This privacy notice describes what we do with your personal information for the purposes of health and care research. It tells you what information we collect about you, how we store it, how long we retain it and who we might share it with.
By "health and care research", we mean research which serves the interests of society as a whole. This research follows the UK Policy Framework for Health and Social Care research.
It is important that you read this notice, together with any other privacy notice or specific information you may already have been given (for example, in participant information booklet/leaflets or any consent forms), so that you are aware of how and why we are using information about you.
Who we are
University Hospitals Birmingham NHS Foundation Trust (UHB) is recognised as one of the leading research-active trusts in Europe. Across our hospital and community sites, we employ more than 20,000 staff and run the largest single-site hospital in the country.
The Trust has centres of excellence for a number of services, hosts the Institute of Translational Medicine, and led the West Midlands Genomic Medicine Centre.
Our researchers, many of whom are world leaders in their field, are engaged in a broad range of research activity. For more information about the research we do, please visit our website.
As a leading research-active Trust we are committed to protecting the privacy and security of your personal information. We are registered with the Information Commissioner’s Office (ICO) to process personal and special category information under the following registration number: Z5568104.
Our research follows the UK Policy Framework for Health and Social Care research.
This privacy notice is to specifically inform you about PIONEER, a research programme running at UHB.
What is PIONEER?
The PIONEER programme involves a Health Data Research UK affiliated research database that will safely and securely collect and store health data from patients who attend hospital with an unplanned illness or symptoms. The PIONEER programme aims to understand the symptoms and diseases people come to hospital with, whether they had been to hospital or other healthcare providers before with the same problems, the time it took to make a diagnosis and the care they received. The ultimate aim of the PIONEER programme is to improve the way the NHS provides care to people when they are suddenly unwell or have an unexpected flare up in their symptoms.
The PIONEER database will include electronic health records for patients from University Hospitals Birmingham. In the future, PIONEER will expand to include patient data from other hospitals and healthcare settings and providers. The PIONEER protocol (which explains more about the programme and how it operates) and a short video about PIONEER can all be found on the PIONEER website.
UHB is the Data controller for PIONEER. "Data controller" means that UHB will determine or decide the purposes, conditions and means of the processing of personal data.
"Personal data" means information relating to a natural (living) person or "data subject", which can be used to identify the person. This provides for a wide range of information to constitute personal data, for example:
- identification number
- social media posts
- location data
- online identifier
"Processing" means anything that is done to the personal data we hold.
The UHB staff processing the data for PIONEER are based in the Informatics Department at UHB. These staff will be processing identifiable data as part of usual NHS care processes, but within the PIONEER database, the health-data is pseudonymised. "Pseudonymisation" is the processing of personal data in such a way that the data can no longer be attributed to a specific person without the use of additional information (namely a key).
Before any health data is accessed as part of the PIONEER programme, the health data is anonymised – meaning the personal data can no longer be attributed to a specific person. Only anonymised health data is accessed by researchers as part of the PIONEER programme. Access to health data is only under license and after approvals, including review by a committee of patient and public members called the PIONEER Data Trust Committee. You can view the Data Trust Committee quarterly reports on the PIONEER website.
We have partnered with Microsoft who have provided a UK cloud-based system for us to manage and process this data.
At no point will any of your identifiable data be accessible to anyone outside of the NHS, specifically outside of University Hospitals Birmingham NHS Foundation Trust.
The PIONEER research database has been approved by the Health Research Authority’s East Midland’s Derby Research Ethics Committee (reference: 20/EM/0158). This committee is an independent group who review research taking place in the UK, from an ethical viewpoint, protecting patients and the public, while promoting good ethical research.
PIONEER has also been approved by the Health Research Authority, as advised by the Confidentiality Advisory Group (CAG), enabling the common law duty of confidentiality to be lifted to enable disclosure of confidential information without consent. The CAG is an independent body which provides expert advice on the use of confidential patient information to protect and promote the interests of patients and the public, while at the same time facilitating appropriate use of confidential patient information for purposes beyond direct patient care. Please see the CAG website for further details.
The CAG registration number is 20/CAG/0084.
For more information about the general use of patient data in research in the health service please visit the Health Research Authority website.
Why we collect personal information about you
We use your personal information to carry out health and social care research in the public interest. This means that we have to demonstrate that our research serves the society as a whole, for example by improving eye disease detection, diagnosis and treatments or improving existing services.
Our legal basis for processing personal information about you
The way in which we use your information is governed by law. The principle legislation that applies is UK-GDPR (as established by the European Union (Withdrawal) Act 2018) and the Data Protection Act 2018. “GDPR” means the General Data Protection Regulation (2016/679).
When we use your information for research, we rely on Article 6(1)e (“processing is necessary for the performance of a task carried out in the public interest”) and Article 9(2)j (“processing is necessary for archiving purposes in the public interest, scientific or historical research purposes”) of the GDPR in combination with Schedule 1, Part 1, Art 4 Data Protection Act (DPA) 2018.
