OpenSAFELY is a secure, open-source platform for analysis of health records data
opensafely.orgCongratulations to a point. In the jurisdiction I worked on these problems inside government, the mandatory requirement was that the identity of each individual who accessed a personal health record was logged with the record they accessed. The systems caught some pretty egregious abuses and attempts over the years.
The controls on this system as described by OpenSafely are far superior to the ones in Canada I am aware of, which some researchers leveraged the pandemic crisis to push through as a means to squeeze the data toothpaste out of the tube before technologies like FHE and LLMs matured enough create a more complete screen over individual records. The scheme in Canada removed some hard controls that prevented abuse and replaced them with discretionary controls without clear liability for their failure, I thought.
I am very cautious about the benefits of this kind of data aggregation because the idea that researchers have altruism or respect for individual privacy is a myth. There is also the risk that it moves governance of personal health information repositories out of government and into academia where there is no AtoI/FOIA requirements, no background checks on the people accessing the health data and systems, no legally binding mandates for limitations on use, and no clear role definition of the responsibilities of custodians, agents, providers, and other formal roles.
That said, OpenSafely's public logs could be an unbelievably good control against this, and it shows a level of stewardship and respect for public trust that mirrors the principles and ideals privacy professionals who have spent their careers on these problems hold.
I'm used to building for hostile environments and for huge userbases who are at least 3% criminal, and the only thing those people understand is consequences. So cautiously, congratulations, but if this data gets used for digital identity, social credit, domestic passports, restrictions on movement, association and other basic freedoms, that is on you.
> "into academia where there is no AtoI/FOIA requirements"
As a general statement, this is incorrect: in the UK (where OpenSAFELY operates) Universities are considered "public authorities" under the Freedom of Information Act 2000, and people have a right to request access to information that they hold.
Also, the OpenSAFELY team are actually all honorary employees of NHS England as part of the Information Governance for the project. Thus AIUI we are beholden to their policies and obligations regarding FOIA.
And nearly everything except the patient data is public anyway!
Also, the actual data is held by the GP system suppliers, who have their own FOIA obligations.
"this data gets used for digital identity"
I'm interested in this point. While I get that an overreaching state could enable the other parts, is a digital identity really such a bad thing?
In the UK there is a Tax login, NHS login, Life event login, benefits login, passport login, driver's licence login, council login...
The organisations hold and share all the data anyway but the fear around a single password is confusing.
Nice Tuesday morning surprise to find your work on the front page of HN!
I am one of engineering team working on OpenSAFELY at the Bennett Institute.
Feel free to ask me any questions about the design or implementation of the system. We take patient privacy very seriously - it's something of a crusade for us!
Some more information
- all the researcher code is at https://github.com/opensafely
- all the platform code is at https://github.com/opensafely-core
- high level architecture overview talk by myself and my colleague Becky at PyCon UK '22 https://www.youtube.com/watch?v=L55mq5wi3Cc
EDIT: formatting
Nice! I've been out of healthcare for a couple years (although I'd like to go back) but I've worked for more than 10 years sending DICOM files back and forth, and doing some HL7 stuff.
A small question, as I'm a bit tight on schedule this week to watch your PyCon talk (although I'll watch it this weekend or next week):
How does this work to import/receive patient data? Does it get HL7 messages or "just" imports raw databases?
Thanks!
Is this leveraging the health data model/ontology work done in Brisbane Queensland? I believe that was acquired by the NHS. Good stuff coming out of people who had a long background in health informatics, collaborative data modelling.
I don't think so - do you have a link?
This project is co-led by Ben Goldacre, who the HN crowd may know as the author of Bad Science and Bad Pharma: