How we use Patient Data
The Health North “Connected Health Cities” (CHC) initiative is a collaboration of key partners and stakeholders working together, learning from each other, to improve care for our citizens living in the North of England.
We will operate as four city regions, coordinated by a central hub based in Greater Manchester:
- North West Coast
- Greater Manchester
- North East Cumbria
- Connected Yorkshire
Our key partners include:
- The NHS
- Local universities
- Local authority services such as social care, housing and education
- Healthcare service provider organisations
- Healthcare charities
- Patient and public associations
- Companies producing healthcare products and services
We will work together to share learning across the North of England about best practices in treatment and the delivery of care. We will promote the highest quality of care using the latest scientific evidence. This will include evidence we will derive from North of England citizens and North of England health services. Our collaboration will accelerate research into both new and improved treatment (including into new medicines, medical devices and health apps) and how to improve services by getting research findings into practice. By accelerating research, we aim to foster investment into research and product development in the North of England.
We will work with our key partners to analyse health and social care data, from across the North of England, in secure ways that protect everyone’s data privacy. This data is information about you from your records (such as health records or social care records). We will refer to this in this document as “patient data”. We will be able to use it to generate new insights, such as looking to reduce falls in elderly people, helping to spot alcohol misuse at an earlier stage and cutting the inappropriate use of antibiotics.
These analyses will only be undertaken by organisations committed to acting to benefit the health and social care of our citizens. All of the scientific and healthcare discoveries from research undertaken using patient data through the CHC initiative will be published openly.
Will CHC protect my rights to confidentiality?
We are committed to protecting your privacy at all times and will only use patient data ethically and in accordance with all relevant legislation, such as the Data Protection Legislation, the Human Rights Act 1998 and the Common Law Duty of Confidentiality.
You can find out more about what this means by reading the Code of Practice on Confidential Information. This provides good practice guidance for organisations collecting, analysing, publishing or otherwise disseminating confidential information concerning, or connected with, the provision of health services or adult social care in England.
Because we are processing data that has been collected within the NHS, i.e. information from your patient record about when you received care, we are also committed to follow the principles and values relating to using and sharing personally identifiable data that are set out in the NHS Care Record Guarantee and the NHS Constitution.
If you want to know how the NHS uses your patient data you can find out more here
The following information explains why we use patient data, who else will use it, how we protect your confidentiality and what your legal rights and choices are.
We want you to understand:
- What data the CHCs will collect and hold
- What the CHCs will do with your data
- How the CHCs look after your data
What patient data will CHC collect and hold?
Most of the patient data that we hold is de-personalised patient data (you cannot be identified from it). Some CHC have consent from patients to use personally identifiable data. Wherever possible we will use de-personalised patient data. The portions of the patient data that identifies you will be removed or scrambled before it is sent to us: it will be de-personalised. In both of these cases, we will protect the data to the same high standards.
All the data we hold is protected and is only shared with CHC analysts that are undertaking an approved research study or health service (care pathway) analysis. In the rare cases where the data is personally identifiable it will only be shared in accordance with your rights under Data Protection legislation, the Common Law Duty of Confidentiality the NHS Constitution, and in keeping with professional and NHS Codes of Practice.
We will get patient data about the care you have received in different hospitals and care services and link it together, so that we can see all the care you are receiving. We may then be able to recommend better ways of providing that kind of care to patients in your health situation. We will use patient data about you and many others for statistical analysis and evaluation of the services that are treating you.
The patient data we will collect and hold may look like this:
What will CHC do with the patient data?
The data about your health and care that is held in your health records is confidential and is not routinely shared with us.
However, we use de-personalised data for purposes such as:
- determining how ill the population in your area is and what services need to be provided
- ensuring that the services you are receiving meet the needs of people with your condition
- exploring different ways of providing services to people with your condition
- investigating whether new services have provided better outcomes than did current services
- improving health, care and services through research and development.
How do CHC look after my patient data?
There are several safety measures we have put in place so that we can protect the patient data we hold about you. It will be safe and secure while it is transferred to us and it will be stored in a secure data centre which can only be accessed by people that have approval to do so.
All the analysis will be done by accessing the patient data in this data centre (no-one can make copies to take out of the centre). If other organisations want to analyse the data, and they have the correct approvals, then they must sign a Data Sharing Contract that makes clear what they can use the data for and what happens if they don’t follow the rules.
Everyone who accesses the patient data will be trained about confidentiality and will be required to sign a declaration that commits them to protect your data and only use it for the purposes that we agreed to when we obtained it. We will keep a record of who accesses the data so we can make sure it is used properly.
We will make sure we know about any data quality problems and address them so that the data we are using can be relied upon. We will make sure that any results that are to be published will be presented in an anonymous way (such as in tables showing the number of people with a particular condition) so it won’t be possible to identify anyone. Information about small groups or people with rare conditions could potentially allow someone to be identified and so would not be published.
Even with all these safety controls in place, sometimes things can go wrong. We will make sure that in the unlikely event that this does happen, we will investigate the incident thoroughly and make sure that we all learn lessons and make changes to prevent it happening again.
Do CHC share data with other partners?
Do CHC share patient data with other organisations?
If you have any questions or concerns about how we use your patient data, please contact us
Where can I find further information?
Below are links to more information about your rights and the ways that the NHS uses patient data:
The National Data Guardian’s Panel – this is the panel that advises the Secretary of State on information governance matters across the health and social care system. This website includes links to the Independent Information Governance Review that was conducted in 2012 and the Government’s response, as well as the more recent report on new measures to strengthen security of patient data and help people make informed choices about how their patient data is used.
The Confidentiality Advisory Group who provide independent expert advice to the Health Research Authority (for research applications) and the Secretary of State for Health (for non-research applications) on whether applications to access personally identifiable patient data without consent should or should not be approved, in accordance with the law (Section 251).
The Information Commissioner (the UK’s Data Protection Regulator) who can offer independent advice and guidance on the law and personal data, including your rights and how to access your personal data.