Guidance

What do we mean by public benefit? Evaluating public benefit when health and adult social care data is used for purposes beyond individual care

Published 14 December 2022

Applies to England

© Crown copyright 2022

This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gov.uk.

Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.

This publication is available at https://www.gov.uk/government/publications/what-do-we-mean-by-public-benefit-evaluating-public-benefit-when-health-and-adult-social-care-data-is-used-for-purposes-beyond-individual-care/what-do-we-mean-by-public-benefit-evaluating-public-benefit-when-health-and-adult-social-care-data-is-used-for-purposes-beyond-individual-care

1. About this guidance

1.1 Purpose

The National Data Guardian for Health and Social Care in England (NDG) has published this guidance as part of their goal to build public trust in data use by advising and supporting organisations that process health and adult social care data.

It is intended to help organisations carry out better public benefit evaluations when they are planning to use or allow access to data collected during the delivery of care for reasons other than care provision. It provides an understanding and interpretation of the concept of ‘public benefit’ that is informed by a formal dialogue with the public. As such, it is intended to help organisations conduct public benefit evaluations that are meaningful because they are consistent with current public thinking.

England’s health and social care system collects data from patients and service users to provide them with safe care and treatment. This is known as data use to support a patient’s ‘direct’ or ‘individual’ care. This data can subsequently be used for secondary purposes: to provide wider, shared public benefit through better system planning, research, and innovation. Strict access criteria govern its use for secondary purposes. The need for secondary uses of health and care data to deliver a public benefit is an essential criterion in establishing public support for access to that data (see the desk research document list in Annex 1 of the Putting Good into Practice Report for empirical evidence of the public’s expectations of public benefit).

However, the concept of public benefit is often poorly understood. This guidance aims to clarify what constitutes public benefit in a data sharing context to help organisations better interpret a currently ill-defined concept.

Defining public benefit

Our public dialogue enabled us to reach the following definition of public benefit:

Public benefit means that there should be some ‘net good’ accruing to the public; it has both a benefit aspect and a public aspect. The benefit aspect requires the achievement of good, not outweighed by any associated risk. Good is interpreted in a broad and flexible manner and can be direct, indirect, immediate or long-term. Benefit needs to be identifiable, even if it cannot be immediately quantified or measured. The public aspect requires demonstrable benefit to accrue to the public, or a section of the public.

Whilst we want to provide a helpful working definition for the term public benefit, the above definition should not be considered in isolation. This is because public benefit is a nuanced and multifaceted concept that cannot be reduced to a one size fits all formula. As such, those using or allowing access to data should consider the whole of this guidance a route through which they can better understand the nuances of the definition and use it as a basis to evaluate public benefit in a way that is right for their specific circumstance. In this guidance, we discuss the many factors that should be considered when exploring the concept of public benefit.

1.2 Audience and Scope

This guidance addresses the evaluation of public benefit when health and adult social care data about patients or service users is processed without their consent for purposes beyond individual care.

It will help any organisation that intends to use or allow access to confidential or personal health and adult social care data for reasons other than the provision of direct care, to evaluate whether the intended use of the data delivers a public benefit.

This guidance seeks to satisfy an unmet need by substantiating the meaning of public benefit. It aims to pour content and understanding into a concept that to date has lacked a clear definition.

When considering what constitutes public benefit, the participants in our public dialogue described some ethical and good practice ways of working (that is: processes, standards, and behaviours) that they deemed essential to the realisation of public benefit. They told us that if these ways of working are not present or given due regard, it is difficult to gauge public benefit in an authentic or meaningful way.

For example, participants emphasised that transparency and public engagement are important aspects of earning their trust. They warned that if the processes for evaluating public benefit are not made clear, transparent and accessible to the public, this could result in a lack of public awareness of, and trust in, how public benefit is evaluated. In turn, this could undermine the initiatives hoping to achieve public benefits through data use. Ensuring that the public understands the processes that define public benefit evaluations and the decisions made during them is an essential element of building understanding and trust. Other elements include having proportionate governance processes and building in ongoing evaluation and learning.

