Accessing data

NHS Cheshire & Merseyside has extensive local and national data that supports direct care, population health, and research.

By linking from data across the region, we can take an informed, targeted approach to meet our population’s health and care needs.

Our ambition is to maximise the use and value of this data by making it available for both primary uses and secondary uses

What are primary and secondary uses?

Using health data for primary uses means using data for self-care and direct care, like when you see your GP or go to the pharmacist. The data is being use for its primary reason: to provide you with care.

Using health data for secondary uses means using health data for purposes secondary to why it was originally collected.

Secondary uses include:

  • carrying out research.
  • assessing a patient's risk of developing certain diseases or medical conditions, also known as risk stratification.
  • planning and improving health and care services, also known as population health management.

Secondary uses help to support direct care. They help not just you, but also others who use health and care services.

Governance

Access to data has robust governance.

There are around 400 data controllers in Cheshire and Merseyside, each responsible for ensuring their data is used responsibly and securely.

What is a data controller?

Data controllers are organisations or individuals with the authority and responsibility to determine the purposes and means of processing personal data. This could include NHS trusts and GP practices. For NHS data, data controllers make decisions about how the data is collected, stored, shared, and protected within legal and ethical guidelines. 

Following engagement with data controllers and patients, data requests go to the Cheshire and Merseyside Data Access & Asset Group (DAAG). 

DAAG reviews access requests and ensures that all relevant governance is in place to enable the sharing of data for the intended purpose. Data use and access is underpinned by the Cheshire and Merseyside Data Sharing Framework and corresponding Data Access Policy.

Each organisation that wants to access data must have a data sharing agreement (DSA) in place.

What is a data sharing agreement?

A data sharing agreement (DSA) is a legally binding document that outlines the terms and conditions under which data is shared between organisations. It details how data will be accessed, used, protected, and managed to ensure compliance with data protection laws, like the UK General Data Protection Regulation (GDPR). DSAs are critical when sensitive data, such as health data, is being shared for purposes like research, analysis, or public health monitoring.

The Data Access and Asset Group

The Data Access and Asset Group (DAAG) manages data requests for the purposes of direct care, population health, and research. It provides oversight on data access requests from a range of partners, including NHS Cheshire and Merseyside's analytical and transformation functions, the Cheshire and Merseyside Places, health and care providers, and academia.

The DAAG membership includes information governance experts alongside representatives from NHS Cheshire and Merseyside, local authorities, public and patient engagement groups, and academia.

The DAAG ensures that access is granted in line with legal, ethical, and organisational requirements. It also assures that patient and public expectations are considered as part of the data request, along with ensuring the technical feasibility of the project. DAAG policies and processes iterate in line with national and local policies.

DAAG key functions:

  • Overseeing the data access request process and approving data access requests from organisations.
  • Ensuring all information governance requirements in terms of General Data Protection Regular (GDPR), lawful basis, and the common law duty of confidentiality are satisfied.
  • Ensuring programmes applying have undertaken appropriate patient and public involvement and engagement in their design.
  • Ensuring technical specifications of data and technology are accurate and data is minimised to project-specific requirements.
  • Overseeing the development of the process, ensuring the process is developed in line with any changes to national policy or data sharing agreements, and escalating to the Information Governance Sub-Committee where changes need to happen.

Accessing and applying for data

The Data into Action team hosts new data access request clinics on Wednesday mornings. If you are part of the Cheshire and Merseyside Integrated Care System, please complete the contact form below to discuss your project ideas with the team and to begin the application process.