Directory

Data access key terms

Below is a list of the key players in the data access world:

• Data users - secondary (re-)users of data that are distinct from the primary (data collecting) organisation.
• Data providers - the organisations that provide access to datasets, which can include directly from single organisations (e.g. NHS Digital, NHS Trusts, Universities), or via data custodians that may also provide supplementary research-support services.
• Database owners – those who manage access to national or regional data research repositories.
• Data service providers – those who provide data services that can be used to access research-specific data support, such as those that provide access to retrospective and prospective patient lists to find and recruit patients for research trials. An example is NHS DigiTrials - NHS Digital.

Key national NHS data providers and data sets

Below is a list of some key NHS data providers and data sets in England:

• The Health Data Research Innovation Gateway
• Clinical Practice Research Datalink
• NHS Digital via Data Access Request Service (DARS)
• The Health Security Agency
• The Office for Health Improvement and Disparities
• HES - Hospital Episode Statistics is a dataset containing details of all admissions, outpatient appointments, and A&E attendances at NHS hospitals in England. NHS Digital controls this dataset.
• CPRD - Clinical Practice Research Datalink holds anonymised patient data from a network of GP practices across the UK linked to a range of other health related data to provide a longitudinal, representative UK population health dataset. The data encompass 60 million patients, including 16 million currently registered patients. CPRD is jointly sponsored by the MHRA and the National Institute for Health and Care Research (NIHR), as part of the Department of Health and Social Care (DHSC). Access is subject to protocol approval via CPRD’s Research Data Governance Process.
• PDS - Personal Demographic Service is the national electronic database of NHS patient details such as name, address, date of birth and NHS Number, which includes demographic information.. NHS Digital controls this dataset.
• ONS – Office of National Statistics datasets, including registers of births, marriages, and deaths, which have been gathered from census, samples and surveys, and analysis of data generated by businesses and organisations.
• NDRS -.National Disease Registration Services collects data on patients with cancer, congenital anomalies and rare diseases and is made up of two disease registers. These are the National Cancer Registration and Analysis Service (NCRAS) and the National Congenital Anomaly and Rare Disease Registration Service (NCARDRS). NHS Digital controls these datasets.
• Coronavirus Datasets – The data required to support the response to COVID-19 is obtained from a number of sources. These are summarised in Sources of COVID-19 surveillance systems - GOV.UK (www.gov.uk) and detailed in the COVID-19 Datastore Reference Library. They include the Second Generation Surveillance System (SGSS), and the COVID-19 Hospitalisations in England Surveillance System (CHESS). Information on how to apply can be found at Accessing UKHSA protected data - GOV.UK (www.gov.uk).

GP systems suppliers

Below is a list of the main electronic patient record systems used in primary care (GP systems) – data from these systems are made available upon application from NHS Digital:

• EMIS
• TPP:
• Health Insights Technologies Ltd
• Vision Software

All suppliers accredited under the GP IT Futures Framework to supply IT systems and services to GP practices and associated organisations in England can be found on the NHS Digital GP IT Futures website - GP IT Futures systems and services - NHS Digital.

Key data access advisers by role type

Below is a list of data experts that you will interact with in your own institution or the organisations you are working with. These are people you might liaise with when applying to access data, or when developing data driven technologies or artificial intelligence (AI) as a research activity.

• Caldicott Guardian – is a senior person in an organisation responsible for protecting the confidentiality of patient and service user information and enabling appropriate information sharing by providing advice to professionals and staff. As part of that role, they ensure that procedures are in place to govern access to and the use of such information and, where appropriate, its transfer to other organisations.
• Contracts or commercial team – deals with research-related contracts across an organisation and can advise on a variety of contractual matters involving data access and data sharing.
• Data Access Committees (DACs) – organisations such as universities, and sometimes departmental data repositories, who may have their own DACs for access to data generated in research. An example is the NHS Digital’s Independent Group Advising on Release of Data (IGARD).
• Data Protection Officer (DPO) – DPOs assist you to monitor internal compliance, inform and advise on your data protection obligations, provide advice regarding Data Protection Impact Assessments (DPIAs) and act as a contact point for individuals (also known as data subjects) and the Information Commissioner’s Office (ICO). For more information see the ICO website - Data protection officers | ICO.
• Information governance team – advises on privacy and data protection matters, including data protection impact assessments (DPIAs), privacy notices, and lawful basis for processing data to enable their organisation to process personal data of data subjects in compliance with UK data protection law. Also, sets out the standards to be applied across an organisation for managing information governance including the organisational arrangements, roles, responsibilities, and policies.
• Research data management team - provides support on all aspects of the management of research data including how to create a data management plan, understanding funder requirements, organising your data, and how to archive and share your data.
• Research & Development or Research & Innovation team - supports an organisation and its researchers to meet the requirements of research regulatory governance and integrity standards, thereby ensuring that an organisation fulfils its legal and ethical requirements (in particular, under healthcare regulation).

Key regulators in England

Below are the key regulators that you might encounter when applying for data or developing AI as a research activity. They are statutory bodies that oversee particular activities according to their functions, which are set out in legislation.

• HRA – The Health Research Authority oversees responsible use of NHS healthcare data. It does this by providing ethics approval from an independent Research Ethics Committee, providing decisions based on advice from the independent Confidentiality Advisory Group, and issuing approval on behalf of the NHS for studies that are accessing data from NHS Trusts or GP practices.
• CAG – The Confidentiality Advisory Group is an independent body of the HRA which provides expert advice relating to applications for the use of confidential patient or service user information for medical purposes under section 251 in England and Wales. As well as the advice it provides to the HRA for research uses (under Regulation 5, COPI Regulations), it also provides advice to the Secretary of State for Health for non-research uses (Regulation 2, COPI Regulations).
• ICO – The Information Commissioner’s Office is the UK’s data protection regulator. AI systems in health are often trained on, and process individual patients’ health data, the processing of which is subject to data protection law. The ICO may conduct audits of different health organisations to ensure compliance with the UK GDPR and the Data Protection Act 2018.
• MHRA - The Medicines and Healthcare products Regulatory Agency regulates medicine, medical devices, and blood components in the UK. It ensures regulatory requirements are met and has responsibility for setting post-market surveillance standards for medical devices. The MHRA regulates medical devices, which can include AI systems and apps.