Our Data
Our research relies on use of routinely collected data, that is information collected in clinical records and healthcare investigations as part of the delivery of care. This data has the potential to dramatically improve the health of the UK population. We also recognise the key importance of using such data in a transparent, compliant and secure manner. Where it is feasible, we will seek explicit consent from the owners of that data. Where there are good reasons why this is not possible, we use the following processes and principles to ensure use of the data is legal, ethical and serves a genuine public interest:
Anonymisation
All the data which we use will be in anonymised form. All the data we extract from the NHS will be de-identified. We will never knowingly pass data which includes information which can be used to identify the people it relates to outside of the NHS.
Consultation
Our projects are co-designed by people with lived experience of the disease. Their views and (where appropriate) the views of the general public are incorporated into our work. We disseminate accessible information about our our projects prior to acquiring any data, to allow people the opportunity to opt out of the use of their data. We will ensure that anyone who has joined the NHS England data opt out register is not included in our research.
Ethical approval
All our research is reviewed and approved by a local (University of Plymouth) and national (Health Research Authority) ethical review board. Where our projects involve the transfer of identifiable data outside of the routine care team, data is reviewed by the Confidentiality Advisory Group of the Health Research Authority.
Data minimisation
We will always use the minimum amount of data we require to deliver the aims of the project.
Data security
When extracting identifiable patient data, where possible we will collate and link our databases within the routine care team (the people who would have access to that data as part of their role in delivering clinical care). This is possible because many of our team have combined roles as researchers and NHS professionals. All identifiable data (data which contains information such as name or date of birth) is handled solely on NHS computer systems. Before data is passed to University researchers (or in some cases, if relevant governance and patient/public consultation is in place, external partners), it is fully deidentified and audited, to ensure it is not possible to identify individual subjects within it.