Frequently Asked Questions about Data Privacy and Consent
How is my data protected?
We use advanced security measures to protect your data. All information is stored in highly secure data centres with special healthcare network connections. Your data is always encrypted, which means it's scrambled so only authorised people can read it.
Do I need to give permission for my data to be used?
If you haven't opted out of NHS data sharing, your de-identified data (information that doesn't directly identify you) may be used. However, for more detailed data use, we ask for your consent.
What if I've opted out of NHS data sharing?
If you've opted out, your data won't be included in our system. You would need to actively choose to opt in if you want your information to be used.
Who can access my data?
Only healthcare professionals with NHS email addresses can access the system. They need to use two-factor authentication (an extra security step) to log in. For more detailed data, only your GP or approved individuals you've given permission to can see it.
How do you make sure my data doesn't identify me?
Any information that could uniquely identify you is removed. Amy sensitive data if filtered out as defined by NHS England.
What's the difference between de-identified and pseudo-anonymised data?
De-identified data has all personal details removed. Pseudo-anonymised data includes some details that could identify you if combined with other information, but it's protected and only accessible with your consent.
What information is included in the pseudo-anonymised data?
A: It includes a practice identifier, an anonymized patient identifier, an internal reference number, your NHS number, and your date of birth. Remember, these are all protected and coded for security.
Can I change my mind about data sharing?
Yes, you can opt out at any time.
How is my NHS number and date of birth protected?
We use a special process approved by the health service to convert your NHS number and date of birth into a code that can't be easily reversed.
How can I be sure my privacy is completely protected?
We follow strict NHS guidelines and use multiple layers of security. Your data is only used if you haven't opted out, it's stored securely, and access is strictly controlled. You're always in control of your data sharing preferences.
Keeping your information safe
The NHS ensures your information stays safe. The Clinical Coaching Program cannot look at any personal details like your name and birthday when finding patients who might need extra care. They only use data like age and health issues in a way that protects your identity.
Only when the Clinical Coaching Program thinks extra care might help, can the NHS share your name and contact details for the coaching team to reach out to you. Only people helping with care will be able to see this information. This helps us offer care while keeping your information private.
Your data is always protected
Your personal information is safe because of privacy laws like GDPR. The NHS and its partners take special care to keep your information secure and private, so it won’t be misused or lost.
Don’t want to be involved in HN’s Clinical Coaching Program?
We respect your right to choose whether to participate in our Clinical Coaching Program. If you wish to not participate, please follow the steps below:
How to decline the service:
- Prepare your NHS number and your full name
- Contact us using one of the methods below
- Provide your NHS number name and state your wish to opt out
Contact Methods
- Email: [email protected]
- Phone: 020 8064 3221
- Website: www.hn-company.co.uk
Important: You must provide your NHS number to complete the opt-out process. This ensures we can accurately identify and remove your information from our program.
What Happens Next
- We will tell the NHS not to send us any information relating to you. It may take a couple of days for this information to fully pass through the system.
- Coaching will not be offered to you
- Your regular NHS care will not be affected in any way
Data Privacy Details
We focus on an ethical approach, consistent with the Caldicott and General Data Protection Regulation (GDPR) principles. We transparently set and clearly define the purpose for accessing patient data and continuously review our processes to maximise data privacy and governance. We emphasise the need and importance of building algorithms that are effective, but also protect patients’ confidentiality.
We train our models using anonymised or strongly pseudonymised data with the minimum possible data to support our prediction algorithms. For example, we can use age and age groups, not date of birth and Lower Super Output Areas (a geographical unit in the census that includes approximately 50 postcodes) rather than postcode.
HN has assembled a core set of data fields that have proven to carry the most predictive power. For each site, the AI model is built on these data items and as part of the fine-tuning and model optimisation process, some of the data fields will be eventually dropped. Only the data fields which carry the most predictive power in the respective health economy will be used in the daily deployment of the prediction model. This minimises the use of patient data at every point in the process.
Safeguarding patients’ right
Safeguarding patients’ rights and privacy means that data must be used transparently with a clear description of the purpose, methods and timing. Patients who have agreed to become part of the service are provided with a Data Privacy Notice that explains which data is processed, the purposes for that processing and the lawful basis for doing so. They are asked for their consent to process additional data captured for secondary uses, for example surveys to help measure patient benefits in the form of evaluations of patient reported outcome measures (PROMS). Patients are given a clear choice to opt-out from any further collection and sharing of their personal data.
Experienced healthcare practitioners
Our clinical coaches are registered healthcare practitioners, who have extensive experience in accessing and protecting patient information in their daily duties. All HN staff who have access to patient records adhere to strict data protection policies including honorary contracts with the Trust and annual Data Protection training revalidations. Our clinical coaches and analysts will only have access to patient information via secure hospital servers. HN is compliant with NHS Digital’s Data Security and Protection Toolkit (DSPT) and has achieved “Standards Met” in 2020/21.