Governance
CYNAPSE has an information governance (IG) framework to ensure that appropriate security, access arrangements and data review processes are created and adhered to.
What is a Workspace?
- An area for a group of users with common access permissions to collaborate.
- Data within a workspace is suitably permissioned for the users in the space.
- Data within a workspace can be owned by a workspace's team or be data that has been shared with a workspace's team.
A workspace will have a lead responsible person. In academic cases, this is expected to be a principal investigator (PI) from a recognised higher education institution. The PI is responsible for ensuring membership of the workspace is appropriate to the data available. Should dataset access need to be limited for a subset of users under a PI (student, visiting worker etc.) additional workspaces can be created to allow for this.
All data deposited into a workspace will initially be private and pass through an approval process to confirm that data is permitted to be stored in the cloud. For a standard academic workspace, the remaining governance lies with the PI while data is in an R&D (research and development) state. Should a PI wish to move data to a shareable state, additional metadata is required as well as a full evaluation by the CYNAPSE governance group to confirm the suitability of the data. Marking a dataset as shareable doesn’t remove the need for IG review, only fully open datasets will skip this step.
All data within the workspaces is anonymised or pseudonymised with no access to link codes1.
Possible Workspaces
Research group workspace
Specific to a team under a logical research domain and reporting structure, for example, a Cancer Genomics research group. Permitted to contain many studies data associated with phenotypic data2. This workspace may also hold R&D datasets which are not associated with phenotypic data. The responsible PI chooses the level of oversight on data egress3.
There would be no requirement to provide detailed reporting of the data held in this space unless it is intended to be shared, however, a high-level register of datasets will be maintained as part of IG oversight. Data consumed from shared resources would be reported as part of the application process, along with how it is to be combined with the groups data.
Sub-research group workspace
Specific to a study team. Like a Research group workspace, however, intended to allow a smaller group of users access to a dataset, or collection of datasets. The datasets may be R&D or phenotypically linked. Generally used where only a subset of researchers are permitted to access data for ethical or consent reasons. PI chooses the level of oversight on data egress3, expected to be tightly restricted.
Multiple research group workspace
Multiple research groups working together on a study. More than one PI may be responsible for data. The datasets may be R&D or phenotypically linked, however primary use will be for data held in other workspaces being shared into the multi-group space. A tight data egress3 process will be adhered to, requiring sign-off by one or more PIs, defined in consultation with the CYNAPSE Information Governance Panel4 before the workspace is generated.
Research group/Commercial collaboration workspace
A specified list of academic and commercial users for an individual study/use case. Registered phenotypically linked data only, no R&D data files. Datasets will be shared into the workspace, not owned by it. There will be strict rules governing how people use the results of their data analyses; tight data egress process limited to extraction of data insights, heavily aggregated and de-identified. Academic lead and CYNAPSE Information Governance Panel4 have full oversight on extracted insights.
Commercial workspace
May not have a direct academic sponsor. Data types and fields will be limited to those specified on the study application which will need ethical and CYNAPSE Information Governance Panel4 approval before access is granted. Applicants will be able to bring their own data onto the platform to augment data being accessed. Tight data egress3 process limited to extraction of data insights, heavily aggregated. Service Delivery and CYNAPSE Information Governance Panel4 team have full oversight of extracted data, additional academic expertise may be called upon to support decisions.
Applying to put 'own' data on to CYNAPSE (not for sharing)
| University of Cambridge Information Governance checks | |
|---|---|
| ✔️ | REC approval granted (if required) |
| ✔️ | Can the data be stored on CYNAPSE 5 |
| ✔️ | Clarification on the level of de-identification of data required 6 |
| ✔️ | Staff/users part of an accredited organisation |
| ✔️ | Indemnity insurance acquired |
| CYNAPSE checks | |
|---|---|
| ✔️ | Lay study summary provided |
| ✔️ | Signed user agreement |
| ✔️ | User platform training completed (long-form) |
| ✔️ | Cost controls set |
Applying to use existing data on CYNAPSE
| University of Cambridge Information Governance checks | |
|---|---|
| ✔️ | REC approval granted (if required) |
| ✔️ | Consent: what studies can the data be used for 7 |
| ✔️ | Clarification on the level of de-identification of data required 6 |
| ✔️ | Staff/users suitably qualified |
| ✔️ | Staff/users part of an accredited organisation |
| ✔️ | Indemnity insurance acquired |
| CYNAPSE checks | |
|---|---|
| ✔️ | Lay study summary provided |
| ✔️ | Signed user agreement |
| ✔️ | User platform training completed (short-form) |
| ✔️ | Cost controls set |
-
- Anonymised data: Identifiable information is removed in a manner that cannot be reversed.
- Pseudonymised data or De-identified data: Identifiable information is removed but stored separately such that a key/lookup is required for re-identification. The identifiable information and key/lookup cannot be stored on CYNAPSE.
-
Phenotypic data: captures observable characteristics of an individual, like disease status, age or ethnicity. ↩
-
CYNAPSE Information Governance Panel: Representatives for the university and patients alongside the service delivery team who oversee the Information Governance arrangements for CYNAPSE. ↩↩↩↩
-
Was there a defined storage location documented within the ethics application or do participants need to be notified? ↩
-
Pseudonymised, increased de-identification or fully anonymised 1 ↩↩
-
Which of the below does the consent specify:
- Single study/disease area only
- Any study/disease area
- Commercial use