Security

Security and the protection of people’s personal data is our top priority. We are working closely with the National Cyber Security Centre and all data will be held in line with the Office for National Statistics Five Data Safes and NHS England’s secure data environment principles.

Five data safes

  1. Safe people – individuals accessing the data are trained and authorised to use it appropriately.
  2. Safe projects – projects are approved by data owners for the public good.
  3. Safe settings – preventing inappropriate access, or misuse.
  4. Safe outputs – summarised data taken away is checked to ensure it protects privacy.
  5. Safe data – information is protected and is treated to protect confidentiality.

More information about the five data safes is available on the Office for National Statistics website.

Secure data environments

The recent Data saves lives strategy included a core set of commitments to move the NHS from a model of data sharing, to data access through Secure Data Environments. These are data access and storage platforms that enable the use of NHS health and social care data in research and analysis.

We identify these platforms based on their primary users and requirements for access:

  1. Secure Data Environments – for planning and population health management, including federated data platforms.
  2. Secure Data Environments – to support research by academia and industry. Their primary use is to support medical research and development.

All of these platforms will need to comply with the published Secure data environment guidelines.

A federated data platform will ensure:

  • Local NHS control: data does not leave the data controllership of NHS bodies. There will be role based access controls in place to ensure that individual users (who meet specific requirements) will be able to access data relevant and necessary to their role.
  • Audit and accountability: the platform will create and maintain an audit trail documenting all individuals’ users’ access, including the data they access. Those audit trails will be reviewed to ensure that data is being accessed and used for legitimate purposes. The contracts between data controllers (NHS) and data processors (software provider) will contain specific clauses relating to inappropriate use of data, and all contracts in relation to the federated data platform will be published.
  • Confidentiality: there will be strict rules for when data and information can leave the secure environment of the platform and all access to the data and analysis is monitored.

Read more information about our Secure data environment service.

Further information