<header class="site-header">
<a href="/">
<img alt="Understanding Patient Data" class="site-header__logo" src="../../images/logo.svg">
</a>
<div class="site-header__navigation drop-down" id="site-header-navigation">
<div class="site-header__drop-down drop-down__container">
<nav class="header-nav">
<ul class="header-nav__list">
<li class="header-nav__item">
<a class="header-nav__link" href="#link-to-page">About us</a>
</li>
<li class="header-nav__item">
<a class="header-nav__link" href="#link-to-page">What you need to know</a>
</li>
<li class="header-nav__item">
<a class="header-nav__link" href="#link-to-page">Supporting conversations</a>
</li>
<li class="header-nav__item">
<a class="header-nav__link" href="#link-to-page">Case studies</a>
</li>
<li class="header-nav__item">
<a class="header-nav__link" href="#link-to-page">News</a>
</li>
<li class="header-nav__item">
<a class="header-nav__link" href="#link-to-page">Contact</a>
</li>
</ul>
</nav>
</div>
</div>
<a aria-controls="site-header-navigation" aria-expanded="false" class="site-header__button u-display-none-from-visible-navigation" data-toggle="is-open" data-toggle-group="site-header" href="#site-header-navigation">
<svg class="svg-icon svg-icon--inline" role="presentation">
<title>Navigation menu</title>
<use xlink:href="#svg-icon-hamburger" />
</svg>
</a>
<div class="site-header__search drop-down" data-focus="#header-search" id="site-header-search">
<div class="site-header__drop-down drop-down__container">
<form class="header-search">
<label class="u-visually-hidden" for="header-search">Search the entire Understanding Patient Data site</label>
<button class="site-header__button header-search__button js-header-search" type="submit">
<svg class="svg-icon" xmlns="http://www.w3.org/2000/svg" title="Search">
<title>Search</title>
<use class="header-search__icon header-search__icon--mobile" xlink:href="#svg-icon-arrow" />
<use class="header-search__icon header-search__icon--desktop" xlink:href="#svg-icon-search" />
</svg>
</button>
<input class="header-search__input" id="header-search" placeholder="Search..." required type="search">
</form>
</div>
</div>
<a aria-controls="site-header-search" aria-expanded="false" class="site-header__button u-display-none-from-visible-navigation" data-toggle="is-open" data-toggle-group="site-header" href="#site-header-search">
<svg class="svg-icon svg-icon--inline" role="presentation">
<title>Search</title>
<use xlink:href="#svg-icon-search" />
</svg>
</a>
</header>
<div class="site-header site-header--placeholder"></div>
<header class="page-header">
<div class="wrapper wrapper--gutter">
<h1 class="page-header__title">How is data kept safe?</h1>
</div>
</header>
<div class="wrapper wrapper--gutter">
<main class="layout">
<aside class="layout__item layout__item--secondary layout__item--sticky u-display-none u-display-block-from-complex-layout">
<div class="layout__wrapper">
<ul class="toc" data-scroll-spy="#primary">
<li class="toc__item">
<a class="toc__element is-active" href="#content-1-identifying-information">1. Identifying information is removed wherever possible</a>
</li>
<li class="toc__item">
<a class="toc__element" href="#content-2-an-independent-review-process">2. An independent review process</a>
</li>
<li class="toc__item">
<a class="toc__element" href="#content-3-strict-legal-contracts">3. Strict legal contracts</a>
</li>
<li class="toc__item">
<a class="toc__element" href="#content-4-robust-data-security-standards">4. Robust data security standards</a>
</li>
</ul>
</div>
</aside>
<article class="layout__item layout__item--primary" id="primary">
<div class="layout__wrapper">
<div class="intro u-font-intro">
<p>It is essential that patient data is kept safe and secure, to protect patient confidentiality.</p>
<p>There are four main ways that privacy is shielded.</p>
</div>
<div class="content u-font-body-copy">
<section>
<h2 id="content-1-identifying-information">1. Identifying information is removed wherever possible</h2>
<p>The simplest way to protect someone’s information is to remove identifying details. Anyone wanting to use patient data will only be given access the minimum information necessary to answer a question. Wherever possible, the
data will be anonymised in line with guidance given by the Information Commissioner’s Office (ICO Code of anonymisation). This code sets out what details must be removed or disguised, and the safeguards that must be followed
to protect data.</p>
<p>If it is not possible to anonymise the data, there are strict controls on how personally identifiable data can be used and stored. It can only be used if you give your permission (consent) or where required by law, and then
only with robust safeguards.</p>
<h3 class="h4">Find out more</h3>
<ul class="list-bare">
<li>
<a class="cta cta--arrow" href="#link-to-information">When does the law allow personally identifiable information to be shared without consent</a>
</li>
<li>
<a class="cta cta--arrow" href="#link-to-information">What laws control how personally identifiable data is used</a>
</li>
</ul>
</section>
<section>
<h2 id="content-2-an-independent-review-process">2. An independent review process</h2>
<p>Any request to use patient data must first be assessed by an independent review committee. All organisations that look after patient data will have a clear review process to ensure data is only used appropriately.</p>
<p>There are three things that will be checked before approval is given:</p>
<div class="column column--max-three">
<section class="column__group">
<h3>Why</h3>
<p>The purpose.</p>
<p>Data can only be used to improve health, care and services.</p>
