Key Data Access Guidance

Here you will find information about provider application processes, confidentiality advisory groups, data protection impact assessments (DPIA) UK wide, information standards, data integrity, data sharing and further support from the BHF Data Science Centre.

Please visit our CVD-COVID-UK/COVID-IMPACT pages under Areas of Work to find out more about accessing data within NHS England’s Trusted Research Environment (national secure data environment).

Provider Application Processes

NHS England – Data Access Request Service (DARS)

Find out more about DARS here.

Application Page/Process : Find out more here.

Review Process: When applying via DARS for data you will be assigned a case officer who will complete an initial review of the application and provide feedback. Once the application is accepted, the application will be reviewed by an independent committee. Details can be found on the NHS England page regarding release of data.

 

Standards of information required in an application are important to consider. There are a range of materials here to provide support.

NHS DigiTrials

NHS DigiTrials approvals also require review by an independent committee. Details can be found on the NHS England page regarding release of data here.

Application Page/Process: NHS DigiTrials, like DARS, is run by NHS England. DigiTrials is a data service delivery partner and so would work with the trial team as a partner providing feasibility assessments and possible patient identification. The application process starts with a feasibility assessment here.

Review Process: When applying via DARS for data you will be assigned a case officer who will complete an initial review of the application and provide feedback. Once the application is accepted, the application will be reviewed by an independent committee, details can be found on the NHS England page regarding release of data.

Standards of information required in an application are important to consider. There are a range of materials here to provide support.

Public Health Scotland – Electronic Data Research and Innovation Service (eDRIS)

Find out more about eDRIS here.

Application Page/Process: An initial enquiry form should be completed from the above link.

Review Process: The application is called a Public Benefit and Privacy Panel for Health and Social Care (HSC-PBPP) form. When applying to eDRIS you will be assigned a research coordinator. The research coordinator will review the application and ensure all documentation is in place – this will include Information Governance training, DPIA, Ethics approval etc. The HSC-PBPP will then be reviewed by an HSC-PBPP manager, Tier 1 panel or Tier 2 panel. The Tier 2 panel full committee will include relevant Caldicott Guardians.

This will depend on the complexity of the request. Find more information about the panel review structure here.

NICOR/Healthcare Quality Improvement Partnership (HQIP)

Find out more about NICOR/Healthcare Quality Improvement Partnership (HQIP) here.

Application Page/Process: Data can be applied for via NHS England – Data Access Request Service (DARS) (See above). However, you should contact NICOR’s data access team to discuss prior to submission. Details of the process can be found on the NICOR For Researchers page.

Contact: nicor.datarequests@nhs.net

National Health Service Central Register (NHSCR)

Find out more about the NHSCR here.

Application Page/Process: email initial enquiries and application submission to dg.nhscr-scotlandmedical-research@nhs.scot

Review Process: NHSCR also use the Public Benefit and Privacy Panel for Health and Social Care (HSCPBPP) process managed via eDRIS as above (Public Health Scotland)

SAIL Databank

Find out more about SAIL Databank here.

Application Page/Process: please contact SAIL Databank for information.

 

Confidentiality Advisory Group – England and Wales only

Confidentiality Advisory Group (CAG) considerations

A trial may be required to apply to the Confidentiality Advisory Group (CAG) if applying to access confidential patient information for a compelling scientific reason without explicit consent in England and Wales. However, it is worth noting, even with patient consent you may require CAG approval if the organisation which holds the data you wish to access decides the consent statement is insufficient to meet approvals.

Further information on CAG is available from the HRA can be found here.

A similar function to the confidentiality advisory group is undertaken by the Public Benefit and Privacy Panel for Health and Social Care (HSC-PBPP) in Scotland and in Northern Ireland the legislation equivalent to Section 251 is the Health and Social Care (Control of Data Processing) Act (Northern Ireland) 2016.

Data Protection Impact Assessments (DPIA) – UK Wide

What is a DPIA?

A DPIA is a process to help you identify and minimise any data protection risks for a project or, in this case, clinical trial. DPIAs are also a legal requirement where the processing of personal data is likely to result in a high risk for individuals. DPIAs for the processing of personal data that is undertaken for the purpose of research is the responsibility of the clinical trial sponsor.

How do I know if I need to complete a DPIA?

The Information Commissioners Office (ICO) has checklists available which help trial teams to consider if a DPIA is needed.

It is of note that there are three criteria within the activities which are deemed more likely to be high risk that may impact clinical trials:
• Sensitive data or data of a highly personal nature.
• Data processed on a large scale – note, this can mean processing a lot of data about one person so does not necessarily refer only to large trials.
• Matching or combining datasets.

Read more about high risk activities here.

To help identify the data processor and data controller (usually the trial sponsor), the MRC Regulatory Support Centre in collaboration with the HRA, eDRIS, NHS England and CPRD have produced ‘Current thinking on Controllers and Processors in health research’.

The general advice from the Information Commissioners Office is: if in any doubt, we would always recommend that you do a DPIA to ensure compliance and encourage best practice.

Who reviews my DPIA?

Your organisation’s Data Protection Officer should review the DPIA if you have one. You should also involve information security staff, any data processors and legal advisers where relevant. You are required to contact the Information Commissioners Office if you are unable to take steps to mitigate any identified high risks. Find out more here.

Information Standards

A list of information standards

SNOMED-CT, ICD-10, OPCS-4 and ICD-O-3 are all types of information standards. They are complementary, but serve different purposes.

SNOMED-CT is used by clinicians to record information in the patients EHR at the point of care. This can include more granular information such as symptoms which can be shared across healthcare settings prior to a diagnosis.

ICD-10 (International Statistical Classification of Diseases and Related Health Problems 10th Revision) is an alphanumeric classification system. The ICD-10 is used to classify diseases, injuries and causes of death.

OPCS-4 (OPCS Classification of Interventions and Procedures 4, 2021) is an alphanumeric classification system of interventions and procedures undertaken in the National Health Service (NHS) reflecting current clinical practice.

ICD-O-3 (International Classification of Diseases for Oncology, 3rd Edition) is used in cancer registries for coding the site (topography) and the histology (morphology) of neoplasms, usually obtained from a pathology report.

Accredited researchers working on CVD-COVID-UK/COVID-IMPACT Consortium approved projects, can access routinely collected datasets across the whole population of the UK within secure trusted research environments (TREs) provided by NHS England in England, the National Data Safe Haven in Scotland, the SAIL Databank in Wales and the Honest Broker Service in Northern Ireland.

For more information on the Consortium and how to access those datasets, please see here.

Key Datasets

A selection of datasets have been identified and reviewed as helpful for use in cardiovascular research and clinical trials. The datasets are obtained from secondary (hospital) care. We plan to add further information and include primary care data shortly.

Read more