About

The four Safe Havens in Scotland were established as part of a national need for delivering research excellence and the need for rapid access to high quality health data for research purposes. They were developed in line with the SHIP blueprint which outlined a programme for a Scotland-wide research platform for the collation, management, dissemination and analysis of anonymised Electronic Patient Records (EPRs).

NHS Greater Glasgow & Clyde, in collaboration with the Robertson Centre for Biostatistics, began an ambitious itinerary of work in 2011 to develop a Safe Haven to compliment this national programme and create a physical and electronic area that provides the required levels of security to support access to local healthcare data for service and research purposes. The NHS collects vast amounts of data every day; this could be about you, your family, or people that you know, but most of this information belongs to people you are never likely to meet. The NHS is the custodian of this information, not the owner. As custodians we are responsible for the safe keeping and security of all information that we collect. All personal health information is held under strict legal and ethical obligations of confidentiality.

A Safe Haven, in terms of NHS data, is a secure physical location and agreed set of administrative arrangements that are in place within the organisation to ensure confidential personal information is communicated safely and securely. It is a safeguard for confidential information which is being used for research purposes. Any researchers applying for access to health data must adhere to the Safe Haven principles.

When data is un-consented, the unique patient identifier (CHI number) can be used to link patient records, to both retrospectively and prospectively collected data, provided that the linked data is de-identified prior to release. Researchers are responsible for ensuring that they handle information with care and respect. It is their responsibility to protect this information from those who are not authorised to use it or view it. They must ensure that whilst in their care they have done everything possible to protect this information, and comply with the Caldicott Principles and Data Protection requirements (see Caldicott Principles section).

The use of information about patients is governed by:

• statute law, e.g. the Data Protection Act 2018 & 1998, the Human Rights Act 1998, the Infectious Disease (Notification) Act 1889, Adults with Incapacity (Scotland) Act 2000, the Abortion Act 1967, and many others;
• the common law in Scotland on privacy and confidentiality (which requires either consent or a legal or public interest requirement for disclosure);
• professional standards; and
• the policies and organisational standards of the Scottish Executive Health Department (SEHD) and NHS Scotland

Accurate and secure personal health information is an essential part of patient health care. The NHSGGC Safe Haven provides a service that:

1. Protects the confidentiality of patient information;
2. Commands the support and confidence of public, patients and all staff, students, volunteers and contractors working in or with NHSScotland;
3. Complies with best practice;
4. Conforms with the law;
5. Promotes patient care, the running of care organisations, and the improvement of health and care through knowledge; and
6. Works in partnership with other organisations and has clearly established and communicated protocols for sharing information.