USING SHAREPOINT TO WORK WITH RESEARCH DATA
Transcription
USING SHAREPOINT TO WORK WITH RESEARCH DATA
[Skriv tekst] USING SHAREPOINT TO WORK WITH RESEARCH DATA INDHOLD Introduction ........................................................................................................................................................................ 2 What is SharePoint ..................................................................................................................................................... 2 Support and training ................................................................................................................................................... 2 Getting a SharePoint site .................................................................................................................................................... 2 Your SharePoint site ....................................................................................................................................................... 2 OPEN Share ................................................................................................................................................................. 3 Pseudoanonyme data ................................................................................................................................................. 3 Nøglefiler .................................................................................................................................................................... 3 Creating your own content ............................................................................................................................................. 4 Additional users and access control ................................................................................................................................... 4 Access to library to internal RSYD user ....................................................................................................................... 4 Access to entire site to internal RSYD user ..................................................................................................................... 6 Access for external users ................................................................................................................................................ 6 Confidentiality agreement .......................................................................................................................................... 6 Login to SharePoint ......................................................................................................................................................... 7 Mounting SharePoint libraries ............................................................................................................................................ 7 How-to ............................................................................................................................................................................ 7 Check in/out and versioning ............................................................................................................................................. 10 Good practices for data analysis ....................................................................................................................................... 11 Using SharePoint to work with research data Side 1 af 12 [Skriv tekst] INTRODUCTION In order to work with research data in a safe and legally acceptable manner, it is necessary to store the data files in a place where access to the files is restricted and logged. In Region Syddanmark, SharePoint is the recommended place for this. This short guide will describe how SharePoint can be used to work with your research data in the analysis phase of your project. Note that this is NOT a comprehensive guide to SharePoint. WHAT IS SHAREPOINT SharePoint is a web application that allows users to build custom intranet websites for various purposes. It is especially useful for collaborating on shared documents, but can be used for many other things, such as blogs, wikis, calendar etc. This guide will only discuss the use of SharePoint as a file repository, but it is possible to customize your site and build a platform that suits your needs. SUPPORT AND TRAINING Note that OPEN is not responsible for operating or maintaining the regional SharePoint solution. If you experience problems with your SharePoint site, you should contact Regional IT for support. Also, OPEN will not be able to assist with building sites in SharePoint, other than what we assist with initially, when we help request a site. For information and guides to general SharePoint use, you can visit the regional SharePoint main site: https://sp.regionsyddanmark.dk/default.aspx Or look for tutorials online. There is also a SharePoint one day course offered via the plan2learn site: https://rsd.plan2learn.dk/ GETTING A SHAREPOINT SITE Region Syddanmark offers two different SharePoint solutions, a standard site and a secure site. For working with health data we need a secure site, since these sites keep a log of when and by whom the files are accessed. It is possible to request a SharePoint site yourself, but if you are enrolling a project with OPEN, we offer to do this for you. This is what we recommend, since we are then able to create the new SharePoint site according to a certain template described in the next section. Should you still wish to order your own secure SharePoint site, you can do it here: