Vivli’s Incorporation of the Five Safes Framework

Vivli’s mission is to promote, coordinate, and facilitate scientific sharing and reuse of clinical research data. As a neutral broker between data contributor, data user, and the wider data sharing community, Vivli maintains the trust of our community and clinical research by placing the utmost value on the security and safety of the data available within the Vivli Platform, a secure research environment (SRE).

How does Vivli ensure that participant data provisioned within the SRE is used safely?

Vivli’s secure research environment aligns with the best practices established by the Five Safes framework. The UK Office of National Statistics initiated the framework, and other governments, institutions, and members of the data management community contributed to its refinement. Now internationally accepted as a standard, the framework ensures safe and secure access to data covering the lifecycle of data access within an SRE through five principles:

  • Safe People – all individuals who interact with the data are aware of their role in its protection
  • Safe Projects – projects are scientifically and ethically valid and deliver public benefit
  • Safe Data – potential for identifying participants is minimized
  • Safe Settings –organizational and technical controls to minimize the risk of disclosure
  • Safe Outputs – review of results and outputs to minimize the risk of disclosure

We provide examples of just a few ways we incorporate these principles into the Vivli Platform SRE.

Safe People

  • Prior to provisioning the data and research environment all researchers are required to provide:
    • Affiliation with an accredited research institution
    • Education and qualifications relevant to the proposed research
    • Disclosure of conflicts of interest
  • Data use agreements required for every research team member to be executed prior to provisioning of data
  • Documentation for the Vivli Platform available for guidance and support
  • Deactivation of dormant accounts
  • Visual and physical reminders for the researchers to limit risk of disclosure
  • Data contributors confirm their understanding of ‘anonymized data’ that is to be provisioned
  • Maximum number of policy infractions with training and outreach in between to ensure respect and compliance with the processes.

Safe Projects

  • Data requestors complete:
    • Research Proposal: a form requiring a summary of the research, purpose, aims, outcomes, usage of AI or ML, the main predicter/independent variable and how it will be categorized/defined for the proposed research, and other variables of interest that will be used in the analysis, a qualified statistician must be a member of the research team, and finally a dissemination/publication plan of the intended research results.
    • Statistical Analysis Plan: Describing how the data will be analyzed, and the country(s) of where the analysis will occur
    • Funding disclosure
  • Harmonized governance mechanisms
  • Independent Review Panels provide scientific review of the research
  • Administrative data contributor review
    • Each study in a request must be reviewed using the data contributors’ review criteria. Data contributors’ review criteria are outlined on the data contributor’s member page.
  • Disclosure of data requests that have been denied with the rationale

Safe Data

  • Vivli accepts only anonymized data. Based on a data contributor’s preference, data contributors:
    • Anonymize the entire study once, store it in Vivli’s secure vault, and it is available from immediate provisioning upon approved request
    • Anonymize the study data for each approved request tailoring it to the specific data request proposal, upload to Vivli’s secure vault, and Vivli provisions it for the approved request
  • Data providers certify the anonymization of the data provided to the researcher while considering the analysis techniques described in the researcher proposal and statistical analysis plan
  • Only anonymized data is provided within the environment, and there is no record of the anonymization methodology within the SRE that could be used to link back to the source data
  • Researchers with the intention to upload external datasets that contain individual participant data must have disclosed that in the approved research proposal

Safe Settings

  • Removal of the requested data from the SRE is not allowed
  • State-of-the-art security and SOC 2, Type 2 certified compliance for privacy, security, and confidentiality
  • Role-based access controls and limits data access according to need
  • No connection to the internet from within the SRE
  • Deactivation of dormant accounts
  • Browser and system requirements to access and use the SRE

Safe Outputs

  • All exported results and summary files undergo:
    • A primary assessment using automated heuristics
    • A secondary assessment with review and confirmation
  • Principles-based review that addresses primary and secondary disclosures
    • Primary disclosure: Spontaneous recognition or the ability to infer the identity of or information about a participant from one source of information
    • Secondary disclosure: Ability to infer the identity of or information about a participant by combining information together
  • Data contributors provide review of public disclosures and publications
  • No individual participant data is approved for removal, regardless of where it originated (i.e. if it was provisioned by a data contributor or from an external dataset uploaded by the researcher)