NHS England - Transformation Directorate

Secure Data Environments (SDEs)

A summary of what Secure Data Environments are and why we’re making this change

We know from the Covid-19 pandemic that data saves lives.

Data helps our doctors and nurses to make better decisions in delivering care and helps our researchers to discover life-changing new treatments. Our recent strategy set out how we use data more effectively and save even more lives by making the NHS more data driven.

It is critical that this transition ensures that patient data is handled safely and ethically. To achieve this, the Department of Health and Social Care and the NHS in England are investing to move from processes that rely on data being shared, to a system where data is accessed. This will be done using online platforms known as Secure Data Environments, which are designed to give NHS data more protection.

What is NHS data?

The NHS has recorded data about every interaction with each patient and service user since 1948, much of it now in digital form. The NHS keeps our health and social care records safe to ensure we get the care we need.

Our individual information can also be combined with lots of other people’s. This looks very different to a person’s medical record. This allows analysts and researchers to see patterns and trends. The combination of all this different information is what we call “NHS data”.

Why is research and analysis using NHS data valuable to the public?

NHS data can be used to answer a huge variety of questions. These range from problems that affect the whole population, to small groups of people with rare conditions. Because of the diversity of the UK population, NHS data has enormous value.

Examples of people that use NHS data:

  • NHS analysts, to check the quality of existing services and identify potential improvements.
  • Medical researchers, to gain a deeper understanding of diseases and identify new life saving medicines and treatments.

What is the current process for using NHS data for analysis?

Research and analysis is currently carried out through a process that involves data being shared. The current procedures do a good job to make sure patient data is kept safe, privacy is protected, and that data sharing is of benefit to patients. However, there are things we can do better to improve the current procedures.

What are the drawbacks in the current process?

  • Transparency. It is difficult for individuals to understand, and challenge, how their health data is being used.
  • Efficiency. The NHS must be sure it can trust the individuals and organisations it shares data with. The process for doing this is time-consuming and costs the NHS money.
  • Accessibility. The process for researchers and analysts to use data is complicated, slowing down findings which can be used to develop new treatments and improve NHS services.

What is a Secure Data Environment?

Secure Data Environments will address the drawbacks in the current process. Secure Data Environments give approved users access to health data for analysis, without them needing to receive a copy. The organisation providing the environment can control many factors, including;

  • Who can be a user;
  • The data that users can access;
  • What users can do in the environment;
  • The findings of analysis that users can remove.

Why is the NHS making this change?

Secure Data Environments will address the drawbacks of data sharing. They will improve:

  • Patient privacy. Secure Data Environments must apply techniques to remove personal details. This makes sure that patient information remains confidential.
  • Security. As NHS data will only be hosted on systems that can prove they have high levels of protection.
  • Efficiency. Secure Data Environments enable many different sources of data to be linked. This means that researchers and analysts can access bigger sets of data faster. This will speed up how quickly the NHS can make decisions and the discovery of new treatments.

What wider rules apply to Secure Data Environments?

Secure Data Environments must comply with existing legal frameworks to keep data safe and used correctly. The UK has high data protection standards to control how personal information is used. These include;

  • The Codes of Practice under the Data Protection Act 2018
  • The Data Ethics Framework
  • Standards set out by the National Data Guardian for Health and Care and regulatory bodies.

Secure Data Environments must also adhere to the Five Safes framework, an internationally recognised system promoting the best practise in data security and privacy.

How will Secure Data Environments be delivered?

Some parts of the NHS are already using Secure Data Environments to a high standard. However, it will take time and money to move to a system where Secure Data Environments are the default way to access NHS data. To support this change, the NHS will continue to invest in building and updating its technology and policies.

What are the next steps?

By the end of 2022 we will publish details on the technical capabilities Secure Data Environments will need to meet. This will be accompanied by a clear oversight process to assure the public that each Secure Data Environment meets the highest standards we have set out. This technical information will be supported by public explanations so that everyone can understand what we are doing and why.

How can I get involved?

Engaging with patients and the public on how we store and use their data is key to getting this right. We’ve started this already, engaging with public and patient groups to develop and improve the contents of this page.

Over the coming year we plan to scale-up our engagement with patients and the public about how their data will be stored and used in the future. We will also continue to publish clear public explainers so everyone can understand what we are doing and why. The full details of these events are being finalised and will be published here.

If you are interested in receiving more information, or to get involved, please email SDE.policy@dhsc.gov.uk