Section 1: About HDR UK

  • Our mission is to unite the UK’s health data to enable discoveries that improve people’s lives. We are leading work to improve access to data by researchers to improve prevention, care and treatments, helping people lead longer, healthier lives. 

    We work with: 

    • organisations which hold health data (we refer to them as data custodians); 
    • healthcare professionals, academics, charities and industry who need to use data to carry out research to improve health and care, support the development of new treatments, and understand the causes of disease; and 
    • patients and the public to shape how access to data should work. 

    Our aim is to enable medical discoveries that improve people’s lives by making it possible for researchers to: 

    • develop new ways of managing and extracting knowledge and insights from complex and diverse health data; and 
    • use large scale datasets to address important health research questions that cannot be tackled by individual research organisations. 

    We will do this by: 

    • bringing together information about existing health datasets via the Health Data Research Innovation Gateway so that researchers know what’s available and how they can safely access it; 
    • improving the quality of UK health data, and developing its use, by working with the data custodians to help them work towards common standards for allowing access to the data; 
    • enabling researchers to use the health data safely and securely; 
    • ensuring researchers have the skills and ways of working to work with data in the most efficient and responsible way to solve health challenges; and 
    • developing tools that can help draw new insights or achieve more efficient research. 
  • HDR UK is the national institute for health data science. It was established by the Medical Research Council (MRC) and other medical research funders in 2017 as a company limited by guarantee. In May  2021, HDR UK became a registered charity (no. 1194431).    

    HDR UK’s Board is responsible for the effective governance and development of the charity, monitoring key risks, and ensuring resources are managed effectively.  You can find details of our Board members here.  Day-to-day management of HDR UK is delegated to the Director, who is supported by a Chief Executive and an Executive Committee.  You can find more information about the Director, Chief Executive and Executive Committee members here. 

  • Yes, you can find the current version of the register here. 

  • HDR UK is funded by public, charitable and private philanthropic organisations.   You can find details of the organisations that fund HDR UK here. 

  • Whilst HDR UK is not a traditional funding organisation it does provide funds to other organisations including public sector and not-for-profit organisations that are aligned with HDR UK’s mission to support research projects and private sector organisations who provide services to HDR UK.  

    Most commonly this involves the distribution of funds to researchers (and teams of researchers) who are using health data at scale to enable insights that improve health and care; also demonstrating the value and impact of HDR UK’s strategy. 

  • Examples of our progress and achievements can be found in our annual reviews on our website 

    Some highlights include:  

    • The HDR UK community has published over 2,000 research papers and made over 150 resources openly available on Github, many of which provide crucial insights into COVID-19 
    • We have built the Health Data Research Innovation Gateway – a platform to discover and request access to over 650 health and care datasets. This is used by over 1,000 researchers, and with over 11,500 searches each month from around the world 
    • We have established the UK Health Data Research Alliance, with over 50 members, which has played a leading role in making the case for the use of Trusted Research Environments (TREs) as a key component of the UK’s health data research ecosystem 
    • We have established nine Hubs, which have made 157 health datasets available, delivered 300 multi-sector projects, had over 20,000 patient and public interactions, and 2,300 training activities in their first 18 months. 
    • We ensure that patients and the public have a say in how data is used for research. As well as our regular public involvement activities, we sought input from over 800 members of the public to contribute to our work on vaccine research prioritisation.  
    • We have trained over 6,000 health data scientists. 

    Working with our partners:  

    • We enabled data to be used in a clinical trial that discovered that dexamethasone saves lives of people who are seriously ill in hospital with COVID-19  
    • We enabled data to be used in a clinical trial that has discovered that budesonide – a widely available, inexpensive drug – could shorten recovery times for people with COVID-19 in the community 
    • We enabled data to be used to allow researchers to determine the effectiveness of the AstraZeneca and Pfizer-BioNTech vaccine in different age groups 
  • The Health Data Research Innovation Gateway (the ‘Gateway’) is a common entry point to discover and request access to UK health datasets, view research projects, publications and data tools – all vital for research and innovation. It does not hold or store any patient or health data. It aims to increase transparency around accessible datasets and processes associated with their access. The Gateway is part of the UK-wide capability for the responsible use of health data for research and innovation, funded by the Industrial Strategy Challenge Fund (ISCF). 

