The potential benefits that secure data access will bring to the NHS and other healthcare organisations in their fight to improve patient care and address health inequalities cannot be overstated. Integrating data from different patient care sources will allow clinicians to access all the data they need about individuals and their medical history to provide the best possible personalised healthcare.
Leveraging population-level insights while providing individuals with access to their own health data can help develop more precise diagnoses and treatment plans. Healthcare operational teams can also use data to improve care delivery through processes such as staff rostering and clinical workflows.
Secure data access will allow health data to be integrated at a regional/sub-regional level, enabling public health policymakers to make evidence-based decisions, allocate resources more effectively, and develop targeted strategies to improve outcomes. Data sets can also be used for research that benefits society, furthering collaboration between healthcare trusts, universities and other institutions.
Secure data sharing on its own, however, is not enough. We need to move to a data stewardship model that allows for dynamic consent, where individuals have ongoing control and the ability to adjust their consent and data-sharing preferences over time. Traditional static consent, which is a one-time, often broad agreement, may not adequately address the evolving nature of data usage.
A data stewardship model can be achieved by using a Secure Data Environment (SDE), a controlled and protected infrastructure designed to safeguard sensitive data and ensure the confidentiality, integrity, and availability of that data. As a secure system, SDE data is stored, processed, and accessed in a manner that minimises the risk of unauthorised access, data breaches, or other potential security threats.
Successful SDEs in the NHS
Can SDEs work effectively across the NHS? Emphatically yes. The NHS Research SDE Network, which gives approved researchers secure access to pseudonymised healthcare data, has been deployed successfully across England.
But to fulfil this ambition, the NHS will have to overcome the complexities that come with data governance in healthcare. AtkinsRéalis’ experience in successfully building, managing, and operating public data platforms means we’ve seen the benefits SDEs offer.
One example is the National Underground Asset Register (NUAR). A digital map of underground pipes and cables, NUAR will revolutionise the way we install, maintain, operate, and repair our buried infrastructure. It will improve the efficiency and safety of underground works, lead to enhanced communication between relevant parties, and improve data quality.
AtkinsRéalis and partners are currently engaging with more than 700 registered asset owners within England, Wales and Northern Ireland, asking them to sign data sharing agreements, uploading their asset data to a cloud-based SDE, transforming their data into the NUAR harmonised data model (so that a water pipe in Wales will appear the same on the platform as a water pipe in Wigan), building the NUAR digital mapping platform, onboarding all users onto the platform, providing training for all new users to the platform, and also providing asset owners with an automated process to update their data on a regular basis.
Not an easy task! The platform has been a huge success, with an MVP (minimum viable product) now being rolled out across England and Wales.
What can we learn from NUAR?
We learned several lessons from the NUAR programme that are directly relevant to NHS data and which could be leveraged to help the NHS implement SDEs. Firstly, building trust and security is essential. With high-profile data breaches regularly in the press, the NHS needs to build users’ trust that their data will not be at risk.
Transparent policies and processes should clearly communicate the purpose, benefits and safeguards associated with data access. NUAR was clear from the outset that the purpose of the platform was to promote safe digging and efficiency-saving benefits. Risk management regarding safeguards, data security, and data protection was in place from the outset and was continually assessed and improved throughout the duration of the project. NUAR was also designed as a closed data platform, with Role Based Access Control (RBAC) and the principle of least privilege applied across the entire user base.
To address individuals’ concerns about data breaches, the NHS must respect their autonomy and consent, ensuring they have a clear understanding of how their data will be used and who will have access to it. They must also provide options for individuals to choose which specific elements of their data are shared. With NUAR, we were extremely clear from the outset how asset owner data was to be used, accessed, and controlled within the system.
We provided clear usage guidelines that were underpinned by a simple, easy-to-understand legal framework. Our experience with the NUAR platform shows that data security and access strengths can be operationalised across many different settings.
Communicating value
The NHS must be transparent in communicating the value proposition – proactively engaging with and educating the public about why it is moving to secure data access and the benefits this will bring. For NUAR, we devoted a whole workstream to asset owner engagement and used a hybrid business change approach to engage with our stakeholders.
Developing collaboration and partnerships is essential. Encouraging NHS and healthcare professionals to actively promote secure data access will play a key role in building trust and acceptance.
To encourage individuals to willingly share their data with the NHS through secure data environments, it’s key that it builds trust, ensures individuals understand how their data will be used, communicates the value proposition, and fosters collaboration. Through this, the NHS can create a culture of secure data access that drives continuous improvement, empowers individuals, and, ultimately, improves patient outcomes.