Data Privacy

We focus on an ethical approach, consistent with the Caldicott and General Data Protection Regulation (GDPR) principles. We transparently set and clearly define the purpose for accessing patient data and continuously review our processes to maximise data privacy and governance. We emphasise the need and importance of building algorithms that are effective, but also protect patients’ confidentiality.

We train our models using anonymised or strongly pseudonymised data with the minimum possible data to support our prediction algorithms. For example, we can use age and age groups, not date of birth and Lower Super Output Areas (a geographical unit in the census that includes approximately 50 postcodes) rather than postcode.

HN has assembled a core set of data fields that have proven to carry the most predictive power. For each site, the AI model is built on these data items and as part of the fine-tuning and model optimisation process, some of the data fields will be eventually dropped. Only the data fields which carry the most predictive power in the respective health economy will be used in the daily deployment of the prediction model. This minimises the use of patient data at every point in the process.

Safeguarding patients’ right

Safeguarding patients’ rights and privacy means that data must be used transparently with a clear description of the purpose, methods and timing. Patients who have agreed to become part of the service are provided with a Data Privacy Notice that explains which data is processed, the purposes for that processing and the lawful basis for doing so. They are asked for their consent to process additional data captured for secondary uses, for example surveys to help measure patient benefits in the form of evaluations of patient reported outcome measures (PROMS). Patients are given a clear choice to opt-out from any further collection and sharing of their personal data.

Experienced healthcare practitioners

Our clinical coaches are registered healthcare practitioners, who have extensive experience in accessing and protecting patient information in their daily duties. All HN staff who have access to patient records adhere to strict data protection policies including honorary contracts with the Trust and annual Data Protection training revalidations. Our clinical coaches and analysts will only have access to patient information via secure hospital servers. HN is compliant with NHS Digital’s Data Security and Protection Toolkit (DSPT) and has achieved “Standards Met” in 2020/21