Wessex Secure Data Environment - Home Part of the NHS Research Secure Data Environment Network NHS

Your data

The Wessex Secure Data Environment is being developed to give researchers access to patient health data so that we can improve health and care services.

It is owned and run by the NHS, so we have full control of how your data is looked after. We are building the SDE together with patients and the public.

We are adopting the highest privacy and security standards for NHS data.

In this section we explain what patient health data is, how we keep your data safe and protect your privacy. We also explain the choices you have about how your data is used.

Patient health data

Health data is any recorded information about a person’s physical or mental health in the past, present, or future.

This means that health data may come from any interaction with the healthcare system, for example during an appointment with a GP, or with a nurse or doctor in a hospital. Health data may also be gathered from medical devices and from diagnostic tests (for example, blood tests or genetic tests).

Each NHS or social care service that you use stores its own record about you electronically. This data is stored in many ways and in lots of different places, using many different types of computer systems.

Health data records include personal information. This includes things like your name, NHS number, or your address. These can be used to identify you and to link records from different places together.

Some health data are simple numbers (like your height or weight) or are picked from standardised lists (like information about prescriptions, test results, or vaccinations). Other data are free-text notes (like the comments your GP writes during a visit).

Since patient data is stored in different ways, and scattered across different services, linking data together is the key for improving care and advancing medical research.

Health data

Keeping your data safe.

Health and care information is sensitive and needs to be kept safe. The Wessex Secure Data Environment is being designed to meet the Five Safes framework developed by the Office for National Statistics (ONS). The ‘Five Safes’ are widely regarded as being best practice in data protection.

The SDE is working with patients, the public, and healthcare professionals in the Wessex region on the design of the SDE, and how we meet the Five Safes framework. Minimum requirements will be set by the government and there will be an accreditation scheme to ensure we meet them. Our approach is explained below.

http://Safe%20Data

Safe data

Health and care organisations from Wessex will send patient data to the SDE.

We will also use data from other public bodies and organisations. Data will be encrypted during transfer to the SDE and is de-identified before researchers can access it. Researchers only get to see the least amount of data they need for their project. We explain we do all this in the ‘Protecting your privacy’ section below.

http://Safe%20People

Safe people

The NHS will decide which researchers are allowed access to the SDE.

They will be expected to come from approved organisations and to have had appropriate training to use data safely. We will be able to control, monitor, and report publicly on who is using the SDE and what they are doing.

http://Safe%20Projects

Safe projects

All research projects that want to use the SDE will need to get approval.

Wessex will have an independent ‘Data Access Committee’ that will take these decisions. This committee will include public representation. Providing access to data must have an explicit aim to benefit patients or the NHS. After a research project is approved, a legal contract is needed to use the data. This contract protects our strict rules.

http://Safe%20Settings

Safe settings

Data is stored in a highly secure ‘digital lab’ environment with controlled access and robust IT systems to keep it safe.

Only approved users, with approved projects, will be allowed into the digital lab to access and analyse data. The NHS controls what researchers can see, any new data they want to bring into the SDE, and the software and tools they can use to analyse the data.

http://Safe%20Outputs

Safe outputs

Once the research is complete, researchers will want to take their results out of the SDE.

Before this can happen, the data they want to take out is reviewed and approved by the NHS to ensure that it is not detailed enough to allow re-identification and further protect privacy.  An audit trail is maintained to record all access to patient data and use of the secure data environment.

Protecting your privacy

The Wessex Secure Data Environment (SDE) safeguards your privacy using strict controls. Researchers can only see data where personal identifiers like names, NHS numbers, birth dates, and addresses are removed or disguised. This ensures you cannot be easily identified in a dataset.

The process we use to de-identify data in this way is called pseudonymisation. Personal identifiers in the datasets we hold are replaced with a ‘pseudonym’. This is a unique marker or reference number that does not reveal the patient’s ‘real world’ identity.

A key for linking pseudonyms back to actual patients is also created. These keys are stored separately and securely in the SDE. They are never shared with researchers and even our own team cannot access them without permission.

The SDE’s strength lies in its ability to link together lots of datasets from different organisations to create new, large datasets, while protecting privacy. Our team does this work in a secure and restricted part of the SDE that researchers cannot enter.

Checks are made before any dataset is made available to researchers. Similarly, our team reviews and approves any data that researchers want to take out of the SDE before that is allowed to happen.

Data

Your choices

You can choose whether your de-identified patient data is made available to researchers by the Wessex Secure Data Environment.

In some cases, you can also make a choice for someone else, like your children (under 13) or someone you care for.

Your choice will not affect your care. 

Donating your patient data ensures that researchers have more complete and representative information for research into new treatments and technologies.

If you’re happy with your information being used, you do not need to do anything.

Further information about your choices is available on the NHS website – your NHS data matters.

You can complete the national data opt out form on the NHS Digital website here.

The phone number for the national data opt out is 030 03 03 56 78 – Monday to Friday, 9am to 5pm (excluding bank holidays).

Ongoing consideration is being given to a potential local opt-out option. This is being discussed with the NHS Research SDE Network, Health Research Authority and members of the public.

National opt out

'Better health and care outcomes for everyone through the safe, appropriate and ethical use of data.'

We want to ensure that public voices underpin our guidance. We can’t second guess what the public might support so we needed to hear directly from them about what they feel constitutes public benefit, and what factors they consider when determining if a use of data will benefit the public.

Dr Nicola Byrne

Dr Nicola Byrne

National Data Guardian

Governance

Robust governance is critical to our success.

It must be designed in partnership with patients and the public, with clear rules and a transparent and trusted process for decision making, all underpinned by strong UK regulation.

Find out more about our governance.

Data governance updates

Wessex SDE – Who’s who

Governance
The governance and operational structure of the Wessex…

Turning the Sudlow Review’s vision into reality

Governance

Robust governance is critical to our success.

Governance