Information Governance

Information Governance

As a data analytics company with an outstanding healthcare heritage, Health iQ considers that Information Governance (IG) and the protection of data are critical to everything we do. Health iQ ensures that all the data we hold is protected to the highest standards, always held securely and processed safely. Everyone at Health iQ is fully trained to understand the importance of IG and to further ingrain it in our DNA.

 

Health iQ is a provider of data-based insight, who produce tools and reports used by health and social care to achieve the following broad aims:

  • Understand and quantify the burden of disease.
  • Support service improvement in terms of treatment and efficiency of service.

Our use of HES data is solely for the following purposes:

1. Vantage System and Related Support
Vantage is an online system that produces aggregated, small-number suppressed, non-sensitive, non-identifiable RWE-based dashboards and reports to support the delivery of healthcare. It supports the delivery of a range of key healthcare strategic priorities, including delivering the Five-Year Forward-View, Quality, Innovation, Productivity and Prevention (QIPP) targets and Joint Strategic Needs Assessment (JSNA) targets.
Vantage enables users to:

  • Plan healthcare provision with the support of real world data.
  • Benchmark performance against peer groups.
  • Pinpoint areas of inefficiency.
  • Validate the impact of a service improvement programme or new pathway model.

The users of Vantage are limited to the following:

  • NHS users (Provider Trusts, GPs, Commissioners including new NHS commissioning organisations/collaborations such as Vanguards and STPs, Area Teams, Strategic Clinical Networks (SCNs)).
  • Commissioning Support Units (CSUs).
  • Governmental organisations (NHS England, Department of Health (DH), NICE, Academic Health Science Networks (AHSNs)).
  • Social care (Local Authorities, Health & Wellbeing Boards).
  • Charities and not-for-profit organisations.
  • Life Sciences organisations (Pharmaceuticals, Medical Technology, Biotechnology).

Though the users of Vantage can be from any of the above listed groups, it is made clear that the allowed purposes of use are restricted to those mentioned in this document, with the ultimate beneficiary being healthcare as a whole. This is enforced through sub-license agreement between Health iQ and users.
Life Science organisations are a user of Vantage exclusively for the purpose of providing benefit to healthcare. As with all user groups, they will only ever have access to aggregated outputs and are bound by sub-license agreements which ensure the usage of the data is in line with this document. In addition, Health iQ insist that all users of the tool undergo information governance training by a Health iQ trainer, and all reports produced by the tool come with a pre-written disclaimer statement.

2. Reports
Health iQ will produce reports either as responses to specific data requests, or as part of wider projects. These reports will take the form of suppressed, aggregated, non-sensitive and non-identifiable data tables. As these reports will be constructed in response to a specific need, the content will vary, though all conform to all the restrictions outlined in this document. Examples of such reports could be:

  • A report by Hospital on total activity which falls within a Best-Practice Tariff (BPT) area, and the proportion of such activity which achieved the BPT.
  • A report of the tariff cost of Irritable Bowel Syndrome (IBS) patients by CCG, including all related symptoms and associated conditions to produce a true burden analysis of the cost of IBD (Irritable Bowel Disease) to the healthcare system.

To be absolutely clear, reports will never:

  • Relate or link HES data to the use of commercially available products, such as the prescribing of an individual pharmaceutical product.
  • Present data in a way which patient or clinician identity can be identified, even by linking to other datasets.
  • Break suppression rules.

The potential users of reports are:

  • NHS users (Provider Trusts, GPs, Commissioners, Area Teams, Strategic Clinical Networks).
  • Commissioning Support Units (CSUs).
  • Governmental organisations (NHS England, DH, NICE, AHSNs).
  • Social care (Local Authorities, Health & Wellbeing Boards).
  • Charities and not-for-profit organisations.
  • Life Sciences organisations (Pharmaceuticals, Medical Technology, Biotechnology).

Though the users of reports can be from any of the above listed groups, it is made clear that the allowed purposes of use are restricted to those mentioned in this document, with the ultimate beneficiary being healthcare as a whole. This is enforced Health-iQs license agreement, which is signed between Health iQ and any client.

3. Public Access Health iQ Insight Reports
These are reports based on aggregated, suppressed, non-sensitive, non-identifiable HES data with the aim of:

  • Highlighting trends in demand and activity in a disease area.
  • Raising awareness of a disease area.
  • Providing high-level analysis of the management of a disease area.

These reports are being made publicly available, including being viewed on a dedicated area on the Health iQ website.

Privacy Policy


As a data analytics company with an outstanding healthcare heritage, Health iQ considers that Information Governance (IG) and the protection of data are critical to everything we do. Health iQ ensures that all the data we hold is protected to the highest standards, always held securely and processed safely. Everyone at Health iQ is fully trained to understand the importance of IG and to further ingrain it in our DNA.

Under licence from NHS Digital we receive the HES (Hospital Episode Statistics) dataset. HES details all the hospital admissions, outpatient appointments and A&E attendances for England and Wales. Under the terms of the GDPR pseudonymised data is now recognised as personal data. The data we use for our products and services is pseudonymised and aggregated – this means it cannot be used by us to identify individuals. Only NHS Digital, the Data Controller for HES data, can identify this information.

The reasons and purposes for our data processing are as follows:

• Normal Business Use – e.g. to maintain our accounts and records, promote our services and to support and manage our employees.
• To provide statistical and research services to our clients in the healthcare and life sectors.

This information we process may include: 

• Personal details
• Family details
• Lifestyle
• Employment and education details
• Healthcare service (non-identifiable)

With reference to section 6 of the GDPR we use Legitimate Interests as our lawful basis for processing.

We also process sensitive classes of information – and have chosen special category condition section 9.2 (j) of the GDPR for the processing of such data. For more information please contact our DPO.

We sometimes need to share the personal information we process with the individuals themselves and also with other organisations. Where this is necessary we are required to comply with all aspects of the GDPR. What follows is a description of the types of organisations we may need to share some of the personal data with for one or more reasons:

• Healthcare professionals
• Social and welfare organisations
• Central government
• Business Associates
• Family, associates and reps of the person whose personal data we are processing
• Suppliers and service providers
• Financial organisations
• Current, past and prospective employees
• Employment agencies and examining bodies

Data is retained as per our agreement with NHS Digital and data is destroyed as per NHS Digital Guidelines. We do not transfer any patient-level data to 3rd parties or 3rd countries.

If a person requires that their personal data is removed from our HES database and they provide us with a HES ID we will remove that record. It should be noted that persons wishing to remove any personal records should contact NHS Digital in the first instance.

At Health iQ we are committed to the principles of the GDPR and have a registered Data Protection Officer (DPO) with the Information Commissioner’s Office.

If you wish to get in touch with our DPO please email contact@healthiq.co.uk

This Privacy Policy relates to:

Health iQ Ltd
7th Floor
45 Moorfields 
London
EC2Y 9AE