Linkage and Security

Overview

The PHRN has been developing a robust data information security program designed to offer the highest level of protection to data involved in linkage and research.

Information security controls used by the PHRN's Data Linkage Units (DLUs) can be divided into four key categories:

Physical Security - DLUs must ensure strict security barriers and entry controls are in place at all locations where data records are stored

IT Security - Stand-alone networks, firewalls, password protection, anti-viral software and encryption for data transfer must be standard practice at all PHRN DLUs

Personnel Security - access to data limited to those personnel whose work responsibilities specifically require it

Administrative Security - extensive work has been completed on a range of approved written policies, procedures, standards, guidelines, security training, and risk assessments that will help guide the ongoing security management of all PHRN DLUs. External reviews have also been completed.

There are a number of security measures also undertaken to ensure the data remains safe once provided to the approved researchers. These include:

  • approval of security plans from Human Research Ethics Committees and data custodians
  • legally binding contracts and confidentiality agreements with data custodians
  • successful completion of compulsory online researcher training covering privacy and security
  • receive data from custodians in encrypted format

Secure Data Transfer

SUFEX

SUFEX is a secure file transfer service for the Population Health Research Network (PHRN) and its stakeholders. It uses a secure online application that allows users to send and receive files from anywhere at anytime. SUFEX provides users with a secure file exchange service and is not a file storage solution. The service is provided through the PHRN (established by the National Collaborative Research Infrastructure Strategy (NCRIS)) and has been designed, implemented and hosted by the Centre for Data Linkage (CDL), a national node of the network.

Security

SUFEX uses the Accellion Managed File Transfer application which provides various security features:

  • Files are encrypted using AES 128-bit encryption
  • Files are encrypted in transit and at rest
  • Secure links generated by a double 128-bit MD5 token
  • Links have a limited lifespan and access to the file is blocked after its expiration
  • Users must identify themselves before they can download a file
  • Recipients download files via an HTTPS/SSL connection
  • Prevents forwarding links by verifying if a user is on the original recipient list of the email for downloading a file
  • Logging of recipient email address, time of access and IP address makes it easy to audit activity.

As part of the development process, the CDL commissioned an independent security audit of the service; including the configuration, hosting environment and relevant processes. The audit confirmed that security had been a major consideration throughout the design and development of the SUFEX environment, and that the resulting infrastructure provided a solid basis for deployment to the PHRN and its stakeholders.

User managed

SUFEX provides users with a powerful, yet easy to use solution. Users can send and receive files, track recipients, delete or withdraw files, and view file reports. The only software needed to access SUFEX is a standard web browser. Using SUFEX requires little, if any, local IT support.

Accountability

SUFEX provides tracking at both the user and administrator level:

  • User level - return receipts to the sender specify which file has been downloaded, by whom and when
  • Administrator level - reports account for each and every access to a file, which affords a comprehensive audit trail and high visibility. An Administrator cannot view the files transmitted by the application.

Features

SUFEX features include:

  • Access to the service through a simple and intuitive user interface
  • Support for large file transfer
  • Automatic file encryption/decryption
  • Email notifications
  • Download receipts
  • Individual file reports

Users

SUFEX has been designed to complement current data linkage processes and is initially intended to be used by individuals who are responsible for sending and receiving data for data linkage research. Registered users will be given personal login credentials. Registered users can then send and request files from other registered users, as well as from non-registered users.

For registration details, please contact us at support@sufex.org.au

File transfer process

Secure file transfer is a simple four step process:

  1. Sender uploads files
  2. Email sent to recipient with link to files
  3. Recipient downloads files
  4. Sender receives notification of download

Cost

Under current funding arrangements, the service is offered free to PHRN partners and their stakeholders.

Secure Data Access

Secure Unified Research Environment (SURE)

A range of information security controls relating to the access, storage and transmission of data have been built into the design of the SURE facility:

  • SURE access is strongly authenticated.
  • SURE is hosted in a tier-3+ (i.e best available) data centre in Sydney that is also used by some of Australia's leading telecommunications, government and financial institutions. The data centre is a member of the Australian Government Data Centre Facilities Panel.
  • No data is stored on a researcher's local computer or institutional computing environment.
  • Within SURE, a user cannot access the internet, email, print or copy data to a USB memory stick or to other removable media. All files moving into or out of SURE pass through the Curated Gateway. Files are subject to review as they pass through a purpose built portal called the Curated Gateway before they can be accessed within or outside the SURE facility.
  • Regular on-site and off-site backups of data are made. All off-site backups and archival data are encrypted prior to being transferred to secure off-site storage.
  • All users are required to undertake training on issues of privacy, ethics, information security and statistical disclosure control prior to gaining access to SURE and sign a deed outlining the terms and conditions of using SURE.

The following sections relate specifically to the logical security controls for SURE.

Computer and network security

  • Functions of the operating system or applications which are not necessary for undertaking research activities have been restricted to enhance the security of SURE.
  • Intrusion detection and prevention systems are in place to prevent against attacks and maintain integrity of data on the system.

Passwords

  • SURE infrastructure users are required to select strong passwords following guidelines issued by SURE Team members when providing access information.
  • Passwords are to be kept confidential and not shared with anyone.

Authentication tokens

  • In addition to a secret password, users of SURE are required to use an additional physical or electronic authentication token for additional security protection.

Data security

  • SURE infrastructure users are to be aware of, and abide by, legislative and ethical requirements related to the use of data for research purposes.
  • All files entering or leaving the SURE facility need to pass through the Curated Gateway. Both inbound and outbound files will be reviewed to assess their risk of disclosure. Files will be reviewed by the study's chief investigator or a member of the SURE Team depending on individual study requirements.
  • Copies of inbound and outbound files are kept and activities logged to allow audits to be completed.

Physical security

  • Physical servers are stored in a secure data centre with strict access controls and continuous staffed surveillance.
  • Checks will be run on each device accessing SURE, including mobile or portable devices, to check for current anti-virus protection and the installation of important updates to a device's operating system. If the local computer does not pass these minimum security requirements, access will be denied.

Information security incident management

  • SURE infrastructure users are required to report an information security incident to the contact officer listed on the SURE website and undertake other actions as directed. Incidents include the identification of an unwanted or unexpected system, network or service state or another situation that may be deemed security-relevant.
  • SURE staff will investigate an information security incident following documented procedures and roles.
  • SURE staff will communicate to users any service disruptions as a result of an information security incident as quickly as possible.

Business continuity

  • Plans for business continuity and disaster recovery are in place to ensure that the impact of natural disasters, attacks or loss of essential services is minimised and clear processes and contingencies are in place to restore operations as soon as possible.

Backup and recovery

  • Comprehensive backup and restoration processes are in place and regularly tested.

Change control

  • Changes to the IT environment are assessed for information security risk before they are implemented.

File retention and disposal

  • Following the closure of a SURE project workspace, remaining files will be securely archived. Files will be retained for the period that has been directed by the project ethics approval and/or applicable legislation (the maximum will hold).
  • Once the retention period has passed, files will be destroyed using secure methods that will ensure that data is completely overwritten and/or the storage medium is physically destroyed and there is no possibility that the records can be retrieved.

Breaches and infringements

  • Any alleged breach or infringement related to the use of SURE will be investigated as outlined in SURE Agreements, which is consistent with the Australian Code for the Responsible Conduct of Research.

For more information visit the Sax Institute