This site uses cookies to store information on your computer. I'm fine with this Cookie information
Cookie Control


The NHSGGC Safe Haven complies with NHS identifiable data anonymisation rules:

  • Data are said to be anonymised when items such as names, address, full postcode, date of birth and any other detail that might identify a patient are removed; the data about a patient cannot be identified by the recipient of the information; and the theoretical probability of the patient's identity being discovered is extremely small.
  • Always consider anonymisation of data where possible.
  • While the Data Protection Act does not restrict the use of data that do not identify patients, patients do have a right to know when it is intended that their information will be anonymised for a range of appropriate purposes.
  • An anonymising service is being developed within ISD* to anonymise all national returns. NHS Boards must set up systems to ensure local data flows meet agreed national standards which are being developed with ISD*.

All research outputs will be linked and then anonymised by the Safe Haven team before being released to the researcher for analysis, unless patients have been recruited to the project with specific formal consent to use their data in an identifiable format.

Each project will be given its own unique set of project identifiers for records that cannot be traced back to the patient or linked to other datasets containing patient information. A record of all datasets released and project identifiers issued will be kept and archived by the Safe Haven for future reference.

How the Anonymisation Works:

The data is stored at patient level on the NHS side of the Safe Haven, the way it usually is for health purposes. Every record is stored against a surrogate number, thereby anonymising the data, and this separates the patient's clinical data from their identifiers. A key of surrogate numbers relating back to CHI numbers is kept separately so if there is a sudden need (for clinical reasons) to identify where the data came from, the NHS staff are able to trace it back.

A separate key of surrogate numbers is kept by the NHS, which identifies which surrogate numbers link together. These are then used to link anonymised records.

When a research dataset is produced each patient's surrogate key is replaced by a project identifier which links the data together per 'subject' (i.e. a anonymised study ID so data in different files can be related). This identifier is unique to each project and will never be used again.

These processes produce a three-step anonymisation, thereby preventing someone outside the Safe Haven linking various datasets together and building up a picture by which they can identify someone.

*ISD - Information and Statistics Division of the Common Services Agency, NHSScotland