  • The UK Health Data Research Alliance is an independent alliance of leading healthcare and research organisations united to establish best practice for the ethical use of UK health data for research at scale.  Convened by Health Data Research UK, the Alliance develops and co-ordinates the adoption of tools, techniques, conventions, technologies, and designs that help researchers to answer some of the most difficult questions and address the most important health challenges faced in the UK. The Alliance is part of the UK-wide capability for the responsible use of health data for research and innovation, funded by the Industrial Strategy Challenge Fund (ISCF). 

  • HDR UK Learning is the name for our programme of activities to develop and train the next generation of health data scientists in the UK. We aim to attract a large, diverse, cross-sectoral UK workforce for health data research, with the objective of training 10,000 people over the next 5 years.  Please see here for more information. 

  • No.  HDR UK is a charity working to improve access to health data by researchers to improve prevention, care and treatments. HDR UK does not own or sell any health data.  

  • Yes. HDR UK has many industry partners to boost capabilities in a variety of ways – from data analytics tools to research skills and resources. Industry is critical in rapidly translating pioneering research into mainstream care. It is the biomedical and pharmaceutical industries that have taken pioneering research and turned it into many of the medical innovations − such as the X-ray machine, MRI scanner and penicillin – that we take for granted today. Without the involvement of industry, the NHS would not be able to get new medicines, treatments and diagnostics for patients. Medicines and diagnostics are generally developed outside the NHS and government by the private sector in collaboration with academics as demonstrated by the critical role of pharmaceutical companies in successful development of COVID-19 vaccines. 

    The involvement of industry partners in Health Data Research UK’s work does not mean that they are automatically able to access data. They are providing a specific service, and – like all the partners and companies involved – do not have any privileged access to data. The same principles and safeguards will apply to anyone inside or outside the partnership. Any decisions about how the data will be used will always put patient privacy, safety and benefit first and there are multiple safeguards in place to ensure this happens. 

Section 2: Patient and Public Involvement and Engagement

  • Patient and Public Involvement and Engagement (PPIE) is at the heart of the work of Health Data Research UK and is a core principle to our ways of working. Involving patients and members of the public will help us meet their needs, become a trusted voice on complex issues and will be key in helping build a system that is worthy of their trust and confidence in using health data research. 

    In short, patient and public involvement and engagement improves the quality of our work.  

    Health Data Research UK’s Public Advisory Board, which is made up of patients and members of the public from across the UK, has helped to shape work across HDR UK by providing strategic advice and guidance not only to projects and programmes across the HDR UK community but also directly to our Executive Committee.  

    We also have a range of patient and public groups and panels to support individual programmes. For example, each of the Health Data Research Hubs is expected to involve patients and the public in making decisions on how their data is used, and we recently launched a report outlining the impacts the Hubs have made over the past 18 months. We also have public contributors working with us to shape programmes such as Population Research UK, the  Data and Connectivity National Core Study and DARE UK to name a few. They are all vital to shaping the development and delivery of the programmes to ensure we are demonstrating a trustworthy approach. 

    Patient and public events, workshops and discussion sessions are regularly held to gain input and feedback from people about distinct pieces of work (e.g., Trusted Research Environments) as well as how they would want their data to be accessed and used for research, and to learn what information they need to have confidence in health data research. 

  • If you would like to be involved in helping to ensure our work has the trust and confidence of patients, public, practitioners, sign up to our public contributors network, HDR UK Voices, where you’ll be kept up to date with ways to get involved, events and updates. 

    To learn more about PPIE at HDR UK, please visit our Public and Patient Engagement and Involvement page. 

Section 3: About health data research in the UK

  • Whenever we go to a doctor or a hospital, they collect data about us, our health and our lifestyle. This is recorded and stored in our patient record. It may include our height and weight, whether we smoke, how much we drink, detail of any allergies, what aches, pains or infections we’ve got, and what medications we are taking. It may also include the results of blood tests, images from MRI scans, and any procedures we’ve had, together with contact information, date of birth, and next of kin information. 

    Other specialists we see, for example dentists, physiotherapists and psychologists, will also create records. 

    The NHS uses this information to help provide the best clinical care for us. As a patient record contains sensitive information about our health, it must be handled very carefully and accessed safely and securely, to protect confidentiality. 

    Other types of health data include information collected during clinical trials and cohort studies or data generated by you; for example, health apps, fitness trackers or patient surveys. 

    • I live in England/Scotland/Wales/Northern Ireland. Is my health data available to researchers? 

