Data safety & security

Who is in charge of keeping the data safe?

UHB is the Data Controller for PIONEER data and is responsible for keeping data safe once it has been transferred to PIONEER.

Other health organisations contributing data to PIONEER will be the Data Controller for the data they hold within their own organisation.

Every member of staff who works for UHB within PIONEER has a legal obligation to keep information about all health data confidential, is trained in keeping data safe and works with NHS data as part of their job.

How will data be stored and kept safe?

All PIONEER health data is held in a secure research environment (SRE) or safe haven, which are highly secure and only be accessed by permitted individuals.

The aim is to enable maximum security, through multiple layers, and to minimise the risk of anyone’s data being misused. The PIONEER safe haven stores all data securely in a Microsoft Azure cloud platform, controlled by UHB.

PIONEER was built by Ensono,  an accredited Microsoft Partner which maintains ISO certifications in information security management, quality and IT service management, and business continuity management

Who can access our data?

PIONEER has an access request process in place to ensure data access is in the public good and has the potential to bring benefits to NHS patients.

The Data Trust Committee helps with decisions about data access. This Committee, made up of public members: sees what requests are made to access the data, by whom; reviews which data fields have been included in the request; and helps decide which requests should be supported.

UHB, as Data Controller for PIONEER, has final approval of what data can be shared, and oversees the legal contractual process to ensure this happens safely.

PIONEER will always put patient privacy, safety and benefit first and we have multiple safeguards in place to ensure this happens. Further information can be found in the Data Request process section.

The Types of organisations we envisage accessing our data includes, but is not restricted to:

  • NHS providers
  • Academics
  • Commercial organisations, including SME’s

Table of Contents