The UK government has published a blog post relating to the use of personal data during the Covid-19 emergency.
The government has commissioned a data platform that aims to provide secure, reliable and timely data to make informed, effective decisions. It will create a data store to bring multiple data sources into a single, secure location. The results will be presented as dashboards that give a live view of the metrics needed to track and understand the current spread of the virus, and the capacity in the healthcare system to deal with it.
All NHS data in the store will remain under NHS England and NHS Improvement’s control. Once the public health emergency situation has ended, data will either be destroyed or returned in line with the law and the contracts in place between the NHS and partners.
The government states that essential data governance procedures and established principles of openness and transparency remain at the core of the project and the same rules of information governance as normal will be followed.
According to the government, the data is anonymous, subject to strict controls that meet the requirements of data protection legislation and ensure that individuals cannot be re-identified. The controls include removing identifiers such as name and address and replacing these with a pseudonym. GDPR principles will be followed, for example the data will only be used for Covid-19 and not for any other purpose and only relevant information will be collected. Any request to access data will be reviewed through a single process controlled solely by NHS England and NHS Improvement and NHSX. Technology partners will be subject to the same strict data rules.
Once the outbreak has been contained, the government says that it will close the Covid-19 datastore. Data processing agreements put in place with the various partners include the steps which need to be taken to cease processing and to either destroy or return data to NHS England and NHS Improvement once the public health emergency situation has ended.
The government also hopes to learn lessons about how to improve data collection, aggregation and analysis in a way that protects the privacy of individuals.