Data Security

 
 
 

De-identified Data

Patient Consent

Our systems prevent any data from being transmitted for patients that have opted out of record sharing. These patients would need to actively opt in to allow their data to be transmitted by the system.

Explicit consent allows the de-personalised data to become pseudonymised and available to authenticated users within the HSCN network.

GP Data Extract

GP Data is extracted and sensitive data is removed. This creates two datasets. The first contains de-personalised data used for data analysis, alerts and information for Advice and Guidance requests. The second contains information to allow pseudonymised data to be viewed within the HSCN network. This data is fully encrypted to allow secure transmission of data to our high security data centre.

data D1.JPG

Data Handling and Storage

Data is stored encrypted within the Prescribing Services Datacentres. These are high security data facilities with dual HSCN connectivity. 

Only de-personalised data can be accessed through this interface.

Pseudonymised data is stored in a restricted access datacentre and is only available within the HSCN network with enhanced permission and explicit patient consent.

Access Rights

Access is restricted to healthcare professionals with NHS email addresses and 2 factor authentication is mandatory for all users.

Pseudonymised data access is limited to GPs accessing the HSCN network for their own patients and approved individuals with explicit patient consent.

Data Filtering

Data that could lead to the identification through its uniqueness is removed by our system.

Data deemed to be sensitive by NHS England is filtered at source.

Complete Patient Privacy

Patient Consent

  • Data is only extracted for patients that have not opted out of data record sharing using the approved HSCIC codes.

  • Patients that have opted out will need to explicitly opt in to allow their data to be extracted from practice systems.

  • Patients are encouraged to explicitly opt in to allow their de-personalised data to become pseudonymised information and allow access by authorised healthcare professionals.

Pseudo-anonymised patient data

  • Practice identifier

  • Anonymised patient identifier (this is the MiQuest number for SystmOne practices and the Anonymised Patient ID for EMIS)

  • Internal reference for EMIS (EMIS Number)

  • NHS Number

  • Date of Birth

Data hashing

NHS number and date of birth are hashed using an
HSCIC approved 256bit hashing algorithm.