Researcher verification in line with Safe People principle#

Chair: Rachel Tesfaye (HDR UK)

Proposal#

Background#

Following a funding award from UKRI, HDR UK is working in partnership with governance and technical stakeholders across the UK Health Data Research Alliance (HDRA), TRE Community, and SDE Network to develop an integrated Researcher Registry system, supporting streamlined researcher verification in line with the Five Safes Safe People principle.

The aims of this breakout session are to:

  • Seek consensus across the community as to the requirements that should be met by a research entity before accessing data and which data sources should be used to verify that those requirements are met

  • Consider how verification of a researcher’s affiliation with a university/institution should be verified

  • Consider how a standardised Researcher Registry could be designed and implemented across research entities from both a governance and technical perspective, including across the TRE Community and sub-national SDEs

Prompts#

  • What are the minimum requirements for vetting criteria and why?

  • What are the key challenges and risks associated with researcher verification?

  • What are the key considerations for pulling information from existing systems?

Session#

Summary#

The discussion revolved around work being led out of HDR UK on a Researcher Registry/”passport” system aimed at facilitating access to Safe Data Environments (SDEs) and Trusted Research Environments (TREs) by verifying researchers. Key points touched upon the registry’s validity period, the importance of a digital identifier aligned with existing digital identity frameworks (like DSIT’s digital identities work), and the registry serving as a “living ledger” of a researcher’s identity, credentials, experience, and affiliations. The potential use of blockchain technology was discussed for maintaining a balance between immutable and mutable information to provide a comprehensive view of researchers’ accreditations.

Challenges and considerations included aligning accreditation meanings across different organizations, integrating information from external systems like ORCHID and IRAS for ethics verification, and the responsibility of TREs to make final access decisions based on registry data. The registry aims to streamline the vetting process by compiling information from various systems into a common model, thereby assisting TREs in making informed decisions regarding data access. The conversation also highlighted the necessity of including project ethics and permissions in the vetting criteria and discussed the logistics of maintaining the registry’s accuracy and currency, emphasizing the collaborative role of researchers and organizations in keeping their information up to date.

Next steps#

  • Slides and break out notes to be circulated following the meeting.

  • Interested in working with us to provide requirements and/or test a researcher passport solution? Please contact rachel.tesfaye@hdruk.ac.uk

Raw notes#

  • Interested in how long a Researcher Registry/”passport” is valid for because this links with some of the work he does. He has worked with metadata within the context of national SDEs and worked with the likes of Andy Payne. Consider the metadata catalog as the Registry might have its own catalog but still use that passport to let a data custodian/controller know if that’s the same person and then they can make the decision on access. Accreditation might mean different things at different organisations and that’s where the trickiness potentially comes in because you’re not comparing apples the more example

    • In practice the the Researcher Registry itself would would have digital identifier aligned with the DSIT digital identity framework. Identifiers or attributes associated with a researchers identity, experience, training and affiliation would make up a “living ledger” for that individual researcher. We’re still currently exploring use of blockchain technology for the system in terms of immutable history/information versus mutable information. There may be elements of both built into the prototype to give a relatively complete view of the the researchers accreditations e.g. training and equivalent accreditation criteria from the ONS and UKSA for example

  • This is about proving identity and experience, not making decision about whether someone should be let in or not as that’s a TREs decision.Consider whether they’re in the registry or whether they’re visas issued by these truth of being being allowed in those

    • We do want to pull information from from ORCHID and and IRAS from an ethics perspective but it also looking at authentication methods.

  • Would it be up to a TRE to make decision and weather to better researcher a research team or research organisation.

    • Yes. In terms of the research entity where referring to the individual researcher as the organisational information. It would be up to the TRE to take teh decision to grant access. The purpose of the Registry would be to pull information together from different systems included in an agreed common vetting model, to enable TREs decision making around data access.

  • Project ethics and permissions also need to be a criteria, not just previous projects.

    • We have engaged with HRA to discuss pulling ethics information from IRAS.

  • Who’ll be responsible for keeping the registry up to date?

Next steps#

  • Slides and break out notes to be circulated following the meeting.

  • Interested in working with us to provide requirements and/or test a researcher passport solution? Please contact rachel.tesfaye@hdruk.ac.uk