Data security and privacy

The SDE meets rigorous compliance and governance standards to protect patient data.

This includes:

  • Security testing and accreditation – the SDE has been built to industry-leading standards of cybersecurity
  • Environment controls – researchers can only access the approved data within the controlled environment of the SDE, where they cannot copy, delete, remove or change the data
  • Exit controls – research outputs are checked to ensure that no information that could be re-identified is removed from the SDE
  • Anonymisation – all directly identifying information is removed from the data before researchers use it
  • Minimisation – researchers only receive access to the specific data required for their approved research
  • Verification – researcher and their organisation credentials and experience are verified before access
  • Contractual controls – researcher organisations agree to legally-binding terms and conditions for use of the data
  • Benefit to public health – all applications for data access are assessed by an independent panel, which includes members of the public, against consistent and well recognised standards to determine whether they are in the public interest

Keeping patient data secure and private during research

The Eastern England Secure Data Environment (SDE) protects the privacy, security and integrity of NHS patient data using state-of-the-art technology, robust data policies and rigorous oversight of data use.

Patient data is kept secure during the research process through technological controls within the secure environment, alongside robust data access processes and policies.

Secure by design

The Secure Data Environment platform is designed to securely hold data and prevent misuse, without affecting researchers’ ability to use data for vital research. 

It is regularly and independently tested against security vulnerabilities, achieving the internationally recognised ISO 27001 accreditation.  It has also been internally assessed against the SATRE Framework, scoring 100% against all mandatory components. 

The technology of the environment prevents any directly identifying information from entry to the space where researchers can access it.  Each approved research project receives its own private secure space, and data cannot be moved between research spaces.   

The environment prevents researchers from copying, altering or deleting raw data and from combining it with any other data source beyond those which they have approval to use. 

The environment also controls what information can leave the environment. When researchers have completed their analysis, the research outputs (results) must first be verified to ensure no individual patient information can be released.  Verification is done by trained professionals and can be supported through assistive technology.  

Read our SATRE evaluation report here
Mother and daugther playing piggyback riding

Protecting your privacy

All directly identifying information, such as name and NHS number is removed from the data before researchers can access it. 

Researchers do not have access to the entire patient record for any research project. In their data access application, they must specify exactly which data types they need and explain why that data is necessary for their research. 

Where the data that are required for an important research question are particularly sensitive, additional privacy preserving actions may be undertaken – such as using age bands, rather than age. 

The right people for the right reasons

 

Researchers who want to apply to access data must first demonstrate that they have the appropriate training to do so.  Researchers and their organisations need to apply for validation through the NHS Research SDE Network Validation Service, which checks and confirms an individual’s professional identify, the location and sector of the organisation, that the organisation meets standard data security standards and that the researcher and their organisation demonstrate an understanding of appropriate uses of NHS data. 

 

After validated researchers have successfully applied to access data, but before they receive access via the SDE, researchers sign legally binding contracts that specify what they can do with the data. 

Two males sitting together at a desk looking at a computer screen

For public benefit

Finally, researchers must demonstrate that their proposed research has the potential to improve public health or NHS treatment.  This is a key criterion by which the Data Access Committee assess applications – the research question must be relevant to human health, and be likely to have an output which is beneficial to NHS patients. 

Woman in a wheelchair being comforted by a carer