We need to build on this to demonstrate that the health and care system is a trustworthy data custodian, and we will do this in 5 ways:
- Keep data safe and secure.
- Be open about how data is used.
- Ensure fair terms from data partnerships.
- Give the public a bigger say in how data is used.
- Improve the public’s access to their own data.
Keeping data secure and safe #
“By December 2022, we will work with expert partners and the public to implement secure data environments as a default across the NHS. We will do this by delivering:
- a clear public guide to secure data environments and our overarching policy guidelines for the use of secure data environments
- a robust accreditation regime to ensure our high standards for secure data environments are implemented. This will include not only accreditation requirements for secure data environments but also guidance and oversight on users of the environment, as well as the process to monitor and assess implementation
- a full technical specification, drawing on industry best practice, including requirements to ensure interoperability, cyber security and the use of privacy enhancing technologies
- a comprehensive roadmap to ensure all partners across the system know how to implement our framework, with clear indicative timescales and expectations for those at different readiness levels. This will include not only those delivering the transformation in the NHS but also software providers, academic and industry researchers, as well as funding agencies”
Being open about how data is used #
…
Ensuring fair terms for data partnerships #
“Providing researchers, industry, charities and other partners with access to data enables us to:
- improve the care we provide through clinical trials, and the development of treatments and medicines
- support colleagues to do their jobs by creating diagnostic or decision support tools and technologies that free up staff time and improve accuracy
- improve our health and care system by using insights from analytics platforms
- provide more care and invest in services by bringing funding into the system on fair terms, such as reduced costs for drugs or treatments, or a return for contributions to the development of intellectual property”
The 5 principles to help the NHS realise benefits for patients and the public in data partnerships #
- Any use of NHS data, including operational data, not available in the public domain must have an explicit aim to improve the health, welfare or care of patients in the NHS, or the operation of the NHS. This may include the discovery of new treatments, diagnostics, and other scientific breakthroughs, as well as additional wider benefits. Where possible, the terms of any arrangements should include quantifiable and explicit benefits for patients that will be realised as part of the arrangement.
- NHS data is an important resource and NHS organisations entering into arrangements involving their data, individually or as a consortium, should ensure they agree fair terms for their organisation and for the NHS as a whole. In particular, the boards of NHS organisations should consider themselves ultimately responsible for ensuring that any arrangements entered into by their organisation are fair, including recognising and safeguarding the value of the data that is accessed and the resources that are generated as a result of the arrangement.
- Any arrangements agreed by NHS organisations should not undermine, inhibit or impact the ability of the NHS, at a national level, to maximise the value or use of NHS data. NHS organisations should not enter into exclusive arrangements for data held by the NHS, nor include conditions limiting any benefits from being applied at a national level, nor undermine the wider NHS digital architecture, including the free flow of data within health and care, open standards and interoperability.
- Any arrangements agreed by NHS organisations should be transparent and clearly communicated in order to support public trust and confidence in the NHS and wider government data policies.
- Any arrangements agreed by NHS organisations should fully adhere to all applicable national level legal, regulatory, privacy and security obligations, including in respect of the National Data Guardian’s data security standards, the UK Data Protection Act 2018 and the common law duty of confidentiality.
Giving the public a bigger say over how data is accessed and used #
…
Improving individuals’ access to their own health and care information #
…