DHSC publish secure data environment policy guidelines

The Department of Health and Social Care (DHSC) has this month published secure data environment policy guidelines, to “set out clear rules for how secure data environments will be used to access NHS health and social care data for research and analysis”.

The new guidelines come after the ‘Data saves lives’ strategy identified secure data environments as the default way in which NHS data will be accessed for research and analysis in the future.

They are intended to provide an introduction to secure data environments; add detail to the strategy’s policy commitments; describe the minimum requirements that must be met; outline how secure data environments will be delivered; and communicate the next steps for secure data environments policy.

Secure data environments are “data storage and access platforms, which uphold the highest standards of privacy and security,” the guideline states, which “allow approved users to access and analyse data without the data leaving the environment.” Through secure data environments, organisations can control who can become a user to access data; the data that they can access; what they can do with the data; and the information that users can remove.

The document notes that a range of different users will benefit from improved access to NHS data, from internal planning and management to research and analysis. It cites research projects that are part of a pilot national secure data environment, including the British Heart Foundation, who are researching the impact and effects of the COVID-19 pandemic on cardiovascular diseases, and DATA-CAN, funded by Health Data Research UK, to understand the impact of COVID-19 on people affected by cancer.

The guidelines take into account the ‘Five Safes framework’ from the Office for National Statistics, which are “widely regarded as representing best practice in data protection”.

In terms of next steps, DHSC note that they will “continue to develop [the guidelines] in the coming months with key stakeholder groups”. Planned work includes engaging with patients and the public on how data is stored and used; publishing technical guidance for secure data environments and an outline of the accreditation processes that will need to be met; and developing guidelines on what target ecosystems should look like, what needs to change, requirements and a realistic transition timeline.

To view the guidelines in full, please click here.