Governance module for data extraction between nodes

[gaochaung]

To fulfil Safe Haven’s role as data guardians and better protect patient privacy, a bespoke governance layer is required to separate the cohort building and viewing of patient row level data. With cohort building allow Safe Haven staffs to view and discover data in other Safe Havens through a GUI, 'patient list' should be only made available after the involved Safe Haven approved the data cohort to be extracted. As much as we want to fully automatic the data extraction, a manual layer of approvement application should be implemented into the system to allow local Safe Haven to final-check the data being extracted has appropriate governance work. An example workflow design of a governance module for leaf is attached. The module should be designed to be automatic when local Safe Haven wanting to extract their data. The manual approval request should only kick in when the requested cohort contains data the local Safe Haven is not guardians for.