Electronic health record linkage in the STRIDES BioResource– What we do with your data
How do we access and link information from electronic health records?
To understand the health of participants in the INTERVAL Study—and to track how this changes over time—we use medical and other health-related records. The National Health Service (NHS) doesn’t have a single record system and thus information needs to be obtained from various sources to build-up a complete picture. This page describes the different types of data, how we access the data and how we keep the information safe. Each application for data access goes through an approval process for compliance with ethical, legal and confidentiality requirements.
Participants provided the Study Team with permission to access medical and other health-related records when they joined the INTERVAL Study. Information from these records is retrieved using an NHS number, name and date of birth._A single table linking each participant’s anonymous study identification number to their NHS Blood and Transplant (NHSBT) Donor Number, NHS number and other information that directly identifies them is stored in a separate, password protected location which may only be accessed by designated study data managers. This system is managed by the University of Cambridge School of Clinical Medicine and complies with NHS data protection standards. You can read more here.
The ‘link table’ is used to retrieve relevant health information from medical and other health-related records.
We currently receive data about:
- Deaths and cancer diagnoses from NHS England
- Hospital treatment (Hospital Episode Statistics) from NHS England
- Diabetes records from NHS England
- General Practice (GP) records from NHS England, specifically for COVID-19 related research
- Vaccination records from NHS England, specifically for COVID-19 related research
We also have approval to receive data about COVID-19, including diagnosis and outcome, from the UK Health Security Agency.
We are also in the process of requesting data about infections, held by the UK Health Security Agency.
We plan to extend the range of data in the future to include more data from NHS England, the UK Health Security Agency and other data providers. We will update this page as more data is obtained.
The retrieved information is ‘de-personalised’ by removing any directly personal details such as name, NHS number or address and replacing them with a unique anonymous study identification number. The de-personalised information is then stored in a restricted-access, study database together with other information collected during the study.
Access to the Data
Access to the study database is password protected and is only available to named researchers working on the study under the direct supervision of the senior scientific investigators.
The Blood Donors Studies BioResource
De-personalised data may also be used for other medical and health-related studies which have the relevant approvals. Researchers around the world can enquire about accessing the Blood Donors Studies BioResource for their own research projects. Access to all samples and de-personalised data is strictly controlled by a formal Data Access Committee, comprising individuals responsible for the studies and members of the public. Only the data items required for an approved project will be provided to the researchers via a secure file transfer method. More information about the Blood Donors Studies BioResource is available here.
We intend to retain the data as a long-term research resource. This is subject to funding, data sharing agreements with external data providers and participants’ right to withdraw.
Data controller and legal basis for data processing
The University of Cambridge is the Data Controller for the Blood Donors Studies BioResource. We process personal data for scientific research purposes as part of the University of Cambridge’s public task under articles 6(1)(e) and 9(2)(j) of the General Data Protection Regulation (GDPR). The public interest nature of the research was assessed when reviewed by a Research Ethics Committee and the public bodies providing the funding.
Health data (for example, the datasets received from NHS England) is classified as a special category of personal data under the GDPR.
If you have any questions or concerns about the data we collect or how it is used, please contact the study helpdesk using the details (email, phone, postal address) here.
Participants are free to withdraw from a study at any time. More details of options and how to do this are provided on the FAQ page. The University of Cambridge’s Data Protection Notice contains more details about the legal basis for our processing of information and your rights. If you need further assistance, please contact the University’s Data Protection Team (email@example.com) or it’s Data Protection Officer (firstname.lastname@example.org).
If you are unhappy with how we have used your data, you can complain to the Information Commissioner’s Office (ICO).
Postal address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Helpline number: 0303 123 1113
How can I access my personal information?
Various rights under data protection legislation, including the right to access personal information that is held about you, are qualified or do not apply when personal information is processed solely in a research or archival context. This is because fulfilling them might adversely affect the integrity of, and the public benefits arising from, the research study or project.
The full list of (qualified or inapplicable) rights is:
- the right to access the personal information that is held about you by the University (further details)
- the right to ask us to:
- correct any inaccurate personal information we hold about you
- delete personal information
- restrict our processing or to object to processing (including the receipt of direct marketing)
- receive an electronic copy of the personal information you provided to us
If you have any questions regarding your rights in this context, please contact the University’s Data Protection Team/Officer (email addresses above).