Enable Recite

Secure Data Environment - Privacy policy

At North East North Cumbria Integrated Care Board, we are committed to ensuring that your personal information is handled safely, securely and transparently. This Privacy Notice outlines how we collect, use, and protect data within the NHS Secure Data Environment (SDE) for research and development purposes.

Who we are

The North East North Cumbria SDE is a secure, protected platform designed to support health research and development by allowing access to patient information under strict security controls. The research and development projects undertaken in the SDE help improve healthcare outcomes, develop new treatments, and improve NHS services. North East North Cumbria Integrated Care Board is responsible for managing and overseeing the North East North Cumbria SDE in compliance with UK data protection laws and NHS England policy.

Purpose of the NENC SDE for research and development

The NENC SDE provides a controlled and safe setting where researchers can access anonymised or de-identified health and care information for approved health- related research studies. All research and development projects conducted within the SDE aim to improve patient care, healthcare services, and medical knowledge.

What is health and care information?

The NHS collect information about you to provide you with better care. This includes your family history, details of your symptoms, and other health related information. GP's, hospitals, mental health and social care staff may request tests and scans and these results are added to your patient record.

What is your patient record?

Alongside your test results, your patient record also includes personal information such as your name, address, and NHS number. These details are securely stored in electronic care records. Usually, you can see this information using the NHS app. This information helps health and care staff to provide you with the appropriate care.

The data collected for the NENC SDE

Health and care partner organisations, such as hospitals, GP Practices and ambulance services across North East and North Cumbria will make the information that they hold about you available to researchers using the secure data environment. The data held about you will be treated before it is made available to researchers in the SDE.

The full list of organisations supporting the NENC SDE is here:

NORTH EAST NORTH CUMBRIA INTEGRATED CARE BOARD

COUNTY DURHAM AND DARLINGTON NHS FT

CUMBRIA, NORTHUMBERLAND, TYNE AND WEAR NHS FT

GATESHEAD HEALTH NHS FT

NORTH CUMBRIA INTEGRATED CARE NHS FT

NORTH EAST AMBULANCE SERVICE NHS FT

NORTH TEES AND HARTLEPOOL HOSPITALS NHS FT

NORTHUMBRIA HEALTHCARE NHS FT

SOUTH TEES HOSPITALS NHS FT

SUNDERLAND AND SOUTH TYNESIDE NHS FT

TEES, ESK AND WEAR VALLEY NHS FT

THE NEWCASTLE UPON TYNE HOSPITALS NHS FT

The treated data available to researchers in the NENC SDE includes:

  • Anonymised or de-identified health data: this may include medical history, treatment records, demographic information, and diagnostic results.
  • Pseudonymised data: data that can only be identified re- identified under strict conditions.

No data that directly identifies an individual, such as names, address, or full any NHS numbers, is accessible to researchers unless explicitly approved for specific studies.

Legal basis for processing

We process your personal data within the NHS SDE for research under Article 6 (1)(e), and Article 9 (2)(j) of the UK General Data Protection Regulation. This allows the processing of personal data for scientific and research purposes in the public interest where such research is subject to ethical and security measures.

Common Law Duty of Confidentiality is met through the application to the Health Research Authority for approval from the Confidentiality Advisory Group to use Section 251 of the National Health Service Act 2006.

How does NENC SDE use the data?

Data within the NENC SDE is solely used for research and development purposes to:

  • Conduct medical and scientific research
  • Support the development of new treatments, diagnostics, and interventions
  • Evaluate the effectiveness of healthcare services and policies
  • Improve public health and clinical guidelines

Who can access the data?

The North East North Cumbria SDE has a two-step process to govern projects that would like to access data. A Data Access Committee (DAC) which is made of members of the public along with health, care and research professionals, evaluate whether the project is valid, and meets the required standards.

A Public Evaluation Group (PEG) made entirely of members of the public across the region, evaluate whether each project is in the public interest and is a good use of public data.

The North East North Cumbria Integrated Care Board then review the recommendations of the DAC and PEG to decide if the project can go ahead. Access is granted only for specific, approved research and development projects, and data cannot be removed from the SDE. 

Only anonymised or pseudonymised data can be accessed in each project area of the SDE. Every researcher accessing data in the SDE is bound by strict data access agreements, and access is audited to ensure compliance with legal, ethical, and security standards.

Data security

The North East North Cumbria (NENC) SDE operates under the highest standards of security to protect patient data.

This includes:

  • Safe Data: encryption code all data is encrypted during storage and transmission.
  • Safe Research: only projects that are approved by the Public Engagement Group and Data Access Committee can use the NENC SDE.
  • Safe People: All researchers and users of the NENC SDE are all checked and accredited
  • Safe Settings: Only once approved researchers have completed their training can they gain access to NENC SDE
  • Safe Out-puts: Only the results of the research can be removed from the secure data environment, not the data itself, which is tightly monitored and controlled.

Data retention

Data within the North East North Cumbria SDE is retained for the duration necessary to complete approved projects. Once the project is completed, data is archived or securely destroyed in accordance with NHS data retention policies and legal obligations.

Your rights

You have the right to decide how your personal information is used and to exercise your rights under UK data protection law, including the UK General Data Protection Regulation and Data Protection Act.

You are not required to provide the NENC SDE with your personal information. You also don’t have to agree that the information held for providing you with care can be used for research.

If you would not like your data to be used in the NENC SDE you can either contact the National Data Opt-Out page  to opt out or apply locally to opt-out of your data being used for research,

LOCAL Opt-out information here: You can contact us to stop your information going into the Secure Data Environment. Contact us at nencicb.sde@nhs.net

Contact information

If you have any questions or concerns about this privacy notice or your rights, you can contact our data protection officer at: nencicb.ig@nhs.net

Complaints

If you are worried about the use of your data in the NENC SDE, you can contact NENC ICB  Compliments and complaints | North East and North Cumbria NHS (northeastnorthcumbria.nhs.uk)

If you are unhappy with the response to any complaint, you can also contact the Information Commissioner's Office:

ICO website (opens in new tab)

This Privacy Notice reflects our commitment to safeguarding patient data while enabling vital research for the benefit of the citizens of North East North Cumbria.

Back to top