Security

Security and the protection of people’s personal data is our top priority. We are working closely with the National Cyber Security Centre and all data will be held in line with the Office for National Statistics Five Data Safes and NHS England’s secure data environment principles.

Five data safes

  1. Safe people – individuals accessing the data are trained and authorised to use it appropriately.
  2. Safe projects – projects are approved by data owners for the public good.
  3. Safe settings – preventing inappropriate access, or misuse.
  4. Safe outputs – summarised data taken away is checked to ensure it protects privacy.
  5. Safe data – information is protected and is treated to protect confidentiality.

More information about the five data safes is available on the Office for National Statistics website.

Secure Data Environments

The recent Data saves lives strategy included a core set of commitments to move the NHS from a model of data sharing, to data access through Secure Data Environments. These are data access and storage platforms that enable the use of NHS health and social care data in research and analysis.

We identify these platforms based on their primary users and requirements for access:

  1. Secure Data Environments – for planning and population health management, including federated data platforms.
  2. Secure Data Environments – to support research by academia and industry. Their primary use is to support medical research and development.

All of these platforms will need to comply with the published Secure data environment guidelines.

A federated data platform will ensure:

  • Local NHS control: data does not leave the data controllership of NHS bodies. Only users that meet specific requirements will be allowed to access pre-agreed portions of the available information.
  • Transparency: anyone that is using the data will be recorded, an audit trail created and the information they access will be assessed to ensure it meets the strict parameters. Any contracts between data controllers (NHS) and data processors (software provider) will also hold specific clauses relating to inappropriate use of data, and all contracts in relation to the federated data platform will be published.
  • Confidentiality: there will be strict rules for when data and information can leave the secure environment of the platform and all access to the data and analysis is monitored.

Read more information about our Secure Data Environment service.

Further information