The NHSGGC Safe Haven complies with NHS identifiable data anonymisation rules:
All research outputs will be linked and then anonymised by the Safe Haven team before being released to the researcher for analysis, unless patients have been recruited to the project with specific formal consent to use their data in an identifiable format.
Each project will be given its own unique set of project identifiers for records that cannot be traced back to the patient or linked to other datasets containing patient information. A record of all datasets released and project identifiers issued will be kept and archived by the Safe Haven for future reference.
How the Anonymisation Works:
The data is stored at patient level on the NHS side of the Safe Haven, the way it usually is for health purposes. Every record is stored against a surrogate number, thereby anonymising the data, and this separates the patient's clinical data from their identifiers. A key of surrogate numbers relating back to CHI numbers is kept separately so if there is a sudden need (for clinical reasons) to identify where the data came from, the NHS staff are able to trace it back.
A separate key of surrogate numbers is kept by the NHS, which identifies which surrogate numbers link together. These are then used to link anonymised records.
When a research dataset is produced each patient's surrogate key is replaced by a project identifier which links the data together per 'subject' (i.e. a anonymised study ID so data in different files can be related). This identifier is unique to each project and will never be used again.
These processes produce a three-step anonymisation, thereby preventing someone outside the Safe Haven linking various datasets together and building up a picture by which they can identify someone.
*ISD - Information and Statistics Division of the Common Services Agency, NHSScotland