Privacy and Data Security
Keeping Gut Reaction data safe, secure and private
Health data research is an evolving field with great potential for patient benefit, but progress is only possible by maintaining public trust and confidence with consistently high levels of data security, privacy and oversight.
Gut Reaction has partnered with experts in data security, storage and governance alongside rigorous oversight from our patient advisory committee (PAC), ensuring patient data is securely stored and appropriately used. You can read more about the crucial role of patients in Gut Reaction here.
Data safety
Gut Reaction has adopted the ‘five safes’ approach to data safety: safe data, safe projects, safe people, safe settings and safe outputs, to ensure that we promote secure and sustainable research with patient benefit at its heart. Our rigorous data access protocols ensure that only trusted researchers with questions likely to result in patient benefit, as assessed by patients, can work with our data.
Five safes
Approved researchers access the necessary datasets through a cloud-based trustworthy research environment (TRE); our TREs use secure cloud principles that are nationally recognised as best practice. This includes ensuring that our cloud hosting providers are certified. TREs safeguard the data by preventing downloading, saving or sharing data while providing essential data analysis tools. Gut Reaction data is only loaded into the TRE when all information that could identify an individual, such as their name, birth date and NHS number has been removed. Our contracts also ensure that any published research will only be appropriate and only address the agreed research question.
Image from: https://www.ukdataservice.ac.uk/manage-data/legal-ethical/access-control/five-safes
Data privacy
Gut Reaction follows best practice to make sure all the information we collect is handled carefully and securely. We do this, in conjunction with our data partners in three main ways:
- We follow best technical practice in how we handle information
- Encrypting (put into code) data when we have to move it
- Keeping data in a secure data centre
- Keeping personal details separate to other forms of information
- Monitoring who can access information. Staff will only be able to see personal details if it is necessary for their job
- We also make sure that our staff understand what they need to do to keep personal information safe – training is done to NHS standards, using NHS training materials
- We make sure that our standards are met
You can find our more about the NIHR BioResource and its policies on information governance and data security here and the UK IBD Registry here.