Information governance and data security

Use of patient information

The Health Foundation is an independent charity committed to bringing about better health and health care for people in the UK. As part of our work, we are granted access to patient information to enable us to conduct in-depth analysis in relation to specific projects. This information can include hospital records, GP records, and information on other health and social care services such as care homes and the 111 non-emergency phone number for medical help. We are only able to gain access to this type of data for specific projects and in all cases we are required to adhere to strict data handling procedures – for example, destroying the data when the project is completed.


All the information we hold on patients is pseudonymised, which means that patients are not directly identifiable from the data. Names, addresses and NHS numbers are, in every case, removed from the data we hold before we obtain it. We only hold the information relevant to our analysis, such as hospital use, diagnosis codes and some basic demographic information.


Maintaining data security


Maintaining data security is extremely important to us. For that reason, we only access data pertaining to patient records on our accredited Secure Data Environment. Our environment is certified against the international standard for information security management (ISO27001), meets the requirements of the NHS Data Security and Protection Toolkit and is tested at least once a year against malicious threats.


Having access to these pseudonymised records allows the Health Foundation to analyse the impact of new initiatives in order to drive learning and improvement.


The Health Foundation is committed to continuously improving the way we handle patient information, and aim to be as transparent as possible about the way we use data. At the bottom of this page you can find a description of various datasets that we hold. If you have any concerns about the data we hold, or would like to understand more about the way we keep patient information safe, we encourage you to contact our data management team.


Improvement Analytics Unit


The Improvement Analytics Unit is a partnership between NHS England and the Health Foundation, which provides rigorous data analysis to determine whether new ways of delivering care are having an impact.


The Improvement Analytics Unit processes patient information on the Secure Data Environment. All staff with access to the environment, whether employed by the Health Foundation or NHS England, have to complete information governance training and are contractually bound to maintain patient confidentiality.


Data we hold


Table last reviewed: 23 October 2018.

Dataset

Description

Purpose

Access

Hospital episode statistics

Pseudonymised hospital records including inpatient, outpatient and accident & emergency data for the whole of England.

We use these data to analyse the quality of care delivered by the NHS, funding pressure, health inequalities and productivity.

These data are only processed by Health Foundation staff and an award holder from our office.

Mental Health Services data

Pseudonymised secondary care records of children, young people and adults who are in contact with mental health, learning disabilities or autism spectrum disorder services.

We use these data to explore the determinants of mental health activity and its costing structure.

These data are only processed by Health Foundation staff.

Patient episode database for Wales

Pseudonymised hospital records including inpatient, outpatient and accident & emergency data for Wales.

We use these data to analyse the quality of care delivered by the NHS, funding pressure and productivity.

These data are only processed by Health Foundation staff.

Secondary use services hospital data

Pseudonymised hospital records including inpatient, outpatient and accident & emergency data for England. For some local areas, these data are linked to information about when individuals moved to care homes and the characteristics of their care home.

We use these data in the Improvement Analytics Unit to provide rapid feedback on the progress being made by local health care projects in England to improve care and efficiency.

These data are processed by the Improvement Analytics Unit team, including staff from NHS England and the Health Foundation.

Clinical practice research datalink

A linked and pseudonymised dataset containing primary care records and hospital information for a sample of the England population.

We use these data for our analysis into continuity of care and composition of high cost patients.

These data are only processed by Health Foundation staff and a contractor from our office.

Linked primary and secondary care data for Islington

Linked and pseudonymised general practice and hospital data for patients with long-term conditions in Islington.

We use these data to study patient activation in Islington.

These data are only processed by the Health Foundation staff.

Linked primary and secondary care data for Tower Hamlets

Linked and pseudonymised general practice and hospital data for patients aged over 50 and at high risk of emergency admission.

We use these data to evaluate the WEL integrated care pathway in Tower Hamlets CCG.

These data are processed by Health Foundation staff and a contractor from our office.

Primary care data for the Valentine Health Practice, Woolwich

Pseudonymised general practice data for patients registered with the Valentine Health Practice in Woolwich.

We use these data to support improvement activity in the Valentine Health Practice in Woolwich.

These data are only processed by Health Foundation staff.

NHS 111 and out-of-hours GP services linked to A&E data.

Linked and pseudonymised dataset containing NHS 111 callers, and their activity in out-of-hours GP and emergency departments for children and young people in north west London.

We use these data for our analysis into the effect of clinical input during a 111 call on emergency department attendance.

These data are only processed by Health Foundation staff.

Because all patient information we hold are pseudonymised, we cannot identify individuals from the data. For this reason, we cannot respond to subject access requests, or apply one's 'right to be forgotten'. For more information on pseudonymised data, and what that means for individual's rights, please see the Information Commissioner's Office's anonymisation code of practice.

Further reading

Partnership

Improvement Analytics Unit

An innovative partnership between NHS England and the Health Foundation providing robust evaluation of complex changes

You might also like...

Consultation response

Online Harms

Our response to the Department of Culture, Media and Sport and Home Office consultation on the Online Harms White Paper

Blog

In health care, data is not the ‘new’ anything – it is a paradigm shift

Data is not the new oil, nor the new anything, write Indra Joshi and Jess Morley, arguing that such analogies are fundamental...

Blog

Is data the new oil?

Is it helpful to compare data and oil to make sense of how data can best be used to tackle health and care challenges?

Kjell-bubble-diagramArtboard 101

Work with us

We look for talented and passionate individuals as everyone at the Health Foundation has an important role to play.

View current vacancies
Artboard 101 copy 2

The Q Community

Q is an initiative connecting people with improvement expertise across the UK.

Find out more