https://www.gosh.nhs.uk/data-partnerships-faqs/

Data partnerships FAQs

At GOSH, we have an exciting opportunity to harness the power of data to improve care for our patients.

This page was updated in December 2022 to reflect that Sensyne Health changed it's name to Arcturis.

Harnessing the power of data to treat childhood diseases

Our patients have rare and complex conditions and developing new diagnoses and treatments for them can take a long time and it’s expensive. But we have a track record of successful collaborations with industry partners to help develop better treatments, faster.

GOSH is a trusted provider of care and sector leader in digital innovation. We will soon be entering partnerships that use anonymised versions of our unique collections of patient data to improve the diagnosis, treatment and care of children with rare and complex conditions.

The first of those is our partnership with Arcturis (formerly Sensyne Health plc), a leader in Clinical artificial intelligence see GOSH news page.

Other NHS Trusts have already started similar partnerships with great success. For example, an Oxford University Hospital data partnership led to the development of an app for women with diabetes in pregnancy (GDm-Health) that has already been used by 44 Trusts, preventing over 1300 C-sections, and over 500 pre-term births.

Strict data governance

All data will be anonymised so that patients can’t be identified, and subject to strict controls each and every time we receive a request.

Strict controls are in place to ensure that all data will be anonymised by the Trust, and no patients can be identified, prior to being used by partners. This means that any information which could be used to identify a patient will be removed, including information like date of birth, full address and NHS number. The provision of anonymised data operates under rigorous protocols and is subject to ethical and privacy oversight by GOSH.

We are confident that our agreements safeguard our patients’ anonymity.

Access to the data is controlled by a special committee at GOSH, using a defined process to assess requests. If we agree to let our partner access the data, we will follow a set of protocols to compile the requested anonymised datasets. We are currently designing the procedures that will guide this process within our Trust and will engage with patients, carers and families to refine it, as appropriate. We have not yet provided partners access to any data and will not do so until we have completed this work.

We will not sell patient data and we will not transfer patient records to the partners we work with. We only give partners access to anonymised data in response to specific requests to support research into childhood diseases.

The anonymised data will be used to further early-stage research and clinical projects to improve the understanding of rare and complex childhood diseases. This will help us discover new treatments and improve clinical outcomes for patients and families.

Bolstering research

Research, clinical and patient benefit are at the heart of this decision.

Children are at the heart of everything we do. Any financial benefit GOSH receives from these partnerships will be reinvested into research that will ultimately improve the diagnosis, treatment, and care of children with rare and complex conditions.

GOSH staff do not have financial interests in the partnerships or benefit from any collaboration.

Frequently Asked Questions (FAQs)

In September 2021, we announced a partnership with Sensyne Health, now named Arcturis Data Limited. Data is only accessed after specific requests under strict governance.

Other partnerships will be updated here, when appropriate.

Processes are in place to anonymise data before access by partners is permitted. For example, the data will not include names, dates of birth or addresses. Depending on the data requested, and if it is agreed through our protocols, we may provide access to a subset of data which was routinely collected as part of clinical care. We are not collecting any data specifically for any partner through this agreement and there is no impact on clinical care.

GOSH has established a Data Partnership Ethics Committee (DPEC) and one of the responsibilities of this group will be to assess whether access to data is appropriate and proportional and whether any additional controls would be needed if we decided to provide the data.

Partners do not receive information that can identify a patient. The data received is anonymised by the Trust before our partners can access it, under encryption.

Partners can then work with clinical teams and data scientists to analyse the data to find ways to improve patient care and accelerate medical research.

Partners do not use the data for anything other than for the purposes for which they have set out in their data request to the Trust.

The process for receiving a request for anonymised data, for assessing that request and anonymising and supplying the data is detailed and designed to ensure the anonymity of any data we provide.

Partners who are interested in GOSH data must fill in a form to request it. The form, in accordance with an agreed information governance framework and standard operating procedures, includes specific information on what anonymised data is being requested and why, how it will be analysed and how the results will benefit patients and the NHS.  Partners must also include clear descriptions of how long they intend to keep the anonymised data and when they will delete it.

The Trust ‘Data Partnership Ethics Committee’assesses the data request and, if they are satisfied with the information provided, they can then approve the request for the anonymised patient data.

Our GOSH-employed data engineers then extract the requested data from our systems and anonymise it according to Information Commissioner’s Office (ICO) guidance– this creates a dataset with no patient identifiable information.

After we have completed this anonymisation process, the dataset is checked using automated and manual methods to ensure any identifiable data has been removed. Approved partners are then given access to the data via our digital research environment platform for analysis, and/or via encrypted and audited data transfer through Secure File Transfer Protocols.

Partners can also ask for general information about the anonymised data that we might provide. For example, requests for the number of patient records that contain a measurement of a specific vital sign, or requests for the number of patients with a specific condition. These requests do NOT require approval from our Data Partnership Ethics Committee as it is information that could otherwise be obtained via a Freedom of Information request and provides high-level, combined or ‘aggregate’ data only.

We are currently working on the protocols that will guide this process within our Trust and will engage with patients and families to refine it.

The National Data Opt Out (NDOO) does not apply to agreements concerning only anonymised data. We will never provide any personal data – data that can identify an individual - through these agreements.

Anonymised data: Data in a form that does not identify individuals, and where identification through its combination with other data is not likely to take place.

Personal data: Data which relates to a living individual who can be identified from that data, or from data and other information, which is in the possession of, or likely to come into the possession of, the data controller

NDOO - The National Data Opt Out (NDOO) is a service that allows patients to opt out of their confidential personally identifiable patient information being used for research and planning.

You can choose if personally identifiable data from your health record is shared for research and planning. Information is available on the NHS website. Your choice will be applied by NHS Digital and Public Health England and all other health and care organisations by 30 September 2021.

The NHS website also sets out when your choice does not apply. This includes when information that can identify you is removed. Information about your health care or treatment might still be used in research and planning if the information that can identify you is removed.

GDPR - The Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation (GDPR). Everyone responsible for using personal data has to follow strict rules called ‘data protection principles’. They must make sure the information is used fairly, lawfully and transparently. Detailed information about GDPR is available on the Information Commissioners Office website.

GDPR applies to personal data - information that relates to an identified or identifiable living individual. What identifies an individual could be as simple as a name or a number, or could include other identifiers such as an IP address or a cookie identifier, or a combination of datasets.