Although information about these processes and ways of working does not form part of this guidance, in Annex A we have outlined the key criteria dialogue participants expected to see included in the process of evaluating public benefit. Organisations using this guidance should consider how the processes they put in place to evaluate public benefit meet people’s expectations set out in Annex A. More detail about these expectations can be found in the public dialogue report: Putting Good into Practice: a public dialogue on making public benefit assessments when using health and care data.

There are several existing initiatives across health and social care that have also considered public benefit. These have explored issues of fairness, fair data sharing partnerships with third parties, data quality and data ethics. Some are listed in Annex C. Work undertaken by these initiatives does not form a part of this guidance, but we have provided links wherever appropriate.

1.3 Origin

The advice in this document is informed by a report: Putting Good into Practice: a public dialogue on making public benefit assessments when using health and care data. The report details the findings of public attitudes research carried out in 2021 by the National Data Guardian and Understanding Patient Data (with support from UK Research and Innovation’s Sciencewise programme). The study involved more than 100 members of the public. During this dialogue, we sought to understand what people consider to be of benefit to the public when health and care data is used for secondary purposes. The research was carried out with the specific intention of informing this guidance.

The report’s findings build on a significant body of existing empirical research, which demonstrates that for the public to consider a secondary use of health and care data appropriate and acceptable, those seeking to use it should be able to demonstrate how its use will deliver benefit back to the public.

As this guidance is informed by a bespoke public dialogue and the findings of other public attitudes research, following it will help organisations interpret and apply the concept of public benefit in a way that most accurately reflects people’s current perspectives on how public trust is earned in this particular context.

The public dialogue project will be referred to throughout this document to demonstrate how it has influenced the guidance.

1.4 Terminology

In this guidance, the term health and adult social care data refers to confidential information and personal data which could directly or indirectly identify individuals. Confidential information includes demographic information and information about the deceased. Although the specific focus of this guidance is public benefit in the uses of data which may directly or indirectly identify individuals, it may also be helpful to organisations who want to evaluate the public benefit inherent in their use of anonymous data.

Processing of confidential patient information and personal data is subject to several legal and professional governance frameworks, including:

  1. UK General Data Protection Regulation (GDPR)
  2. The Data Protection Act 2018
  3. The Human Rights Act 1998
  4. The common law duty of confidentiality
  5. The Caldicott Principles.

This guidance should not be interpreted in any way that contravenes the law or any professional guidance relating to the processing of personal data or confidential information.

Compliance with these legal and professional frameworks is not covered here, but organisations should always take the appropriate steps to assure that they are acting in accordance with their obligations under them. In some instances, statute specifically lays out a requirement for there to be public benefit from the use of health and social care data for purposes other than individual care. For example, the Care Act 2014 Amendment to the Health and Social Care Act states that NHS Digital may only consider disseminating information for the purposes of health or adult social care provision or health promotion.

1.6 System processes

There are several existing processes, approvals and mechanisms used to evaluate aspects of public benefit. These include, but are not limited to:

  • Data Protection Impact Assessments (DPIA), which are conducted when assessing the risks to individuals of processing personal data. This is a legal requirement in certain circumstances under UK GDPR.
  • Research Ethics Committees (REC), which evaluate the public benefits to be achieved by research projects that use health and adult social care data.
  • Some national organisations have already established processes that evaluate public benefit. This includes the Health Research Authority’s Confidentiality Advisory Group (CAG), which evaluates public benefit when providing advice regarding the use of confidential patient information without consent. NHS Digital also has various standards relevant to public benefit, which applicants applying for access to data through the Data Access Release Service (DARS) must comply with. The Independent Group Advising on the Release of Data (IGARD) also advises NHS Digital on public benefit when people apply to use its data for secondary purposes.

This guidance does not seek to provide an additional step to these public benefit evaluation processes. In some instances, organisations may be evaluating public benefit outside one of the above-mentioned national processes. Those organisations may find this guidance and the process requirements laid out in the guidance’s annex particularly useful.

