Health data

Utilising health data to investigate causes of disease and health outcomes is common practice in research. As such, ensuring patient confidentiality and security is critical to safeguarding the rights of participants and necessary for the ethical and legal use of these data.

Staff and students are advised to store, secure and share health, NHS and other similar data in a way which minimises risk to these data and promotes good research practice.

Storing and Securing Health Data

Health data can be used in many areas of research such as understanding disease, monitoring drug safety and efficacy, evaluating new treatments and interventions through clinical trials to inform NHS services, clinical practice and policy.

The use of personal confidential data in health care is governed by the NHS Act 2006, the Health and Social Care Act 2012, the General Data Protection Regulation and the Human Rights Act.

Overarching principles of managing patient data include:

Data is managed safely and securely
Patient confidentiality and privacy is safeguarded
Personal and sensitive information should not be stored longer than necessary. Options for de-identification, anonymisation or disposal should be considered.

Identifiability Demystified

Understanding Patient Data have a produced a useful guide

Identifiability briefing 5 April (0.18 MB PDF)

More information can be found on funders' websites such as:

Wellcome Trust: Patient data in research; Towards consensus for best practice: use of patient records from general practice for research (pdf)
MRC: Using data about people in research

Other sources of information include, the King’s Clinical Trials Unit provides support to researchers in administering academic led trials across KHP and externally and the Human Tissue Authority (HTA): Codes of Practice and Standards webpages. 

Accessing NHS Patient Data

All organisations that have access to NHS patient data and systems must use the Data Security and Protection Toolkit (NHS DSPT). NHS DSPT is an online self-assessment tool that allows organisations to measure their performance against the National Data Guardian’s 10 data security standards.

Please see IT Assurance’s Sharepoint pages for more details about the toolkit, how to fill it in and advice on finding the answers you need, or contact them on itassurance@kcl.ac.uk.

Sharing Health Data

The majority of research projects involving health data require ethical approval. Funding bodies are increasingly committing to ensuring that the research potential of these data is maximised.

Case study:

Cancer Research UK and the Medical Research Council stipulate that all research data assets for human health are to be shared timely, responsibly, with as few restrictions as possible whilst safeguarding intellectual property, the privacy of patients and confidential data. 

Below you can find a list of resources on sharing as well as ethical issues around health data:

Funders

Cancer Research UK Data sharing guidelines
Medical Research Council (MRC): Guidance on Sharing of Research Data from Population and Patient Studies; Personal information in medical Research 
National Institutes of Health (NIH): Data Sharing Policy and Implementation Guidance
Bill & Melinda Gates Foundation’s Data Access Principles: Frequently Asked Questions (pdf)
MRC, Cancer Research UK, Wellcome Trust, UKCRC Registered Clinical Trials Units: Good practice principles for sharing individual participant data from publicly funded clinical trials (pdf)

General

Research Ethics at King’s: Applying for Ethical Approval
Digital Curation Centre (DCC): Sharing Medical Data

 Caldicott Guardians and Principles

What is a Caldicott Guardian?

Caldicott Guardians are responsible for “safeguarding the confidentiality of patient identifiable information”. These individuals are nominated within health organisations and it is recommended that they be a senior member of staff, probably a health professional (Dame Fiona Caldicott, 2017).

The Caldicott Principles

The principles have been copied verbatim from The Eight Caldicott Principles, published December 2020. More information can be found on the UK Caldicott Guardian Council website.

Justify the purpose(s) for using confidential information.
Use confidential information only when it is necessary.
Use the minimum necessary confidential information.
Access to confidential information should be on a strict need-to-know basis.
Everyone with access to confidential information should be aware of their responsibilities.
Comply with the law.
The duty to share information for individual care is as important as the duty to protect patient confidentiality.
Inform patients and service users about how their confidential information is used.

Where can I find my local Caldicott Guardian?

Location	Contact information
King's College London	King’s as an academic institution is not included on the UK register for Caldicott Guardians as having or needing a Guardian; Guardians are required by NHS organisations and local authorities only.
Guys and St Thomas' Hospital King's College Hospital South London and Maudsley NHS Foundation Trust	Contact information for Caldicott Guardians for each NHS Trust can be found on the register at NHS Digital.

Storing and Sharing NHS Patient Data

More information around storing data can be found on the Data Protection and Information Governance and Data Access Request Service (DARS) (former HSCIC) webpages.

 More information around sharing data can be found here:

Data Sharing Agreement
Information Governance (IG) Toolkit- The IG Toolkit is an online system which allows organisations to assess themselves or be assessed against Information Governance policies and standards.
Integrated Research Application System (IRAS): Online UK-wide system provided by the Health Research Authority (HRA) on behalf of the IRAS partners for preparing regulatory and governance applications for health and social care research.
Information: To Share or Not To Share? The Information Governance Review, April 2013
Review of Data Security, Consent and Opt-Outs, July 2016

Course	Description
MRC Research Data and confidentiality e-learning	A free module for all researchers working with health data
MRC Human Tissue e-Learning	E-learning module providing an overview of human tissue legislation in the UK
MRC Data and Tissues Toolkit	Guidance through the legal and good practice requirements surrounding the use of personal information or tissue samples when setting up, running or closing a research project.
MRC Experimental Medicine Toolkit	Guidance with the legislative and good practice requirements relating to experimental medicine studies in the UK.
NHS Clinical Trials Toolkit	Practical advice in designing and conducting publicly funded clinical trials in the UK.
IRAS e-learning module	Guidance with applying for the permissions and approvals for health and social/community care research in the UK.
Research Ethics Office	The King's Research Ethics Office provides a set of training materials.

research.data@kcl.ac.uk

To speak to a member of the team, please email us using the address above to arrange a Teams call

Health data

Storing and Securing Health Data

Identifiability Demystified

Accessing NHS Patient Data

Sharing Health Data

Case study:

Funders

General

Caldicott Guardians and Principles

What is a Caldicott Guardian?

The Caldicott Principles

Where can I find my local Caldicott Guardian?

Location

Contact information

Storing and Sharing NHS Patient Data

Course

Description

Study at King’s

Information for

Facilities

Discover King’s

Contact us