Information collected by health and care organisations helps to improve care for patients and speed up diagnosis. It can also help with planning local health services and with researching new treatments.

Data saves lives. It also saves everybody time and the NHS and care services money that can be put back into patient care.

Patient data is already used in research, but Secure Data Environments will standardise this process to make it more efficient and to improve data security.

They have been designed to realise the untapped potential of NHS data by improving:

• Patient privacy – SDEs must ensure information remains confidential at all times.
• Security – NHS data will only be hosted on systems with high levels of protection.
• Efficiency – SDEs enable different sources of data to be linked, giving researchers access to bigger sets of data faster.

Note: In the event of clinically significant incidental findings, there will be a process in place to inform patients via the patient’s direct care team.

The Cheshire and Merseyside Secure Data Environment is designed for approved researchers and analysts who require access to health data to conduct studies and analyses. 

This could include:

• Universities and research institutions. Academic researchers might use the SDE to conduct health-related studies, particularly those aimed at improving healthcare outcomes.
• NHS organisations: NHS analysts might access the SDE for population health management. This means using data to improve the health of a population by understanding general trends, needs, and patient outcomes.  
• Public health bodies: Public health organisations might use the SDE for population health management, to support planning for healthcare resources, and to respond to public health crises, like COVID-19.
• Pharmaceutical and medical research companies: In some cases, approved researchers from these organisations might access SDEs for studies that align with public health objectives or contribute to medical advancements. This could include exploring the potential of new treatments for health conditions. We will engage with the public before we develop these types of partnerships.

Secure Data Environments are designed to give NHS data more protection. They store de-identified health and care data. That means that personal information – such as names, addresses and NHS numbers – are replaced with artificial, or “pseudo”, information.

The Cheshire and Merseyside Secure Data Environment protects your data by following the Five Safes. 

• Safe data: The NHS only allows researchers to access de-identified versions of your data. That means researchers never see your personal information, such as your name, date of birth, address, or NHS number.  
• Safe projects: Researchers are only given access if their research projects can deliver benefits for the public. The Cheshire and Merseyside Secure Data Environment is about using data for the greater good. 
• Safe people: All researchers must be trained and authorised to use data safely before they can access the Secure Data Environment. 
• Safe settings: The Secure Data Environment acts like a “digital laboratory”, with the highest possible levels of cyber security. Approved researchers can use it to analyse data.  
• Safe outputs: Research findings must be checked and approved by the NHS before they are published. 

Secure Data Environments also use data aggregation and data minimisation to protect privacy.

Data aggregation combines and summarises information so that trends and patterns can be analysed. Identifiable data is made less detailed. For example, the data would not include dates of birth for individuals, but rather age bands. It would not include addresses, but area postcodes.

Data minimisation means that to protect a patient’s identity, such as those with a rare disease, the database does not allow release of small amounts of data. All unnecessary details are removed.

Only approved researchers will be able to access the Secure Data Environment. Researchers will be required to sign a researcher agreement, which includes consequences for any breaches. They will also only be able to use tools to analyse the de-identified data on the platform. They cannot download the data.

The Cheshire and Merseyside Secure Data Environment will not be used for genomic data. If this were to occur in the future, a new application for ethical approval would be made.

The data is processed and stored under strict confidentiality and access rules by:

• Graphnet System C, who process data for secondary uses via the Shared Care Record.
• Arden & GEM, an NHS organisation that processes national and local data for secondary uses via the Data Service for Commissioners Regional Office.

Data is stored in the UK.

Patient data is already used in research, but Secure Data Environments will standardise this process to make it more efficient and to improve data security.

Find out more about how data is used for the benefit of patients and the public in Cheshire and Merseyside.

You can decide how your data is shared.

You can allow your data to be used for all, some or no research and planning purposes. Below are the different options available to you.

• You are happy for your data to be used for care, research and planning. 
  You do not need to do anything if you want your health and care information to support research and planning through the Cheshire and Merseyside SDE.
  
  
• You don’t want your data to be used for research and planning in Cheshire and Merseyside, but you’re happy for it to be used nationally.
  If you do not want your data to be used for local research projects, you can use the local data opt-out service by calling 0151 351 8888 or via our contact us form. You can find out what local research is being carried out via the data sharing register.
  
  
• You want to stop your GP practice sharing your data for research and planning, but you’re happy for hospitals and other providers to do this.
  If you do not want personal, confidential data held by your GP practice to be used for purposes beyond your care, you can register a ‘Type 1 optout’. To do this you can download a Type 1 opt-out form and return it to your GP practice. This would not apply to hospitals and other healthcare providers that could still use your information for research and planning. You can find out more on the NHS England website.
  
  
• You don’t want your data to be used for any research and planning.
  If you want to stop your data being used for research and planning purposes, you can use the national data opt-out service. This optout can be viewed or changed at any time on the NHS England website.
  
  
• You don’t want your data to be shared for care, research and planning.
  If you do not want your data being shared at all, you can raise a General Data Protection Regulation (GDPR) – Right to Object with your GP practice. You have a right to object at any time, but please think carefully before doing this. This option would stop healthcare professionals viewing your records from other services. This could delay vital information being available if you need health or social care support – for example, during a visit to an Emergency Department. Your data would still be recorded by services as part of your direct care. Your GP practice has the right not to action your request should they feel it is not in your best interest.

Find out what research projects have been approved to use the Cheshire and Merseyside Secure Data Environment via the data sharing register.