How your data saves lives

PPIE stands for Patient and Public Involvement and Engagement. As part of our PPIE group we work with patients and public to share knowledge and information, support interpretation of de-identified data, and discuss future collaborations.

We want to ensure full transparency of the Y&H SDE work so everyone is aware of how their data can be used and is confident that there will never be a risk of unauthorised access to your data. By actively involving with communities in the Yorkshire and Humber region, we gain valuable insights that shape the Y&H SDEs priorities, refine its outreach strategies, and improve ways of sharing research findings.

Your Data Saves Lives

The NHS wants to use your healthcare data safely to make care better through secure research. See how trusted researchers can improve healthcare for you, your loved ones, and your community.

Our PPIE group welcomes NHS patients, carers, people who use health and social care services, members of the public and active trial participants – individuals taking part in the study in question.

By joining our activities, you can contribute to the Y&H SDE for better health and wellbeing in our region and beyond.

Easily check and join upcoming Y&H SDE activities here or contact us if you have a question or want to know more about our PPIE group and its activities: YHSDE@bthft.nhs.uk

Listen to Kate O’Sullivan, Associate Director of our SDE and Head of Secure Data Services at the University of Sheffield, where Kate breaks down the often misunderstood world of patient data sharing, explaining how it actually works in practice and why your participation in research can make a real difference to healthcare outcomes.

She also gives practical steps on how you can get involved in health research and tells about the real example of how researchers have used data from CUREd+ database to inform healthcare policy.

Our PPIE group welcomes NHS patients, carers, people who use health and social care services, members of the public and active trial participants – individuals taking part in the study in question.

By joining our activities, you can contribute to the Y&H SDE for better health and wellbeing in our region and beyond.

Easily check and join upcoming Y&H SDE activities here or contact us if you have a question or want to know more about our PPIE group and its activities: YHSDE@bthft.nhs.uk

Download our leaflet for public

FAQs

Can I request an opt-out? If yes, how? Does opt-out consent apply to children or teenagers?

Yes, you can always opt-out from your data being used in research. To opt-out, you can use the national or GP data opt-out services provided by NHS:

  • Online: Visit the National Data Opt-Out website: Opt out of sharing your health records – NHS (www.nhs.uk)
  • NHS App: Log in to your NHS App, navigate to your account settings, and find the “Health data sharing decision” or “Choose if data from your health records is shared for research and planning” section.
  • Phone: Call the helpline at 0300 303 5678.

A young person from age of 13 is able to set their own opt-out, which aligns with the minimum age at which children can give their consent to participate in digital services as set out in data protection legislation. Children under 13 and those who lack capacity are not able to set an opt-out themselves.  In these cases, individuals who have a formal, legal relationship to act on behalf of them (i.e. somebody who has parental responsibility, a lasting power of attorney or court appointed deputy) are able to set an opt-out on their behalf by proxy.

If you choose to stop your records being used for research and planning, your data might still be used in some situations. Learn more here: https://www.nhs.uk/your-nhs-data-matters/where-your-choice-does-not-apply/

If you want to check if you have opted out, you can enter your details again at Make your choice or check your settings in the NHS App.

How secure is the SDE? How do we ensure confidentiality of patient data is achieved? How do we ensure that there are no data breaches/leaks?

At the Yorkshire and Humber SDE we use of pseudonymisation-at-source as well as the ingestion of identifiable datasets;

identifiable data will be held separately and not made available to researchers. Where re-identification is required by a project (for example, for intervention or trial recruitment) work will occur on pseudonymised data and the reidentified data will land back on the clinical side for use by teams who already have legitimate access to identifiable data (eg the team already caring for a patient or similar)

The SDE operates on the principle of least privilege when it comes to dataset access. A researcher working on multiple projects should not be able to simultaneously access datasets from more than one SDE project (technical solution) and prevented from simultaneously accessing other patient-level data (identified or pseudonymised) by agreements made on sign-up to use the SDE (legal solution).

Our SDE complies with all standard processes to ensure privacy, including ensuring that governance and ethical approvals cover data being used for research purposes, and that research outputs are safe with avoidance of small numbers and adhere to governance processes around other sensitive data.

For more details, have a look at our security promise.

What data as of (01/09/2025) is in the SDE? Can I find how data is used for research & planning?

At the Yorkshire and Humber SDE our database includes detailed health data on patients such as Yorkshire Ambulance Service data.

Have a look at the most updated list of what data is available and what research projects they are being used for in the Yorkshire and Humber SDE, check our Data Use Register.

Here are key ways you can stay informed about the impact from the research projects used the data held by Yorkshire and Humber SDE:

  1. Publications and papers: You can explore the success stories showing how our data has already been used and impacted research by visiting our news section, where you’ll find information about publications, papers, and breakthrough research outcomes.
  2. Monthly newsletter: Stay up-to-date with the latest developments by subscribing to our monthly newsletter. Subscribe here.
What happens if there is a data breach/leak?

We take data security extremely seriously and follow the national policies, guidelines and best practices to prevent any breach or leak from occurring. You can find out more about our comprehensive data security approach here.

Should any security incident occur, we are committed to maintaining full transparency with all our stakeholders. We will immediately communicate the nature of the incident, the steps we are taking to address it, and all measures being implemented to mitigate security risks and prevent future occurrences.

