Principles for analysis and use of health data by ABPI members

About the principles

Using health and genomic data can accelerate understanding of disease, improve efficiency of healthcare services and support the discovery, development and evaluation of new medicines. The NHS grants secure access to data to pharmaceutical companies where there is a clear legal basis and an explicit aim to improve the health, welfare or care of patients in the NHS, or how the NHS operates.

Providing access in this way means millions of UK patients benefit from faster discovery, development and evaluation of new medicines thanks to industry researchers’ ability to analyse health and genomic data in a safe and secure way.

To support the highest levels of transparency and to build public trust in the industry’s use of health data, the ABPI has developed a new set of principles that members will follow when using NHS data for research purposes.

The principles have been co-developed with input from the NHS, medical research charities, academia, patient groups and the wider public through several deep-dive interviews and a public consultation.

They are designed to build upon the existing regulations and safeguards which govern researchers’ access to secure and de-identified health data. They are also designed to complement the Government and NHS’s new “Data Saves Lives” Strategy, DHSC’s principles for the appropriate use of data, as well as the principles set out by former National Data Guardian for Health and Social Care – Fiona Caldicott.

What is Health Data?

The Data Protection Act 2018 defines ‘data concerning health’ as personal data relating to the physical or mental health of an individual, including the provision of health care services, which reveals information about their health status.

‘NHS health data’ is data produced by the NHS in the process of care delivery, including genomic data. ‘Data custodians’ are the organisations that have the legal right to grant access to health data.

Principles for analysis and use of health data by ABPI members

This document sets out principles that ABPI members will adhere to when analysing and using NHS health data.  These will complement the governance processes established by the data custodians.

Download the Principles for analysis and use of health data by ABPI members

Principle 1:

We will be transparent about the purpose of our health data access

We will be clear and open about what company researchers aim to do with health data, how the data will be analysed, what the expected research benefits are and how risk will be managed. We will take steps to ensure this information is easily accessible to the public.

Analysis of health data can move the complex process of research, discovery, development and deployment of new medicines forward at all stages. For example:

  • Understanding disease processes and progression, identifying which patients respond best to different approaches and interventions, and defining current unmet need
  • Identifying new biological targets, and designing new medicinal interventions
  • Stratifying and selecting the right patients for clinical trials to develop new medicines
  • Supporting delivery of precision medicines to the right patients
  • Assessing the performance and cost effectiveness of medicines in routine clinical practice, and identifying indicators of variable response
  • Analysing and refining patient pathways to ensure the best patient outcomes for different patient groups, and to support equality of access to these pathways

All data analysis projects conducted by ABPI members will be described in a short abstract, covering aims, approach, anticipated benefits the research will deliver to all parties (e.g. industry, patients, the public and the NHS).  Abstracts will additionally describe potential risks, steps taken to minimise those risks, and patient/public involvement in development of the project.

Information will be provided in plain language, will be made available in accessible formats and will not include commercially sensitive information. Abstracts will be publicised by, for example, posting on a public database or website hosted by the data custodian and/or the researching organisation.

Projects analysing health datasets are hugely varied and can include:

  • a single analysis at a point in time
  • regular follow-up at specified intervals to explore trends
  • analysis of linked datasets through partnership with a custodian to explore detailed understanding of disease over time

The costs associated with collecting, curating and managing the data vary, depending upon the scale, detail and duration of follow-up. It will be important that the researchers and data custodians can efficiently reach a common understanding of project goals, agree proportionate levels of access to deliver on projects, the legal basis for data use and analysis, and the arrangements for how data users return fair value to the system. A summary of this agreement will be publicly available, including:

  • The type of commercial model (e.g., fee for service, license of data, shared benefit/risk) excluding pricing
  • The rights of patients to withdraw consent for their data to be used (opt out)
  • Explicit parameters for use of the health data, including how the data will be anonymised and how long the data will be retained
  • Where and how the data will be processed and analysed and how access will be controlled)

Principle 2:

We will ensure that contractual arrangements to access health data will be clear and will return fair value to the system

Agreements with data custodians will be designed to return ‘fair value’ as agreed by all relevant parties. Agreements will describe how they contribute to the sustainability of the system (including recognising the costs associated with collecting, validating, curating, storing and  providing access to  the data). Agreements will also recognise taxpayer investment in the UK’s data infrastructure and services and the need to deliver an appropriate balance of commercial and public benefit, regardless of whether the outcomes of individual projects are successful in delivering their original research aims or not.

Principle 3:

We will actively promote Patient and Public Involvement and Engagement (PPIE) in health data projects

We will actively promote effective and meaningful involvement of patient/public representatives at an early stage in the design and approval of health data projects, both within their organisations and when projects are reviewed by data custodians.

Data custodians have a responsibility for building public trust and confidence in data partnerships. Key to this is involving patient and public representatives in reviewing applications from data ‘users’ – those who wish to research and analyse their datasets. We consider that patients and the public are invaluable partners across a wide range of data analysis projects, supporting research, discovery, development and evaluation of medicines, and improved treatment pathways. 

As PPIE becomes increasingly embedded in the overall design of development programmes for new medicines, involvement of patients in the design of relevant data projects should become increasingly routine. Clarity in demonstrating how such PPIE has taken place will help ensure projects are accepted first time by data custodian review panels. Effective PPIE should include robust measures to ensure diversity and inclusion, such as accessibility for people living with a range of health conditions. 

The publication of the results from analysis of NHS data has the potential to significantly address health inequalities, improve patient pathways and contribute to NHS efficiency. We therefore commit to publicise insights through, for example, peer reviewed journals, website summaries, conference presentations and submissions to regulatory bodies.

In line with the Department for Health and Social Care’s five Guiding Principles for creating the right framework to realise the benefits of health data, companies will not ‘buy’ or ‘own’ specific NHS datasets (i.e. become a data custodian) at the expense of these datasets being readily available to other researchers.

Principle 4:

We will ensure that insights arising from the health data analysis we conduct will be appropriately shared across the health system for the benefit of patients and other researchers, as agreed with the data custodian.

Principle 5:

We support robust health data privacy protections and will ensure compliance with all prevailing laws and regulations as they evolve

All projects and arrangements will adhere to national level legal, regulatory, privacy and security obligations, in line with long-established requirements and practice.

All researchers will collaborate fully with data custodians to ensure that all analyses of health datasets are conducted within current national laws, privacy and security requirements and regulations, with appropriate regard to relevant global legal codes. We will keep pace with evolving requirements, demonstrating leadership and commitment to strengthening accountability and best practice.

Compliance with patients’ rights to choose how their data is used is central to building trust in health data research. The NHS offers patients the opportunity to opt out of data re-use. We support the right of patients to opt out and will consult with data controllers to ensure that no datasets analysed include data from patients who have opted out.