FAQs

DataLoch is the first health and social care project funded under a ten-year Data-Driven Innovation (DDI) programme and has been developed in partnership between NHS Lothian and the University of Edinburgh. Find out more about the DDI programme on their website.

DataLoch believes that putting data at the centre of responses to health and care system challenges is critical to improving services through research, innovation and planning.  
Our approach will lead to better decision making, research, and support for colleagues on the front line. 

We will do this by:

• bringing together health and social care data for the South-East Scotland region;
• working with experts in health and social care to understand and improve this data; and
• providing safe access to data for researchers

DataLoch will bring together the routine data collected as part of people’s day-to-day interactions with health and social care services. This includes the types of services used, details of visits to hospitals or GPs, treatments and medicines, as well as outcomes and test results.

This data enables researchers to answer important questions about how to improve people’s wellbeing. There are many examples of how health data research has delivered insights to help solve challenging health problems, including diagnosing rare diseases, improving the performance and equity of care, identifying diseases early, and assessing the effectiveness of health systems. Read about some of the projects DataLoch has supported.

NHS Lothian is the Data Controller of the data currently held by DataLoch. This means they exercise overall control over the purposes and means of the processing of personal data. Hence, DataLoch processes health care data in accordance with the NHS Lothian Privacy Notice.

DataLoch applicants for data access include: researchers, health and social care service managers, and in the future third-sector or private-sector organisations. Any person wishing to access extracts of the data must follow an approved application process and complete relevant training as described within the Charter for Safe Haven in Scotland definition of an approved researcher. This requires applicants to meet a number of key criteria to ensure their purpose and interest is both legitimate and appropriate.

In all cases, applications will be processed according to the standards set out by the NHS Health Research Authority, National Data Guardian, and regulatory bodies including the Information Commissioner’s Office (ICO).

Any person wishing to access any of the datasets held by DataLoch will need to meet a number of key criteria to ensure their purpose and interest is both legitimate and appropriate.

Each project is scrutinised by NHS employees to ensure the request is proportionate and in the public interest. Researchers will access and analyse the minimal amount of data required to answer research questions within the Scottish National Safe Haven. This infrastructure is one of several Safe Havens across Scotland already dedicated to protecting the confidentiality of data and which meet the best practice national standards for access and information security.

As well as supporting researchers, DataLoch also support requests from the NHS team for access to data to help them understand and support service improvements. Again, these projects are approved through DataLoch’s governance process, and data is then shared securely within the NHS infrastructure.

Project data extracts are archived and deleted according to record management policies. The retention periods vary according to the type of project.

Data accessed by researchers is de-identified, meaning aspects that can directly identify an individual (like names, addresses, and date of birth) are removed. This process is also called pseudonymisation. Data extracts accessed by researchers are also minimised, which means we provide no more data than the minimum needed to fulfil the specific approved application.

Before giving access to researchers, DataLoch also assess the likelihood and impact of someone’s identity being inferred, for example from a rare condition or unique combination of information. We take steps to avoid this kind of inferred identification, for example aggregating information into ranges (e.g. between ages 25-50) or withholding data.

While the process varies with every project, it is designed (along with other controls such as the use of the Safe Haven) to minimise the risk of researchers being able to identify individuals represented in the data without prejudicing the goals of the research.

Data is held within NHS Lothian servers behind the NHS Lothian firewall. Access to this data outside of the NHS is only permitted via a trusted research Safe Haven environment such as the Scottish National Safe Haven. This infrastructure is one of several Safe Havens across Scotland already dedicated to protecting NHS information and which are required to meet the best practice national standards for access and information security.

DataLoch has a Data Protection Impact Assessment in place to help identify and minimise any data protection risks. This will be continually monitored and modified as the DataLoch programme progresses, in consultation with other parties that may contribute data to DataLoch.

The datasets represent unconsented, patient identifiable information derived from NHS sources. Legislative and governance provisions exist for the re-use of this data under controlled circumstances for specific purposes. These purposes are detailed within the NHS Lothian Privacy Notice. DataLoch processes data according to this NHS Lothian Privacy Notice which contains a description of your data-protection rights within NHS Lothian, and also details how to contact NHS Lothian should you have any queries.

DataLoch is in the early stages of development. Since its establishment, in spring 2020, DataLoch’s focus has been on supporting the region’s response to COVID-19. We are now accepting applications outwith COVID-19 from academics and health and social care professionals within the South-East Scotland region with a further expansion of the service by summer 2022.

In March 2020, colleagues from NHS Lothian and the University of Edinburgh asked the DataLoch team to help in the production of a dedicated COVID-19 linked dataset. This request was motivated to support immediate hospital-based service management and to provide a data asset for active and anticipated regional and national research into the outbreak. 

DataLoch, working in collaboration with clinicians on NHS Lothian data, built a linked COVID-19 dataset for use by approved researchers, on 30 April 2020.

Find out more about our COVID-19 Collaborative

Currently, DataLoch is accepting applications from academics and health and social care professionals within the South-East Scotland region. We are also working with NHS Lothian and innovation partners to design the required governance framework for working with private and third-sector organisations. From summer 2022, we expect to extend our service to support approved researchers from these organisations.

The application process includes an assessment of whether the project will benefit patients and is in the public interest. For example, partnerships between the NHS and private or third-sector organisations can result in new healthcare technologies and treatments and medical devices that support better outcomes for patients.

The Five Safes framework is a set of principles adopted by a range of centres providing secure access to data around the world, including the Office for National Statistics Secure Research Service. 

The Five Safes are:

• Safe Projects – Data are only used for valuable, ethical research that delivers clear public benefit;  
• Safe People – Researchers are trained and accredited for safe handling of data;
• Safe Settings – Access to data is via secure technology systems;
• Safe Data – Researchers use data that have been de-identified and with extracts that have the minimum amount of data to fulfil the purpose of their project; and
• Safe Outputs – All research outputs are checked to ensure they cannot indirectly identify people.

DataLoch has incorporated the Five Safes in our overall strategy on keeping data secure. Assessing each aspect of the framework individually and as a whole is part of how DataLoch ensures data is held and accessed safely.

DataLoch is the first health and social care project established under a ten-year Data-Driven Innovation (DDI) programme funded by the Edinburgh and South East Scotland (ESES) City Region Deal. Finalised in August 2018, the ESES City Region Deal is a UK and Scottish Government-led investment designed to accelerate productivity and inclusive growth in the region through the funding of infrastructure, skills and innovation.

The regional partners of the City Region Deal include three NHS Boards (Lothian, Borders and Fife), six local authorities (City of Edinburgh, Midlothian, East Lothian, West Lothian, Fife and the Scottish Borders), plus regional universities and colleges. Find out more about the Edinburgh and South East Scotland City Region Deal.