Confidential information which you have shared with our NHS staff to enable them to provide your care is governed by the common law duty of confidentiality, as described by NHS Digital.
What personal information we need to collect about you and how we collect it
We will not be collecting any information directly from you. The personal information that we collect is information that we already hold about you due to the healthcare that we have provided to you. This includes information from your clinical care records including imaging/graphical data. For information we are likely to already hold about you, due to the care we provide, please refer to the UHB privacy notice for patients.
What we may do with your personal information
For research purposes, the PIONEER programme within UHB may use your information anonymously to better understand unplanned healthcare needs and help find better ways to care for patients. Your anonymous information may be shared with other organisations such as other NHS bodies or academic centres, analysed and then used in reports or presentations to help improve health and care. Publicly available information will always be presented in such a way that it will be impossible to identify you from this information. For a list of the projects the PIONEER programme is currently supporting to improve health and care, please see the PIONEER website.
Some information about you may be linked to other information shared by primary care providers (e.g. GPs) and secondary care providers (e.g. acute trusts) with the view to creating a more complete set of information which will enable medical research for the benefit of public health. PIONEER has specific CAG approvals to link health data from UHB with the West Midlands Ambulance Service University NHS Foundation Trust.
We will not:
- Share your identifiable data with third parties for marketing purposes
- Sell your identifiable data
Where we are required to transfer information about you internationally outside the UK/EU, we will make sure that an adequate level of protection is in place before the transfer
Who do UHB share your information with and why?
As a patient in our hospitals your health data is held securely and confidentially. We use it to provide care to you but also improve the NHS to give better care to you and other patients, both now and in the future. To help this improvement, the information about your health and care may be provided to researchers running research studies here at UHB and other third party organisations. These external organisations are typically non-commercial partners such as universities or other hospitals.
Your information will only be used by organisations and researchers to conduct research in accordance with the UK Policy Framework for Health and Social Care Research.
Please also refer to the our main privacy notice for patients, which explains when we might have to share information about you with the Care Quality Commission or other regulatory/law enforcement authorities.
How we retain and re-use your information
We already hold your information due to the healthcare we currently provide to you, or because of care we have provided to you in the past. Please refer to our main privacy notice for patients.
Each application for your health data made to PIONEER is considered on an individual basis and is evaluated by both the UHB Research Database Team and an independent Data Trust Committee before providing a recommendation on whether the project should be approved. Data is only released to research teams when it has satisfied all of the rigorous governance processes signed off by the Information Asset Owner. Pseudononymised or anonymised datasets are created in response to approved user applications, and made available under contractual agreement for a specified period in accordance with the approved project.
Following the expiry of the relevant retention period, your personal information will be archived, for the period specified in each individual project and then destroyed. Where information is to be destroyed, this will be done in a confidential manner and in accordance with the Trust’s Record Management Policy. However, anonymised archived data may be re-used for scientific or historical research.
Under current data protection legislation (Art 13 to 18 GDPR), you have certain rights to manage your data as you see fit. However, for the purpose of research, your rights to access, object, change, transfer and/or delete your information are limited. This is because we need to manage the data in specific ways to ensure the research we conduct is reliable and accurate, and that we are accountable to those organisations which fund and monitor our research.
If you are happy for your health data to be used for research and service planning, then you do not need to do anything.
If you choose not to have your health data used for any research and planning purposes, including PIONEER, then you can choose to "Opt-out" using the NHS Digital National "Opt-out" scheme via the NHS website.
If you choose not to have your personal data used as part of the PIONEER programme but you still wish to have your data used for other research programmes and service planning, you can opt-out of PIONEER specifically. PIONEER will not include your health data in the research database for PIONEER-associated research and service planning.
To do so, please contact the PIONEER team.
Alternatively you can contact the Patient Advice and Liaison Service (PALS) team at UHB, where you can register your request to opt out of PIONEER. You will receive confirmation once this has occurred. Whatever choice you make, your individual care will not be affected.
Queen Elizabeth Hospital Birmingham
COVID-19, the National Data Opt-Out and PIONEER
During the COVID-19 pandemic, the Secretary of State for Health and Social Care issued an instruction to NHS bodies to share confidential patient information for the purposes of research into COVID-19, so that we could provide better care to patients with this new virus. This has affected how the National Data Opt-Out works.
For more information, please see the GOV.uk website.
Currently, this provision is in place until 30 September 2021.
The PIONEER programme has shared data with non-commercial, academic researchers to help develop better services and treatments for COVID-19 using the COPI Directive during the pandemic and specifically for COVID-19 purposes. This was as part of a collaboration with University College London Hospitals, University College London and the Alan Turing Institute, and the project was called DECOVID.
The Information Commissioner’s Office (ICO) is the body that regulates the Trust under data protection and freedom of information legislation.
If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law you can complain to the ICO.
Information Commissioner's Office
Cheshire, SK9 5AF
Changes to this privacy notice
The date this page was last reviewed is available below. It is reviewed when necessary and at least annually.
Last reviewed: 30 July 2021