Organisational attendees

• National Voices
• Office of the National Data Guardian
• Association of Medical Research Charities
• Nottingham University Hospitals Trust
• Healthwatch
• Understanding Patient Data
• Royal College of Surgeons
• Academy of Medical Royal Colleges
• Patients Association
• NHS Frimley Integrated Care Board
• North West London Integrated Care System
• Information Commissioner’s Office
• UNISON
• BMA
• RCGP
• NHS England
• Department of Health and Social Care
• Academy of Medical Royal Colleges

Apologies received

• RCGP
• Information Commissioner’s Office

Actions and decisions recorded

Meeting notes

Welcome and introductions

The Chair welcomed all members to the call and noted any apologies.

Introductions of new members took place as well as noting any conflicts/declarations of interests.

Minutes from previous meeting

The minutes were approved for publication, subject to a modification requested via email and approved by the group.

Further to recent media coverage about the number of pilot sites delivering benefits, confirmation was sought by the group. It was confirmed inaccurate numbers had been reported in the media and, as detailed in the NHSE board papers, there are 31 sites delivering benefits.

It was queried whether FDP would be implemented ahead of the PET solution being live. It was confirmed that the PET solution would be in place ahead of the implementation of the FDP.

It was queried how data would be governed across the different instances of the FDP. It was confirmed that the Federated Data Platform (FDP) is software that will sit across NHS trusts and integrated care systems allowing them to connect data they already hold in a secure and safe environment. GP data will not be part of the national platform. FDP does not change data controllership arrangements so if there is data sharing agreement between integrate care system (ICS) and GPs locally to share data for care co-ordination then they can use the local version of FDP for that purpose.

The software will be ‘federated’ across the NHS. This means that every hospital and integrated care board will have their own version of the platform which can connect and collaborate with other data platforms as a ‘federation’.

The control over identifiable data is managed based on the use case and product, utilising purpose-based access control and role-based access control. For instance, if a local instance requires identifiable data for specific work, it remains identifiable within that context. However, in a national instance, no identifiable information is being utilised. If an ICB instance of FDP required identifiable information, a lawful basis for that use would be required to be identified and any transfer of data from a local instance to an ICB one requires a pre-existing agreement.

FDP-AS and PET update

The FDP Programme SRO provided an update on FDP-AS and PET, highlighting ongoing collaboration with suppliers to prepare for the transition and mobilization. The team is actively engaging with trusts and ICBs to inform and prepare them for upcoming developments, with progress aligning with the established plan.

A query was raised regarding demand, specifically questioning whether the numbers were already surpassing NHSE’s initial expectations. It was confirmed that the initial priority is the transition of the pilot sites onto the FDP platform, and concurrently engagement activity is helping to generate a demand pipeline. AN increase in interest demand for the platform was noted post-contract award.

The group were keen to see the core products that will be available in the FDP, and it was agreed a demo would be arranged for the next meeting.

Action: NHS England to showcase FDP products to the group.

Insight was shared that this was acknowledged and agreed as important as part of the implementation activity. The FDP Programme SRO offered to collaborate with the Southeast regional leadership team to create a concise plan, incorporating their thoughts and points.

Action: Follow up on the offer to collaborate with the Southeast regional leadership team to create a clear and concise implementation plan.

The Head of Communications and engagement provided an overview of future engagement activity based around the findings from the Engagement Portal feedback, noted the large-scale public deliberation activity being led by DHSC and confirmed the FDP was helping to shape those plans, and updated the group on the development of a number of communications assets. She confirmed that drafts of these items would come to the group for comment and were also being developed in conjunction with the NHS Data Public and Patient Engagement and Communications Advisory Panel.

Opt-outs and IG

The FDP Programme Director provided an overview of how data would be used in the FDP and explained what this means in relation to opt-out options. She confirmed that the FDP programme is committed to providing clear and meaningful public information about this matter.

The Head of Information Governance provided an update on the application of opt-outs in various scenarios, specifically focusing on the national data opt-out and reminding the group that the FDP is adhering to existing national opt-out policy.

Ahead of the meeting a document was circulated to the group, offering a concise explanation of how data is used in the FDP and what this means in relation to opt-outs. Feedback on this was welcomed from the group.

The FDP Programme SRO emphasised the importance of considering opt-outs in the context of data use rather than the platform itself. The focus should be on understanding how the data is used, which will guide the application of opt-outs in a meaningful way.