    Routine health data collected by the NHS and other organisations as part of your patient record may be made available to researchers, subject to meeting legal requirements including UK GDPR and the common law duty of confidentiality.  

    You may also be asked to participate in clinical trials, research studies or to share data that you may collect through the methods outlined above.  In these situations, the organisations requesting access to your information would need your consent to do so.  This consent may include your agreement to combine this information with routing health data held as part of your NHS care. 

    The Health Data Research Innovation Gateway provides information about the many hundreds of different datasets that are made available for research and innovation.  In many cases this information includes the conditions that must be met before access is provided. 

    The Gateway is also developing a Data Access Request process based around the Five Safes framework and a Data Use Register to provide information about how data is being used for research and innovation. 

    These developments are supported through the work of the UK Health Data Research Alliance that brings together organisations such as NHS trusts, Clinical Research Practice Datalink, UK Biobank, and Cystic Fibrosis Trust to establish best practice around the ethical use of UK health data for research and innovation at scale. 

  • If data from many different patients is linked up and pooled, researchers and doctors can look for patterns, helping them develop new ways of predicting or diagnosing illness, and identify ways to improve clinical care. The information from health data is really valuable to help understand more about disease, to develop new treatments, to monitor safety, to plan services and to evaluate NHS policy.  Heath data research has provided enormous value to people across the UK and globally during the COVID-19 pandemic, you can find out more information about our role in the UK’s research response to the COVID-19 pandemic here.  

  • If researchers have access to larger, more diverse datasets, the more likely it is that they will find something that can help you, your family, your community or someone else with a condition.  

    Health data research helps improve the understanding of what causes diseases and conditions to develop, evaluate the effectiveness and safety of new treatments, and help frontline staff make better decisions about the care provided to you, your family and friends.   

    Furthermore, if researchers identify something that could improve care for an individual patient taking part in research, this information will be passed on to the team treating them wherever possible, so they can benefit directly from it. 

  • Health data research can lead to improved treatments, devices, interventions and health system management.  Evidence, brought together by Understanding Patient Data, shows that people are generally comfortable with anonymised data from medical records being used for improving health, care and services, including research, provided there is a public benefit.  Our data has the potential to be most powerful when everyone is represented. 

    You can read some case studies on our website here 

  • Any researchers working for private companies wishing to access the data will need to demonstrate how their research will benefit patients and the NHS. While companies are likely to profit (for example, by developing new drugs), they will also be delivering vital benefits to patients. 

Section 4: How is my data protected and what are my rights?

  • The organisation which currently has your data (known as data custodians) – for example your GP practice, community health services, mental health or hospital trust, medical research charity, UK Biobank or disease registry – is responsible for keeping your data safe. 

    Every member of staff who works for these organisations has a legal obligation to keep information about you confidential. For example, in the NHS, organisations maintain confidentiality by conducting annual training and awareness, ensuring access to personal data is limited to the appropriate staff and information is only shared with organisations and individuals that have a legitimate and legal basis for access. 

    Where systems have been set up to collect data from GP practices, NHS trusts, Health Boards or other organisations – for instance by NHS Digital in England, the Information Services Division of NHS Scotland, NHS Wales, and Health and Social Care Northern Ireland – the organisations collecting the data have responsibility for it. It is collected and, in most cases, de-identified before being made available for research.  Increasingly researchers can only access even de-identified data through Trusted Research Environments (TREs).  You can find out more about TREs in the section below 

    These data custodians are part of the UK Health Data Research Alliance which brings together many of the organisations that hold the UK’s health data. They are working together and with the public to develop standardised tools, techniques, conventions and technologies for research and innovation. All organisations working with Health Data Research UK have to sign up to the ‘Principles for Participation’ that guide their work. 

  • De-identified data, sometimes referred to as “de-personalised” or “pseudonymised” data, means information that does not directly identify an individual because identifiers such as name, address and date of birth have been removed or encrypted, but is still about an individual person who it might, in theory, be possible to re-identify, for example if the data was combined with different sources of information. 

    It is a criminal offence under Section 171 of the Data Protection Act 2018 for a person knowingly or recklessly to process personal data that is information that has been re-identified. 

    For more information see: https://understandingpatientdata.org.uk/sites/default/files/2017-07/Identifiability%20briefing%205%20April.pdf 

  • Under UK General Data Protection Regulation (UK GDPR) you have the right to ask an organisation whether or not they are using or storing your personal information. You can also ask them for copies of your personal information, verbally or in writing. This is called the right of access and is commonly known as making a Subject Access Request or SAR. This guide from the Information Commissioner explains how to make a subject access request. 

