1 Trevelyan Square
Boar Lane
Leeds LS1 6AE
0300 303 5678
02 May 2018
Our ref: NIC-188089-N9D8B
Dear Mr. Booth,
Re: Information Request – Freedom of Information Act (FOIA) 2000
Thank you for your email dated 4th April 2018, requesting the following information:
“Please would you provide a copy of the HSCIC/NHS Digital's review of the use of pseudonymisation
at source.
We note that in March 2014, NHS Digital's predecessor body asserted that the report would be
published; and that assertion appears to be undelivered. (see response here:
https://www.whatdotheyknow.com/request/198833/response/496410/attach/3/NIC%20252414%20Z0
V5B%20FINAL%20FOI%20Response.pdf )”
We have considered your request and in accordance with S.1 (1) of the Freedom of Information Act
2000 (FOIA) I can confirm that we do hold the information that you have requested. Please see our
response below.
We can confirm that the Pseudonymisation Review Interim Report which was requested in the
Freedom of Information Request that you have referenced was published in July 2014. This can be
found at the following location.
https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/40
1614/HSCIC_Data_Pseudonymisation_Review_-_Interim_Report_v1.pdf
Subsequently a fuller HSCIC Data Pseudonymisation Review was commissioned by the Health and
Social Care Information Centre (HSCIC), now known as NHS Digital, in August 2014. The review
was overseen by an Independent Steering Group, with membership made up of experts representing
a wide spectrum of views and interests on the subject area, including a patient representative. The
review considered a wider range of issues and evidence relating to pseudonymisation, including
pseudonymisation at source.
The final report was completed in March 2017. I have attached the final report as requested.
The review did find that use of pseudonymisation in isolation is not sufficient in many cases for the
information to be deemed to be anonymised in line with the ICO Code of Practice on Anonymisation,
and therefore fully protect the privacy and confidentiality of patients, unless other safeguards are
employed alongside pseudonymisation.
This report has not been published by NHS Digital to date because of significant changes in the
privacy and data security landscape while the review was ongoing. These included the National Data
www.digital.nhs.uk
xxxxxxxxx@xxxxxxxxxx.xxx.xx
Guardian Review of data security, opt-outs and consent and the subsequent Government response
to this, and also the forthcoming General Data Protection Regulation (GDPR) amongst other
changes, which superseded this report. However, many of the review recommendations are being
used to inform NHS Digital’s work.
We wish to highlight that NHS Digital (working with NHS England) is currently in the process of
procuring a new technical solution to enable the secure and consistent de-identification of data for
purposes beyond individual care across the NHS such as commissioning or research. The solution
will incorporate the capability for controlled re-identification of individuals in exceptional
circumstances such as by a healthcare professional with a legitimate clinical relationship to the
patient for their individual care.
NHS Digital, in its role as the safe haven for patient data, remains committed to ensuring that
information can be used to improve the health and care system whilst ensuring that patients’
confidential data is kept safe and secure and their privacy is respected.
In line with the Information Commissioner’s directive on the disclosure of information under the
Freedom of Information Act 2000 your request will form part of our disclosure log. Therefore, a
version of our response which will protect your anonymity will be posted on the NHS Digital website.
I trust you are satisfied with our response to your request for information. However, if you are not
satisfied, you may request a review from a suitably qualified member of staff not involved in the initial
query, via the
xxxxxxxxx@xxxxxxxxxx.xxx.xx email address or by post at the above postal address.
Your request to NHS Digital will now be closed on our internal CRM (customer relationship
management) system.
Yours sincerely,
A Simpson
Information Assurance Advisor
Further information about your right to complain under the Freedom of Information Act is available from the
Information Commissioner’s Office, Wilmslow, Cheshire, and on The Information Commissioner’s website
www.ico.org.uk. NHS Digital values customer feedback and would appreciate a moment of your time to respond to our Freedom
of Information (FOI) Survey to let us know about your experience. Please access the survey through this link
here
www.digital.nhs.uk
xxxxxxxxx@xxxxxxxxxx.xxx.xx