Data security and confidentiality at HIC

HIC’s first priority is to address information governance, data security and confidentiality issues.

All services provided by HIC are delivered within an ISO 27001 certified secure environment to ensure data is managed safely and in compliance with Data Protection legislation.

Key HIC security measures

IT Security

• Network separation between data & data users.
• Secure rooms for HIC staff.
• Backup & off-site copies.

Identifiable Data

• Identifiable data is received by HIC in encrypted form and is stored and processed in secure areas on the NHS network, accessible only to HIC technical staff. 

Data requests and releases

• All data requests and releases, along with copies of all necessary approvals, are stored on the HIC Project Management System.

HIC processes

• All HIC processes are governed by HIC Standard Operating Procedures (SOPs). New versions of the HIC SOPs are created in consultation with and approved by NHS Data Governance staff.

Audits

• HIC are inspected by an external auditor annually, commissioned by the NHS Tayside Director of Public Health. 

Data Users

• Researchers and other data users work within the HIC Safe Haven and sign a HIC Data User Agreement.
• Data users are only provided with anonymised data, unless project-specific approval is obtained by NHS Caldicott Guardian.

HIC Governance

• The HIC Governance Committee, chaired by the NHS Tayside’s Research & Development (R&D) Director, reviews the audit report, SOPs and any adverse events, recommending improvements to HIC processes and information governance.