http://intranet.regionsyddanmark.dk/wm430171 It will typically take a few days before the new site is ready for use. In the next sections, we describe the SharePoint site you receive, when requested via OPEN YOUR SHAREPOINT SITE When your new site is available you will receive an email with a link to the new site. The front page of the site will look similar to the one seen below (Figure 1). Your site will be named with you OPEN project number (OP-number) Using SharePoint to work with research data Side 2 af 12 [Skriv tekst] Figure 1 Front page for project with project number 88 In the left hand side menu under ‘Biblioteker’ you should see 5 document libraries (dokumentbiblioteker): Websider, Delte documenter, OPEN Share, Pseudoanonyme data and Nøglefiler. The last three are the libraries created specifically for sites requested via OPEN. The purpose of these three libraries is described next OPEN SHARE This library is meant as a data exchange folder shared between you and the data managers and administrators in OPEN. Access to the library has been given to all the data managers and administrators of OPEN, and should therefore not be used to store data that is not to be seen by these. The OPEN Share folder could e.g. be used if you need to send a file with sensitive data to your data manager or the other way around. It could also be used as an alternative to email attachments for non-sensitive data such as administrative documents and permissions. Note that OPEN does not routinely check the contents of the shared folders, so you will need to notify the data manager or administrator if you leave documents for them. PSEUDOANONYME DATA The Pseudoanonyme Data library is a repository for the data files that you export from your data collection platform, for your analysis or reports. As the name suggests, the data you place in this folder, should NOT contain any variables that can be considered identifying, such as names, CPR, address, email, phone number, etc. The easiest way to avoid this is to not include those variables when you export data from e.g. REDCap (see separate guide to REDCap data export).These variables are generally not needed in the analysis anyway. In the analysis phase of your project, you should distinguish your individuals by an anonymous patient id, typically the same one you used during data collection. NØGLEFILER Using SharePoint to work with research data Side 3 af 12 [Skriv tekst] This folder is meant to hold the file that maps the anonymous patient id to the identifying variables such as CPR number. The separation of the actual data from the identifying variables is necessary in order to live up to rules for logging/auditing data access when working with patient data at the level of the individual. SharePoint logs the user id and time of all the operations that happens at the file level (open, save,..). If the files used in the analysis also contain identifiers, the required level of logging is much greater, and not possible in SharePoint. Note that it is not a requirement that you have a mapping file in the ‘nøglefiler’ library. You can choose to simply keep those variables on your data collection platform (e.g. REDCap) where you will be able to access them for e.g. lookups, and where they are stored under the stricter requirements for identifiable data. CREATING YOUR OWN CONTENT You can create your own libraries and subfolders within these libraries as well as a number of other content types. To create a new library, click on the ‘Biblioteker’ item in the left hand side menu and click ‘opret’. You now have a choice between different types of objects to create. The libraries described above are of the type ‘dokumentbibliotek’. To learn about other objects such as lists, you will need to find information elsewhere. If you want to create folders inside a library, you can do so by clicking on the relevant library, and then from the top menu select the ‘Dokumenter’ tab. From this tab you can choose the item ‘Ny mappe’ ADDITIONAL USERS AND ACCESS CONTROL You are the owner of the SharePoint site, which means you have full control over the site. When you create new libraries, folders and other content you will be the only person with access to this content. Should you wish to allow other users to have access to content on your site, you can set this up in a way that allows those users to access specific content with specific rights. The procedure is a bit different depending on whether the additional users have an RSYD account or are completely external. The simplest way to manage user rights is at the level of the entire site or a single library (bibliotek), so we recommend that you divide your documents and content into different libraries depending on who needs to access what. You could e.g. give access to your analysis files in the ‘pseudoanonyme data’ folder to a collaborating statistician, but you should not give that person access to the ‘nøglefiler’ library. It is also possible to manage specific access at the level of folders within libraries, but this is a bit complex. Remember, that when you give access to data files with individualized health data to other users, you need to make sure that this person understands the requirement that the data should stay on the SharePoint site. For external users you will typically also need to make sure that you have a ‘databehandleraftale’ in place with that person before you give them access. ACCESS TO LIBRARY TO INTERNAL RSYD USER If you want to add/remove/edit user rights for an RSYD user for a specific library on your site, follow these steps. In the example we give access to the ‘OPEN Share’ library to an