In December 2021 we signed a Strategic Research Agreement (SRA) with Sensyne Health to provide de-identified data for health research. At the time we were one of thirteen NHS trusts to enter into a SRA with Sensyne Health.
We took this step because we are committed to delivering the best care we can both for the people of Cambridgeshire and Peterborough for whom we provide acute services, and for the wider population across the East of England for whom we are the regional specialist centre. We also want to play our part in broader medical research which has the potential to accelerate the discovery and development of new medicines and contribute towards digital health innovations in the future.
At the same time, we are convinced that our agreement with Sensyne Health safeguards the anonymity of data. Under the terms of the contract with Sensyne Health, our NHS Trust is resourced with the investment required to de-identify data prior to making it available to Sensyne Health. The provision of data will operate under a Data Processing Protocol under our ethical oversight.
Our agreement with Sensyne Health does not involve the sale or bulk transfer of patient records, but the provision of de-identified data to support specific research queries from Sensyne Health. Applications for de-identified data will go through a defined process within our Trust to assess appropriateness or otherwise of the request. Once this has happened, the Trust will follow a set of protocols to compile the requested de-identifed datasets. We are currently designing the protocols that will guide this process within our Trust and will engage with patients [AC1] about this.
Sensyne Health already has access to publically available information about the Trust and the aggregate activity we provide as published in our publications scheme. We have not yet shared any de-identified data with Sensyne Health and will not do so until we have finished designing the process for this and have engaged with patients.
What are the terms of your contract with Sensyne Health?
The terms of our contract with Sensyne Health were set out in our press release, namely: CUH will receive 4,285,714 ordinary shares in Sensyne Health plc.
CUH will also receive from Sensyne an investment of up to £350,000 per year over the five-year term of the contract for specific investments in information technology to enable the ethical curation and analysis of de-identified data under the SRA. In addition the Trust will receive a royalty on revenues that are generated by Sensyne from the research undertaken under the SRA. The financial return CUH receives from Sensyne will be reinvested back into the NHS to enhance patient care. The Trust has entered into a lock-in agreement whereby it has agreed not to dispose of any shares for a period of two years from the date the shares are issued.
What is the process for de-identifying and sharing data with Sensyne Health?
The process for receiving a request for data from Sensyne Health, for assessing that request and de-identifying and supplying the data is detailed and designed to ensure the anonymity of any data we provide once received by Sensyne Health.
In order to make a request for data, Sensyne Health submits a document to us containing specific information about the request in accordance with an agreed information governance framework and standard operating procedures.
A data processing request (“DPP”) outlines the data Sensyne Health is requesting and their intended purpose for analysing the de-identified patient data, the potential patient benefit they expect to arise from their analysis of the data and clear descriptions of the retention and deletion of the data. Our Trust’s Caldicott Guardian and Data Protection Officer (DPO) assesses the data request and, if they are satisfied with the information that Sensyne Health has provided, then they approve the request for transfer of the de-identified patient data.[AS2]
Our authorised data analysts then extract the requested data from our systems and de-identify it. This process is designed to create a de-identified dataset which contains no patient identifiable information.
After we have completed this de-identification process, we transfer it to Sensyne Health using a secure process which follows all NHS approved security policies in place at the time of transfer. Sensyne Health then applies further anonymising techniques before undertaking any analysis.
Sensyne Health submits an Aggregate Information Request to us if they require information about a dataset that we have provided, for example requests for the number of patient records that contain a measurement of a specific vital sign, or requests for the number of patients with a specific condition. These requests do NOT require a signature from our Caldicott Guardian and DPO as it is information that could otherwise be obtained via a Freedom of Information request. Sensyne Health formally logs these requests as part of their own process.
We are currently working on the protocols that will guide this process within our Trust and will engage with patients about them.
Ownership of any data that we share with Sensyne Health remains with the Trust.
What data will you share with Sensyne Health?
Under the protocols we have described above we will not share data that can identify an individual, for example a full postcode or date of birth. Depending on the data request, and if it is agreed through our protocols, we may share the first part of a postcode and age groups.
Individuals have raised concerns about the potential for a combination of data fields to potentially identify an individual. We are developing our protocols in line with best practice to ensure that anonymity cannot be compromised through a combination of different data fields provided by the Trust.
What does Sensyne Health do with the de-identified data?
Sensyne Health does not receive information that can identify a patient. The data it receives is de-identified by the Trust before we send it to Sensyne Health.
Sensyne Health analyses the data to find ways to improve patient care and accelerate medical research. Sensyne Health does not share the data, it does not leave the company and it does not use the data for anything other than for the purposes for which it was supplied as set out in its data request to the Trust.
What is confidential patient information?
Confidential patient information is when two types of information from your health records are joined together.
The two types of information are:
- Something that can identify you
- Something about your health care or treatment.
- For example, your name joined with a medical condition that you have or a medicine you take.
Identifiable information on its own is used by health and care services to contact patients and this is not confidential patient information.
How does GDPR apply?
The Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation (GDPR). Everyone responsible for using personal data has to follow strict rules called ‘data protection principles’. They must make sure the information is used fairly, lawfully and transparently. Detailed information about GDPR is available on the Information Commissioners Office website.
GDPR applies to personal data which is information that relates to an identified or identifiable living individual. What identifies an individual could be as simple as a name or a number or could include other identifiers such as an IP address or a cookie identifier, or other factors, or a combination of datasets.
GDPR does not apply to our Strategic Research Agreement with Sensyne Health because this agreement concerns de-identified data. We will never share any data that can identify an individual. Our process for assessing a request for data from Sensyne Health and our response is described above.
What is the National Data Opt Out?
The National Data Opt Out is a service that allows patients to opt out of their confidential patient information being used for research and planning. National Data Opt Out compliance was originally planned for March 2020 however this has been delayed a number of times due to COVID-19 and the current compliance date is 31 March 2022.
You can choose if data from your health record is shared for research and planning. Information is available on the nhs.uk website. Your choice will be applied by NHS Digital and Public Health England and all other health and care organisations by 30 September 2021.
The nhs.uk website also sets out when your choice does not apply. This includes when information that can identify you is removed. Information about your health care or treatment might still be used in research and planning if the information that can identify you is removed.
Does the National Data Opt Out apply to your agreement with Sensyne Health?
The National Data Opt Out (NDOO) does not apply to our agreement with Sensyne Health because we will only share de-identified data that cannot identify an individual. The data being sent to Sensyne is already de-identified and therefore the NDOO does not apply.
However, we understand people’s concerns. Therefore, we have committed to omit the de-identified data from any individual who completes a National Data Opt Out, which will be operational by 31st March 2022.
Glossary of terms
De-identified data: Prevents the personal identity of someone being revealed. The process of removal of identifiers to make it de-personalised or de-identified. It is a criminal offence to re-identify data without the data controller’s permission under S171 of the DPA.
Personal data: Data which relates to a living individual who can be identified from that data, or from data and other information which is in the possession of, or likely to come into the possession of, the data controller.
Confidential Patient Information: Confidential patient information is when two types of information from health records are joined together, i.e. something that can identify the patient and something about their healthcare or treatment.