</section>
<section class="column__group">
<h3>Who</h3>
<p>is accessing the data?</p>
<p>The organisation must check anyone who will be able to access data.</p>
</section>
<section class="column__group">
<h3>How</h3>
<p>will the data be used?</p>
<p>The organisation must have appropriate IT systems in place to protect data.</p>
</section>
</div>
<h3 class="h4">Find out more</h3>
<ul class="list-bare">
<li>
<a class="cta cta--arrow" href="#link-to-information">NHS Digital</a>
<p class="u-font-body-copy-small">The Independent Group Advising on the Release of Data (IGARD) reviews applications for sensitive NHS
</li>
<li>
<a class="cta cta--arrow" href="#link-to-information">HRA</a>
<p class="u-font-body-copy-small">Confidentiality Advisory Group</p>
</li>
</ul>
</section>
<section>
<h2 id="content-3-strict-legal-contracts">3. Strict legal contracts</h2>
<p>If a request to use data is approved, a data sharing contract must be signed before the data can be transferred. This is a legal agreement which sets out strict rules about what an organisation can do with the data and what
they must never do.</p>
<p>A data sharing contract sets out:</p>
<ul>
<li>What data will be provided, and how</li>
<li>The purpose for which the data can be used</li>
<li>When and how data must be destroyed after use</li>
<li>The data security requirements that must be followed</li>
<li>
What an organisation must not do with the data:
<ul>
<li>data cannot be used in any way to re-identify an individual</li>
<li>data cannot be linked with any other data, unless explicitly approved in the application</li>
<li>data cannot be passed to anyone else, unless explicitly approved in the application</li>
</ul>
</li>
<li>The organisation can be audited to check data is being used appropriately</li>
</ul>
</section>
<section>
<h2 id="content-4-robust-data-security-standards">4. Robust data security standards</h2>
<p>IT systems have high standards of data security to keep data safe, and must be kept up-to-date. Technology can be used to protect data in a number of ways, for example by restricting access (using passwords or swipe cards to
control access to data), or using encryption so the data cannot to be read without a code.</p>
<p>Anyone accessing data must provide evidence that they have appropriate technical security, and there must be an audit trail that records every time that personally identifiable data is accessed and used.</p>
</section>
<ul class="content__actions">
<li class="content__action">
<a class="button button--tertiary" href="#link-to-printable-version">Print page</a>
<!-- /li -->
<li class="content__action">
<a class="button button--tertiary" href="#link-to-pdf">Download PDF</a>
<!-- /li -->
</ul>
</div>
</div>
</article>
</main>
</div>
<footer class="site-footer">
<div class="wrapper wrapper--gutter">
<ul class="site-footer__sections">
<li class="site-footer__section site-footer__section--primary u-width-1-of-2-from-medium u-width-1-of-3-from-large">
<a href="/">
<img alt="Understanding Patient Data" class="site-footer__logo" src="../../images/logo.svg">
</a>
<ul class="site-footer__socials grid gutter gutter--small">
<li class="grid__item gutter__item">
<a class="site-footer__social-link" href="#link-to-twitter">
<svg class="svg-icon svg-icon--circular site-footer__social-icon" xmlns="http://www.w3.org/2000/svg" title="Follow us on Twitter">
<title>Follow us on Twitter</title>
<use xlink:href="#svg-icon-twitter" />
</svg>
</a>
<!-- /li -->
<li class="grid__item gutter__item">
<a class="site-footer__social-link" href="#link-to-linkedin">
<svg class="svg-icon svg-icon--circular site-footer__social-icon" xmlns="http://www.w3.org/2000/svg" title="Follow us on LinkedIn">
<title>Follow us on LinkedIn</title>
<use xlink:href="#svg-icon-linkedin" />
</svg>
</a>
<!-- /li -->
<li class="grid__item gutter__item">
<a class="site-footer__social-link" href="#link-to-facebook">
<svg class="svg-icon svg-icon--circular site-footer__social-icon" xmlns="http://www.w3.org/2000/svg" title="Follow us on Facebook">
<title>Follow us on Facebook</title>
<use xlink:href="#svg-icon-facebook" />
</svg>
</a>
<!-- /li -->
</ul>
<!-- /li -->
<li class="site-footer__section u-width-1-of-2-from-medium u-width-1-of-3-from-large">
<span class="site-footer__text site-footer__text--title">Contact us</span>
<dl class="list-bare">
<dt class="u-visually-hidden">Telephone</dt>
<dd>
<a class="site-footer__text site-footer__text--phone" href="tel:+4420786118646">+44 207 8611 8646</a>
</dd>
<dt class="u-visually-hidden">Email</dt>
<dd>
<a class="site-footer__text" href="mailto:hello@understandingpatientdata.org.uk">hello@understandingpatientdata.org.uk</a>
</dd>
</dl>
<!-- /li -->
<li class="site-footer__section u-width-1-of-2-from-medium u-width-1-of-3-from-large">
<form>
<label class="site-footer__text site-footer__text--title" for="subscribe">Join our mailing list</label>
<input class="site-footer__input" id="subscribe" placeholder="Email address" required type="email"><!-- Avoid whitespace between elements
--><button class="site-footer__submit" type="submit">Sign up</button>
</form>
<!-- /li -->
</ul>
<div class="site-footer__details">
<span class="site-footer__detail">Copyright 2017 Wellcome Trust Ltd.</span>
<ul class="site-footer__detail list-delimited">
<li>
<a href="#link-to-ts-and-cs">Terms & conditions</a>
</li>
<li>
<a href="#link-to-privacy-policy">Privacy policy</a>
</li>
</ul>
<a class="site-footer__hactar" href="http://hactar.is/">
<img alt="Made by Hactar" src="../../images/made-by-hactar.svg">
</a>
</div>
</div>
</footer>
There are no notes for this item.