Improving our Data Processing Services (DPS)

We are implementing modern technologies and processes to enable us to perform our statutory role as the safe-haven for health and care information. This requires us to collect and process data needed to run the health service.

These secure technologies and processes will enable us to collect, process and access data in a smarter, more efficient way.  This will lead to faster access to better linked data giving commissioners and researchers a clearer picture of health and care. 

Most importantly, our data processing services will improve patient care by empowering the health and care system to use information more effectively for:

• research into the prevention and treatment of diseases 
• planning services essential to the sustainability of the NHS

Our secure technology and processes will stand the test of time and support future innovation and improvements. Here’s how:

Faster data processing

We’re managing larger volumes of incoming data to ensure it’s accurate, useful and secure, and processing it faster than we have ever done before.

Secure cloud technology

By moving the information we collect to secure cloud technology, we will reduce potential security risks associated with storing data across separate systems.

Better data quality

We’re standardising and automating the way we match patients with their records to deliver more complete and usable data.

Protecting patient data

 We're using market leading privacy technology to develop a de-identification process that protects patient privacy by removing the identifiable information from a patient’s record so it can be safely used for research and planning. All information is encrypted in transit and when it's stored. 

There are currently, different ways of de-identifying data across the NHS, but this new technology standardises and automates the way we do this. This means there will be less need to manually prepare patient information. 

Our services also support the National Data Opt Out policy, giving citizen's better control and information about how their health and care data is used for planning and research. 

Better data linkage

Data linkage is important because it maximises the value of the data we collect across health and care.

Our consistent de-identification process will let us link data across different care settings and geographic boundaries, creating a richer and broader data set that can be used for research and planning, without revealing a patient’s identity and only where there is a legal basis for this.

Improved data access

Our customers can access high-quality, better-linked data via a secure Data Access Environment, which will ensure the right person, with the right legal basis, has access to the right data for their needs.  Giving our customers access to data in this way, reduces the need for data to leave NHS Digital. 

What's more customers can take their insights to the next level by using a range of built-in analysis and visualisation tools. 

We plan to reduce the amount of data being processed outside central, secure data environments and we are targeting for at least 80% of all data we make available to be accessed via our Data Access Environment (or other NHS Digital accredited secure data environments) by March 2022.  However, we recognise that some customers will need to receive data and we will continue to support this option.

All data access is strictly managed by our Data Access Request Service, with advice from the Independent Group Advising on the Release of Data (IGARD) and in line with requirements of the Confidentiality Advisory Group (CAG).

The data processing services programme is being delivered by NHS Digital, as part of the Digital Transformation Portfolio for Health and Care, which is governed by the Digital Delivery Board.  The programme is being delivered in partnership with NHS system partners and Health Data Research UK.

From an Information Governance perspective, NHS Digital’s data services have to comply with:

• Health and Social Care Act 2012
• Data Protection Act (DPA) 2018
• Information Commissioners Office
• General Data Protection Regulation
• Common Law Duty of Confidence
• Professional regulators

Improving our data processing services will support the commitments set out in the Life Sciences Sector Deal 2, which aims to strengthen the UK’s position as a world leader in health research.

The Government has invested £43m in our work to increase the security, reduce the cost and increase the efficiency of our services, while continuing to protect citizens’ data.

How we’re supporting the UK Life Sciences vision:

• our data access environment is live, enabling our customers to remotely and appropriately access data for analysis
• we have entered a strategic partnership with Health Data Research UK (HDRUK) to align our data initiatives across health and care

The Royal Society recently published a case study about our approach to De-identification in the recent Protecting privacy in practice report. The report explores the current use, development and limitations of Privacy Enhancing Technologies in data analysis.

The case study, produced in partnership with our De-ID supplier, Privitar, explores our use of homomorphic encryption and the methodology of our approach, and can be found on page 34 of the report.