The National Health Service (NHS) maintains routine medical and other health-related records on all patients accessing health services as a matter of course. While we can learn about people’s lives, well-being, experiences, and behaviour by asking direct questions, it can sometimes be easier to obtain some of this information from administrative records. Administrative health records may also help us to keep in touch with you and keep our records up to date.

We would like to ask for your permission to add information from administrative health records to the answers you have provided in the interview. This web page explains more about this. Please take a moment to read it.

What information would be added?

The information to be added is collected for administrative purposes by the NHS and held within statistical health databases by NHS Digital, the Departments of Health, the General Register Offices, the Office for National Statistics, and National Records Scotland. Some of this information is linked across central UK NHS and registration bodies.

The information may include, for instance:

• Admissions or attendances at hospital (including dates of admission, discharge or attendance, diagnoses received, treatments and surgical procedures, waiting times).
• Primary care records (including doctor and nurse consultations, diagnoses received, treatments given, referrals made).
• Data from prescribing information systems (prescriptions).
• Records of specific conditions such as cancer or diabetes (including type of condition).
• Health registration details (including name of the Health Authority registered with, NHS numbers, and if a person who took part in the study were to have passed away, the date and cause of death).
• Information on COVID-19 infection notification and test results.

Who will use it?

Like your survey responses, the additional information may be used by academic and social policy researchers for non-commercial statistical analysis. Any sensitive information about specific health conditions or treatments would only be made available to them under restricted access arrangements such as legally binding licences, which make sure that the information is used responsibly and safely. Names, addresses and NHS numbers are strictly confidential and are not available to those using the data for statistical analysis. No individual can be identified from research findings.

On the same basis as above, your linked health data would also be made available to authorised researchers within a secure environment as part of the UK Longitudinal Linkage Collaboration (UK LLC). The UK LLC is a new research infrastructure designed to inform the UK’s research response to the COVID-19 pandemic.

Your permission – what does it cover?

Any information will only be released with your permission. In order to access the information, we will provide some necessary personal details such as your name, date of birth and address to the NHS, government departments and other related agencies holding the information. These personal details will only be used to identify your information. Before any information you have authorised is shared for the purposes of linking, your name and other details will be deleted by the NHS data holder. None of your survey responses will be disclosed to the NHS data holders for any other purpose. Like the answers you have given us in the survey, the additional health information will be completely confidential in accordance with the Data Protection Act. Your current or future dealings with the NHS or any government department or agency will not be affected.

How long does your consent last?

We would like to add information relating to your present, past and future circumstances. We are not putting an expiry date to this consent. However, we will remind you every three years of the permissions you have given, and you are free to withdraw your consent at any time.

What about data security?

Your name, address and other personally identifying information such as your NHS number will always be strictly confidential. Your health records and your survey answers will only be used for research and statistics. We are very security conscious and all of our systems are password protected and your personal details can only be accessed by a small number of authorised staff. Your information will be encrypted and sent via secure transfer systems. We are compliant with the standards of the ISO 27001 data security protocols and procedures. Your personal details will be secure at all times.

What if you change your mind?

If you wish to withdraw your permission at any point in the future, please email us at contact@understandingsociety.ac.uk or write to us at Freepost RRXX-KEKJ-JGKS, Understanding Society, University of Essex, Wivenhoe Park, Colchester, CO4 3SQ stating: “ I < your name>, currently living at < your address and postcode> am a participant on Understanding Society and I wish to withdraw my permission for administrative health data and health registration details to be added to my survey data.” Please sign and date your letter. You may choose to withdraw only part of the permissions you have given.

Information security and data access

How will my information be kept safe?

Your interview answers are completely confidential. The security of our participants’ information is one of the most important parts of Understanding Society. Please read our guide for more information. Understanding Society is certificated to ISO27001. This international standard upholds the best practices for information security management. Our ISO certificate requires the Study to have a wide set of rules and regulations for managing data. Data are only transferred using secure and encrypted file transfers.