2. Guidance

2.1 How is public benefit established?

There are two aspects to public benefit evaluations:

  • The public aspect
  • The benefit aspect[1]

The evaluation of these two aspects of public benefit will often overlap, as factors can impact both aspects.

2.2 The public aspect

The project or initiative that is applying to use data must be motivated by an intention to benefit the public, or a section of the public.

What constitutes a sufficiently sized population or group will vary from purpose to purpose, and so needs to be evaluated case-by-case.

Where the purpose primarily benefits the public in general, the ‘public’ aspect of the public benefit test is met. However, the benefit does not need to apply to the majority of the public to satisfy the ‘public’ element. It is still considered a public benefit even if it only applies to a small number of people, particularly where the impact is significant. For example, where it may help a small group of people affected by a rare disease.

Where NHS and social care organisations will benefit from a use of health and care data, this can also be regarded as a benefit to the wider public – even though the benefit may be indirect. For example, where the use of data is likely to lead to NHS service improvements.

Research, including our own, tells us that people are more concerned about public benefit when health and care data is being sought by a commercial organisation that stands to profit from its use.

If the only benefit of a specific data use is the generation of profit by a commercial organisation, that use cannot be deemed for public benefit. However, the generation of proportionate commercial profit may be acceptable to the public if the use also delivers a public benefit, such as improved services or improved NHS knowledge and insights. When assessing proportionality, the public benefit evaluation process should ask the data applicant to provide a transparent assessment of how the commercial interests are proportionately balanced with the benefits to the public.

The Department of Health and Social Care (DHSC) has developed guidance for NHS organisations entering into data sharing partnerships with a third party, to help them realise benefits for patients and the public: Creating the right framework to realise the benefits for patients and the NHS where data underpins innovation.

When it comes to weighing public and private benefit, fairness is a crucial principle. For evidence of what people think constitutes ‘fairness’ in data sharing partnerships between the NHS and third parties, see the Understanding Patient Data and Ada Lovelace Institute report: Foundations of Fairness: Where next of NHS health data partnerships and DHSC guidance Creating the right framework to realise the benefits for patients and the NHS where data underpins innovation.

The Centre for Improving Data Collaboration supports the health and social care sector to enter into fair data sharing partnerships that benefit NHS patients and the public.

2.3 The benefit aspect

Society can derive significant benefit from the use of health and social care data for reasons over and above the delivery of people’s individual care, such as NHS service planning and research into new treatments. Public attitudes research tells us that people feel society stands to lose out if health and social care data is not processed in support of these important secondary uses.

When it comes to reasons for data use, people have identified a spectrum of purposes that can be considered for public benefit. Our research demonstrated that commonly recognised and easily identifiable benefits, such as improving and saving lives or developing better care or health outcomes, sit at one end of the spectrum. However, people were also prepared to recognise less obvious and more abstract benefits, such as knowledge creation and exploratory research. This also included initiatives where the intended benefit might take a long time to materialise.

The dialogue participants told us that although the data was collected during, and in support of, their own care, its subsequent use did not need to remain close to this reason to bring public benefit – but its use should have a clear purpose.

2.4 Types of benefit

The public dialogue findings demonstrated that people think the concept of public benefit should be broad and flexible and include direct, indirect, and long-term benefits. People also told us the benefit needs to be identifiable, even if it cannot be quantified or measured.

Positive answers to the following questions will help to determine whether an intended purpose can be considered for public benefit. These are suggestions that aim to capture the spectrum of public benefit identified by the public dialogue; it is not an exhaustive list.

For example, could the use of data:

  1. Help the system to better understand the health and care needs of populations?
  2. Lead to the identification or improvement of treatments or interventions, or health and care system design, to improve health and care outcomes or experience?
  3. Help to manage the response to communicable diseases and other risks to public health, such as pandemic planning and research?
  4. Advance understanding of regional and national trends in health and social care needs?
  5. Advance understanding of the need for, or effectiveness of, preventative health and care measures for particular populations or conditions such as obesity and diabetes?
  6. Better inform those planning health services and programmes, for example, initiatives to improve equity of access, experience and outcomes in the short or long term?
  7. Inform decisions about how to effectively allocate and evaluate funding according to health needs?
  8. Provide a mechanism for checking the quality of care? This could include identifying areas of good practice to learn from, or areas of poorer practice which need to be addressed.
  9. Support knowledge creation or exploratory research (and the innovations and developments that might result from that exploratory work)?
  10. Advance understanding of the needs of carers supporting family members?

In some cases, a data use that delivers a benefit to NHS and social care organisations may also deliver a benefit to private or commercial organisations. In such scenarios, positive answers to the following questions will help to determine whether the purpose is for public benefit. These are suggestions that aim to capture the spectrum of public benefit identified by the public dialogue; it is not an exhaustive list:

  1. Will any private profit, or progress made by a commercial organisation, also lead to benefits for the health and care system that will ultimately benefit patients? For example, improving how the NHS operates by increasing service or administrative efficiency?
  2. Where a commercial organisation makes private profit or progress that serves its own interest, is the agreement that underpins its partnership with the NHS based on fair terms? Does that agreement recognise and safeguard the value of the NHS data on which the organisation’s profit or progress is founded?
  3. Will research findings be openly shared with others who can use them to maximise benefits to patients, the wider public, and the health and social care system?

Data recipients should be prepared to demonstrate what public benefit the data use is delivering. This should happen at such intervals as specified by the organisation providing access to the data. It should also be in a form that can be readily shared with the public, such as on a data uses register. This is particularly important where the data recipient is seeking renewed or additional access to data, as they should be able to demonstrate some public benefit from the data use up to that point.

2.5 Considering risk when interpreting public benefit

If an evaluation finds that the data use is for public benefit, the organisation should next consider any risks inherent in the data use.

Where risks are identified, organisations should consider the following:

  • the magnitude of the risk
  • the likelihood of the risk occurring
  • how the risk can be avoided or mitigated

If a risk cannot be avoided, there should be a deeper consideration of whether the proposed data use includes sufficient safeguards to ensure that the risk has been reduced to as low as reasonably practicable and whether, on balance, the public benefit is sufficient to justify running that residual risk. The evaluation should always ask, ‘Is there a lower-risk way of doing this?’. If an organisation is undertaking a data protection impact assessment (DPIA), the risk assessment can be carried out as part of that.

Organisations should consider the following questions to determine whether their proposed data use might have associated risks that could outweigh public benefit. These are suggestions that aim to capture the range of risks; it is not an exhaustive list:

  1. Could individual citizen privacy be compromised? This risk is likely to be present in interpreting public benefit which is dependent on the use of confidential information and personal data.
  2. Could patient or service user safety be reduced?
  3. If data was to be used for this purpose, could it make some patients or service users less likely to seek care or be less frank in discussions with health and care professionals?
  4. Could the purpose lead to the creation or exacerbation of inequalities or unlawful discrimination against particular communities? For example, through worsening differential access to care.
  5. Could the use of inaccurate or inadequate health and social care data lead to unrepresentative findings?
  6. Does the purpose risk damaging public trust and confidence in sharing health data generally?
  7. Could the outputs of the use of health and social care data be manipulated to serve purposes that are not in the public interest?

Just because a risk is identified, it does not follow that that specific data use should not then take place. However, any remaining risk should be mitigated or reduced to as low as reasonably practicable.

Risks to privacy will be particularly relevant wherever organisations are seeking access to health and social care data that is capable of identifying individuals. Therefore, the evaluation process should consider how risks to privacy have been mitigated or justified. This should include an evaluation of the safeguards that will protect the data throughout the life cycle of its use.

The process should consider whether data rendered anonymous can be used instead of data capable of directly or indirectly identifying individuals. Risks to individual privacy are significantly reduced when using anonymous data and are unlikely to outweigh a public benefit.

When considering risks, those evaluating public benefit should also consider that, in some cases, the risks inherent in not using health and social care data for planning, research and innovation are greater than any risk in doing so.

3. Case studies

3.1 Planning and improving social care services

Project summary

A group of councils in a local authority region want to combine social care data from each of the councils in the region so that they can analyse the data for insights that will help them to optimise social care planning in the region.

The councils want to use data to predict how many people will need social care support, what kind of support they’ll need, and how much it will cost. They also want to compare prices and quality of care across the existing commissioned providers and to identify where improvements are needed.

Proposed use of data

The councils want to use software which would combine data from across all 17 councils. It would include information about 25,000 individual social service users, finance data from all the councils, and information about care quality and ratings for more than 2,400 care providers.

The data requested would be pseudonymised: individual service users’ names and addresses would not be included, but it might be possible to identify individuals if the requested data was then combined with other data the organisation has access to.

Once the analysis has taken place, the project would only retain the results from it in an anonymous, aggregate form, and any data capable of identifying individuals would be deleted.

Key public benefit considerations

The councils undertake a public benefit evaluation to determine whether it is appropriate to use potentially identifying data for the reason they propose. The evaluation concludes that this use of data is for public benefit and therefore appropriate, because:

  • it could advance understanding of the health and care needs of populations
  • it could help to inform decisions on how to effectively and most fairly allocate and evaluate funding according to health needs
  • it could provide a mechanism for checking the quality of care

The evaluation process finds that a sufficient proportion of the public will benefit because the proposed work will positively affect both current and future social care users.

There is no evidence that the project will lead to private benefits for individual organisations – a factor which needs to be considered as part of the evaluation process.

Consideration of the potential risks inherent in the data use

The only risk identified during the public benefit evaluation process is the potential risk to privacy which might occur when processing 25,000 individual social service users’ potentially identifiable data.

The public benefit evaluation acknowledges that ongoing risks to privacy will be mitigated by the plan to only hold the results of the data analysis in an anonymous, aggregate form. To further reduce any risk to privacy, the evaluation determines that technical, organisational and contractual safeguards will protect the health and social care data throughout the life cycle of its use.

3.2 Developing a treatment plan tool

Project summary

A commercial organisation is developing a tool to help clinicians determine the best treatment plan for patients. The tool is intended for clinicians in inpatient settings to help them identify which patients are most at risk and what treatment they need. The tool would apply an algorithm to inpatient information to classify people into different risk groups.

The organisation has developed a prototype of this algorithm and wants to test it using live inpatient data to determine if it is effective at classifying patients and improving their care. If the testing phase demonstrates that the tool is safe and effective, the organisation plans to sell it to NHS hospitals.

Due to the exploratory nature of this project, the organisation cannot provide clear, definitive evidence that the tool will provide an effective mechanism for classifying inpatients according to risk; there is no certainty of outcome.

At the time of the initial evaluation, they are also unable to indicate the potential cost of the tool to the NHS.

Proposed use of data

The organisation wants data related to 15 million hospital inpatients, covering a five-year period. They intend to test the algorithm on it to determine whether it is safe and will work as expected.

The data requested would be pseudonymised: individual service users’ names and addresses would not be included, but it might be possible to identify individuals if the requested data was then combined with other data the organisation has access to.

Key public benefit considerations

The data that the organisation wants to access is held by an NHS data controller. The independent panel advising the NHS data controller undertakes a public benefit evaluation process, which finds that this use of data has the capacity to benefit the public because:

  • it could further understanding of the health and care needs of populations
  • it could further understanding of the need for preventative health and care measures for particular populations or conditions and
  • it could inform the planning of health services and programmes

The evaluation process finds that these benefits will potentially accrue to a sufficient proportion of health and social care system users to be considered a public benefit. However, there is evidence that the data use will also lead to private, commercial benefits for the company developing the tool.

The evaluation process determines that the private company is not the sole beneficiary of the use of data. In considering whether the private benefits are proportionate to the public benefit, the evaluation process considers whether the scale of the private benefit is excessive. In this context, the evaluation process requires there to be a fair partnership between the NHS data controller providing the valuable data asset, and the organisation making a private profit from it. So the panel seeks reassurance about the fairness of the cost of the tool to the NHS, should it be proven safe and effective for NHS care. Within this context, the evaluation process also considers whether a public benefit will accrue indirectly to the public via a benefit to the NHS.