internal user 1. Click on the library you want to set up user rights for Using SharePoint to work with research data Side 4 af 12 [Skriv tekst] 2. In the top menu click in the tab ‘Bibliotek’ (you may need to click on the checkbox next to ‘type’ to open the top menu), and the click the button ‘bibliotekstilladelser (Figure 2) Figure 2 3. In the next page, you will see those users and user groups that exist with some user rights for the site. In order to create a complete new user with access to just this library, we first need to ‘break’ how the library inherits its user rights from the full site. a. Press the button ‘Stop nedarvning af tilladelser’ b. This opens some new options – press the ‘Giv tilladelser’ button c. This opens a new dialogue (Figure 3) Figure 3 d. e. f. g. Enter the rsyd email addresses for the user(s) you wish to add and press the small symbol beneath to validate the identity Decide which type of access the user(s) should have in this library. This access level will be the same for all folders and subfolders within the library (unless it is actively changed for individual folders) Decide whether you want to send a notification email to the added users Press OK Using SharePoint to work with research data Side 5 af 12 [Skriv tekst] ACCESS TO ENTIRE SITE TO INTERNAL RSYD USER If you want to give access to a certain user for the entire site (all libraries and lists), you can follow the same procedure as described for a single library, except for the first two steps that are replaced with the step below. It is possible to restrict the global site access afterwards by setting this up in the relevant libraries or folders 1. 2. From the front page of the SharePoint site press ‘webstedshandlinger’ in the top menu and select ‘webstedstilladelser’ Go to step 3 of the previous guide ACCESS FOR EXTERNAL USERS The procedure for providing SharePoint access to users external to RSYD is more cumbersome. It is necessary to first request that the external user be created in SharePoint and for the external user to sign a confidentiality agreement. Request to create an external Sharepoint user in the following way ( 1) Use the link: http://intranet.regionsyddanmark.dk/wm379703 2) Press ”Bestilling af eksterne SharePoint brugere” in the menu on the right 3) Fill out the fields: a) Information about the external user: i) Navn ii) Telefonnummer iii) E-mail iv) Firmanavn (Eks. Øre-Næse-Hals Kirurgisk Afdeling) v) Firmaadresse vi) Postnummer vii) By b) Information about the user giving the access (you): i) Brugernavn ii) Navn iii) E-mail iv) Ønsket oprettelses dato v) Ønsket nedtagningsdato 4) Send request via ”indsend”. This request may take several days to be processed, but when that has happened, you will receive an email from Help Desk with the new username and password for the external user, which you can forward to the external user. 5) It is the responsibility of the one giving the access (you), that the external user also fills out an confidentiality agreement As an external user, the password expires every three months. In order to change the password, external users can contact Helpdesk at OUH, tel.: 6541 7 9 13, before the end of the third month. CONFIDENTIALITY AGREEMENT 1. Use the link: http://intranet.regionsyddanmark.dk/wm377724 Using SharePoint to work with research data Side 6 af 12 [Skriv tekst] 2. 3. Decide which version (Danish or English) Fill out the fields Date Name of the person in Region Syddanmark that grants the access (you) Signature of the grantor of the access (you) Name of the external user who is to receive access Affiliation of the exsternal person (e.g. Øre-Næse-Hals Kirurgisk Afdeling Rigshospitalet) Sign the document and send it to the external user for his/her signature. Instruct him/her to send the signed document to [email protected] When the external user is created in SharePoint, it is possible to grant user access to the external user in the same way as described in the previous description. You identify the external individual by the username he/she was given to SharePoint. LOGIN TO SHAREPOINT Access to SharePoint requires that you log in using your standard RSYD credentials. If you are already on the RSYD network or access it via VPN you will typically not be prompted for a login. However if you access SharePoint from the browser or via a mapped drive from elsewhere, you will be required to authenticate with your RSYD credentials. This will also sometimes happen when you access the mapped drive, even when you are on the RSYD network MOUNTING SHAREPOINT LIBRARIES It is possible to manage your SharePoint files using just the browser interface, but opening files in this way on your local pc will typically download the files on your local pc first. For sensitive data, this is something we would like to avoid. Instead, it is possible to map/mount a SharePoint library to a local folder on your own pc. That way you can access and work on your files the same way you would any other local file, but the file will stay in the SharePoint folder, and thus protected by the proper restrictions and logs. HOW-TO We will demonstrate how to map the ‘pseudoanonyme data’ library to a folder in you windows pathfinder (stifinder). 1. 2. 3. OPEN up your SharePoint secure site in your browser Navigate to the library ‘Pseudoanonyme data’ in the left hand menu In the browser address bar (figure 5) mark the entire address except for the last part ‘/Forms/AllItems.aspx’ Figure 4 4. Open your windows pathfinder (stifinder) (figure 6) and locate the ‘computer’ item in the left hand side menu Using SharePoint to work with research data Side 7 af 12 [Skriv tekst] Figure 5 5. RIGHT click the ‘Computer’ menu item (Figure 6) and choose ‘Tilføj en netværksplacering’ Figure 6 6. 