Data and Intelligence Network: ethics framework

Sets out the principles our network will adhere to when running data and intelligence projects so we can deliver insight on the pandemic and wider data issues at pace while keeping ethics at the forefront of our thinking.

Why does Security Matter in an Ethics Framework?

Managing the public health emergency effectively requires the bringing together of sensitive information, which, because of the way it is collected, has not necessarily been subject to specific consent from individuals. Safety of use, to ensure it is de-identified and always secure, is therefore absolutely paramount. Additionally, the research and data analytics undertaken by the D&IN will be managed in specified, secure environments with monitored perimeters that are subject to testing to ensure malicious actors cannot penetrate the data. The D&IN will put in place systems of governance and information governance that are transparent and rigorous.

The D&IN will, of course, utilise and build on the existing information governance systems. It will also try to align the processes and practises to ensure rapid responses to applications during the public health emergency while continuing to maintain the information governance standards and meet the requirements of the individual data controllers and their organisations, who will remain responsible for the use of the data or information. This is to provide increasing consistency and the work on D&IN governance and information governance will be dynamic and will be refined as the D&IN becomes established. They will also be informed by the Ethics Framework and will, through the systems and processes, ensure that ethics are at the heart of the D&IN's decision-making. The D&IN and information governance processes will be developed and published separately from this Framework.

Having a secure system of workspaces to bring data and information together for analysis is a vital component of being able to reassure the public that their information is being used safely. In recent years a number of national and regional 'Safe Havens' and 'safe linking and working spaces' have been established to use health, statistical and other public service data securely. These are designed to provide secure environments supported by trained staff and agreed processes whereby data can be processed and linked, making it available in a de-identified form for analysis. They are designed to safeguard confidential information. Researchers and data analysts applying for access to use the data must adhere to their principles and their bids are subject to approvals via one of the four approvals boards - Public Benefit and Privacy Panels or their equivalent - that will continue to be at the core of the D&IN delivery model.

A Charter setting out the requirements for the Safe Havens provides principles and standards for the routine operation of these, where data from electronic records can be used to support research when it is not practicable to obtain individual patient consent while protecting patient identity and privacy. Information on the Safe Havens Charter can be found at Charter here Safe Havens Scotland and Safe Havens - NHS Research Scotland.

Pressures on the current system and its complexity, along with the need to improve response times during the pandemic, have highlighted the requirement for the D&IN to build collaborations, partnerships and to set out clear and aligned ways of working that build on what is good in the current system. There is a clear imperative to align guidance, systems and processes if the work of the D&IN is to be successful. There is also a need for investment in the skills and resources that are needed to expedite data analysis or research without losing any of the ethical rigour.

The benefit that the D&IN brings is that it feeds ethics and information governance issues into projects from their inception; as issues are identified, a problem statement is developed and then prioritised, thus helping to bring time savings as they then go through the existing permissions processes. This will create a clear ethics assessment for the project, set out in a way that it will satisfy the needs of the user, data holder and the permission authority or public benefit and privacy panels.



Back to top