Secure Data Environments must comply with laws, codes of practice and standards that already exist to protect the data the NHS holds about us as individual patients.
The existing legal frameworks are there to keep data safe and control access; these apply to Secure Data Environments.
The principle regulatory frameworks for data protection in England are listed below.
The Information Commissioner's Office (ICO) upholds information rights in the public interest for the UK.
These responsibilities are based on a range of legislation, including the Data Protection Act.
The Data Sharing Code of Practice is a practical guide for organisations about how to share personal data within the requirements of data protection law.
The Data Ethics Framework is a set of principles set out by the Government to ensure appropriate use of data in the public sector.
It also outlines the main pieces of legislation that apply to using data.
The UK policy framework for health and social care research sets out principles of good practice in the management and conduct of health and social care research that take account of legal requirements and other standards.
The National Data Guardian advises the health and adult social care system in England to help ensure that people’s confidential information is kept safe and used properly.
The Health Research Authority regulates research involving the NHS and Health and Social Care in England (there are equivalent bodies for the devolved nations of the UK).
Its role is to assesses research in the NHS to make sure that studies comply with relevant legislation and guidelines (such as Clinical Trials Regulations, the Human Tissue Act and the Data Protection Act).
Depending on the type of research and the data that is proposed will be used, it may also fall under the regulations managed by other authorities. Before a research study can start it needs to be approved by all of the relevant bodies and health regulatory organisations.
Research Ethics Committees (REC) are independent groups of people who review certain types of research to assess whether studies are ethical.
The Confidentiality Advisory Group (CAG) provides advice on specific projects that will be using confidential medical information.
The “Five Safes” is a set of guidelines for accessing data in order to carry out research. It was originally developed by the Office of National Statistics in the UK. It is now being used to safeguard access to data for use in research.
The guidelines are used to assess research projects before access to data is allowed.
The "Five Safes" are: