Case Studies and Metaphors

Case Study 1

Medical research using hospital records in a secure lab 

Scenario: A team of epidemiologists wants to study the link between diabetes and heart disease using hospital patient records; the data needs to be very detailed, longitudinally linked over time 

Safe Projects 

  • Approval: The researchers submit a proposal to an ethics committee, proving their study is for public health benefits 
  • Outcome: Approved, because the research could lead to better treatment outcomes 

Safe People 

  • Training: Researchers complete training on how to use the facility 

Safe Data: 

  • Minimal de-identification: Patients names and addresses are removed but nothing else 

Safe Settings: 

  • Secure lab: data is accessed only in a Trusted Research Environment (TRE) 
  • Audit logs: All queries and data access are tracked 

Safe Outputs: 

  • Review: Before publication, a disclosure control team checks that no patient can be identified 
  • Result: The findings show correlation but suppress small sample sizes 

Overall outcome 

  • The study is published safely, advancing knowledge without breaching privacy. 

Case Study 2

Medical research using hospital records locally 

Scenario: A team of epidemiologists wants to study the link between diabetes and heart disease using hospital patient records; less detail is needed in the data 

Safe Projects 

  • Approval: The researchers submit a proposal to an ethics committee, proving their study is for public health benefits 
  • Outcome: Approved, because the research could lead to better treatment outcomes 

Safe People 

  • Training: Researchers complete GDPR and data security training 
  • Access control: only statisticians with signed confidentiality agreements will get access 
  • Validation: only researchers working  for approved organisations will get access 

Safe Data: 

  • De-identification: Patients names and addresses are removed, other variables are coarsened (eg date of birth => year of birth) 
  • Aggregation: Rare conditions are grouped to prevent re-identification 

Safe Settings: 

  • Researchers must make a commitment  to only secure data on a restricted access serve
  • Data is delivered to researchers via a secure download 

Safe Outputs: 

  • Training: researchers are advised how to prepare outputs to prevent confidentiality breaches 

Overall outcome 

  • The study is published safely, advancing knowledge without breaching privacy.

Metaphors

Scenario: At a bank

Safe projects  

  • Before letting anyone into a vault you need to ask, ‘why do you need access?’ 
  • If it is a trusted auditor, who creates a benefit to the bank and society by making sure the finances of the bank are intact, then they will be allowed in. 
  • If it is a random person, who just wants to take a look, then they should not be allowed in 
  • In data terms – only approved researchers with ethical and justified purposes will get approval. 

Safe people  

  • Even if someone has a good reason to enter the bank vault you must check their credentials.  
  • A bank employee with the relevant clearance and training is allowed. 
  • A new intern that has not been trained to that level and has not forgone a security check should not be allowed.  
  • In data terms – only vetted individuals who have been trained in data security are able to handle sensitive information 

Safe data 

  • You don’t hand out raw gold bars, you might issue secure, traceable certificates instead.  
  • Personal account numbers are far too risky.  
  • De-identifiable transactions trends are safer. 
  • In data terms – data is de-identified or aggregated to minimise exposure 

Safe settings 

  • You would not let someone examine cash in a dark alley, they must use the bank’s secure viewing room 
  • Accessing data on an encrypted server is safe 
  • Downloading files onto a personal laptop is unsafe 
  • In data terms – data is only used in controlled, auditable environments (secure servers, virtual labs) 

Safe outputs 

  • When the bank is being audited, you would not release personal information of all the bank users.  
  • A summary report that has no personal details is allowed 
  • A file with all customers PINs is not allowed 
  • In data terms – outputs are checked to prevent data leaks and identifiable information. 

Interactions between the safes

  • If you have a vault, but everyone in the bank knows the combination, it is no longer a secure vault. 
    • Safe people in safe settings 
  • There are many forms of money that could be in a bank; gold bars, cash, safe deposit boxes. These must be controlled similarly but uniquely to make sure nothing goes missing. 
    • Safe data and safe settings 
  • If you had a bank, but did not have a vault, anyone could walk in from the street and view all the contents of the bank. The vault is what keeps the most sensitive information safe. 
    • The same goes for if you had a vault but had not trained anyone on how to use it. 
    • Safe projects – ‘why do you need access to the bank?’ 
    • Safe people – only trained people can view the vault and allow viewing access 
    • Safe settings – the vault; a secure environment 
  • When a bank is being set up and you have a vault, it is assumed that the training will be set up and everything will be safe.  
    • You don’t have to worry when setting up what the vault and the training would look like, you can just assume that there will be appropriately trained individuals to work in the vault.  
    • In fact, it is not a guarantee, you must provide training to each employee that will be accessing or near the bank 
    • There is an assumption surrounding researchers that they will have all of the necessary training when completing a project. It is a project manager’s duty to ensure that they do.  
Scroll to Top