7. 8. Press ‘Næste’ in the first dialogue Choose the ‘Vælg en brugerdefineret netværksplacering’ item and press ‘Næste’ In the next dialogue (Figure 7) ’paste’ the address you copied in step 3 and press ‘Næste’ Using SharePoint to work with research data Side 8 af 12 [Skriv tekst] Figure 7 9. Name the new location (e.g. “OP_XX Pseudoanonyme Data”) and press “Næste” 10. Press “Udfør” 11. The connection to the mapped library will now be available in you pathfinder/stifinder (Figure 8) and similarly from the open/save dialogues of all the programs you have on your local PC (STATA, Excel, etc.) Figure 8 Using SharePoint to work with research data Side 9 af 12 [Skriv tekst] Use the procedure for mapping any library in your SharePoint site. It is also possible to map the ‘root’ of the SharePoint site, if you prefer to have access to all your SharePoint libraries from a single mounted folder. If you prefer that, you simply replace the path copied in step 3 with the path in Figure 9 Figure 9 CHECK IN/OUT AND VERSIONING SharePoint is a platform designed for collaboration on shared documents. It therefore uses a system of check in/check out and versioning to ensure a proper versioning of the various files and to ensure that two people do not make colliding changes to a document at the same time. This can be helpful when multiple users have access to files in a SharePoint library, or when you want to keep track of different versions of your files. Versioning allows you to roll back a document to how it looked at an earlier point in time. That means you don’t have to store different version of the same file with different filenames. As default, new SharePoint sites are not set up with versioning activated, and it is also not set up to require document check out before edit. Below is an ultra-short guide to setting this up. If you want to learn more about this, you will need to look online or experiment with it yourself. Versioning is perhaps most beneficial for standard documents, such as word documents, but could also be used for your data files. 1. You can access various setting for a given library/bibliotek, by selecting the library on the left side. See (Figure 1011). a. In order to bring up a menu of options, you need to press the empty checkbox next to “Type” b. In the top menu that appears click the “bibliotek tab” c. Finally click the “indstillinger for bibliotek” on the right Figure 10 2. In the following menu (Figure 1112) you choose “indstillinger for versioner”, and then set up the versioning and check in/check out behavior you want Using SharePoint to work with research data Side 10 af 12 [Skriv tekst] Figure 11 3. NOTE, that for libraries that are meant strictly for data files (such as the “pseudoanonyme data” library), you should not select the option of requiring check-out of documents in the last part of the menu. Otherwise you will risk errors when you try to open the files via the mapped folder. Versioning should be ok. GOOD PRACTICES FOR DATA ANALYSIS As already mentioned, it is not permitted to work on datasets with health data at the level of the individual on your local machine, since it requires access control and a log of the interactions with the data file. This is also the case for data that has been pseudonominized. It is also not permitted to keep such files on the various shared and personal drives such as the H-drive. The recommended best practice for analyzing and manipulating your data in Region Syddanmark, is therefore to use an approved platform for your data collection phase (e.g. REDCap), and to use SharePoint for your analysis phase. These two phases will of course often overlap. The following points are good/best practices recommended by OPEN When you export data from your data collection platform, generally don’t export the variables that contain personal identifiers (CPR, name, address, email, etc.) For your data collection phase, choose an anonymous patient id as the primary identifier for your individuals, instead of the CPR-number. You can still collect the CPR-number in another field. If the CPRnumber is the primary identifier, it is not possible to create an export that is pseudonominized. Files you export/download/receive containing data about individuals should be placed in a dedicated folder/library in a secure SharePoint site. That folder could e.g. be the ‘Pseudoanonyme data” folder created up front in your SharePoint space o If, during the download/export, you happen to store the downloaded file temporarily in a folder on your local machine (“Downloads” or “Overførsler”) remember to delete them again (also from the trash!) If you want to have a mapping file that associates the patient id to identifying variables, you should keep this file in a separate SharePoint library (e.g. the “Nøglefiler” library). This file should not be used as part of your Using SharePoint to work with research data Side 11 af 12 [Skriv tekst] analysis, but kept simply as a reference. If you will often need to know the identity (CPR-number) of an individual in your dataset, it is better to make that lookup in your data collection platform, where the operation is correctly logged. Map the SharePoint folder(s)/librarie(s) with your analysis files to a folder on your local machine When you work on your data files, always open and save from and to the mapped folder. Never store data on your local machine as long as it contains data at the individual level Using SharePoint to work with research data Side 12 af 12