In November 2020 we signed a Strategic Research Agreement (SRA) with Sensyne Health to provide de-identified and anonymised data for health research. At the time we were one of six NHS trusts to enter into a SRA with Sensyne Health. Since then more NHS trusts have done so.
We took this step because we are committed to delivering the best care we can both for the people of Somerset and to play our part in broader medical research which has the potential to accelerate the discovery and development of new medicines and contribute towards digital health innovations in the future.
At the same time, we are convinced that our agreement with Sensyne Health safeguards the anonymity of data. Under the terms of the contract with Sensyne Health, our NHS trust is provided with the investment we need to anonymise data before providing it to Sensyne Health and the provision of data will operate under a Data Processing Protocol under our ethical oversight.
Our agreement with Sensyne Health does not involve the sale or bulk transfer of patient records, but the provision of de-identified and anonymised data in response to specific requests from Sensyne Health that support research. Requests for anonymised data will go through a defined assessment process within our trust before we agree to take part. Once this has happened, the trust will follow a set of protocols to compile the requested anonymised datasets. We are currently designing the protocols that will guide this process within our trust and will engage with patients to refine it.
Sensyne Health has access to publically available information about the trust and the aggregate activity we provide as published under our publications scheme. We have not yet shared any de-identified and anonymised data with Sensyne Health and will not do so until we have finished designing the process for this and have engaged with patients to refine it.
What are the terms of your contract with Sensyne Health?
The terms of our contract with Sensyne Health were set out in the public announcement of our agreement. Namely:
Somerset will receive 1,428,571 ordinary shares in Sensyne Health plc representing 1.11% of the existing issued share capital of Sensyne. This will bring the total share ownership held by NHS Trusts in Sensyne to 11.7% of the share capital (as enlarged by the issue of shares to Somerset and Milton Keynes University Hospital NHS Foundation Trust). The Trust will also receive from Sensyne an investment of up to £250,000 per year over the five-year term of the contract for specific investments in information technology to enable the curation and analysis of data under the SRA. The Trust will also receive a royalty on revenues that are generated by Sensyne from the research undertaken under the SRA. The financial return Somerset receives from Sensyne will be reinvested back into the NHS to fund patient care. The Trust has entered into a lock-up agreement whereby it has agreed not to dispose of any shares for a period of two years from the date the shares are issued.
What is the process for anonymising and sharing data with Sensyne Health?
The process for receiving a request for anonymised data from Sensyne Health, for assessing that request and anonymising and supplying the data is detailed and designed to ensure the anonymity of any data we provide.
In order to make a request for data, Sensyne Health submits a document to us containing specific information about the request in accordance with an agreed information governance framework and standard operating procedures.
A data processing request (“DPP”) outlines the data Sensyne Health is requesting and their intended purpose for analysing the anonymised patient data, the potential patient benefit they expect to arise from their analysis of the data and clear descriptions of the retention and deletion of the data. Our trust’s Caldicott Guardian and DPO assesses the data request and, if they are satisfied with the information that Sensyne Health has provided, then they approve the request for transfer of the anonymised patient data.
Our authorised data analysts then extract the requested data from our systems and anonymise it. This process is designed to create an anonymised dataset which contains no patient identifiable information.
After we have completed this anonymisation process, we transfer it to Sensyne Health under encryption. Sensyne Health then applies further anonymising techniques before undertaking any analysis.
Sensyne Health submits an Aggregate Information Request to us if they require information about a dataset that we have provided, for example requests of the number of patient records that contain a measurement of a specific vital sign, or requests of number of patients with a specific condition. These requests do NOT require a signature from our Caldicott Guardian and DPO as it is information that could otherwise be obtained via a Freedom of Information request. Sensyne Health formalises logs these requests as part of their own process.
We are currently working on the protocols that will guide this process within our trust and will engage with patients to refine it.
Ownership of any data that we share with Sensyne Health remains with the Trust.
What data will you share with Sensyne Health?
Under the protocols we have described above we will not share data that can identify an individual, for example a full postcode or date of birth. Depending on the data request, and if it is agreed through our protocols, we may share the first part of a postcode and age groups.
Individuals have raised concerns about the potential for a combination of data fields to potentially identify an individual. We are developing our protocols to ensure that anonymity is maintained and cannot be compromised through a combination of different data fields.
What does Sensyne Health do with the anonymised data?
Sensyne does not receive information that can identify a patient. The data it receives is de-identified and anonymised by the trust before we send it to Sensyne under encryption.
Sensyne Health analyses the data to find ways to improve patients care and accelerate medical research. Sensyne Health does not share the data, it does not leave the company and it does not use the data for anything other than for the purposes for which it was supplied as set out in its data request to the trust.
For more information on what Sensyne do with the data see https://www.sensynehealth.com
What is confidential patient information?
Confidential patient information is when two types of information from your health records are joined together.
The two types of information are:
- Something that can identify you
- Something about your health care or treatment. For example, your name joined with a medical condition that you have or a medicine you take.
Identifiable information on its own is used by health and care services to contact patients and this is not confidential patient information.
How does GDPR apply?
The Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation (GDPR). Everyone responsible for using personal data has to follow strict rules called ‘data protection principles’. They must make sure the information is used fairly, lawfully and transparently. Detailed information about GDPR is available on the Information Commissioners Office website.
GDPR applies to personal data which is information that relates to an identified or identifiable living individual. What identifies an individual could be as simple as a name or a number or could include other identifiers such as an IP address or a cookie identifier, or other factors, or a combination of datasets.
GDPR does not apply to our Strategic Research Agreement with Sensyne Health because this agreement concerns anonymised data. We will never share any data that can identify an individual. Our process for assessing a request for data from Sensyne Health and our response is described above.
What is the National Data Opt Out?
The National Data Opt Out is a service that allows patients to opt out of their confidential patient information being used for research and planning. National Data Opt Out compliance was originally planned for March 2020 however this has been delayed a number of times due to COVID-19 and the current compliance date is 30 September 2021.
You can choose if data from your health record is shared for research and planning. Information is available on the nhs.uk website. Your choice will be applied by NHS Digital and Public Health England and all other health and care organisations by 30 September 2021.
The nhs.uk website also sets out when your choice does not apply. This includes when information that can identify you is removed. Information about your health care or treatment might still be used in research and planning if the information that can identify you is removed.
Does the National Data Opt Out apply to your agreement with Sensyne Health?
The National Data Opt Out does not apply to our agreement with Sensyne Health because we will only share anonymised data that cannot identify an individual. The data being sent to Sensyne is already anonymous and therefore the NDOO does not apply.
However, we understand people’s concerns. Therefore we have committed to omit the anonymised data from any individual who completes a National Data Opt Out, which will be operational by 30th September 2021.
Glossary of terms
Anonymised data: Data in a form that does not identify individuals, and where identification through its combination with other data is not likely to take place.
De-identified data: Prevents the personal identity of someone being revealed. The process of removal of identifiers to make it anonymous or de-identified. It is a criminal offence to re-identify data without the data controller’s permission under S171 of the DPA)
Personal data: Data which relates to a living individual who can be identified from that data, or from data and other information which is in the possession of, or likely to come into the possession of, the data controller
NDOO – Confidential Patient Information: Confidential patient information is when two types of information from health records are joined together, i.e. something that can identify the patient and something about their healthcare or treatment.