Confidentiality: how we keep your information safe

You can download a copy of the NIHR BioResource Privacy Notice. This explains what we do with the information we hold about you, how you can request a copy of it, and other data rights.  These include your right to withdraw from this study, without needing to give us any reason.

In summary: we follow best practice to make sure all the information we collect is handled in confidence.

We do this is in three main ways:

  • We follow best technical practice in how we handle information:
    • we encrypt data when we have to move it - like all your online shopping and banking
    • we keep data in a secure data centre – also used by some NHS organisations - it is both physically secure against intruders, and electronically secure against hackers
    • we keep your personal details separate to other forms of information
    • we monitor who can access what. Staff will only see your personal details if their job role requires it
  • We train our staff carefully, so they know what they need to do to keep information safe. We do this to NHS standards, using NHS training materials
  • We check these standards are met

Can anyone else see my information?

With your permission we may use your personal details to ask for information about you from healthcare providers. This involves us sending a list of personal details to your GP, or hospital or to NHS central records; and them sending back some information that is then added to the data held at the secure data centre.

Researchers (both academic and commercial) may request access to data. They have to explain who they are, and show how what they want to do has public benefit. If a request is approved, the researcher will be given access to the data – with all the obviously identifying information removed. Sometimes the researcher will be allowed to see the data where it is, sometimes they will be allowed to take a copy – in both cases they have to sign an agreement promising to keep the data secure, to not to let other people see the data, nor to try to work out who any of the participants are. The reason we ask them to make this promise, is that data is not truly anonymous. Instead it is “de-personalised”, like the fuzzy image in the middle of this picture.  Sometimes this is called "de-identified", or even "pseudonymised", but these mean the same thing.

Illustration of 3 levels of identifiability, from identifiable to anonymous via a pixelated "de-personalised" person
Credit: https://understandingpatientdata.org.uk/

We publish a list of all researchers who have been given access to information, who they work for, and a description of their research projects.

Researchers are never given access to the secure data centre where we keep your personal details and healthcare records.

The NIHR BioResource does not sell your data to third parties.

What happens to my information when I’m invited to a study?

The NIHR BioResource exists to run medical research studies. If we require further samples or information for a study, we will send you an invitation to see if you’d like to participate. You are perfectly free to say “no”. We will always ask for your consent, each time you take part in a recall study. We publish a list of all approved research studies.

If you have any further questions regarding the important issue of confidentiality, please contact us.

Related pages

Statement on data access requests from insurance companies

GDPR notice;

Participant Privacy Notice;

Governance and ethics page.