No identifiable data, such as name and address, will be included in the data made available to the UK Data Archive. Identifiable data are stored on a separate secure server, with access limited only to those who require the information to maintain the integrity of the database – such as to process change-of-address information – and to those who supply the sample information to the sub-contracting fieldwork agencies to enable invites to be sent out at the next wave of data collection.

All data received at the University of Essex will be securely stored within an infrastructure that is certified to the Internationally agreed standard for Information Security (ISO27001:2013). If the sample member changes address and we are unable to contact them, we may contact an individual nominated by the sample member to ask for information about the sample member’s location (“stable contact”). We may also attempt to trace the sample member by uploading their details to an encrypted online portal which automatically searches databases to find an updated address.

Who will be able to use my survey responses and linked data?

When we receive your data, we remove all personal contact details. The anonymised data are then put with the data from everyone else in the study. The data are made available from the UK Data Archive and other secure data repositories to genuine and registered researchers.

Has the study been reviewed and approved by an Ethics Committee?

Yes. Before any research like this can be done it is looked at carefully by an Ethics Committee. In this case, the study has been approved by the NHS Health Research Authority, London – City & East Research Ethics Committee, reference: 21/HRA/0644.

Privacy Notice

Who is undertaking this project?

The research project is being undertaken by a research team based in the Institute of Social and Economic Research (ISER) within the University of Essex

Institute of Social and Economic Research,
University of Essex,
Wivenhoe Park,
Colchester,
Essex
CO4 3SQ

Web: https://www.iser.essex.ac.uk

The University of Essex is registered as a data controller with the Information Commissioner’s Office (Registration Number: Z699129X).

The Data Protection Officer for the University of Essex is;

Information Assurance Manager
University of Essex
Wivenhoe Park
Colchester
CO3 4SQ
+44 (0) 1206 874853
dpo@essex.ac.uk

Data collection for the project has been sub-contracted to Kantar, NatCen Social Research, and Ipsos MORI, who are acting as the data processors.

The research is funded by the Economic and Social Research Council (ESRC).

What is the legal basis under which data is processed within this project?

Under the General Data Protection Regulation (GDPR), a legal basis is required for processing of personal data. The legal basis under which data is processed within this project is:

• Article 6 (1) (e) – “processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;”

Processing of data concerning ‘special categories’ of data require the fulfilment of an additional condition under GDPR. The specific condition fulfilled by the processing of such data within this project is:

• Article 9 (2) (j) – “processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) based on Union or Member State law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject.”

For further information, see: https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/

Under the Data Protection Act 2018 we are also required to identify an appropriate condition for processing Special Category Data, and this is Schedule 1, part 2, paragraph 13(1)a

What categories of data will be obtained for this project?

The project will collect data from sample members. This will include personal data, such as name, address, date of birth, contact details. The information will also include ‘special category’ data: we ask participants about their health. If participants choose to supply this information, it is processed along with other data. Personal data such as contact details are kept securely separate from survey responses, and are not deposited with the UK Data Archive, nor are they made available to researchers.

Can I opt-out of the use of my data by the project?

Yes, up until the point when the data are released to the UK Data Archive, sample members may request that their data are removed. We can remove any data they have given us which has not yet been deposited with the UK Data Archive, but we are not able to remove data which has already been made available to researchers.

What are my rights in relation to the data?

The General Data Protection Regulation provides the following rights for individuals in relation to their personal data:

• The right to be informed
• The right of access
• The right of rectification
• The right to erasure
• The right to restrict processing
• The right to data portability
• The right to object
• Rights in relation to automated decision making and profiling

For further information, see: https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/.

Will my data be transferred to any organisations outside of the University of Essex?

Anonymised survey data will be transferred to the UK Data Archive and other approved secure data repositories and made available to registered researchers. Sample data (including contact information) will be transferred to the fieldwork agencies sub-contracted to carry out the data collection, to enable them to contact the sample member to invite them to participate.