  • The organisations responsible for managing the data (the ‘data custodians’) are responsible for having technical security controls and procedures in place to prevent and respond to threats to data security, including significant data breaches or near misses. These plans are regularly reviewed by the NHS and other organisations involved as part of their commitment to cybersecurity, and their legal duty under the Data Protection Act and UK GDPR to protect people’s data. 

    If ever there is a security breach, or a risk of a security breach, these plans will come into effect and will likely involve reporting the incident to the Information Commissioner’s Office. 

  • It is a criminal offence to deliberately attempt to re-identify someone from data that is de-identified. 

    In addition to the legal safeguards, multiple process and technical safeguards are also put in place to minimise the risk of using health data combined with other data to re-identify you. 

    The Innovation Gateway does not hold or store any individual-level patient or health data.  This potentially identifiable data can only be accessed following a successful Data Access Request.  When access is provided, by the data custodian, we’re working to ensure research on the data will be carried out in what’s known as a Trusted Research Environment or Safe Haven. These are highly secure places – either physical servers often in a locked room or on a Safe Cloud – that can only be used by researchers who have been permitted entry. Any technology companies involved in providing or supporting the Safe Havens will not be able to see or access the data. 

    The safeguards minimise the risk of unauthorised access and any requests to download or transfer data out of the secure environment undergoes strict ‘output checking’.  These ‘safe outputs’ prevent potentially identifiable data being downloaded or transferred and then used to identify any individual patient. 

  • Organisations that manage health data (data custodians) put in place safeguards to avoid identification of any individual patient and minimise the risk of any data being misused. This makes it extremely unlikely that there would be any adverse consequences for people. 

    You can make a request to your healthcare provider (your GP or hospital) and ask who has had access to your identifiable NHS data. 

  • It is usually possible to opt out of sharing health data held in personal records about you for purposes other than direct care. To do this, contact the organisation that holds the record (such as your GP practice or hospital). If you live in: 

    England you can opt out of your data being used for research via the NHS Digital website https://digital.nhs.uk/services/national-data-opt-out 

    Scotland, although it doesn’t have an opt out mechanism, contact your GP or hospital to discuss your wishes or visit https://spire.scot/my-choices/ to opt out of sharing GP records only. For further information about use of other data in Scotland you can read the NSS data protection notice 

    Wales you can opt out of your summary GP record being shared by visiting http://www.gprecord.wales.nhs.uk/home 

Section 5: Data Access and Trusted Research Environments (TREs)

  • Health Data Research UK is enabling researchers to discover and request access to data via the  Innovation Gateway. The Gateway does not hold or store any datasets or patient or health data but allows users to see descriptions of the different types of datasets in the UK to enable researchers to see what’s available and how they can access it. A dataset is a collection of related individual pieces of information, which may include identifiable information (e.g. name or NHS number).  This information is removed or masked to make the data de-identified unless there is a compelling reason and clear legal basis not to do so.   

    If a researcher wants to access a dataset, they can make an enquiry via the Gateway and this will be considered by the organisation that looks after that dataset.  The UK Health Data Research Alliance is championing the use of the Five Safes Framework to ensure only safe people (e.g., accredited researchers) have access to safe (de-identified) data, to undertake safe projects with clear potential for public benefit in safe settings (Trusted Research Environments) with robust controls to ensure safe (non-disclosive) outputs. 

  • A TRE is a Trusted Research Environment. Also known as ‘Data Safe Havens’, TREs are highly secure computing environments that provide remote access to health data for approved researchers to use in research that can save and improve lives. 

  • No, HDR UK does not own or operate any TREs. We work in partnership with existing TREs across the four nations, including ONS, to develop tools, policies, standards and common approaches to public and patient involvement and engagement, and governance that demonstrates trustworthiness in the use of health data for research across the UK. 

  • Yes, we provide funding for the development of TREs and their capabilities.  In particular, we support work that increases the amount of data available through TREs and develops common standards that enable TREs to operate as a network.  This helps to minimise the transfer of data and maximise researcher productivity.   

    In some cases (for example our work on the National Core Studies) we also fund researchers to access and use TREs.   

    More information about our work on TREs can be found here including details of funding provided by HDR UK for the provision of TRE services as part of our response to the Goldacre Review.