Consideration of the potential risks inherent in the data use

The evaluation process finds risks inherent in this use of data.

There is a potential risk to privacy when processing the pseudonymised data of 15 million hospital inpatient episodes. In mitigating the risk to privacy, the public benefit evaluation requires that the NHS data controller and the commercial organisation put in place rigorous technical, organisational and contractual safeguards to protect the data throughout the life cycle of its use in this project. The organisation is also asked to justify why anonymous data cannot be used instead of data that has undergone pseudonymisation.

Because the accessing organisation is a commercial entity, the evaluation finds that the use could affect public trust in the health and social care sector’s ability to use people’s data appropriately and safely.

To mitigate this risk, the organisation asks that the data applicant provide a transparent assessment of how commercial profit is proportionate to the public benefit the tool will deliver. The organisation providing access commits to being transparent. It does this by ensuring that a) its process for evaluating the public benefit of this project, and b) the evidence that the project stands to deliver both public and private benefit is clearly documented and shared with the public in accessible, user-friendly formats via both the data controller’s data uses register and the organisations own website.

At the time of the initial public benefit evaluation, the project is at an exploratory stage and cannot evidence whether it will achieve the intended benefit. The use of data to support exploratory research and innovation can be for public benefit, but in this case, the uncertainty around whether that benefit will actually materialise means that the organisation providing access to the data must commit to an ongoing evaluation process; further evaluation points will be built into the life cycle of the project to facilitate this. This process will allow the providing organisation to ensure that the data use continues to demonstrate the capacity for public benefit. At each evaluation point, the commercial organisation will be expected to demonstrate the public benefit that has been yielded to date. updates are also published in the data controller’s data uses register. If it becomes evident that the data use will not result in a public benefit, their access to the data will cease.

4. Annex A: Public views on the process of evaluating public benefit

4.1 Transparency and trustworthiness

The public dialogue made clear that transparency is an essential element of the public benefit evaluation process. It is not an add-on or nice to have: public benefit needs to be made public. To perceive public benefit, people need to see the process that has been used to evaluate that benefit, for example, published minutes of the benefit evaluation process, so that they can understand the rationale and motivations.

They told us that for a decision-making process to be considered transparent, it should incorporate meaningful ways for the public to gain access to, and easily understand, the information. This means that both organisations evaluating public benefit and organisations using health and care data for public benefit should make their transparency information publicly available, and it should be accessible to a diverse audience with differing needs.

Where information about the public benefit evaluation process is unavailable, inaccessible, or unclear, this may lead to a lack of trust in the organisation’s ability (or willingness) to evaluate, weigh and communicate benefits transparently and in line with public expectations.

4.2 Proportionality

The public told us that when undertaking public benefit evaluations, there should be a balanced level of governance. They underlined the fact that the evaluation process should not be so risk-averse and restrictive that it stops potential public benefits from being achieved. To reflect this nuanced position, public benefit evaluations should be undertaken on a case-by-case basis, which allows a proportionate evaluation specific to the case.

Those involved in making public benefit evaluations should have a range of relevant perspectives, skills and expertise. Lay perspectives – those provided by members of the public – are just as important as professional perspectives in evaluating public benefit and in some cases more important. Incorporating diverse public views into the evaluation process will help to promote trust and transparency. A diversity of perspectives will strengthen the evaluation and help counter any natural ‘groupthink’ amongst people with shared backgrounds and experiences. A range of steps (large and small) could be taken to seek public views and engage with people’s expectations, and the steps used will vary depending on the type and scale of data use.

Public benefit evaluations should be open to independent oversight. Oversight is particularly important where there are risks which cannot be mitigated or where the proportionality of private or commercial benefits needs to be considered.

4.3 Ongoing evaluation and learning systems

Dialogue participants told us that if the public benefit was not obvious or certain to materialise at the time of the initial evaluation, or if there were unmitigated risks, further evaluation points should be built into the data use life cycle. This is to ensure that the intended use continues to demonstrate the capacity for public benefit. Organisations accessing data should provide evidence of any benefits yielded to date at these evaluation points.

Organisations involved in an ongoing evaluation of public benefit during the life cycle of their project have a good opportunity to put in place a learning system and processes. This is a feedback loop that enables organisations to consider previous uses of data, with a view to refining their decision-making processes based on what has (and has not) worked in the past.

5. Annex B: Glossary

Anonymous data

Information which does not relate to an identified or identifiable natural person or personal data rendered anonymous in such a manner that the data subject is not or no longer identifiable. (Definition from Recital 26 GDPR)

Confidential information

All data collected for the provision of health and social care services where patients and service users can be identified and would expect that it will be kept private is confidential information relating to an individual. This may include, for instance, details about symptoms, diagnosis, treatment, names and addresses.

Data controller

Data controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law (Definition from Article 4 (7) GDPR)

Direct individual care

A clinical, social or public health activity concerned with the prevention, investigation and treatment of illness and the alleviation of suffering of individuals. It includes supporting individuals’ ability to function and improve their participation in life and society. It includes the assurance of safe and high-quality care and treatment through local audit, the management of untoward or adverse incidents, person satisfaction including measurement of outcomes undertaken by one or more registered and regulated health or social care professionals and their team with whom the individual has a legitimate relationship for their care. (Definition from Information: To share or not to share? The Information Governance Review, National Data Guardian)

Health and care data

Health and adult social care data means information (however recorded) that—

(a)relates to—

(i)the physical or mental health or condition of an individual, the diagnosis of his or her condition or his or her care or treatment;

(ii)adult social care provided to an individual (or an assessment for such care);

(iii)adult carer support provided to an individual (or an assessment for such support),

whether or not the identity of the individual is ascertainable, or

(b)is to any extent derived, directly or indirectly, from such information (Definition from section 2 (6) Health and Social Care (National Data Guardian) Act 2018)

Learning system

A learning system model shifts away from a one-way pipeline to a feedback cycle. When data is accessed and used, the outcomes (whether positive, negative, null or unsuccessful) are reported back to inform future data access decisions. (Definition taken from the work of Understanding Patient Data and the Ada Lovelace Institute in Foundations of Fairness: where next for NHS health data partnerships)

Personal data

Any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier. To determine whether a natural person is identifiable, account should be taken of all the means reasonably likely to be used, such as singling out, either by the controller or by another person to identify the natural person directly or indirectly. (Definition from Article 4 (1) GDPR)

Processing

In line with legislative provisions in the UK GDPR and Regulation 2 (2) of The Health Service (Control of Patient Information) Regulations 2002, processing is used in this guidance as a broad term covering any collection, disclosure, use sharing or provision of access to data.

Pseudonymised data

Personal data which have undergone pseudonymisation, which could be attributed to a natural person by the use of additional information should be considered to be information on an identifiable natural person. To determine whether a natural person is identifiable, account should be taken of all the means reasonably likely to be used, such as singling out, either by the controller or by another person, to identify the natural person directly or indirectly. To ascertain whether means are reasonably likely to be used to identify the natural person, account should be taken of all objective factors, such as the costs of and the amount of time required for identification, taking into consideration the available technology at the time of the processing and technological developments. (Definition from Recital 26 GDPR)

Transparency

Transparency here does not simply mean providing information, i.e. without regard to its use. It means operating in such a way that it is easy for others to see what actions are performed. In a nutshell: say what you do, do what you say.

Our guiding principles for transparency:

  • Accessible* – easy access to information
  • Understandable – the right language for the audience
  • Relevant – addresses audience concerns
  • Useable – in a form that meets the audience needs
  • Assessable* – is checkable/provides sufficient detail
  • Being as pro-active with ‘bad news’ as with ‘good news’
  • Being timely with communication (Definition useMYdata stance on transparency)

6. Annex C: Legislation, reports and frameworks considered in this guidance

6.1 This guidance refers to the following laws, reports and frameworks:

[1] This two-part interpretation of public benefit reflects the view of the public in the Putting Good into Practice public dialogue and reflects the Charity Commission’s interpretation of the statutory public benefit provision in Section 17 of the Charities Act 2011.

Back to top