How long will my data be retained by the project?

Data will be retained by the Institute for Social and Economic Research for as long as it may be required. The anonymised survey data will be made available to registered researchers from the UK Data Archive and other approved secure data repositories.

Linking health records held by the National Health Service (NHS), General Registrars and Public Health bodies in each of the four countries of the UK for the purposes of the UK Longitudinal Linkage Collaboration (UK LLC)

Understanding Society is one of many UK longitudinal research studies contributing to the Longitudinal Health & Wealth National Core Study for COVID-19 research. This has been designed by the UK’s top scientists to allow longitudinal studies – such as Understanding Society – to fully contribute to the national research programme and policy development. To do this, many studies are putting their COVID-19 relevant data into a single secure research environment to build scale and numbers across diverse population groups, occupations and other factors associated with COVID-19 risk, and from all over the UK.

It is also necessary to link these participants to their health and wellbeing, administrative and environmental records to follow changes in status (e.g. who has had COVID-19, who has been vaccinated during the pandemic and as we return to normal. This research programme looks at the big picture which includes COVID-19 itself, but also the impact that lockdown and other restrictions have had on wider health (such as mental health, or cancer care and other ongoing health needs), education and families. 

To achieve this the Longitudinal Health & Wealth National Core Study is establishing the UK Longitudinal Linkage Collaboration (UK LLC). This is a secure research server, run by the University of Bristol (Data Controller) and supported by the University of Swansea (Data Processor for the University of Bristol). Understanding Society will provide the UK LLC with de-identified copies of your data – including data collected during the pandemic, but also relevant data collected before the pandemic so we can look at how health and other factors have changed. 

To establish the linkage to health and wellbeing and other records we will provide a list of your personal identifiers only (e.g. name, NHS ID, address) to the NHS Wales Informatics Service (they will never see your study data). This NHS organisation will send identifiers to the groups conducting the linkages: 

• The UK NHS authorities who share records with researchers (including NHS Digital in England, Public Health Scotland/eDRIS/National Records of Scotland in Scotland, SAIL databank in Wales, NHS Northern Ireland Business Development Organisation in NI); 

• The UK statistical agencies (including the Office for National Statistics in England and Wales, eDRIS/National Records of Scotland in Scotland, Northern Ireland Statistics & Research Agency in NI); 
• The University of Leicester will receive address data only in order to link this to precise location and then map information about this place (such as air pollution, noise data, services and the amount of greenspace around the property). 

The data is stored on secure servers controlled by the University of Bristol (the servers are located and run by the University of Swansea). The UK LLC will make available a full list of researchers using the UK LLC data and the purpose for this, which can be obtained by emailing project-ukllc@bristol.ac.uk. The UK Data Protection Act 2018 provides individuals with rights over how their data are used. The UK LLC supports these rights. 

Understanding Society remains the Data Controller for your data. At all times, we will determine whose records should be used in the UK LLC, which linkages can be established and which research teams can use your data and for which purposes. In this way, we make sure that all the principles of Understanding Society are upheld. 

Withdrawing your consent to link in health data

If you wish to withdraw your permission at any point in the future, please email us on contact@understandingsociety.ac.uk or write to us at Freepost RRXX-KEKJ-JGKS, Understanding Society, University of Essex, Wivenhoe Park, Colchester, CO4 3SQ. Please sign and date your letter. You may choose to withdraw only part of the permissions you have given.

What if I have further questions?

Any questions about the study, please contact the Principal Investigator:

Professor Michaela Benzeval

Email: contact@understandingsociety.ac.uk

If you have any questions about the security of your personal details, please email iserdpq@essex.ac.uk

The University of Essex is the registered organisation for data protection purposes, and may be contacted at dpo@essex.ac.uk

Additionally, any queries or concerns regarding the processing of personal data can be made to the Information Commissioner’s Office.