Confidential Information
The use of confidential patient information to enable linkage of data sets.
For PRANA to deliver maximum value to patients, the public and research, it is essential to link data sets. Below we outline two ways in which PRANA links data:
Linking NHS data
Where data is shared across boundaries, for example by the ambulance service, air ambulance and hospital, it is important that we know we are looking at the same patient who has been seen in different locations, e.g. at the site of an incident and for follow up treatment in hospital. In this situation we use a patient’s unique identifier, their NHS number, which prevents double counting and consolidates their data into a single record. In this case the data needs to be fed securely into PRANA with the patient’s NHS Number. Before their data is accessed by researchers PRANA will create a dedicated project identifier, keeping each patient’s NHS number private and secure.
Linking NHS and non-NHS data
In some cases it will be necessary to also link health data with wider data sets that are collected without an NHS number, for example linking health data to highways agency and police data in the case of a road traffic collision. In this case additional data will be required to link the NHS data with the incident data from non-NHS services. In this circumstance both their NHS number and additional identifiable data will be stored securely within PRANA. Before their data is accessed by researchers PRANA will create a dedicated project identifier, keeping people’s personal data private and secure.
Privacy Enhancing Technologies
Wessex Secure Data Environment (SDE) and PRANA are committed to keeping patient information safe and being transparent about how it is being used. Privacy Enhancing Technologies (PETs) provide robust protection and deliver a standard approach to support data access and use. The Wessex SDE will use a number of PETs, including dedicated algorithms to support pseudonymisation and deidentification.
Pseudonymisation of data
When data is used for research, beyond individual care and treatment, information that identifies an individual patient is removed and replaced by pseudonym. This is a unique identifier that does not reveal the patient’s ‘real’ identity. All the pilot projects using the Wessex SDE will be pseudonymised at source, i.e. by the clinical teams running the trial. The clinical teams convert the patient’s NHS number into a ‘Project key’ which is then attached to their data before it is placed within the SDE. The key for re-identifying patients is held by the clinical team and is not accessible to the researchers working on the project, ensuring confidential data remains secure.