Data Access and Governance

This page will help users navigate access to datasets on the platform and give an overview of data governance on the platform


Credentialing

Your first step as a user is to log in to the platform to become a credentialed user.

Please log in using the Single Sign-on. Single Sign-on is currently only available using your University of Toronto UTORid. If you require access to the platform but do not have a UTORid, please email the Data Steward at contact@healthdatanexus.ai.

Please note that your UTORid must be enrolled in multi-factor authentication (MFA) with DUO. Please follow this link to set up MFA with your account.

Once you are logged in, you can credential your account by accessing the "Credentialing" tab under "Settings". Click "apply for access" and complete the listed steps to become an Authorized User on the account.


Training

Once you are credentialed on the platform, you will need to complete steps specific to each dataset in order to become an Authorized Dataset User for that dataset. Typically, you will need to complete one or more trainings and sign a Data Use Agreement.

Trainings can be managed in the "Training" tab under "Settings". To access a typical dataset, you will need to complete the following three trainings:

  • TCPS 2: CORE 2022. Accessing a dataset requires completing training in the policy requirements laid out in the Tri-Council Policy Statement: Ethical Conduct for Research Involving Humans (TCPS-2). Follow this link to access the training.
  • ISED Cybersecurity Training for Researchers. Researchers must complete a training module in Cybersecurity for Researchers from Innovation, Science, and Economic Development Canada (ISED). Follow this link to access the training.
  • Health Data Nexus Data User Code of Conduct. All users must sign a Code of Conduct to become credentialed on the Health Data Nexus. To confirm that you have read and agreed to the Code of Conduct, you must watch this instructional video.

Data Use Agreement

In addition to completing the required trainings, accessing a dataset requires the completion of a dataset-specific Data Use Agreement (DUA). Credentialed users can find a link to the the DUA on the dataset page.


Cloud Identity

Finally, as an Authorized Dataset User, you require the previsioning of a Google Cloud Identity in order to access the cloud-based analytics workspace. You can find instructions for creating your Cloud Identity on the "Research Environments" page.


Data Governance

Data governance on the Health Data Nexus is managed under a collection of governing documents, as well as the oversight of a Data Governance Committee. In addition to the Code of Conduct and Data Use Agreement mentioned above, the terms of the platform are also covered in the Data Governance Proposal, the Data Transfer Agreement (which covers the terms of data sharing between the Data Holder and T-CAIREM), the Data Governance Committee Terms of Reference, and the De-Identification Policy.

The governance and use of data on the Health Data Nexus have also been independently evaluated in a Privacy Impact Assessment (PIA) by INQ Law. For a copy of the PIA or any of the governing documents of the Health Data Nexus, please get in contact with the Data Steward at contact@healthdatanexus.ai.


License

Each dataset on the platform is uploaded under its own license. By default, datasets are uploaded with the Health Data Nexus Contributor Review Health Data License 1.0, which is provided as follows:

The Health Data Nexus Contributor Review Health Data License
Version 1.0

Copyright (c) 2022 Temerty Centre for Artificial Intelligence Research and Education in Medicine

The Temerty Centre for Artificial Intelligence Research and Education in Medicine (T-CAIREM) wishes to make data available for research and educational purposes to qualified requestors, but only if the data are used and protected in accordance with the terms and conditions stated in this License.

It is hereby agreed between the data requestor, hereinafter referred to as the "LICENSEE", and T-CAIREM, that:

  1. The LICENSEE will not attempt to identify any individual or institution referenced in Health Data Nexus restricted data.
  2. The LICENSEE will exercise all reasonable and prudent care to avoid disclosure of the identity of any individual or institution referenced in Health Data Nexus restricted data in any publication or other communication.
  3. The LICENSEE will not share access to Health Data Nexus restricted data with anyone else.
  4. The LICENSEE will exercise all reasonable and prudent care to maintain the physical and electronic security of Health Data Nexus restricted data.
  5. If the LICENSEE finds information within Health Data Nexus restricted data that they believe might permit identification of any individual or institution, the LICENSEE will report the location of this information promptly by email to contact@healthdatanexus.ai, citing the location of the specific information in question.
  6. The LICENSEE will use the data for the sole purpose of lawful use in scientific research and no other.
  7. The LICENSEE will be responsible for ensuring that they maintain up to date certification in human research subject protection
  8. The LICENSEE agrees to contribute code associated with publications arising from this data to a repository that is open to the research community.
  9. This agreement may be terminated by either party at any time, but the LICENSEE's obligations with respect to Health Data Nexus data shall continue after termination.  

THE DATA ARE PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE DATA OR THE USE OR OTHER DEALINGS IN THE DATA.


Privacy Policy

When you use the Health Data Nexus, we will require information about you that is necessary to provide you with computational resources, functions, and other services (heretofore “Services”) to enable your activities. Information necessary for your use of the Health Data Nexus will also be generated and maintained as you use the Health Data Nexus. Together, the information that you provide and the information about your use of the Health Data Nexus are your User Information.

Your User Information is employed to:

  1. confirm your identity on login;
  2. confirm your privileges and provide the Services to you; and
  3. optimize system resources, security, and your experience with the Services.

Your User Information will be shared on a need-to-know basis with officials at T-CAIREM, at the University, partners, and service providers as necessary to provide you with the Services, and to support and maintain security.

For example, we collect information about your use including the Internet Protocol (IP) address from which you are connecting, and we track your use and actions in the Health Data Nexus to understand and optimize system resources, to improve the quality of your experience with the Services, and for security as noted above.

We do not trade or sell your User Information, nor do we share it without your consent, except as provided above or as required by law or University policy.

Your User Information is protected consistent with all privacy requirements that may apply to it, such as the Freedom of Information and Protection of Privacy Act.

We welcome your questions about your User Information or the Services, and invite you to contact:

Health Data Nexus Data Steward

contact@healthdatanexus.ai