UK Severe Asthma Registry Privacy Notice - Data Protection and Confidentiality

Version 1.2 14/06/2019

What is the UK Severe Asthma Registry (UKSAR)?

The UKSAR is a database in the United Kingdom for adult patients referred with severe and difficult to control asthma to Specialist NHS clinics for assessment and treatment. The information in the database will be used to assess and improve the quality of services and the outcomes achieved by severe asthma treatments across the NHS. It may also provide comparative information to commissioners to help design and deliver services.

What information does it contain?

The information includes details about patients and their asthma, healthcare use, background medical history, investigations performed and treatments given and outcomes achieved. Patient date of birth is entered into the Registry at time of registration to calculate age at subsequent clinic assessments but the date of birth cannot be downloaded from the system. No patient identifiable data is registered on the system.

What is the legal basis for the UKSAR?

UKSAR is an ethically approved database and we ask patients to consent to allow their data to be entered into the Registry. This ethical approval is reviewed each 5 years and approval sought for the following 5 years.

Who manages the UKSAR database?

UKSAR is managed by Queens University Belfast and works in partnership with NHS England and Dendrite Clinical Systems Ltd, our technology partner.

What happens to the data and who can see it?

The data is collected by the doctors, nurses, and hospital staff treating and managing the patient. Hospital computers are used to collect the information, which is entered into or uploaded to a database developed by Dendrite Clinical Systems Ltd hosted on a single secure database server under contract with Dendrite Clinical Systems Ltd. Hospitals have the option of entering information directly into a secure web-based UKSAR database or uploading it from their own hospital system. During any data transfer from the hospital the information is encrypted (locked) to ensure it cannot be interfered with. Only an approved member of staff at the hospital can load the data onto the UKSAR. Once the records have been entered they can be reviewed or edited by authorised staff at the hospital using an approved user account with a secure password.

The information collected is valuable as it allows clinicians to understand the nature of severe asthma, the profile of patients and the results that are being achieved by hospitals around the country with new treatments. The data will be analysed by Queens University Belfast under the guidance of the Steering Committee of UKSAR which is made up of the Clinical Lead Physicians of UK Severe Asthma Regional Networks.

All data which is analysed is anonymised and no details of individual patients will be presented but results will be reported for groups of patients. These may be broken down by region or hospital, and by other important information that may be related to outcomes such as age and general health status.

The data will be used to help commissioners, providers and doctors understand how their practice and outcomes compare to performance in other centres, to judge which treatments are of greater benefit and how care is improving, to identify different sub-groups of severe asthma and trial new severe asthma therapies and to provide information for planning future services for people with severe asthma

The data may be shared with trusted third parties as part of a Research Project. Data would only be released for commercial purposes if there are direct treatment benefits for patients with severe asthma and with the approval of the Steering Committee and if all ethical requirements have been met.

Dendrite Security

Dendrite Clinical Systems is assessed against NHS Information Governance standards, which includes both physical and organisational security measures. Dendrite’s Data Security and Protection Toolkit assessment is available on the DSP Toolkit website (https://www.dsptoolkit.nhs.uk/OrganisationSearch/8HJ38).

The computer software program created by Dendrite that holds the UKSAR data has been independently tested to ensure that it is not vulnerable to unauthorised access, or internal breaches of security.

Can I ask to see the data that the UKSAR registry holds about me?

Requests to see what data is held on the UKSAR database about you may be made through the Information Compliance Team at Queens University Belfast Info.Compliance@qub.ac.uk.

If you have any questions or comments about this privacy notice, the University’s Data Protection Officer can be contacted at:

Derek Weir: Data Protection Officer

Information Compliance Unit
Lanyon South
Queen’s University Belfast
University Road
BT7 1NN
info.compliance@qub.ac.uk   

COMPLAINTS

You have the right to complain about how we treat your Personal Data and Sensitive Personal Data to the Information Commissioner’s Office (ICO). The ICO can be contacted at:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF