How your health and care data is used in the Secure Data Environment: Privacy policy

The North East North Cumbria SDE is a secure, protected platform designed to support health research and development by allowing access to patient information under strict security controls. The research and development projects undertaken in the SDE help improve healthcare outcomes, develop new treatments, and improve NHS services. North East North Cumbria Integrated Care Board is responsible for managing and overseeing the North East North Cumbria SDE in compliance with UK data protection laws and NHS England policy.

The NENC SDE provides a controlled and safe setting where researchers can access anonymised or de-identified health and care information for approved health- related research studies. All research and development projects conducted within the SDE aim to improve patient care, healthcare services, and medical knowledge.

The NHS collect information about you to provide you with better care. This includes your family history, details of your symptoms, and other health related information. GP's, hospitals, mental health and social care staff may request tests and scans and these results are added to your patient record.

Alongside your test results, your patient record also includes personal information such as your name, address, and NHS number. These details are securely stored in electronic care records. Usually, you can see this information using the NHS app. This information helps health and care staff to provide you with the appropriate care.

Health and care partner organisations, such as hospitals, GP practices and ambulance services across North East and North Cumbria will make the information that they hold about you available to researchers using the secure data environment. The data held about you will be treated before it is made available to researchers in the SDE.

The full list of organisations supporting the NENC SDE is here:

• North East and North Cumbria Integrated Care Board
• County Durham and Darlington NHS Foundation Trust
• Cumbria, Northumberland, Tyne and Wear NHS Foundation Trust
• Gateshead Health NHS Foundation Trust
• North Cumbria Integrated Care NHS Foundation Trust
• North East Ambulance Service NHS Foundation Trust
• North Tees and Hartlepool Hospitals NHS Foundation Trust
• Northumbria Healthcare NHS Foundation Trust
• South Tees Hospitals NHS Foundation Trust
• Sunderland and South Tyneside NHS Foundation Trust
• Tees, Esk and Wear Valley NHS Foundation Trust
• The Newcastle upon Tyne Hospitals NHS Foundation Trust

The treated data available to researchers in the NENC SDE includes:

• Anonymised or de-identified health data: this may include medical history, treatment records, demographic information, and diagnostic results.
• Pseudonymised data: data that can only be identified re- identified under strict conditions. 

No data that directly identifies an individual, such as names, address, or full any NHS numbers, is accessible to researchers unless explicitly approved for specific studies. 

We process your personal data within the NHS SDE for research under Article 6 (1)(e), and Article 9 (2)(j) of the UK General Data Protection Regulation. This allows the processing of personal data for scientific and research purposes in the public interest where such research is subject to ethical and security measures.

Common Law Duty of Confidentiality is met through approval which has been given by the Health Research Authority under Regulation 5 of the NHS (Control of Patient Information) Regulations 2002, following advice from the Confidentiality Advisory Group.

Data within the NENC SDE is solely used for research and development purposes to:

• Conduct medical and scientific research
• Support the development of new treatments, diagnostics, and interventions
• Evaluate the effectiveness of healthcare services and policies
• Improve public health and clinical guidelines

The North East North Cumbria SDE has a two-step process to govern projects that would like to access data. A Data Access Committee (DAC) which is made of members of the public along with health, care and research professionals, evaluate whether the project is valid, and meets the required standards.

A Public Evaluation Group (PEG) made entirely of members of the public across the region, evaluate whether each project is in the public interest and is a good use of public data.

The North East North Cumbria Integrated Care Board then review the recommendations of the DAC and PEG to decide if the project can go ahead. Access is granted only for specific, approved research and development projects, and data cannot be removed from the SDE.  

Only anonymised or pseudonymised data can be accessed in each project area of the SDE. Every researcher accessing data in the SDE is bound by strict data access agreements, and access is audited to ensure compliance with legal, ethical, and security standards.

The North East North Cumbria (NENC) SDE operates under the highest standards of security to protect patient data.

This includes:

• Safe Data: encryption code all data is encrypted during storage and transmission.
• Safe Research: only projects that are approved by the Public Engagement Group and Data Access Committee can use the NENC SDE.
• Safe People: All researchers and users of the NENC SDE are all checked and accredited
• Safe Settings: Only once approved researchers have completed their training can they gain access to NENC SDE
• Safe Out-puts: Only the results of the research can be removed from the secure data environment, not the data itself, which is tightly monitored and controlled.

Data within the North East North Cumbria SDE is retained for the duration necessary to complete approved projects. Once the project is completed, data is archived or securely destroyed in accordance with NHS data retention policies and legal obligations.

You have the right to decide how your personal information is used and to exercise your rights under UK data protection law, including the UK General Data Protection Regulation and Data Protection Act.

You are not required to provide the NENC SDE with your personal information. You also don’t have to agree that the information held for providing you with care can be used for research.

If you would not like your data to be used in the NENC SDE you can either visit the National Data Opt-Out page to opt out or apply locally to opt-out of your data being used for research.

If you have any questions or concerns about this privacy notice or your rights, you can contact our data protection officer at: nencicb.ig@nhs.net

If you are worried about the use of your data in the NENC SDE, you can contact NENC ICB  Compliments and complaints.

If you are unhappy with the response to any complaint, you can also contact the Information Commissioner's Office.