Charter for Safe Havens in Scotland: Handling Unconsented Data from National Health Service Patient Records to Support Research and Statistics.

The Charter for Safe Havens in Scotland

This charter sets out the principles and standards for the routine operation of the Safe Havens in Scotland that are processing and linking data from electronic NHS patient records when it is not practicable to obtain individual patient consent. It draws heavily on other documents in particular: the Guiding Principles for Data Linkage^[7] (which in turn draws on: Human Rights Legislation, the Data Protection Act, Guidance from the Information Commissioner, and the Scottish Government Identity Management and Privacy Principles), the SHIP Blueprint^[8]and associated governance framework that defines standards and process for the use of non-consented linked data for health informatics research in Scotland^[9].

Through the adoption of this charter the governance around Safe Havens will be enhanced and this charter will be supported through a programme of independent accreditation of Safe Havens. An accreditation process is under development. All Safe Havens handling data from NHS patient records to support research must adhere to this charter and, once a formal accreditation process has been established, they must be accredited in order to operate. Accreditation, once established, will be a key criterion for privacy panel assessment and approval of research projects and may be a requirement for Scottish Government funding.

There may be instances when, in order to support an important research study, one or more Safe Havens may need to depart from aspects of this charter. Under these circumstances the Safe Haven(s) will be required to seek specific additional permissions and approvals including from Data Controller(s) so that additional assurance is in place before the research study starts. Release of data may also be approved when Data Controllers (or their delegated authority, such as the PBPP) considering the balance of benefits and risks are reassured that appropriate safeguards are in place to protect the privacy of individuals, and release is specified explicitly within the data sharing agreement with the Data Controllers.

This charter has been developed in consultation with the Safe Havens created by NHS Scotland Boards, Caldicott Guardians, NHS Research and Development Directors, University-based researchers and Scottish Government experts in data governance. This is an evolving area, therefore, the charter will be kept under review and will be reviewed within two years of its introduction to ensure that it is meeting its aims, takes into account technical developments, supports proportionate governance and aligns with other developments within Scotland and across the UK and internationally.

The charter also sets out the relationship, at a high level, of a federated network of Safe Havens in Scotland that are using data from NHS patient records.