribution to you.

  • An attribution and share-alike licence which says that reusers must give attribution and share any derived content or data under the same licence.

A good licence must be clear on three aspects:

  • What the user can do.

  • What the user must do.

  • What the user cannot do.

There are a number of templates available with standard terms included, for example:

  • Creative Commons – templates and standard wording for open and non open licences for creative content and data.

  • Open Data Commons – templates and standard wording for open database licences

  • Also see further examples of standard licenses.

Box 4: Sharing data through a data licence

FAIRsharing.org

The non-profit FAIRsharing data platform and repository publishes data standards, data policies and datasets across a range of domains, including health sciences. Data is made available under the FAIR Framework principles. Data publishers can share their data on the platform. Except where data publishers have noted otherwise, content on the site is licensed under an open licence (Creative Commons Attribution and Share-alike (CC-BY-SA) International 4.0), which requires users to give attribution and share any derived content or data under the same licence.

PreviousStep 1: Decide how widely you need or want to share dataNextStep 3. Consider how technology can facilitate data sharing and access

Last updated 3 years ago

Was this helpful?