Sir Jonathan Montgomery, Professor of Healthcare Law at University College London and Chair of Oxford University Hospitals NHS Foundation Trust Sir Jonathan Montgomery discusses ethical considerations in relation to using patient data for research.
Approvals
The Health Research Authority (HRA) has given Section 251 support, following advice from their Confidentiality Advisory Group (CAG), for the development of the Thames Valley and Surrey Secure Data Environment. This provides the legal basis to allow access to the specified confidential patient information without asking for consent. We also have ethical approval from South Central – Oxford C Research Ethics Committees (REC).
CAG reference: 23/CAG/0046
REC reference: 22/SC/0330
Agreements and Contracts
As well as the data protection and ethical approvals described, data in the SDE is covered by a number of legal documents or contracts. These contracts set out the basis for processing and describe the legal roles and responsibilities of the organisations involved and form an important part of the SDE governance framework:
- Provider Terms: A contract that Provider Organisations and the TVS SDE signs up to.
- Research Organisation Contract: Research organisations who wish to ask for access to data in the SDE will have to sign a research organisation contract. These organisations will be asked to vouch for the researchers that work for them
- Researcher Terms and Conditions: When individual researchers register with the SDE they will be asked to sign up to a set of researcher terms and conditions.
- Research Data Access Agreement: A contract signed by the research organisation and the SDE, will set out: the details of the data set requested, the purpose the data will be used for, data protection arrangements and intellectual property terms.
SDE-to-SDE Data Sharing
Why we share data across Secure Data Environments (SDEs)
To support specific research projects that have been approved through rigorous review, our Secure Data Environment (SDE) may share information with other NHS SDEs. This enables researchers to answer important health questions using data from different regions, especially where local data alone may be insufficient (e.g. rare disease research). These collaborations aim to deliver clear public benefit and avoid duplication.
How we protect your privacy
We only share data for projects that have been approved by a Data Access Committee (DAC), which includes patient and public representatives. Before sharing, we remove direct identifiers such as name or NHS number. The data is transferred securely using encrypted systems.
If you have opted out of sharing your data for research and planning, your information will not be included.
Transparency
Each SDE’s Data Use Register will be updated with details of the project, so you can see how data is being used.
What are my choices (Opt-Out)?
If you would like to know more about your choices, or to opt out of the Thames Valley and Surrey Secure Data Environment, please contact us by completing the below form.
We will ask for your name, date of birth and NHS number so that we can register your choice. If you do not know your NHS number, see Find your NHS number – NHS guidance.
Or by:
- 01865 227300
- tvssde@ouh.nhs.uk
- TVS SDE, Executive Offices, John Radcliffe Hospital, Oxford OX3 9DU
National Data Opt-Out
To find out more and register your choice nationally, please visit Opt out of sharing your health records – NHS
Further information about your choices is available at Understanding Patient Data.
Find out more about the Thames Valley & Surrey SDE:
Find out more about who is involved in the TVS SDE:
Useful Links:
