Safe havens: charter

Glossary

Appendices: Supplementary documents to the Safe Haven Charter that can be updated regularly to reflect changes in governance, technology, and standards.

Caldicott Guardian: A senior person responsible for protecting the confidentiality of patient and service user information and ensuring it is used properly.

Data Controller: The entity responsible for determining the purposes and means of processing personal data, such as the NHS or other organisations holding source records.

Data Linkage: The process of connecting different data sources (e.g., health records and social care data) to provide more comprehensive datasets for research while ensuring privacy protections.

Data Processor: An organisation or entity that processes data on behalf of the Data Controller, such as Safe Havens, which must follow the instructions of the Data Controller.

Data Security Protection Toolkit (NHS): A self-assessment tool used by the NHS England to measure data security and protection standards in health and social care organisations.

De-identified: The process of replacing personally identifiable information in datasets with artificial identifiers to protect individual privacy while still allowing data to be analysed sometimes known as pseudonymised.

Disclosure Control: A process that ensures data outputs from research do not compromise individual privacy or lead to the re-identification of individuals.

Ethical Review: A formal process by which research projects are evaluated for adherence to ethical standards, ensuring the protection of individual rights and public benefit.

ISO 27001: An international standard outlining best practices for managing information security, to which Safe Havens must adhere.

IRAS: Integrated Research Application System, a UK system for applying for health and social care research approvals.

Penetration Testing: Security testing that evaluates the vulnerability of computer systems, networks, or web applications by simulating cyber-attacks.

Public Benefit: The positive societal impact or contribution resulting from research and innovation projects, used as a key factor in assessing the justification for data access and use.

Safe Data: Data within the secure compute environment (Safe Haven) that has been de-identified to minimise the risk of re-identification unless necessary for research.

Safe Haven: A secure facility that provides a controlled environment for accessing and processing personal health and social care data to support research and innovation while ensuring the protection of individual privacy and identity. These specialised facilities include secure compute platforms, known as Trusted Research Environments supporting research using personal data while protecting individual identity and privacy.

Safe People: Individuals who are trained and bound by contracts to protect individual privacy when accessing Safe Haven services.

Safe Projects: Research and innovation projects within Safe Havens that are reviewed for legal and ethical compliance and are required to demonstrate public benefit.

Safe Settings: The secure environment, either physical or digital, provided by Safe Havens to ensure data protection and privacy during research.

Scottish Safe Haven Network: A network of five Safe Havens in Scotland that support health and social care research and innovation, providing Secure Compute Environments sometimes known as Safe Haven or Trusted Research Environments.

Secure Data Environment: A secure compute platform that enables the storage, linkage, processing, and analysis of data while maintaining strict security controls to protect individual privacy.

Trusted Research Environment: A secure compute platform that enables the storage, linkage, processing, and analysis of data while maintaining strict security controls to protect individual privacy.

Two-Factor Authentication: A security measure requiring two different forms of identification before granting access to systems or data.