NHS England Data Sharing Remote Audit: University College London - SABRE
This report records the key findings of a remote data sharing audit of University College London SABRE Study (UCL) in November 2023.
Audit summary
Purpose
This report records the key findings of a remote data sharing audit of University College London SABRE Study (UCL) between 20 and 24 November 2023. It provides an evaluation of how UCL conforms to the requirements of:
- the data sharing framework contract (DSFC) CON-321538-B5D8B-v2.02
- the data sharing agreements (DSA)
- DARS-NIC-148407-LRP3M-v7.3
- DARS-NIC-91374-Z5V6Y-v6.4
- DARS-NIC-99077-Q0K6Z-v7.3
- the organisation’s own policies, processes, and procedures
These DSAs cover the provision of the following datasets:
| Dataset | Classification of data | Dataset period |
|---|---|---|
|
Hospital Episode Statistics Admitted Patient Care (HES APC) |
Identifiable, Sensitive | 1989/90 – 2023/24 |
| MRIS-Members and Postings Report | Identifiable, Sensitive | Historic Held (May 1995 – March 2020) |
| MRIS – List Cleaning Report | Identifiable, Sensitive | Historic Held (May 1995 – March 2020) |
| MRIS – Flagging Current Status Report | Identifiable, Sensitive | Historic Held (May 1995 – March 2020) |
| MRIS – Cohort Event Notification Report | Identifiable, Sensitive | Historic Held (May 1995 – March 2020) |
| MRIS – Cause of Death Report | Identifiable, Sensitive | Historic Held (May 1995 – March 2020) |
| Demographics | Identifiable, Sensitive | Latest available |
| Civil Registrations of Death | Identifiable, Sensitive | Latest available |
| Cancer Registration Data | Identifiable, Sensitive | Latest available |
The Controller is UCL and the Processor is Amazon Web Services (AWS). AWS does not have access to the data and only provide cloud hosting services.
The Southall and Brent Revisited project (SABRE) is a population-based cohort study, in its current 25-year follow-up phase. The study focuses on identifying and understanding the underlying reasons for ethnic group and sex differences in cardiometabolic disease and in physical, psychological, and cognitive function in older age. Understanding of underlying causes of difference in physical and cognitive function in people of different ethnicities will ultimately lead to appropriate preventive strategies and treatments at different stages of life.
The interviews during the audit were conducted through video conferencing.
This is an exception report based on the criteria expressed in the Data Sharing Audit Guide version 4.
Audit type and scope
| Audit type | Routine |
|---|---|
| Scope areas |
Information Transfer |
| Restrictions |
Access control - limited visibility of physical controls |
Overall risk statement
Based on evidence presented during the audit and the type of data being shared the following risk has been assigned from the options of Critical - High - Medium - Low
Current risk statement: Low
This risk represents a deviation from the terms and conditions of the contractual documents, signed by both parties. In deriving this risk, the Audit Team takes into account compliance, duty of care, confidentiality and integrity, as appropriate.
Data recipient’s acceptance statement
UCL has reviewed this report and confirmed that it is accurate.
Data recipient’s action plan
UCL will establish a corrective action plan to address each finding shown in the findings table below. The Audit Team will validate this plan and the resultant actions at a post audit review with UCL to confirm the findings have been satisfactorily addressed.
Findings
The following table identifies the 1 agreement nonconformity and 6 opportunities for improvement raised as part of the audit.
| Ref | Finding | Link to area | Clause | Designation |
|---|---|---|---|---|
| 1 | All database accounts have been granted superuser permissions. UCL should apply the principle of least privilege to these user accounts to limit access to administrator functions within the database. | Access Control | DSFC Schedule 2, Section A, Clause 4.1 | Agreement nonconformity |
| 2 | UCL should review the number of technical support staff that have permissions to the data. | Access Control | Opportunity for improvement | |
| 3 | UCL should add a procedure to delete database accounts to the leavers process. | Operational Management | Opportunity for improvement | |
| 4 | UCL should reference the storage and processing locations in the entry for the NHS England data on the Information Asset Register. | Operational Management | Opportunity for improvement | |
| 5 | UCL should consider implementing a process to communicate data protection policy updates to users. | Operational Management | Opportunity for improvement | |
| 6 | The Audit Team suggested that data suppliers are added to the table of contacts in the Critical Incident Process. | Operational Management | Opportunity for improvement | |
| 7 | Where the data is used in future publications, UCL should acknowledge the source of the data in accordance with the requirements of the DSFC. | Operational Management | Opportunity for improvement |
Use of data
UCL confirmed that the datasets were only being processed and used for the purposes defined in the DSAs and were only being linked with those datasets explicitly allowed in the DSA.
Data location
UCL confirmed that processing and storage locations, including disaster recovery and backups of the datasets were limited to the location shown in the following table. These locations conform with the territory of use defined in section 2c of the DSA.
| Organisation | Territory of Use |
|---|---|
| UCL | England and Wales |
Backup retention
The duration for which data may be retained on backup media is:
| Organisation | Media type | Period |
|---|---|---|
| UCL | Disk | 3 months |
Disclaimer
The audit was based upon a sample of the data recipient’s activities, as observed by the Audit Team. The findings detailed in this audit report may not include all possible nonconformities which may exist. In addition, as the audit interviews were conducted through a video conference platform, certain controls that would normally be assessed whilst onsite could not be witnessed.
NHS England has prepared this audit report for its own purposes. As a result, NHS England does not assume any liability to any person or organisation for any loss or damage suffered or costs incurred by it arising out of, or in connection with, this report, however such loss or damage is caused. NHS England does not assume liability for any loss occasioned to any person or organisation acting or refraining from acting as a result of any information contained in this report.
Last edited: 4 March 2024 11:48 am