A mechanism has been established to facilitate secure and controlled access to CSO datasets for health research purposes, via the CSO Researcher Microdata Files (RMFs) process under Section 20(c) of The Statistics Act 1993 and utilising the existing governance safeguards in the research system. The Research Data Governance Board (RDGB) provides a central governance focus integrating all the necessary protocols and safeguards to ensure compliance and best practice under the Statistics Act, 1993 and the Data Protection Act 2018/Health Research Regulations 2018 within a single, collaborative, transparent process.
The CSO’s mandate is to provide trustworthy official statistics. For that purpose, CSO conducts several surveys, including Census of population, and collects vast amount of data from various government departments and organisations.
All the incoming data is processed, pseudonymised and stored securely within the CSO’s Administrative Data Centre, which is updated daily and governed by the CSO Data Management Policy to ensure maximum data privacy with robust data
protection measures.
The Health Research Data Centre provides a mechanism to facilitate the compilation of relevant data in a format that is controlled, accessible and usable for approved researchers. It provides access to individual level survey and administrative datasets for registered researchers to support statistical analyses via the CSO Researcher Microdata Files (RMF) process. RMFs will not leave the Health Research Data Centre.
Access by the CSO to the sensitive confidential health data is underpinned by the written permission of the Minister for Health and provided for under Section 30 of the Statistics Act 1993 - ‘Use of Records of Public Authorities for Statistical Purposes’. The collaboration between the CSO, Health Service Executive (HSE) and Department of Health (DoH) is enabled by Section 11 of the Statistics Act, 1993 which provides for the 'Cooperation and Liaison with other Public Authorities and Persons'.
The processing of all personal data as contained in the Health RDC Data Flows by RMF researchers must be compliant with the Health Research Regulations (Data Protection Act 2018 (Section 36 (2) Health Research Regulations 2018 018). Such processing is permitted under Article 6.1.e, Article 9.2.i and j of the General Data Protection Regulation (GDPR). Processing of personal health data as contained in the Health RDC Data Flows is also permitted under Sections 38.1.a, 42.1.c, 53 and 54.c of the Data Protection Act 2018. Data access is restricted to approved researchers who are appointed as Officers of Statistics under Section 20(c) of the Statistics Act, 1993.
As explicit consent is not the legal basis for processing RMFs for health research but is a mandatory safeguard under the Health Research Regulations, all RMF researchers must apply to the Health Research Consent Declaration Committee (HRCDC) for a consent declaration.
A consent declaration shall only be made by the HRCDC when it is satisfied all data protection safeguards and technical and organisational measures have been met, and the public interest in carrying out the health research significantly outweighs the public interest in requiring the explicit consent of the individual who owns the personal data.
All health research involving patients and the public must also be governed according to prevailing international best practice and ethical principles.
Further reading:
Statistics Act, 1993
Data Protection Act 2018
Health Research Regulation
Preserving the privacy, confidentiality and data protection rights of individuals is to the fore of this initiative and warrants a robust application process. Key to this is the Research Data Governance Board (RDGB), a specially established safeguard that will:
Following CSO approval to access data, researchers will be subject to robust protocols and safeguards implemented by the CSO in line with its Data Management Policy. The researcher will be required to sign a Declaration of Secrecy and will then be appointed an Officers of Statistics for the purpose of their research project.
In the Health RDC, all variables can be considered to be personal data as they are attributes of individuals or attached to individuals.
The pseudonymisation process involves removing personal data such as patient's name, address, date of birth and contact details. All direct identifiers are removed from variables and are replaced with a Protected Identifier Key (PIK) to allow safe linkage across data sources and over time. PIKs use either a randomised lookup table or a salt and hash technique where access to key parts of the pseudonymisation process is closely guarded.
The provision for researcher access to the CSO Health Research Data Centre follows extensive consultation between the Central Statistics Office (CSO), the Health Research Board (HRB) and the Department of Health (DoH). No directly identifiable data relating to individuals will be made available to researchers, and no identifiable data will be made available to any stakeholders or other persons by the project team.
Note – currently available data can be found on RMF register which will be updated regularly. However, if you are interested in any other data that is not on that list, please email HealthRDC@cso.ie
Once in receipt of the data, the CSO converts the identifier numbers in each dataset to a Protected Identifier Key (PIK). The PIK is a unique and non-identifiable number which is internal to the CSO. Using the PIK enables the CSO to link and analyse data for statistical purposes, while protecting the security and confidentiality of the individual data.
Internally, in CSO, the data is stored in the source tier of the CSO Administrative Data Centre (ADC). From there, the data is made available to researchers by the Researcher Coordination Unit (RCU) via the Researcher Data Portal (RDP). Only designated Officers of Statistics can access the RMFs.