What is a Federated Data Platform & how is Secure Data Environment different?

The NHS Federated Data Platform (FDP) is a computer system that helps NHS services work better together by safely connecting and using data they already have. It helps improve care for patients and plan services more effectively. FDP will not be used for research purposes, where the Secure Data Environments will be used to support both research and planning.

Find out more in the video below:

What is the difference between identifiable and de-identifiable data?

Identifiable data contains information that can directly or indirectly identify specific individuals. This includes personal identifiers like a person’s name, address, and age.

De-identifiable data has had personal identifiers removed or altered to prevent identification of individuals. The process often involves:

  • Removing direct identifiers (names, addresses, identification numbers)
  • Generalising specific details (using year of birth instead of full date, or partial postcodes instead of full ones)
  • Using pseudonymisation*, where personally identifiable information is replaced with artificial identifiers

*Pseudonymisation helps keep personal data private and secure, especially in research or data analysis. It means people’s information can be used without exposing who they are.

The Yorkshire & Humber Secure Data Environment complies with General Data Protection Regulation (GDPR) and UK Data Protection Act requirements. It means that the data inside the SDE is de-identifiable. Researchers access de-identified data for their analysis inside the SDE and can’t find whose data it is.

Find out more about levels of  at Identifiability demystified by Understanding Patient Data

There are occasions where you can remove lots of pieces of (i.e., address, date of birth, etc.) but through the rest of the information a person could still be identified. For example, if you were looking at who is a teacher and number of smokers and who is a non-smoker in a small town you could by having a narrow pool of people be able to guess who the smokers are. This is called ‘indirectly identifiable data’.

Although this is not very common, every piece of analysed data is checked by trained specialist staff in a process known as Statistical Disclosure Control (also known as ‘output checking’). To make sure this kind of indirectly identifiable data never leaves the Secure Data Environment, the specialist staff check every piece of analysed data (including charts, tables and graphs) to make sure it would not indirectly identify an individual.

What type of data is on the SDE?

Our ever-expanding list of datasets contains a wealth of data covering our entire region, including:

  • Primary Care (GPs) data
  • Secondary Care data
  • Mental Health data Population Health data
  • Social Care
  • Education data
  • Ambulance data
  • Environmental data

Check what other datasets are available at the Available datasets page.

Who can access my data for analysis?

Only approved people, with approved projects, are allowed to analyse data, and only approved non-identifiable outputs can leave the environment. Those who could analyse the data include eligible researchers from:

  • NHS providers and commissioners who use data to monitor trends and patterns in population health, hospital and care activity, to assess how care is provided, and to support local service planning.
  • University researchers who use data to understand more about the causes of disease, to develop new ways of diagnosing illness or to identify ways to develop new treatments.
  • Charities who use data to evaluate services, advocate for patient communities and identify ways to improve care.
  • Companies who use data for many reasons, for example if they are partnering with the NHS, developing drugs or providing services.
Who controls data after its shared with SDE?

The Yorkshire and Humber SDE supports various methods for data ingestion, offer in-situ or remote data analysis to minimise costs and administrative burdens. Local data teams can administer their own data within the SDE or agree to have it administered by a central SDE team, ensuring separation, and user-and-role-based access will prevent unauthorised access or mixing of datasets.

Our SDE encourages local control over data use while also providing support from the central team. This allows for flexibility in how projects are approved and managed, depending on the preferences of the data provider.

Who has access to SDE data?

Only approved data users, with approved projects, are allowed to access and analyse data, and only approved non-identifiable outputs can leave the environment. Those who could access the data include eligible researchers from:

  • NHS providers and commissioners who use data to monitor trends and patterns in population health, hospital and care activity, to assess how care is provided, and to support local service planning.
  • University researchers who use data to understand more about the causes of disease, to develop new ways of diagnosing illness or to identify ways to develop new treatments.
  • Charities who use data to evaluate services, advocate for patient communities and identify ways to improve care.
  • Private sector organisations who can use data to develop drugs or providing services, for example if they are partnering with the NHS.

Note that all submitted projects undergo a rigorous review process by the Data Access Committee, which reviews each Data Access Application from a public benefit perspective.

How current is the data that is available in the SDE?

That depends on the region and the data within that region. There are three “spokes” within the Y&HSDE and each one has its own relationships with data providers. We are currently on a journey to gather data. This includes both Primary Care data from GP’s and Secondary Care from hospitals and other sources. For some of these we have data up to date, for others it will be up to 2 years ago. This depends on each agreement with each individual supplier.  These agreements include how often we get the data. For example: within the West Yorkshire Region we have Primary Care up to October 2025, but Death’s data is received on a 6 monthly basis, so can be up to 6 months out of date, from the supplier. And of course it may have been processed by them, so may have taken them time to prepare.

How accessible is the data to special interest groups within the NHS focused on improving patient outcomes, such as the YCR Bowel Cancer Improvement Programme? Do these types of groups apply via the DAC too?

Yes, there is a “single door” process for anyone wanting access. The researchers use the downloadable form here: https://yorkshirehumbersde.nhs.uk/accessing-our-datasets/

Privacy

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

For more information, please visit our Privacy Policy.