It was queried whether “deidentified data” is synonymous with “pseudonymised data” or if there is a distinction between the two, and the distinction between the two was clarified by the Head of IG. In response to the inquiry about safeguarding, the FDP Head of Information Governance provided insights. Within the Information Governance framework, they are examining existing products currently in use within the NHS. No new data flows or products are introduced in the FDP, and they plan to test existing products from a data protection perspective. Current Data Protection Impact Assessments (DPIAs) will be moved over to the FDP DPIA, incorporating Privacy Enhancing Technology (PET). The lawful basis for data processing will be stress-tested, particularly considering the common law duty of confidentiality, which is impacted by the national data opt-out. This comprehensive approach is intended to ensure robust safeguards.

An inquiry was made about public engagement and policy, emphasising that a lack of live public engagement could impact sub-national programs and erode public confidence. She sought clarification on whether there is a broader consideration and assurance that the duty of care to existing programs is being met.

The Head of Comms and Engagement provided an update on public engagement efforts, highlighting close collaboration with teams responsible for the wide-scale public deliberation activity being led by DHSC. Acknowledging the significance of public engagement, real-life examples are being tested through engagement activities to gather insights and to address concerns. Specific engagement activities for FDP will be tailored to focus on regions and localities. Close coordination with regional colleagues is planned to ensure effective engagement.

The chair inquired about the level of engagement with the FDP engagement portal. It was confirmed that that engagement had reduced since contract award, and that only a small proportion of visitors to the portal had provided feedback or submitted questions to NHSE’s customer contact centre. and the feedback provided limited. This could be because visitors found the answers to their questions in the information provided, however it was also noted that it could be a result of a lack of awareness about the portal.

It was reiterated that the commitment made in the data strategy to review data opt-outs options. The complexity of the current opt-out system, and the challenge it posed in clearly articulating how it applied to the use of data in the FDP was noted. The topic will be prioritised as part of the public deliberation activity taking place in the New Year.

A question was raised about the wording in the document that states, “GP data will not be part of the national version of the federated data platform” and suggested adding a further line for clarity about what GP data will be used for. The FDP Head of Information Governance explained that individual data controllers at the local instance level will decide whether to use GP data or not, based on the data sharing agreements in place locally, and advised this needed to be reflected in the wording.

An inquiry was made about potential changes to local agreements for shared care records before data flows into a local instance of the FDP, and if any further action from a GP is required. The FDP Head of Information Governance confirmed that there will be no further actions required from a GP perspective. Data will not flow automatically from the shared care record. Access to shared care records is restricted and should only be used by a clinician when a patient is being seen. The Director of Data Services added that, at present, there isn’t an active use case where shared care record data should be utilized for any products on the FDP. Nonetheless, there is ongoing work in this area to address and establish relevant use cases.

Action: to further explore what the concern is, how could we use shared care data, would we use shared care data and if we were to what changes would there need to be in terms of shared care records and GP practices.

A concern was raised about the potential linkage of data in the FDP, specifically asking whether, if the FDP has data for direct care and then pseudonymises it for other purposes, there would be any linkage to other datasets either before or after pseudonymisation. Concern was expressed about the possibility of such linkage constituting a misuse of information.

The FDP Head of Information Governance confirmed that there would be no links prior to pseudonymisation, emphasising that linking data before pseudonymisation is not lawful. The processing of data should align with its intended purpose. Existing products will undergo re-evaluation, and for new products, a separate analysis of the data flow will be conducted, ensuring the application of appropriate lawful bases. This approach aims to prevent any misuse of information within the FDP.

The FDP Programme SRO added that fundamentally, the FDP is not designed to combine its dataset with another dataset in the system for analysis. If there is a specific analysis need, a requirement would be created for that particular purpose.

An inquiry was made as to whether the audit trail of who had access data in the FDP would be available to the patient. The FDP Programme SRO responded that they are exploring the best way to make the audit trail available to patients, likely utilising Privacy Enhancing Technology (PET) in the future.

Any other business close

Queries were raised regarding how sensitive data would be used within the FDP. It was suggested that FAQs be developed to address questions around sensitive topics and data usage for non-NHS organisations.

It was confirmed that the notes from these meetings will be published on NHSE’s website and a link to them can be shared with whoever has an interest in them.