Privacy and Data Security

Home » Data » Privacy and Data Security

Keeping Gut Reaction data safe, secure and private

Health data research is an evolving field with great potential for patient benefit, but progress is only possible by maintaining public trust and confidence with consistently high levels of data security, privacy and oversight.

Gut Reaction has partnered with experts in data security, storage and governance alongside rigorous oversight from our patient advisory committee (PAC), ensuring patient data is securely stored and appropriately used. You can read more about the crucial role of patients in Gut Reaction here.

Data safety

Gut Reaction has adopted the ‘five safes’ approach to data safety: safe data, safe projects, safe people, safe settings and safe outputs, to ensure that we promote secure and sustainable research with patient benefit at its heart. Our rigorous data access protocols ensure that only trusted researchers with questions likely to result in patient benefit, as assessed by patients, can work with our data.

Five safes

Approved researchers access the necessary datasets through a cloud-based trustworthy research environment (TRE); our TREs use secure cloud principles that are nationally recognised as best practice. This includes ensuring that our cloud hosting providers are certified. TREs safeguard the data by preventing downloading, saving or sharing data while providing essential data analysis tools. Gut Reaction data is only loaded into the TRE when all information that could identify an individual, such as their name, birth date and NHS number has been removed. Our contracts also ensure that any published research will only be appropriate and only address the agreed research question.

Image from: https://www.ukdataservice.ac.uk/manage-data/legal-ethical/access-control/five-safes

Data privacy

Gut Reaction follows best practice to make sure all the information we collect is handled carefully and securely. We do this, in conjunction with our data partners in three main ways:

We follow best technical practice in how we handle information
- Encrypting (put into code) data when we have to move it
- Keeping data in a secure data centre
- Keeping personal details separate to other forms of information
- Monitoring who can access information. Staff will only be able to see personal details if it is necessary for their job
We also make sure that our staff understand what they need to do to keep personal information safe – training is done to NHS standards, using NHS training materials
We make sure that our standards are met

You can find our more about the NIHR BioResource and its policies on information governance and data security here and the UK IBD Registry here.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.